Architecture Using the Grafana Operator Tenants can self-manage instances of Grafana to Query the managed Observability services. Usage Grafana Instance apiVersion: grafana.integreatly.org/v1beta1 kind: Grafana metadata: labels: app: grafana name: grafana spec: config: analytics: check_for_updates: 'false' reporting_enabled: 'false' auth: disable_login_form: 'true' disable_signout_menu: 'true' auth.anonymous: enabled: 'false' auth.proxy: enabled: 'true' auto_sign_up: 'true' enable_login_token: 'false' header_name: X-Auth-Request-Email headers: >- Name:X-Auth-Request-User Email:X-Auth-Request-Email users: auto_assign_org_role: Admin default_theme: light log: mode: console security: admin_password: start admin_user: root deployment: spec: template: spec: containers: - name: grafana image: grafana/grafana:11.0.0 Expose it using an Ingress Nginx with Zero Trust. apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: grafana-ingress annotations: nginx.ingress.kubernetes.io/auth-signin: https://sso.konst.fish/oauth2/start?rd=$scheme://$host$request_uri nginx.ingress.kubernetes.io/auth-url: https://sso.konst.fish/oauth2/auth nginx.ingress.kubernetes.io/auth-response-headers: X-Auth-Request-Email,X-Auth-Request-Groups,X-Auth-Request-User spec: ingressClassName: nginx rules: - host: "grafana-tenant.app.konst.fish" http: paths: - pathType: Prefix path: "/" backend: service: name: grafana-service port: number: 3000 Dashboards