Dockerizing Grafana

Learn how to work with Grafana in a Docker container. We will go over creating datasources, using environment variables to configure Grafana, and persisting data across containers with volumes.

Table of Contents 📖

• Spinning Up a Grafana Container
• Configuration
• Logs
• Authentication
• Provisioning
• Data Persistence
• Removing the Login Page

Spinning Up a Grafana Container

Dockerized Grafana runs on port 3000 by default and is based on Alpine linux.

docker run -d -p 3000:3000 --name g-c grafana/grafana
cat /proc/version
Linux version 6.10.0-linuxkit (root@buildkitsandbox) (gcc (Alpine 13.2.1_git20240309) 13.2.1 20240309, GNU ld (GNU Binutils) 2.42) #1 SMP Wed Jul 17 10:51:09 UTC 2024

Configuration

Grafana comes with default configurations. However, these can be changed by using environment variables. Below are the default configuration locations and the environment variables that can be used to change them.

• GF_PATHS_CONFIG - /etc/grafana/grafana.ini
• GF_PATHS_DATA - /var/lib/grafana
• GF_PATHS_HOME - /usr/share/grafana
• GF_PATHS_LOGS - /var/log/grafana
• GF_PATHS_PLUGINS - /var/lib/grafana/plugins
• GF_PATHS_PROVISIONING - /etc/grafana/provisioning

Logs

By default, like most Docker containers, Grafana container logs are emitted to STDOUT. We can change this with the environment variable GF_LOG_MODE.

docker run -e GF_LOG_MODE=file -p 3000:3000 --name g-c grafana/grafana

Now Grafana will only emit logs to /var/log/grafana/grafana.log. There will not be anything emitted to STDOUT. We can change the log level with the GF_LOG_LEVEL environment variable.

docker run -e GF_LOG_MODE=console -e GF_LOG_LEVEL=warn -p 3000:3000 --name g-c grafana/grafana

Authentication

By default, the username and password for accessing Grafana are both admin. When signing in for the first time, Grafana will prompt for a new password. We can use the environment variable GF_SECURITY_ADMIN_USER and GF_SECURITY_ADMIN_PASSWORD to change the default username and password respectively.

docker run -e GF_SECURITY_ADMIN_USER=wittcepter -e GF_SECURITY_ADMIN_PASSWORD=bestchromeextension -e GF_LOG_MODE=console -p 3000:3000 --name g-c grafana/grafana

Provisioning

By default, Grafana stores its provision configuration in /etc/grafana/provisioning. Provisioning is when you push configurations into a Grafana instance with conifugration files. For example, the /etc/grafana/provisioning location contains several categories:

docker exec -it g-c ls /etc/grafana/provisioning
access-control  alerting        dashboards      datasources     notifiers       plugins

If we wanted to add a datasource, we would add a YAML file to the /etc/grafana/provisioning/datasources directory.

apiVersion: 1

datasources:
  - name: Prometheus
    type: prometheus
    access: proxy
    orgId: 1
    url: http://${PROMETHEUS_CONTAINER_NAME}:${PROMETHEUS_PORT}
    basicAuth: false
    isDefault: true
    editable: true

INFO: Grafana manages datasources in the /etc/grafana/provisioning/datasources directory. Each configuration file can contain a list of datasources to add or update during startup.

FROM grafana/grafana
ENV PROMETHEUS_PORT=9090
ENV PROMETHEUS_CONTAINER_NAME=p-c
COPY ./datasources.yml /etc/grafana/provisioning/datasources/datasources.yml

docker build -t p-i .
docker run -p 3000:3000 --name g-c p-i

We can use environment variables with either $ENV_VAR or ${ENV_VAR} syntaxes. Here we are connecting a Prometheus datasource. Now if we navigate to http://localhost:3000/connections/datasources we can see the Prometheus datasource with environment variable substitution.

Data Persistence

Finally, lets talk about persisting Grafana data across different containers. This is done with a Docker volume provided to the /var/lib/grafana directory.

docker volume create my-grafana-v
my-grafana-v
docker run -p 3000:3000 --name g-c -v my-grafana-v:/var/lib/grafana p-i

Now just start creating datasources. It doesn't matter if they connect or not, just add some data to check persistence. Then spin up another container with this attached volume.

docker run -p 3000:3000 --name g-c-2 -v my-grafana-v:/var/lib/grafana p-i

Removing the Login Page

Every time we restart the Grafana Docker container we will be asked to sign in again. To get around this, we can use the GF_AUTH_ANONYMOUS_ENABLED environment variable.

docker run -p 3000:3000 -e GF_AUTH_ANONYMOUS_ENABLED=true --name g-c-2 -v my-grafana-v:/var/lib/grafana p-i