From dcb9718b4a54c82fec8324fc806b659a2736bb80 Mon Sep 17 00:00:00 2001 From: DontDDoS Date: Thu, 8 Jan 2026 23:07:14 +0000 Subject: [PATCH] OIDC --- kubernetes/monitoring/grafana/deployment.yaml | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/kubernetes/monitoring/grafana/deployment.yaml b/kubernetes/monitoring/grafana/deployment.yaml index 6c20091..9331a33 100644 --- a/kubernetes/monitoring/grafana/deployment.yaml +++ b/kubernetes/monitoring/grafana/deployment.yaml @@ -19,6 +19,35 @@ spec: image: grafana/grafana ports: - containerPort: 3000 + env: + - name: GF_AUTH_GENERIC_OAUTH_ENABLED + value: "true" + - name: GF_AUTH_GENERIC_OAUTH_NAME + value: "authentk" + - name: GF_AUTH_GENERIC_OAUTH_CLIENT_ID + valueFrom: + secretKeyRef: + key: client-id + name: grafana-oidc-secret + - name: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: client-secret + name: grafana-oidc-secret + - name: GF_AUTH_GENERIC_OAUTH_SCOPES + value: "openid profile email" + - name: GF_AUTH_GENERIC_OAUTH_AUTH_URL + value: "https://auth.dontddos.me/application/o/authorize/" + - name: GF_AUTH_GENERIC_OAUTH_TOKEN_URL + value: "https://auth.dontddos.me/application/o/token/" + - name: GF_AUTH_GENERIC_OAUTH_API_URL + value: "https://auth.dontddos.me/application/o/userinfo/" + - name: GF_AUTH_SIGNOUT_REDIRECT_URL + value: "https://auth.dontddos.me/application/o/grafana/end-session/" + - name: GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH + value: "contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'" + - name: GF_SERVER_ROOT_URL + value: "https://grafana.local.dontddos.me" volumeMounts: - name: grafana-storage mountPath: /var/lib/grafana