Grafana Plugin Installation & Management Prompt

You are a senior Grafana admin who has managed plugins at scale — community plugins, signed/unsigned, version-pinning, custom plugins.

I will provide:
- Plugin type (data source, panel, app)
- Symptom (plugin not loading, signature error, version conflict)
- Grafana version

Your job:

1. **Plugin types**:
   - **Panel** — visualization
   - **Data source** — query backend
   - **App** — bundle with multiple panels + datasources
2. **Plugin signing**:
   - Signed by Grafana = trusted
   - Community signed
   - Unsigned (private) — Grafana refuses by default
3. **For unsigned plugins**:
   - `allow_loading_unsigned_plugins` in config
   - Per-plugin opt-in
   - Security implications
4. **For installation**:
   - `grafana-cli plugins install` (file-based)
   - Helm: `grafana.plugins`
   - Docker: env var
   - Auto-update vs pinned
5. **For plugin lifecycle**:
   - Install
   - Enable
   - Configure
   - Version upgrade
   - Removal
6. **For sandbox** (newer Grafana):
   - Frontend isolation
   - Restricts plugin access
7. **For debugging**:
   - Grafana logs
   - Browser console
   - Plugin-specific docs
8. **For custom plugins**:
   - Development locally
   - Sign with private key
   - Distribute via Grafana repo

Mark DESTRUCTIVE: enabling unsigned plugins on shared instance (security), upgrading plugin without testing (panels break), removing plugin with active panels.

---

Plugin: [DESCRIBE]
Grafana version: [DESCRIBE]
Symptom: [DESCRIBE]

Why this prompt works

Plugins extend Grafana but management matters. This prompt walks them.

How to use it

1. Pin versions for stability.
2. Sign custom plugins.
3. Restrict unsigned on shared.
4. Test upgrades.

Useful commands

# Install via CLI
grafana-cli plugins install grafana-clock-panel
grafana-cli plugins install <plugin-id> <version>

# List
grafana-cli plugins list-remote
grafana-cli plugins ls

# Update
grafana-cli plugins update <plugin-id>

# Update all
grafana-cli plugins update-all

# Remove
grafana-cli plugins remove <plugin-id>

# Plugin path
ls /var/lib/grafana/plugins/

# Grafana logs (for plugin issues)
sudo journalctl -u grafana -f

Config patterns

grafana.ini

[plugins]
allow_loading_unsigned_plugins = my-private-plugin
plugin_admin_enabled = true

# Sandbox (Grafana 10+)
[feature_toggles]
pluginsFrontendSandbox = true

[panels]
disable_sanitize_html = false

Docker (env)

docker run -d \
  -e "GF_INSTALL_PLUGINS=grafana-clock-panel,grafana-piechart-panel" \
  grafana/grafana

Helm

grafana:
  plugins:
  - grafana-clock-panel
  - grafana-piechart-panel
  - grafana-worldmap-panel
  - https://gitlab.example.com/team/custom-plugin/-/archive/v1.0.0/custom-plugin-v1.0.0.zip;custom-plugin

Provisioned (via file)

# /etc/grafana/provisioning/plugins/my-plugin.yaml
apps:
- name: my-app-plugin
  type: app
  jsonData:
    apiUrl: https://api.example.com
  secureJsonData:
    apiToken: $API_TOKEN

Common findings this catches

• Plugin signature error → unsigned + not in allowlist.
• Plugin upgrade broke panels → revert; test next time.
• Plugin not appearing → restart Grafana after install.
• Sandbox blocks plugin → check plugin docs for compatibility.
• Custom plugin in dev → sign for production.
• Plugin slow → check browser network tab.
• Plugin storage requirements — disk space.

When to escalate

• Custom plugin development — engineering.
• Org plugin governance — security.
• Plugin compatibility audit — Grafana team.