itumi/memelord-jake
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

test

Browse Source
This commit is contained in:
itumi
2026-02-10 15:38:46 +02:00
parent dbe8b6a046
commit 149cc32c1d
1 changed files with 14 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
grafana.yaml
View File

@@ -40,7 +40,6 @@ spec:
labels:
app: grafana
spec:
# Grafana official image runs as UID/GID 472
securityContext:
fsGroup: 472
containers:
@@ -50,7 +49,6 @@ spec:
ports:
- containerPort: 3000
name: http
env:
# sqlite DB on PVC
- name: GF_DATABASE_TYPE
@@ -58,7 +56,7 @@ spec:
- name: GF_DATABASE_PATH
value: /var/lib/grafana/grafana.db
# Ingress URL (important for OAuth callback + absolute links)
# Ingress URL (important for OAuth callback + links)
- name: GF_SERVER_ROOT_URL
value: https://grafana-jake.ee-lte-1.codemowers.io/
- name: GF_SERVER_SERVE_FROM_SUB_PATH
@@ -72,35 +70,34 @@ spec:
- name: GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP
value: "true"
# pkce=false matches your OIDCClient style
# matches OIDCClient pkce: false
- name: GF_AUTH_GENERIC_OAUTH_USE_PKCE
value: "false"
# IMPORTANT:
# Replace "grafana-jake-oidc" with the actual Secret created by the OIDCClient controller
# (see "What to do next" section below)
# After OIDCClient grafana-jake is created successfully,
# set this secret name to the generated one (likely oidc-client-grafana-jake-owner-secrets)
- name: GF_AUTH_GENERIC_OAUTH_CLIENT_ID
valueFrom:
secretKeyRef:
name: grafana-jake-oidc
key: client_id
name: oidc-client-grafana-jake-owner-secrets
key: OIDC_CLIENT_ID
- name: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: grafana-jake-oidc
key: client_secret
name: oidc-client-grafana-jake-owner-secrets
key: OIDC_CLIENT_SECRET
- name: GF_AUTH_GENERIC_OAUTH_SCOPES
value: "openid profile email"
value: "openid profile"
# Passmower issuer base: https://auth.ee-lte-1.codemowers.io/
# DO NOT GUESS THE PATHS: fetch .well-known/openid-configuration and paste exact endpoints.
# From your existing OIDC secret: auth/token/me endpoints
- name: GF_AUTH_GENERIC_OAUTH_AUTH_URL
value: "https://auth.ee-lte-1.codemowers.io/<FILL_FROM_DISCOVERY_AUTHORIZATION_ENDPOINT>"
value: "https://auth.ee-lte-1.codemowers.io/auth"
- name: GF_AUTH_GENERIC_OAUTH_TOKEN_URL
value: "https://auth.ee-lte-1.codemowers.io/<FILL_FROM_DISCOVERY_TOKEN_ENDPOINT>"
value: "https://auth.ee-lte-1.codemowers.io/token"
- name: GF_AUTH_GENERIC_OAUTH_API_URL
value: "https://auth.ee-lte-1.codemowers.io/<FILL_FROM_DISCOVERY_USERINFO_ENDPOINT>"
value: "https://auth.ee-lte-1.codemowers.io/me"
- name: GF_AUTH_GENERIC_OAUTH_SIGNOUT_REDIRECT_URL
value: https://grafana-jake.ee-lte-1.codemowers.io/
@@ -111,7 +108,6 @@ spec:
- name: grafana-datasources
mountPath: /etc/grafana/provisioning/datasources
readOnly: true
readinessProbe:
httpGet:
path: /api/health
@@ -124,12 +120,10 @@ spec:
port: 3000
initialDelaySeconds: 30
periodSeconds: 10
volumes:
- name: grafana-datasources
configMap:
name: grafana-datasources
volumeClaimTemplates:
- metadata:
name: grafana-storage
@@ -198,8 +192,6 @@ metadata:
namespace: memelord-jake
spec:
displayName: Grafana jake
# Grafana Generic OAuth callback endpoint:
# https://<host>/login/generic_oauth
uri: https://grafana-jake.ee-lte-1.codemowers.io/login/generic_oauth
redirectUris:
- https://grafana-jake.ee-lte-1.codemowers.io/login/generic_oauth
@@ -211,5 +203,5 @@ spec:
availableScopes:
- openid
- profile
- email
- offline_access
pkce: false