feat(sso): introduced grafana OAUTH config
This commit is contained in:
parent
b3f77644e9
commit
c8d5195dc7
1 changed files with 34 additions and 0 deletions
|
|
@ -17,6 +17,40 @@ spec:
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
storage: 10Gi
|
storage: 10Gi
|
||||||
|
deployment:
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: grafana
|
||||||
|
env:
|
||||||
|
- name: OAUTH_CLIENT_SECRET
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
key: clientSecret
|
||||||
|
name: dex-grafana-client
|
||||||
|
config:
|
||||||
|
log.console:
|
||||||
|
level: debug
|
||||||
|
server:
|
||||||
|
root_url: "https://{{{ .Env.DOMAIN_GRAFANA }}}"
|
||||||
|
auth:
|
||||||
|
disable_login: "true"
|
||||||
|
disable_login_form: "true"
|
||||||
|
auth.generic_oauth:
|
||||||
|
enabled: "true"
|
||||||
|
name: Forgejo
|
||||||
|
allow_sign_up: "true"
|
||||||
|
use_refresh_token: "true"
|
||||||
|
client_id: grafana
|
||||||
|
client_secret: $__env{OAUTH_CLIENT_SECRET}
|
||||||
|
scopes: openid email profile offline_access groups
|
||||||
|
auth_url: https://{{{ .Env.DOMAIN_DEX }}}/auth
|
||||||
|
token_url: https://{{{ .Env.DOMAIN_DEX }}}/token
|
||||||
|
api_url: https://{{{ .Env.DOMAIN_DEX }}}/userinfo
|
||||||
|
redirect_uri: https://{{{ .Env.DOMAIN_GRAFANA }}}/login/generic_oauth
|
||||||
|
role_attribute_path: "contains(groups[*], 'DevFW') && 'GrafanaAdmin' || 'None'"
|
||||||
|
allow_assign_grafana_admin: "true"
|
||||||
ingress:
|
ingress:
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue