From abccd2ce21586dcf5af3bb9ff89b1bbe63fe0a58 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simen=20R=C3=B8stvik?= <simen.rostvik@crayon.com>
Date: Fri, 9 Dec 2022 11:03:43 +0100
Subject: [PATCH] oauth?

---
 apps/templates/prometheus.yaml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/apps/templates/prometheus.yaml b/apps/templates/prometheus.yaml
index c9ed79c..f1bdd5f 100644
--- a/apps/templates/prometheus.yaml
+++ b/apps/templates/prometheus.yaml
@@ -33,6 +33,18 @@ spec:
           persistence:
             enabled: true
             storageClassName: longhorn
+          env:
+            GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
+            GF_AUTH_GENERIC_OAUTH_NAME: authentik
+            GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email
+            GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://authentik.roxedus.com/application/o/authorize/
+            GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://authentik.roxedus.com/application/o/token/
+            GF_AUTH_GENERIC_OAUTH_API_URL: https://authentik.roxedus.com/application/o/userinfo/
+            GF_AUTH_SIGNOUT_REDIRECT_URL: https://authentik.roxedus.com/application/o/grafana/
+            GF_AUTH_OAUTH_AUTO_LOGIN: "true"
+            GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'"
+          envFromSecrets:
+            - name: grafana-oauth
           ingress:
             enabled: true
             ingressClassName: traefik