{"id":47866292,"url":"https://github.com/thunderbird/platform-grafana","last_synced_at":"2026-04-04T00:16:17.488Z","repository":{"id":347457638,"uuid":"1193976221","full_name":"thunderbird/platform-grafana","owner":"thunderbird","description":null,"archived":false,"fork":false,"pushed_at":"2026-03-28T03:43:54.000Z","size":93,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-28T07:25:18.834Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/thunderbird.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-27T19:31:39.000Z","updated_at":"2026-03-28T00:20:00.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/thunderbird/platform-grafana","commit_stats":null,"previous_names":["thunderbird/platform-grafana"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/thunderbird/platform-grafana","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thunderbird%2Fplatform-grafana","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thunderbird%2Fplatform-grafana/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thunderbird%2Fplatform-grafana/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thunderbird%2Fplatform-grafana/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thunderbird","download_url":"https://codeload.github.com/thunderbird/platform-grafana/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thunderbird%2Fplatform-grafana/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31382422,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-03T23:20:52.058Z","status":"ssl_error","status_checked_at":"2026-04-03T23:20:51.675Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-04-04T00:16:08.391Z","updated_at":"2026-04-04T00:16:16.284Z","avatar_url":"https://github.com/thunderbird.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# platform-grafana\n\nTerraform-managed Grafana dashboards for [grafana.pi.thunderbird.net](https://grafana.pi.thunderbird.net). Dashboards are provisioned via the Grafana API using the [Grafana Terraform provider](https://registry.terraform.io/providers/grafana/grafana/latest).\n\n## Repo Structure\n\n```text\nplatform-grafana/\n├── .github/CODEOWNERS\n├── terraform/\n│   ├── main.tf                 # Provider config (Grafana + AWS), S3 backend\n│   ├── variables.tf            # Input variables\n│   ├── terraform.tfvars        # Grafana URL, datasource UID\n│   ├── folders.tf              # Grafana folders\n│   ├── dashboards.tf           # Dashboard resources\n│   └── dashboards/             # Dashboard JSON files\n│       ├── kubernetes/          # Cluster, namespace, pods, PVs, CoreDNS\n│       ├── victoriametrics/     # VMCluster, VMAgent, VictoriaLogs\n│       ├── traefik/             # Request rate, latency, status codes\n│       ├── argocd/              # App sync/health, operational metrics\n│       ├── teleport/            # Sessions, backend/audit\n│       ├── keycloak/            # Login rates, sessions, JVM\n│       └── core-services/       # ESO, external-dns, cert-manager, AWS LB\n```\n\n## Running Locally\n\nRequires AWS profile `mzla-shared` (shared-services account `826971876779`).\n\n```bash\ncd terraform\nterraform init -backend-config=backend-config.hcl\nterraform plan\nterraform apply\n```\n\n## Dashboards\n\nDashboard JSON files live in `terraform/dashboards/`. Each file is loaded by a `grafana_dashboard` resource in `dashboards.tf`.\n\nDatasource references in JSON use the VictoriaMetrics datasource UID (`P4169E866C3094E38`). If the datasource is ever recreated, update `terraform.tfvars` and the JSON files.\n\n### Modifying a Dashboard\n\nThe easiest workflow for complex changes:\n\n1. Edit the dashboard in the Grafana UI\n2. Go to dashboard settings \u003e **JSON Model** \u003e copy the full JSON\n3. Paste it into the corresponding file in `terraform/dashboards/`, replacing the existing content\n4. Run `terraform plan` to verify, then `terraform apply`\n\nUI edits are **not persisted** — the next `terraform apply` will revert them. Always save changes back to this repo.