Creating a Grafana organization
Guide explaining how to manage Grafana organizations in the Observability Platform.
At the initial log in to your installation’s Grafana the preselected Grafana organization is the so called _Shared Org_. This shared organization contains a curated set of managed dashboards that are accessible to everyone with access to Grafana. If multiple teams access the observability platform we recommend to work with multi-tenancy and the resulting isolation of data and dashboards. For this use case the observability platform allows you to create new organizations in self-service.
Creating your own organization
To add a new Grafana organization, create a GrafanaOrganization custom resource in the management cluster.
For example:
apiVersion: observability.giantswarm.io/v1alpha1
kind: GrafanaOrganization
metadata:
name: myonlineshop
spec:
displayName: MyOnlineShop
rbac:
admins:
- platform-team
editors:
- development-team
viewers:
- marketing-team
tenants:
- myonlineshop
Our operators will create this Grafana organization named Giant Swarm. It will be equipped with a basic set of data sources for Loki, Mimir and Alertmanager, allowing you access to the myonlineshop tenant.
The Role Base Access Control (RBAC) section defines how to assign groups from your configured identity provider to Grafana available roles (Admin, Editor, Viewer). For organization mapping, you can read the official Grafana documentation.
Note that only the admins field is mandatory in this section.
The tenant field is used to grant access to the specified tenants, but also serves as tenant governance. This means that only tenants listed in at least one Grafana Organisation CRD are accepted targets in the write path and can receive data. Data sent to a tenant that is not listed in any Grafana Organisation CRDs tenant field will just be dropped.
Warning: Removing a tenant from all Grafana Organisation CRDs tenant fields also means, that you can no longer send data to that tenant!