From 149cc32c1d150246632ecee6bd9da6e11f26c330 Mon Sep 17 00:00:00 2001 From: itumi Date: Tue, 10 Feb 2026 15:38:46 +0200 Subject: [PATCH] test --- grafana.yaml | 36 ++++++++++++++---------------------- 1 file changed, 14 insertions(+), 22 deletions(-) diff --git a/grafana.yaml b/grafana.yaml index be5b44d..bb96405 100644 --- a/grafana.yaml +++ b/grafana.yaml @@ -40,7 +40,6 @@ spec: labels: app: grafana spec: - # Grafana official image runs as UID/GID 472 securityContext: fsGroup: 472 containers: @@ -50,7 +49,6 @@ spec: ports: - containerPort: 3000 name: http - env: # sqlite DB on PVC - name: GF_DATABASE_TYPE @@ -58,7 +56,7 @@ spec: - name: GF_DATABASE_PATH value: /var/lib/grafana/grafana.db - # Ingress URL (important for OAuth callback + absolute links) + # Ingress URL (important for OAuth callback + links) - name: GF_SERVER_ROOT_URL value: https://grafana-jake.ee-lte-1.codemowers.io/ - name: GF_SERVER_SERVE_FROM_SUB_PATH @@ -72,35 +70,34 @@ spec: - name: GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP value: "true" - # pkce=false matches your OIDCClient style + # matches OIDCClient pkce: false - name: GF_AUTH_GENERIC_OAUTH_USE_PKCE value: "false" # IMPORTANT: - # Replace "grafana-jake-oidc" with the actual Secret created by the OIDCClient controller - # (see "What to do next" section below) + # After OIDCClient grafana-jake is created successfully, + # set this secret name to the generated one (likely oidc-client-grafana-jake-owner-secrets) - name: GF_AUTH_GENERIC_OAUTH_CLIENT_ID valueFrom: secretKeyRef: - name: grafana-jake-oidc - key: client_id + name: oidc-client-grafana-jake-owner-secrets + key: OIDC_CLIENT_ID - name: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET valueFrom: secretKeyRef: - name: grafana-jake-oidc - key: client_secret + name: oidc-client-grafana-jake-owner-secrets + key: OIDC_CLIENT_SECRET - name: GF_AUTH_GENERIC_OAUTH_SCOPES - value: "openid profile email" + value: "openid profile" - # Passmower issuer base: https://auth.ee-lte-1.codemowers.io/ - # DO NOT GUESS THE PATHS: fetch .well-known/openid-configuration and paste exact endpoints. + # From your existing OIDC secret: auth/token/me endpoints - name: GF_AUTH_GENERIC_OAUTH_AUTH_URL - value: "https://auth.ee-lte-1.codemowers.io/" + value: "https://auth.ee-lte-1.codemowers.io/auth" - name: GF_AUTH_GENERIC_OAUTH_TOKEN_URL - value: "https://auth.ee-lte-1.codemowers.io/" + value: "https://auth.ee-lte-1.codemowers.io/token" - name: GF_AUTH_GENERIC_OAUTH_API_URL - value: "https://auth.ee-lte-1.codemowers.io/" + value: "https://auth.ee-lte-1.codemowers.io/me" - name: GF_AUTH_GENERIC_OAUTH_SIGNOUT_REDIRECT_URL value: https://grafana-jake.ee-lte-1.codemowers.io/ @@ -111,7 +108,6 @@ spec: - name: grafana-datasources mountPath: /etc/grafana/provisioning/datasources readOnly: true - readinessProbe: httpGet: path: /api/health @@ -124,12 +120,10 @@ spec: port: 3000 initialDelaySeconds: 30 periodSeconds: 10 - volumes: - name: grafana-datasources configMap: name: grafana-datasources - volumeClaimTemplates: - metadata: name: grafana-storage @@ -198,8 +192,6 @@ metadata: namespace: memelord-jake spec: displayName: Grafana jake - # Grafana Generic OAuth callback endpoint: - # https:///login/generic_oauth uri: https://grafana-jake.ee-lte-1.codemowers.io/login/generic_oauth redirectUris: - https://grafana-jake.ee-lte-1.codemowers.io/login/generic_oauth @@ -211,5 +203,5 @@ spec: availableScopes: - openid - profile - - email + - offline_access pkce: false