\n\n### Adding a New Dashboard\n\n1. Create or export the dashboard JSON from Grafana\n2. Ensure all datasource references use `{\"type\": \"prometheus\", \"uid\": \"P4169E866C3094E38\"}`\n3. Save to `terraform/dashboards/\u003cfolder\u003e/\u003cname\u003e.json`\n4. Add a folder in `folders.tf` if needed:\n   ```hcl\n   resource \"grafana_folder\" \"my_folder\" {\n     title = \"My Folder\"\n   }\n   ```\n5. Add a dashboard resource in `dashboards.tf`:\n   ```hcl\n   resource \"grafana_dashboard\" \"my_dashboard\" {\n     folder      = grafana_folder.my_folder.id\n     config_json = file(\"${path.module}/dashboards/my-folder/my-dashboard.json\")\n   }\n   ```\n6. Run `terraform plan` to verify, then `terraform apply`\n\n### Adding a New Folder\n\nAdd a `grafana_folder` resource to `folders.tf`. The resource name is used as the reference in `dashboards.tf`.\n\n## Infrastructure\n\n| Component | Detail |\n|-----------|--------|\n| **Grafana** | [grafana.pi.thunderbird.net](https://grafana.pi.thunderbird.net) — deployed via ArgoCD on mzla-eks-shared01 |\n| **Auth** | GitHub OAuth (thunderbird org), `platform-infrastructure` team = Admin |\n| **Datasource** | VictoriaMetrics (Prometheus-compatible) at `vmselect-victoriametrics-victoria-metrics-k8s-stack.monitoring.svc:8481` |\n| **Terraform state** | S3: `platform-grafana-terraform-state` / DynamoDB: `platform-grafana-terraform-lock` |\n| **Grafana API token** | Secrets Manager: `mzla/shared-services/grafana-terraform` |\n| **AWS account** | shared-services (`826971876779`), profile `mzla-shared` |\n\n## Configuration\n\n| Variable | Description |\n|----------|-------------|\n| `grafana_url` | Grafana instance URL |\n| `prometheus_datasource_uid` | UID of the VictoriaMetrics datasource |\n\nValues are set in `terraform/terraform.tfvars`. Look up the datasource UID from Grafana: **Connections \u003e Data sources \u003e VictoriaMetrics** \u003e copy the UID from the URL.\n\n## Bootstrap (one-time setup)\n\nThese steps were already completed during initial setup. Documented here for reference.\n\n\u003cdetails\u003e\n\u003csummary\u003eS3 state backend\u003c/summary\u003e\n\n```bash\naws s3api create-bucket --bucket platform-grafana-terraform-state \\\n  --region us-west-2 --create-bucket-configuration LocationConstraint=us-west-2\naws s3api put-bucket-versioning --bucket platform-grafana-terraform-state \\\n  --versioning-configuration Status=Enabled\naws s3api put-bucket-encryption --bucket platform-grafana-terraform-state \\\n  --server-side-encryption-configuration '{\"Rules\":[{\"ApplyServerSideEncryptionByDefault\":{\"SSEAlgorithm\":\"aws:kms\"}}]}'\naws s3api put-public-access-block --bucket platform-grafana-terraform-state \\\n  --public-access-block-configuration BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true\n\naws dynamodb create-table --table-name platform-grafana-terraform-lock \\\n  --attribute-definitions AttributeName=LockID,AttributeType=S \\\n  --key-schema AttributeName=LockID,KeyType=HASH \\\n  --billing-mode PAY_PER_REQUEST --region us-west-2\n```\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eGrafana service account token\u003c/summary\u003e\n\n1. Log into [grafana.pi.thunderbird.net](https://grafana.pi.thunderbird.net) as Admin\n2. **Administration \u003e Service accounts \u003e Add service account**: name `terraform`, role `Admin`\n3. **Add service account token** \u003e generate and copy\n\n```bash\naws secretsmanager create-secret \\\n  --name mzla/shared-services/grafana-terraform \\\n  --secret-string '{\"grafana_service_account_token\":\"\u003cTOKEN\u003e\"}' \\\n  --region us-west-2\n```\n\u003c/details\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthunderbird%2Fplatform-grafana","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthunderbird%2Fplatform-grafana","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthunderbird%2Fplatform-grafana/lists"}