I am looking at implementing Grafana, Prometheus and Loki in a kubernetes cluster where they are monitoring a number of our own, not open-source services.
We are NOT modifying Grafana or Loki (or any of the agents in play).
If I expose both my services and an instance of Grafana as a SAAS application over the public internet, does that mean that I have to publish the source code of my own services as well?
It seems a little crazy, but from reading both the AGPL V3 … especially section 13, but also the general internet, OSS Stackexchange, Wikipedia and other resources, that is my understanding.
So … is that correct? Do I have to distribute my non opensource sourcecode upon request if I do that?
We are excited that you joined our OSS community. Please read about some of the FAQs in the community
We got this question asked about the Licence a lot with different use cases and scenarios. I will suggest to please look in the forum using the search function OR use this link:
If you still cannot find your answer there, then I will ask our team.
I haven’t yet fully figured this out. At the moment we have landed on looking into the Grafana Enterprise license, but our legal team tells me that they interpret the section 1.3 of the enterprise license as a dangerous loophole. And I can see what they mean. That one states that the license is subject to the licenses of other open source products that may be used in Grafana, but I cant see a list of what licenses that my be … or is at the moment.
Also … the Enterprise License has me more than a little confused. Does it really only cover Grafana, and not Loki, Tempo and Promtail? There is no such page about that license for anything other than Grafana itself. Is that right?
So right now … the enterprise license could be a possibility. I think the AGPL License is out of the question unless you are using Grafana itself for something you wish to open source or disclose. At least thats what our legal team, that seems to be well versed in OSS licensing tells me. Even if we are never going to change a comma in the Grafana tooling.
But if Enterprise Licensing only covers Grafana? What to do then? I am more than a little confused.
Are all the customers that uses the entire Grafana stack, paying customers? How do they get around the licensing concerns that are here?
It sounds to me like there are feature equality between the free Enterprise and the OSS version.
" The Enterprise Edition is the default and recommended edition. It includes all the features of the OSS Edition, can be used for free and can be upgraded to the full Enterprise feature set"
But what about Tempo, Loki and Promtail? My question is if they have a similar free Enterprise License version. I cant see any containers published with those tags.
So unless people want to end up publishing their closed source applications that they monitor with Loki, Promtail and Tempo, how can they use this toolstack? (This interpretation is our legal team at my current client).
I have skimmed it earlier, and due to the nature of the data we will end up collecting on our customers behalf (its a SAAS solution and sometimes installed on prem ) cloud is not really an option.
Yes … on prem Grafana with Promtail and Loki (And Prometheus). Tempo and OpenTelemetry is next. It will run in Kubernetes.
At the moment in an AKS cluster though, but that is just for test and development.
Production for most of the more than 1000 customers will be on prem with maybe a few exceptions where we can use a cloud solution. For the on prem, we will probably be hosting a number of regionally shared but centrally located Loki, OTEL/Tempo and Prometheus stores, With each their own Grafana on top of that. But that implementation is at least a year in the future and the design is pending what we discover from the initial deployments. Users will be internal technical support teams.
This application is a big part of my customers business, so if there is any doubt as to IF they have to disclose the sourcecode because of a Shift Left license, or terms like in the enterprise license “This depends on the license of the open source software we use” and then that opensource software is not listed anywhere? That makes it a little hard to go the Grafana/Loki/Tempo/Promtail route for an implementation like this.
And I am really surprised, because I thought a lot of really large businesses are running this stack, but with what I see in license terms, I really dont understand how that is possible unless what they are monitoring is already open source software itself?
I really want to push for us using Grafana here, and avoid the operational overhead of something like the Elasticsearch/Opensearch database but that is at least a clear license, and the technical challenges there is something we can solve, unlike this licensing quagmire.
I sense some level of paranoia in your org towards cloud that might not be fully warranted imo.
Banks are in the cloud, governments, etc, what makes yours so special and more sensitive than the above?
Avoiding the cloud because of fear of exposure of data does in fact expose your data to more security issues exactly because you are storing it on prem.
But such could be the culture where you are at, like the place I work as well.
My customer is actually pushing for using the public cloud in any instance where it can, but local legislative (and cultural issues) keep local hospitals and healthcare facilities from using this, so we need to be able to provide a self hosted solution as well as a private and public cloud offering. Hospitals in Australia, generally have different rules from the same in Canada, Chile or India, or within the EU. So its not a binary cloud vs no cloud solution.
Also … I am working here as a cloud/kubernetes/cloud native architect, so I wouldnt say there are any fear of using the cloud. That is more restircted by local country legislative restrictions. And local healthcare policies.
Besides … the issues here are not cloud, but license related. Ill try and keep this discussion focused on that.
Hi @usman.ahmad Thanks for the link. I have seen it and it has led me to these three questions that noone seems to be able to answer.
So … For the AGPLV3 license, basically if you open source your own monitored stuff, you are in the clear, as I read his interpretations from the link in your message:
And then one can use the Enterprise License, with the HUGE disclaimer that you essentially have to live with that you are under the effective license of the other open source packages that are being used in Grafana.
From Section 1.3 it states
What are these other license and what is the terms? I really cant see what I am buying into here.
And the last issue is … I dont just want to use Grafana. I want to use Promtail, Loki and Tempo as well. But why are there no Enterprise license listed for those tools? There is only one for Grafana. Also … I can only find a Grafana Enterprise container image. There doesnt seem to be any for the other tools.
Am I really the only one who reads the license terms of these things?
We all read them but it seems your legal team reads too much into them, a good thing imo. But this becomes a liability when you cant get any forward traction.
Short of writing your own visulization using d3.js, maybe the licensing is not palpable for you guys