feat(sso): added injection of the client secret to grafana

2025-08-15 09:46:49 +02:00 · 2025-08-15 09:46:49 +02:00 · 9d2c3f7de9
commit 9d2c3f7de9
parent cbc8752fa1
1 changed files with 13 additions and 1 deletions
--- a/otc/observability.t09.de/stacks/observability/grafana-operator/manifests/grafana.yaml
+++ b/otc/observability.t09.de/stacks/observability/grafana-operator/manifests/grafana.yaml
@ -39,6 +39,18 @@ spec:
      - hosts:
        - grafana.observability.t09.de
        secretName: grafana-net-tls
+  deployment:
+    spec:
+      template:
+        spec:
+          containers:
+            - name: grafana
+              env:
+                - name: OAUTH_CLIENT_SECRET
+                  valueFrom:
+                    secretKeyRef:
+                      key: clientSecret
+                      name: dex-grafana-client
  config:
    log.console:
      level: debug
@ -53,7 +65,7 @@ spec:
      allow_sign_up: "true"
      use_refresh_token: "true"
      client_id: grafana
-      client_secret: "grafana123" # $__file{/etc/secrets/auth_generic_oauth/client_secret}
+      client_secret: $__env{OAUTH_CLIENT_SECRET}
      scopes: openid email profile offline_access groups
      auth_url: https://dex.observability.t09.de/auth
      token_url: https://dex.observability.t09.de/token