marco/veda
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: Update Grafana OAuth2 client secret references and RBAC labels for consistency

Browse Source
This commit is contained in:
Marco van Zijl 2025-11-12 07:27:39 +01:00
parent 2b844aba23
commit e91dead819
3 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
apps/authentik/templates/grafana-sso-secret.yaml
View File

@ -4,8 +4,11 @@ metadata:
name: authentik-client-secret-grafana name: authentik-client-secret-grafana
namespace: monitoring namespace: monitoring
labels: labels:
{{- include "authentik.labels" . | nindent 4 }} app.kubernetes.io/part-of: authentik
app.kubernetes.io/managed-by: helm
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/component: grafana-sso
type: Opaque type: Opaque
stringData: stringData:
client-id: "grafana" GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "grafana"
client-secret: {{ randAlphaNum 32 | quote }} GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: {{ randAlphaNum 40 | quote }}

10
apps/authentik/templates/rbac.yaml
View File

@ -4,7 +4,10 @@ metadata:
name: authentik-read-grafana-secret name: authentik-read-grafana-secret
namespace: monitoring # The namespace where the secret exists namespace: monitoring # The namespace where the secret exists
labels: labels:
{{- include "authentik.labels" . | nindent 4 }} app.kubernetes.io/part-of: authentik
app.kubernetes.io/managed-by: helm
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/component: grafana-sso
rules: rules:
- apiGroups: [""] - apiGroups: [""]
resources: ["secrets"] resources: ["secrets"]
@ -17,7 +20,10 @@ metadata:
name: authentik-read-grafana-secret-binding name: authentik-read-grafana-secret-binding
namespace: monitoring # The namespace where the secret and role exist namespace: monitoring # The namespace where the secret and role exist
labels: labels:
{{- include "authentik.labels" . | nindent 4 }} app.kubernetes.io/part-of: authentik
app.kubernetes.io/managed-by: helm
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/component: grafana-sso
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: Role kind: Role

4
apps/monitoring/grafana/values.yaml
View File

@ -108,8 +108,8 @@ grafana:
auth.generic_oauth: auth.generic_oauth:
enabled: true enabled: true
name: Authentik name: Authentik
client_id: "$__from_env{client-id}" client_id: "$__from_env{GF_AUTH_GENERIC_OAUTH_CLIENT_ID}"
client_secret: "$__from_env{client-secret}" client_secret: "$__from_env{GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET}"
scopes: openid profile email scopes: openid profile email
auth_url: https://auth.noxxos.nl/application/o/authorize/ auth_url: https://auth.noxxos.nl/application/o/authorize/
token_url: https://auth.noxxos.nl/application/o/token/ token_url: https://auth.noxxos.nl/application/o/token/