Better password management

DevOps-Boot · Dec 22, 2023 · cee9bd9 · cee9bd9
1 parent 86b7f64
commit cee9bd9
Show file tree

Hide file tree

Showing 7 changed files with 25 additions and 1 deletion.
diff --git a/docs/documentation/monitoring.md b/docs/documentation/monitoring.md
@@ -0,0 +1,3 @@
+# Monitoring
+
+## 
diff --git a/terraform/deployments/preprod/main.tf b/terraform/deployments/preprod/main.tf
@@ -14,6 +14,7 @@ module "releases" {
   source                          = "../releases"
   s3_backup_aws_access_key_id     = var.s3_backup_aws_access_key_id
   s3_backup_aws_secret_access_key = var.s3_backup_aws_secret_access_key
+  grafana_admin_password          = var.grafana_admin_password
 }
 
 module "environment_specific_releases" {

diff --git a/terraform/deployments/preprod/terraform.tfvars.example b/terraform/deployments/preprod/terraform.tfvars.example
@@ -6,4 +6,7 @@ AWS_SECRET_ACCESS_KEY = aws_key
 TF_VAR_s3_backup_aws_access_key_id = s3_backup_aws_access_key_id
 TF_VAR_s3_backup_aws_secret_access_key = s3_backup_aws_secret_access_key
 
+# Password for the grafana interface
+TF_VAR_grafana_admin_password = [adminPassword]
+
 # These values need to be set as enviromental secrets in Terraform Cloud.
diff --git a/terraform/deployments/preprod/variables.tf b/terraform/deployments/preprod/variables.tf
@@ -21,3 +21,9 @@ variable "s3_backup_aws_secret_access_key" {
   type        = string
   sensitive   = true
 }
+
+variable "grafana_admin_password" {
+  description = "Password for the admin user of Grafana"
+  type        = string
+  sensitive   = true
+}
diff --git a/terraform/deployments/releases/kube-prometheus-stack.tf b/terraform/deployments/releases/kube-prometheus-stack.tf
@@ -5,6 +5,10 @@ resource "helm_release" "kube-prom-stack" {
   namespace        = "monitoring"
   create_namespace = true
   version          = "55.1.0"
+  set {
+    name  = "grafana.adminPassword"
+    value = var.grafana_admin_password
+  }
   values = [
     file("${path.module}/kube-prometheus-stack/kube-prometheus-stack-values.yaml")
   ]

diff --git a/terraform/deployments/releases/kube-prometheus-stack/kube-prometheus-stack-values.yaml b/terraform/deployments/releases/kube-prometheus-stack/kube-prometheus-stack-values.yaml
@@ -4,7 +4,6 @@ alertmanager:
   enabled: true
 grafana:
   enabled: true
-  adminPassword: prom-operator
   persistence:
     enabled: true
     storageClassName: ebs-sc
@@ -24,3 +23,5 @@ prometheus:
         resources:
           requests:
             storage: 5Gi
+# Full reference:
+# https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/values.yaml
diff --git a/terraform/deployments/releases/variables.tf b/terraform/deployments/releases/variables.tf
@@ -10,3 +10,9 @@ variable "s3_backup_aws_secret_access_key" {
   type        = string
   sensitive   = true
 }
+
+variable "grafana_admin_password" {
+  description = "Password for the admin user of Grafana"
+  type        = string
+  sensitive   = true
+}