Fix: Remove Grafana blueprint and associated secrets for cleanup

2025-11-22 21:49:14 +01:00 · 2025-11-22 21:49:14 +01:00 · 9804df9756
commit 9804df9756
parent dd018ba8d3
3 changed files with 0 additions and 96 deletions
--- a/apps/authentik/templates/blueprint-grafana.yaml
+++ b/apps/authentik/templates/blueprint-grafana.yaml
@ -1,48 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: authentik-grafana-blueprint
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/part-of: authentik
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: grafana-blueprint
-data:
-  grafana.yaml: |
-    version: 1
-    metadata:
-      name: grafana-sso
-      labels:
-        managed-by: helm
-    entries:
-      - model: authentik_providers_oauth2.oauth2provider
-        id: grafana-provider
-        attrs:
-          name: Grafana
-          client_id: grafana
-          client_secret: !Secret authentik-client-secret-grafana@monitoring#GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
-          redirect_uris:
-            - https://grafana.noxxos.nl/login/generic_oauth
-          authorization_flow: !Flow default-provider-authorization-flow
-          invalidation_flow: !Flow default-provider-invalidation-flow
-          property_mappings:
-            - !PropertyMapping property-mapping-provider-openid-groups
-          signing_key: !Keypair authentik-self-signed-certificate
-      - model: authentik_core.application
-        id: grafana-app
-        attrs:
-          name: Grafana
-          slug: grafana
-          provider: !provider grafana-provider
-          launch_url: https://grafana.noxxos.nl
-          icon: https://static.goauthentik.io/img/icon/provider/grafana.png
-          group: Dashboards
-          policy_engine_mode: any
-      - model: authentik_policies_policybinding.policybinding
-        id: grafana-app-binding
-        attrs:
-          target: !application grafana-app
-          order: 0
-          enabled: true
-          policy: !Policy policy-everyone
--- a/apps/authentik/templates/grafana-sso-secret.yaml
+++ b/apps/authentik/templates/grafana-sso-secret.yaml
@ -1,14 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: authentik-client-secret-grafana
-  namespace: monitoring
-  labels:
-    app.kubernetes.io/part-of: authentik
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: grafana-sso
-type: Opaque
-stringData:
-  GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "grafana"
-  GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: {{ randAlphaNum 40 | quote }}
--- a/apps/authentik/templates/rbac.yaml
+++ b/apps/authentik/templates/rbac.yaml
@ -1,34 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: authentik-read-grafana-secret
-  namespace: monitoring # The namespace where the secret exists
-  labels:
-    app.kubernetes.io/part-of: authentik
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: grafana-sso
-rules:
- apiGroups: [""]
-  resources: ["secrets"]
-  resourceNames: ["authentik-client-secret-grafana"] # Grant access only to this specific secret
-  verbs: ["get"]
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: authentik-read-grafana-secret-binding
-  namespace: monitoring # The namespace where the secret and role exist
-  labels:
-    app.kubernetes.io/part-of: authentik
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: grafana-sso
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: authentik-read-grafana-secret
-subjects:
- kind: ServiceAccount
-  name: {{ include "authentik.fullname" . }} # The service account used by Authentik
-  namespace: {{ .Release.Namespace }} # The namespace where Authentik is running