shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

♻️ remove hardcoded authelia secrets

Browse Source
This commit is contained in:
auricom
2024-01-25 12:50:26 +01:00
parent 44d5719e78
commit c6c8ab1651
7 changed files with 31 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
kubernetes/apps/monitoring/grafana/app/helmrelease.yaml
View File

@@ -30,6 +30,10 @@ spec:
rbac:
pspEnabled: false
env:
GF_AUTH_GENERIC_OAUTH_API_URL: https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/userinfo
GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/authorization
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: grafana
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/token
GF_EXPLORE_ENABLED: true
GF_PANELS_DISABLE_SANITIZE_HTML: true
GF_LOG_FILTERS: rendering:debug
@@ -48,14 +52,9 @@ spec:
auth.generic_oauth:
enabled: true
name: Authelia
client_id: grafana
icon: signin
client_secret: "${SECRET_GRAFANA_OAUTH_CLIENT_SECRET}"
scopes: "openid profile email groups"
empty_scopes: false
auth_url: "https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/authorization"
token_url: "https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/token"
api_url: "https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/userinfo"
login_attribute_path: preferred_username
groups_attribute_path: groups
name_attribute_path: name