61 lines
2.4 KiB
YAML
61 lines
2.4 KiB
YAML
---
|
|
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: grafana-secret
|
|
namespace: observability
|
|
spec:
|
|
secretStoreRef:
|
|
kind: ClusterSecretStore
|
|
name: onepassword-connect
|
|
target:
|
|
name: grafana-secret
|
|
creationPolicy: Owner
|
|
template:
|
|
engineVersion: v2
|
|
data:
|
|
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "{{ .authentik_grafana_oauth_client_secret }}"
|
|
GF_DATE_FORMATS_USE_BROWSER_LOCALE: "true"
|
|
GF_SERVER_ROOT_URL: https://grafana.hsn.dev
|
|
GF_DATABASE_NAME: ${DB_NAME}
|
|
GF_DATABASE_HOST: "grafana-primary.observability.svc:5432"
|
|
GF_DATABASE_USER: "{{ .grafana_postgres_user }}"
|
|
GF_DATABASE_PASSWORD: "{{ .grafana_postgres_password }}"
|
|
GF_DATABASE_SSL_MODE: "require"
|
|
GF_DATABASE_TYPE: postgres
|
|
GF_ANALYTICS_CHECK_FOR_UPDATES: "false"
|
|
GF_ANALYTICS_CHECK_FOR_PLUGIN_UPDATES: "false"
|
|
GF_ANALYTICS_REPORTING_ENABLED: "false"
|
|
GF_AUTH_ANONYMOUS_ENABLED: "false"
|
|
GF_AUTH_BASIC_ENABLED: "false"
|
|
GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
|
|
GF_AUTH_GENERIC_OAUTH_API_URL: https://auth.hsn.dev/application/o/userinfo/
|
|
GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://auth.hsn.dev/application/o/authorize/
|
|
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://auth.hsn.dev/application/o/token/
|
|
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: CoV7ae1HxuNzwCbVPf3U7TfYMX2rVqC5T9RAUo5M
|
|
GF_AUTH_GENERIC_OAUTH_EMPTY_SCOPES: "false"
|
|
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'"
|
|
GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email groups
|
|
GF_AUTH_OAUTH_AUTO_LOGIN: "true"
|
|
GF_EXPLORE_ENABLED: "true"
|
|
GF_FEATURE_TOGGLES_ENABLE: publicDashboards
|
|
GF_LOG_MODE: console
|
|
GF_NEWS_NEWS_FEED_ENABLED: "false"
|
|
GF_PLUGINS_ALLOW_LOADING_UNSIGNED_PLUGINS: natel-discrete-panel,pr0ps-trackmap-panel,panodata-map-panel
|
|
GF_SECURITY_COOKIE_SAMESITE: grafana
|
|
GF_SECURITY_ANGULAR_SUPPORT_ENABLED: "true"
|
|
|
|
dataFrom:
|
|
- extract:
|
|
key: Authentik
|
|
rewrite:
|
|
- regexp:
|
|
source: "(.*)"
|
|
target: "authentik_$1"
|
|
- extract:
|
|
key: grafana
|
|
rewrite:
|
|
- regexp:
|
|
source: "(.*)"
|
|
target: "grafana_$1"
|