In order to feed our data sources for our Grafana, we need to ensure proper authentication. (At least) at Grafana Cloud, each data source can create API keys for different types of clients. Currently, we are using:
- Prometheus data source (Hosted metrics)
- Loki data source (Hosted logs)
If you need more context, read [[Loki, Promtail and Grafana Cloud]] and then come back.
The fastest, dirty way to try something is to use api keys that are shared between clients. We must use these only for testing purposes and not rely on them. We remove and recreate them from time to time in order to let hanging insecure configs around.
You can find those at Coopdevs bitwarden named “Grafana Cloud - API keys”.
Create a free account at Grafana Cloud → [[https://grafana.com/signup]]
Create an organization and pay for it. Your user will be this organization admin.
Create a “hosted metrics instance” (prometheus datastore) and a “hosted logs instance” (loki) under the “Grafana Cloud” plan
- Create a user for you or another mate.
- Ask an admin member of this organization to add you to it.
- Available roles are: Viewer, Editor, Admin
Both grafana instance and grafana cloud dahsboard are accessed with grafana cloud personal accounts.
This will be mostly needed for Promtail. Bear in mind that in case of metrics, we have only one Prometheus server with a single publisher key. If you want to monitor more hosts, see [[Add monitoring to a new host]].
- Head again to our Grafana Cloud dashboard, to API Keys section.
- Create your key with MetricsPublisher role:
- Name wisely: host, client, role
- Note down the key
- Switch to the type of instance you want to feed:
- Copy configuration and user.
- Save the credentials (key name + user + key value) at Bitwarden or at the corresponding Ansible Vault.