diff --git a/kubernetes/apps/monitoring/grafana/app/externalsecret.yaml b/kubernetes/apps/monitoring/grafana/app/externalsecret.yaml new file mode 100644 index 000000000..e3d7ca01f --- /dev/null +++ b/kubernetes/apps/monitoring/grafana/app/externalsecret.yaml @@ -0,0 +1,22 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: grafana-secrets + namespace: monitoring +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: grafana-secret + creationPolicy: Owner + deletionPolicy: "Delete" + template: + engineVersion: v2 + data: + GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "{{ .GRAFANA_OAUTH_CLIENT_SECRET }}" + dataFrom: + - extract: + key: authelia diff --git a/kubernetes/apps/monitoring/grafana/app/helmrelease.yaml b/kubernetes/apps/monitoring/grafana/app/helmrelease.yaml index 9a9164c38..61c8ac975 100644 --- a/kubernetes/apps/monitoring/grafana/app/helmrelease.yaml +++ b/kubernetes/apps/monitoring/grafana/app/helmrelease.yaml @@ -27,6 +27,8 @@ spec: uninstall: keepHistory: false values: + annotations: + reloader.stakater.com/auto: "true" rbac: pspEnabled: false env: @@ -40,6 +42,8 @@ spec: GF_DATE_FORMATS_FULL_DATE: "DD.MM.YYYY hh:mm:ss" GF_SECURITY_ALLOW_EMBEDDING: true GF_SECURITY_COOKIE_SAMESITE: grafana + envFromSecrets: + - name: grafana-secret grafana.ini: analytics: check_for_updates: false diff --git a/kubernetes/apps/monitoring/grafana/app/kustomization.yaml b/kubernetes/apps/monitoring/grafana/app/kustomization.yaml index 72c948232..5358f1cd5 100644 --- a/kubernetes/apps/monitoring/grafana/app/kustomization.yaml +++ b/kubernetes/apps/monitoring/grafana/app/kustomization.yaml @@ -4,4 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: monitoring resources: + - ./externalsecret.yaml - ./helmrelease.yaml