badjware
/
home-stack-kustomize
1
0
Fork 0
Code Releases Activity

grafana oauth configuration

This commit is contained in:
Massaki Archambault 2022-08-28 18:29:26 -04:00
parent fe75573c34
commit c2c5aff42f
4 changed files with 29 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
kustomize/bases/grafana/grafana-deployment.yaml
View File

@ -29,12 +29,13 @@ spec:
env: env:
- name: GF_SERVER_DOMAIN - name: GF_SERVER_DOMAIN
value: ${GRAFANA_EXTERNAL_HOST} value: ${GRAFANA_EXTERNAL_HOST}
- name: GF_SERVER_ROOT_URL
value: https://${GRAFANA_EXTERNAL_HOST}/
# - name: GF_AUTH_ANONYMOUS_ENABLED # - name: GF_AUTH_ANONYMOUS_ENABLED
# value: "true" # value: "true"
- name: GF_INSTALL_PLUGINS - name: GF_INSTALL_PLUGINS
value: marcusolsson-json-datasource,marcusolsson-treemap-panel value: marcusolsson-json-datasource,marcusolsson-treemap-panel
- name: GF_FEATURE_TOGGLES_ENABLE args: ['--config', '/etc/grafana/provisioning/config/custom.ini']
value: ngalert
readinessProbe: readinessProbe:
failureThreshold: 3 failureThreshold: 3
httpGet: httpGet:
@ -66,12 +67,17 @@ spec:
volumeMounts: volumeMounts:
- name: grafana-datasources - name: grafana-datasources
mountPath: /etc/grafana/provisioning/datasources mountPath: /etc/grafana/provisioning/datasources
- name: grafana-config
mountPath: /etc/grafana/provisioning/config
- mountPath: /var/lib/grafana - mountPath: /var/lib/grafana
name: grafana-pv name: grafana-pv
volumes: volumes:
- name: grafana-datasources - name: grafana-datasources
configMap: configMap:
name: grafana-datasources name: grafana-datasources
- name: grafana-config
secret:
secretName: grafana-config
- name: grafana-pv - name: grafana-pv
persistentVolumeClaim: persistentVolumeClaim:
claimName: grafana-pvc claimName: grafana-pvc

6
kustomize/bases/grafana/kustomization.yaml
View File

@ -7,6 +7,12 @@ configMapGenerator:
files: files:
- datasources.yaml=provision/datasources.yaml - datasources.yaml=provision/datasources.yaml
secretGenerator:
- name: grafana-config
type: Opaque
literals:
- custom.ini=
# secretGenerator: # secretGenerator:
# - name: postgres-credentials # - name: postgres-credentials
# type: Opaque # type: Opaque

9
kustomize/overlays/prod/configurations/grafana/custom.ini Normal file
View File

@ -0,0 +1,9 @@
[auth.generic_oauth]
enabled = true
allow_sign_up = false
client_id = 5yCpX9YovdrEuBpy69438S8GzCUJZLxqFl4rOcIpjBHICRpJzjv56VMxslKj7iqm
client_secret = ${ssm:/k3s/prod/nextcloud/oidc/grafana/client_secret}
scopes = openid profile email
auth_url = https://cloud.badjware.dev/apps/oidc/authorize
token_url = https://cloud.badjware.dev/apps/oidc/token
api_url = https://cloud.badjware.dev/apps/oidc/userinfo

6
kustomize/overlays/prod/kustomization.yaml
View File

@ -65,6 +65,12 @@ secretGenerator:
behavior: replace behavior: replace
files: files:
- agent.yaml=configurations/grafana-agent/agent.yaml - agent.yaml=configurations/grafana-agent/agent.yaml
- name: grafana-config
type: Opaque
namespace: grafana
behavior: replace
files:
- custom.ini=configurations/grafana/custom.ini
# - name: grafana-cloud-credentials # - name: grafana-cloud-credentials
# type: Opaque # type: Opaque
# namespace: monitoring # namespace: monitoring