Updates to implement GitOps approach

README.md

@@ -15,36 +15,40 @@ This project deploys a self-supported Grafana operator.  It does not modify the
 ## Requirements
 
 This was deployed and tested with:
-* OpenShift 4.9
-* Grafana Operator 4.2.0 from OperatorHub
+* OpenShift 4.15
+* Grafana Operator 5.6.3 from OperatorHub
+* OpenShift GitOps 1.11.1
 
-## Deployment
+## GitOps Approach
 
-### 1a. Deploy Grafana operator from OperatorHub
+A GitOps approach using OpenShift GitOps (ArgoCD) is recommended over executing the above instructions manually.  Install OpenShift GitOps from OperatorHub, and then deploy the ArgoCD application into the openshift-gitops namespace as follows:
 
-Create a new project (i.e. my-grafana) and deploy the community-supported Grafana operator from OperatorHub.  The Grafana operator creates Custom Resource Definitions (CRDs) for the following objects:
-* grafanas.integreatly.org
-* grafanadatasources.integreatly.org
-* grafanadashboards.integreatly.org
+```
+oc apply -f custom-grafana.application.yaml
+```
 
-To create a Grafana resource from the UI, navigate to Installed Operators -> Grafana Operator -> Grafana -> Create Grafana.  Configure your Grafana resource as desired, and press Create.
+## Manual Deployment
 
-### 1b. Additional instructions for deploying in a restricted network
+### 1. Deploy Grafana operator from OperatorHub
 
-Follow these additional instructions to [deploy Grafana operator in a restricted network].
+Create a new project (i.e. my-grafana) and deploy the community-supported Grafana operator from OperatorHub.
+
+To create a Grafana resource from the UI, navigate to Installed Operators -> Grafana Operator -> Grafana -> Create Grafana.  Configure your Grafana resource as desired, and press Create.
 
 ### 2. Deploy GrafanaDataSource for Prometheus
 
-The grafana-serviceaccount service account was created alongside the Grafana instance.  We will grant it the cluster-monitoring-view cluster role.
+The grafana-sa service account was created alongside the Grafana instance.  We will grant it the cluster-monitoring-view cluster and openshift-cluster-monitoring-view roles, as well as project edit role to access secrets in the my-grafana project.
 
 ```
-oc adm policy add-cluster-role-to-user cluster-monitoring-view -z grafana-serviceaccount
+oc adm policy add-cluster-role-to-user cluster-monitoring-view -z grafana-sa
+oc adm policy add-cluster-role-to-user openshift-cluster-monitoring-view -z grafana-sa
+oc adm policy add-role-to-user edit -z grafana-sa -n my-grafana
 ```
 
 The bearer token for this service account is used to authenticate access to Prometheus in the openshift-monitoring namespace.  The following command will display this token.
 
 ```
-oc serviceaccounts get-token grafana-serviceaccount -n my-grafana
+oc create token grafana-sa --duration=8760h -n my-grafana
 ```
 
 From the Grafana Data Source resource, press Create Instance, and navigate to the YAML view.  Create the [example GrafanaDataSource], substituting `${BEARER_TOKEN}` with the output of the command above.
@@ -63,7 +67,6 @@ oc create -f <dashboard>
 
 If you are unable to deploy the GrafanaDashboard custom resources, I have also provided [JSON dashboards] which can be imported directly from within the Grafana console.
 
-
 ## License
 
 GPLv3
@@ -72,7 +75,6 @@ GPLv3
 
 Kevin Chung
 
-[deploy Grafana operator in a restricted network]: restricted-setup.md
 [example GrafanaDatasource]: ./datasources/prometheus-grafanadatasource.yaml
 [example GrafanaDashboards]: ./dashboards/crds/
 [JSON dashboards]: ./dashboards/json_raw/

custom-grafana.application.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: custom-grafana
+  namespace: openshift-gitops
+spec:
+  destination:
+    namespace: my-grafana
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    path: gitops/overlays/dashboards
+    repoURL: https://github.com/kevchu3/openshift4-grafana.git
+    targetRevision: HEAD
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+    - CreateNamespace=true