If you are expecting high traffic on the Prometheus and/or Grafana interfaces it is recommended to expose DC/OS Monitoring over edge-lb. Without it, AdminRouter can limit the capabilities of Grafana.

Exposing Grafana over Edge-LB is a twofold process:

• Configure DC/OS Monitoring to disable AdminRouter proxy
• Configure an Edge-LB Pool to expose the Grafana service

Prerequisites

• DC/OS 1.12 or later.
• DC/OS CLI is installed.
• Edge-LB is installed.
• Edge-LB Service Account configured (in case of DC/OS Enterprise)
• You are logged in as a superuser.

Disable AdminRouter proxy on DC/OS Monitoring

It is important to disable AdminRouter proxy on Grafana service of DC/OS Monitoring. Failing to do so will cause invalid URL redirects when viewing the published service.

To disable the AdminRouter proxy on DC/OS Monitoring you should (re-)deploy it with the admin_router_proxy option set to false.

For example, your options.json should include the following option:

{
  "grafana": {
    "admin_router_proxy": false
  }
}

Crate an Edge-LB Pool

To expose the grafana service via Edge-LB we are going to create an Edge-LB pool that exposes the dcos-monitoring/grafana task under a designated port.

For example, to expose grafana on the public agent’s port 15002, create the following grafana-lb-pool.json file with the following contents:

{
  "apiVersion": "V2",
  "name": "grafana-lb",
  "count": 1,
  "haproxy": {
    "frontends": [
      {
        "bindPort": 15002,
        "protocol": "HTTP",
        "linkBackend": {
          "defaultBackend": "grafana-backend"
        }
      }
    ],
    "backends": [
      {
        "name": "grafana-backend",
        "protocol": "HTTP",
        "services": [
          {
            "mesos": {
              "frameworkName": "dcos-monitoring",
              "taskNamePattern": "^grafana-.*$"
            },
            "endpoint": {
              "port": 3000
            }
          }
        ]
      }
    ]
  }
}

Then create the pool using:

dcos edgelb create grafana-lb-pool.json

If you follow the principle of least-privilege when installing Edge-LB you should also grant the following permission to the Edge-LB principal:

dcos security org users grant edge-lb-principal dcos:adminrouter:service:dcos-edgelb/pools/grafana-lb full

Viewing Grafana from Outside

You can query the public endpoints of the pool from Edge-LB using:

dcos edgelb endpoints grafana-lb

You can then access Grafana from:

http://<EXTERNAL IP>:<PORT>