diff --git a/grafana.yaml b/grafana.yaml index 7e3e826..6eab288 100644 --- a/grafana.yaml +++ b/grafana.yaml @@ -28,6 +28,59 @@ spec: value: sqlite3 - name: GF_DATABASE_PATH value: /var/lib/grafana/grafana.db + - name: GF_AUTH_GENERIC_OAUTH_CLIENT_ID + valueFrom: + secretKeyRef: + name: oidc-client-memelord-sala-owner-secrets + key: OIDC_CLIENT_ID + - name: GF_AUTH_GENERIC_OAUTH_SCOPES + valueFrom: + secretKeyRef: + name: oidc-client-memelord-sala-owner-secrets + key: OIDC_AVAILABLE_SCOPES + - name: GF_AUTH_GENERIC_OAUTH_AUTH_URL + valueFrom: + secretKeyRef: + name: oidc-client-memelord-sala-owner-secrets + key: OIDC_IDP_AUTH_URI + - name: GF_AUTH_GENERIC_OAUTH_TOKEN_URL + valueFrom: + secretKeyRef: + name: oidc-client-memelord-sala-owner-secrets + key: OIDC_IDP_TOKEN_URI + - name: GF_AUTH_GENERIC_OAUTH_API_URL + valueFrom: + secretKeyRef: + name: oidc-client-memelord-sala-owner-secrets + key: OIDC_IDP_URI + - name: GF_ANALYTICS_REPORTING_ENABLED + value: "false" + - name: GF_ANALYTICS_CHECK_FOR_UPDATES + value: "false" + - name: GF_SERVER_DOMAIN + value: grafana-sala.ee-lte-1.codemowers.io + - name: GF_SERVER_ROOT_URL + value: "https://%(domain)s/" + - name: GF_AUTH_OAUTH_ALLOW_INSECURE_EMAIL_LOOKUP + value: "true" + - name: GF_AUTH_BASIC_ENABLED + value: "false" + - name: GF_AUTH_GENERIC_OAUTH_ENABLED + value: "true" + - name: GF_AUTH_GENERIC_OAUTH_NAME + value: OAuth + - name: GF_AUTH_GENERIC_OAUTH_ICON + value: signin + - name: GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP + value: "true" + - name: GF_AUTH_GENERIC_OAUTH_USE_PKCE + value: "true" + - name: GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH + value: Admin + - name: GF_AUTH_GENERIC_OAUTH_ALLOW_ASSIGN_GRAFANA_ADMIN + value: "true" + - name: GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION + value: "true" volumeMounts: - name: grafana-storage mountPath: /var/lib/grafana