diff --git a/apps/authentik/templates/blueprint-grafana.yaml b/apps/authentik/templates/blueprint-grafana.yaml deleted file mode 100644 index 00ee625..0000000 --- a/apps/authentik/templates/blueprint-grafana.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: authentik-grafana-blueprint - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/part-of: authentik - app.kubernetes.io/managed-by: helm - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: grafana-blueprint -data: - grafana.yaml: | - version: 1 - metadata: - name: grafana-sso - labels: - managed-by: helm - entries: - - model: authentik_providers_oauth2.oauth2provider - id: grafana-provider - attrs: - name: Grafana - client_id: grafana - client_secret: !Secret authentik-client-secret-grafana@monitoring#GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET - redirect_uris: - - https://grafana.noxxos.nl/login/generic_oauth - authorization_flow: !Flow default-provider-authorization-flow - invalidation_flow: !Flow default-provider-invalidation-flow - property_mappings: - - !PropertyMapping property-mapping-provider-openid-groups - signing_key: !Keypair authentik-self-signed-certificate - - model: authentik_core.application - id: grafana-app - attrs: - name: Grafana - slug: grafana - provider: !provider grafana-provider - launch_url: https://grafana.noxxos.nl - icon: https://static.goauthentik.io/img/icon/provider/grafana.png - group: Dashboards - policy_engine_mode: any - - model: authentik_policies_policybinding.policybinding - id: grafana-app-binding - attrs: - target: !application grafana-app - order: 0 - enabled: true - policy: !Policy policy-everyone diff --git a/apps/authentik/templates/grafana-sso-secret.yaml b/apps/authentik/templates/grafana-sso-secret.yaml deleted file mode 100644 index e335873..0000000 --- a/apps/authentik/templates/grafana-sso-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: authentik-client-secret-grafana - namespace: monitoring - labels: - app.kubernetes.io/part-of: authentik - app.kubernetes.io/managed-by: helm - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: grafana-sso -type: Opaque -stringData: - GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "grafana" - GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: {{ randAlphaNum 40 | quote }} diff --git a/apps/authentik/templates/rbac.yaml b/apps/authentik/templates/rbac.yaml deleted file mode 100644 index f695b82..0000000 --- a/apps/authentik/templates/rbac.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: authentik-read-grafana-secret - namespace: monitoring # The namespace where the secret exists - labels: - app.kubernetes.io/part-of: authentik - app.kubernetes.io/managed-by: helm - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: grafana-sso -rules: -- apiGroups: [""] - resources: ["secrets"] - resourceNames: ["authentik-client-secret-grafana"] # Grant access only to this specific secret - verbs: ["get"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: authentik-read-grafana-secret-binding - namespace: monitoring # The namespace where the secret and role exist - labels: - app.kubernetes.io/part-of: authentik - app.kubernetes.io/managed-by: helm - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: grafana-sso -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: authentik-read-grafana-secret -subjects: -- kind: ServiceAccount - name: {{ include "authentik.fullname" . }} # The service account used by Authentik - namespace: {{ .Release.Namespace }} # The namespace where Authentik is running