raikoo2/memelord-raiko
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

push

Browse Source
This commit is contained in:
Raiko Oll
2026-02-16 21:51:53 +02:00
parent 4c1750a6fd
commit d50b5f22e6
8 changed files with 73 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
templates/grafana.yaml
View File

@@ -2,8 +2,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: grafana-datasources
namespace: memelord-raiko
name: {{ .Release.Name }}-grafana-datasources
data:
datasources.yaml: |
apiVersion: 1
@@ -24,20 +23,19 @@ data:
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: grafana
namespace: memelord-raiko
name: {{ .Release.Name }}-grafana
labels:
app: grafana
app: {{ .Release.Name }}-grafana
spec:
serviceName: grafana
serviceName: {{ .Release.Name }}-grafana
replicas: 1
selector:
matchLabels:
app: grafana
app: {{ .Release.Name }}-grafana
template:
metadata:
labels:
app: grafana
app: {{ .Release.Name }}-grafana
spec:
containers:
- name: grafana
@@ -53,7 +51,7 @@ spec:
value: /var/lib/grafana/grafana.db
- name: GF_SERVER_ROOT_URL
value: https://grafana-raiko.ee-lte-1.codemowers.io
value: https://{{ .Values.grafanaHostname }}
- name: GF_AUTH_GENERIC_OAUTH_ENABLED
value: "true"
@@ -64,12 +62,12 @@ spec:
- name: GF_AUTH_GENERIC_OAUTH_CLIENT_ID
valueFrom:
secretKeyRef:
name: oidc-client-grafana-raiko-owner-secrets
name: oidc-client-grafana-{{ .Release.Name }}-owner-secrets
key: OIDC_CLIENT_ID
- name: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: oidc-client-grafana-raiko-owner-secrets
name: oidc-client-grafana-{{ .Release.Name }}-owner-secrets
key: OIDC_CLIENT_SECRET
- name: GF_AUTH_GENERIC_OAUTH_SCOPES
value: "openid profile groups"
@@ -79,8 +77,6 @@ spec:
value: "http://passmower.passmower.svc.cluster.local/token"
- name: GF_AUTH_GENERIC_OAUTH_API_URL
value: "http://passmower.passmower.svc.cluster.local/me"
# - name: GF_AUTH_GENERIC_OAUTH_SIGNOUT_REDIRECT_URL
# value: "https://auth.ee-lte-1.codemowers.io//openid/session/end"
- name: GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH
value: "contains(groups[*], 'github.com:codemowers:admins') && 'Admin' || Viewer"
@@ -94,11 +90,10 @@ spec:
- name: datasources
mountPath: /etc/grafana/provisioning/datasources
volumes:
- name: datasources
configMap:
name: grafana-datasources
name: {{ .Release.Name }}-grafana-datasources
volumeClaimTemplates:
- metadata:
@@ -114,14 +109,13 @@ spec:
apiVersion: v1
kind: Service
metadata:
name: grafana
namespace: memelord-raiko
name: {{ .Release.Name }}-grafana
labels:
app: grafana
app: {{ .Release.Name }}-grafana
spec:
type: ClusterIP
selector:
app: grafana
app: {{ .Release.Name }}-grafana
ports:
- name: http
port: 80
@@ -130,12 +124,11 @@ spec:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: grafana-raiko
namespace: memelord-raiko
name: grafana-{{ .Release.Name }}
spec:
secretName: grafana-raiko-tls
secretName: grafana-{{ .Release.Name }}-tls
dnsNames:
- grafana-raiko.ee-lte-1.codemowers.io
- {{ .Values.grafanaHostname }}
issuerRef:
name: letsencrypt
kind: ClusterIssuer
@@ -143,35 +136,33 @@ spec:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: grafana-raiko
namespace: memelord-raiko
name: grafana-{{ .Release.Name }}
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
rules:
- host: grafana-raiko.ee-lte-1.codemowers.io
- host: {{ .Values.grafanaHostname }}
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: grafana
name: {{ .Release.Name }}-grafana
port:
number: 80
tls:
- secretName: grafana-raiko-tls
- secretName: grafana-{{ .Release.Name }}-tls
---
apiVersion: codemowers.cloud/v1beta1
kind: OIDCClient
metadata:
name: grafana-raiko
namespace: memelord-raiko
name: grafana-{{ .Release.Name }}
spec:
displayName: Grafana Raiko
uri: https://grafana-raiko.ee-lte-1.codemowers.io/
displayName: Grafana {{ .Release.Name }}
uri: https://{{ .Values.grafanaHostname }}/
redirectUris:
- https://grafana-raiko.ee-lte-1.codemowers.io/login/generic_oauth
- https://{{ .Values.grafanaHostname }}/login/generic_oauth
grantTypes:
- authorization_code
- refresh_token