Grafana SSO
This commit is contained in:
parent
d43aa1dcc7
commit
b807525139
21
MetaObjects/grafana-sso-secret.yml
Normal file
21
MetaObjects/grafana-sso-secret.yml
Normal file
@ -0,0 +1,21 @@
|
||||
---
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: grafana-oauth
|
||||
namespace: prometheus
|
||||
spec:
|
||||
secretStoreRef:
|
||||
name: secret-store
|
||||
kind: ClusterSecretStore
|
||||
target:
|
||||
name: grafana-oauth
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/part-of: grafana
|
||||
dataFrom:
|
||||
- extract:
|
||||
key: prometheus/grafana-sso
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: Auto
|
@ -35,17 +35,17 @@ spec:
|
||||
storageClassName: longhorn
|
||||
env:
|
||||
GF_SERVER_ROOT_URL: https://%(domain)s/
|
||||
# GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
|
||||
# GF_AUTH_GENERIC_OAUTH_NAME: authentik
|
||||
# GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email
|
||||
# GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://authentik.roxedus.com/application/o/authorize/
|
||||
# GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://authentik.roxedus.com/application/o/token/
|
||||
# GF_AUTH_GENERIC_OAUTH_API_URL: https://authentik.roxedus.com/application/o/userinfo/
|
||||
# GF_AUTH_SIGNOUT_REDIRECT_URL: https://authentik.roxedus.com/application/o/grafana/
|
||||
# GF_AUTH_OAUTH_AUTO_LOGIN: "true"
|
||||
# GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'"
|
||||
# envFromSecrets:
|
||||
# - name: grafana-oauth
|
||||
GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
|
||||
GF_AUTH_GENERIC_OAUTH_NAME: authentik
|
||||
GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email
|
||||
GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://authentik.roxedus.com/application/o/authorize/
|
||||
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://authentik.roxedus.com/application/o/token/
|
||||
GF_AUTH_GENERIC_OAUTH_API_URL: https://authentik.roxedus.com/application/o/userinfo/
|
||||
GF_AUTH_SIGNOUT_REDIRECT_URL: https://authentik.roxedus.com/application/o/grafana/
|
||||
GF_AUTH_OAUTH_AUTO_LOGIN: "true"
|
||||
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'"
|
||||
envFromSecrets:
|
||||
- name: grafana-oauth
|
||||
ingress:
|
||||
enabled: true
|
||||
ingressClassName: traefik
|
||||
|
Loading…
Reference in New Issue
Block a user