From 1d07937a9fea974482b7df14fb07413a6bb154b5 Mon Sep 17 00:00:00 2001 From: Marco van Zijl Date: Sat, 22 Nov 2025 21:45:01 +0100 Subject: [PATCH] Fix: Update Grafana OAuth2 client configuration for improved authentication --- apps/monitoring/grafana/values.yaml | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/apps/monitoring/grafana/values.yaml b/apps/monitoring/grafana/values.yaml index fb396ca..aca8b75 100644 --- a/apps/monitoring/grafana/values.yaml +++ b/apps/monitoring/grafana/values.yaml @@ -1,9 +1,5 @@ grafana: - adminUser: admin - adminPassword: changeme # TODO: Use secret management - - # Disable local persistence - using PostgreSQL database persistence: enabled: false @@ -20,8 +16,6 @@ grafana: mountPath: /secrets/my-db readOnly: true - envFromSecret: authentik-client-secret-grafana - datasources: datasources.yaml: apiVersion: 1 @@ -108,13 +102,15 @@ grafana: auth.generic_oauth: enabled: true name: Authentik - client_id: "$__from_env{GF_AUTH_GENERIC_OAUTH_CLIENT_ID}" - scopes: openid profile email - auth_url: https://auth.noxxos.nl/application/o/authorize/ - token_url: https://auth.noxxos.nl/application/o/token/ - api_url: https://auth.noxxos.nl/application/o/userinfo/ - role_attribute_path: contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer' + client_id: 0pmpT3FgXys01i0LovzVQdJPZ6nBD6ev6C8mJcKl + client_secret: Dl9RB84iba62VpL/ybD+plyu7Nt+7rv/S4gIwVFsG2c= + scopes: openid profile email groups + auth_url: https://sso.noxxos.nl/application/o/authorize/ + token_url: https://sso.noxxos.nl/application/o/token/ + api_url: https://sso.noxxos.nl/application/o/userinfo/ + role_attribute_path: contains(groups[*], 'Admin') && 'GrafanaAdmin' || 'Viewer' allow_sign_up: true + allow_assign_grafana_admin: true analytics: reporting_enabled: false