59 lines
1.9 KiB
YAML
59 lines
1.9 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: grafana
|
|
namespace: monitoring
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: grafana
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: grafana
|
|
spec:
|
|
securityContext:
|
|
fsGroup: 472
|
|
containers:
|
|
- name: grafana
|
|
image: grafana/grafana
|
|
ports:
|
|
- containerPort: 3000
|
|
env:
|
|
- name: GF_AUTH_GENERIC_OAUTH_ENABLED
|
|
value: "true"
|
|
- name: GF_AUTH_GENERIC_OAUTH_NAME
|
|
value: "authentk"
|
|
- name: GF_AUTH_GENERIC_OAUTH_CLIENT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: client-id
|
|
name: grafana-oidc-secret
|
|
- name: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: client-secret
|
|
name: grafana-oidc-secret
|
|
- name: GF_AUTH_GENERIC_OAUTH_SCOPES
|
|
value: "openid profile email"
|
|
- name: GF_AUTH_GENERIC_OAUTH_AUTH_URL
|
|
value: "https://auth.dontddos.me/application/o/authorize/"
|
|
- name: GF_AUTH_GENERIC_OAUTH_TOKEN_URL
|
|
value: "https://auth.dontddos.me/application/o/token/"
|
|
- name: GF_AUTH_GENERIC_OAUTH_API_URL
|
|
value: "https://auth.dontddos.me/application/o/userinfo/"
|
|
- name: GF_AUTH_SIGNOUT_REDIRECT_URL
|
|
value: "https://auth.dontddos.me/application/o/grafana/end-session/"
|
|
- name: GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH
|
|
value: "contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'"
|
|
- name: GF_SERVER_ROOT_URL
|
|
value: "https://grafana.local.dontddos.me"
|
|
volumeMounts:
|
|
- name: grafana-storage
|
|
mountPath: /var/lib/grafana
|
|
volumes:
|
|
- name: grafana-storage
|
|
persistentVolumeClaim:
|
|
claimName: grafana-pvc
|
|
|