Grafana SSO

This commit is contained in:
Simen Røstvik 2022-12-26 02:19:17 +01:00
parent d43aa1dcc7
commit b807525139
No known key found for this signature in database
2 changed files with 32 additions and 11 deletions

View File

@ -0,0 +1,21 @@
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: grafana-oauth
namespace: prometheus
spec:
secretStoreRef:
name: secret-store
kind: ClusterSecretStore
target:
name: grafana-oauth
template:
metadata:
labels:
app.kubernetes.io/part-of: grafana
dataFrom:
- extract:
key: prometheus/grafana-sso
conversionStrategy: Default
decodingStrategy: Auto

View File

@ -35,17 +35,17 @@ spec:
storageClassName: longhorn
env:
GF_SERVER_ROOT_URL: https://%(domain)s/
# GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
# GF_AUTH_GENERIC_OAUTH_NAME: authentik
# GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email
# GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://authentik.roxedus.com/application/o/authorize/
# GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://authentik.roxedus.com/application/o/token/
# GF_AUTH_GENERIC_OAUTH_API_URL: https://authentik.roxedus.com/application/o/userinfo/
# GF_AUTH_SIGNOUT_REDIRECT_URL: https://authentik.roxedus.com/application/o/grafana/
# GF_AUTH_OAUTH_AUTO_LOGIN: "true"
# GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'"
# envFromSecrets:
# - name: grafana-oauth
GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
GF_AUTH_GENERIC_OAUTH_NAME: authentik
GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email
GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://authentik.roxedus.com/application/o/authorize/
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://authentik.roxedus.com/application/o/token/
GF_AUTH_GENERIC_OAUTH_API_URL: https://authentik.roxedus.com/application/o/userinfo/
GF_AUTH_SIGNOUT_REDIRECT_URL: https://authentik.roxedus.com/application/o/grafana/
GF_AUTH_OAUTH_AUTO_LOGIN: "true"
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'"
envFromSecrets:
- name: grafana-oauth
ingress:
enabled: true
ingressClassName: traefik