Grafana¶

Fleet bundle for exposing Rancher Monitoring Grafana at:

https://grafana.gem.mintfit.hamburg

The existing rancher-monitoring-grafana service listens on port 80, but that port is served by Rancher's Grafana proxy sidecar and injects the Rancher cluster proxy path into Grafana responses. This bundle adds grafana-direct, a small ClusterIP service targeting the real Grafana container port 3000, and exposes that service through the cluster's nginx ingress.

TLS is issued by cert-manager using the existing letsencrypt-nginx ClusterIssuer. DNS is handled by the wildcard record for *.gem.mintfit.hamburg pointing at the Hetzner load balancer.

The public ingress is protected with nginx basic auth using the grafana-basic-auth Secret. Grafana itself still has anonymous Viewer access enabled in the Rancher Monitoring chart, so the ingress auth is the access gate for the public URL.