homelab/rke2-single-node
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Füge OAuth-Client-Secret für Grafana hinzu und erstelle PhaseSecret für geheime Daten

Browse Source
This commit is contained in:
Matthias Hinrichs
2026-01-16 11:45:21 +01:00
parent a412f21102
commit d879d2a368
1 changed files with 25 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
09_homelab_apps/homelab-apps/templates/kube-prometheus-stack.yaml
+24 -1
View File
@@ -17,6 +17,11 @@ spec:
helm: helm:
values: | values: |
grafana: grafana:
envValueFrom:
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET:
secretKeyRef:
name: kube-prometheus-secret
key: GENERIC_OAUTH_CLIENT_SECRET
grafana.ini: grafana.ini:
server: server:
root_url: https://grafana.k8s.hnrx.net root_url: https://grafana.k8s.hnrx.net
@@ -26,7 +31,6 @@ spec:
allow_sign_up: true allow_sign_up: true
auto_login: false # Auf true setzen, wenn das Standard-Login-Formular übersprungen werden soll auto_login: false # Auf true setzen, wenn das Standard-Login-Formular übersprungen werden soll
client_id: "4JtTfw2apna4ZnnXgPH6mnDfLCPoW6qy5fXiC03z" client_id: "4JtTfw2apna4ZnnXgPH6mnDfLCPoW6qy5fXiC03z"
client_secret: "MI7Fsw22Fl6ruiOhG3Z55F1QhuMoQKzF2GR3qGO3x41encrmubcGeqJc0JpQIKEFiVIUiNXQkQU0FGiaTshEZx5HK8qzPBMz8VbR2gGmcNy7szHkTrBfNsosHDFndvWi" # Am besten via Secret einbinden (siehe unten)
scopes: "openid profile email" scopes: "openid profile email"
auth_url: "https://auth.hnrx.net/application/o/authorize/" auth_url: "https://auth.hnrx.net/application/o/authorize/"
token_url: "https://auth.hnrx.net/application/o/token/" token_url: "https://auth.hnrx.net/application/o/token/"
@@ -127,3 +131,22 @@ spec:
backendRefs: backendRefs:
- name: alertmanager-operated - name: alertmanager-operated
port: 9093 port: 9093
---
apiVersion: secrets.phase.dev/v1alpha1
kind: PhaseSecret
metadata:
name: kube-prometheus-secret
namespace: kube-prometheus-stack
spec:
phaseApp: 'prometheus-stack' # The name of your Phase application
phaseAppEnv: 'production' # OPTIONAL - The Phase App Environment to fetch secrets from
phaseAppEnvPath: '/' # OPTIONAL Path within the Phase application environment to fetch secrets from
phaseHost: 'https://phase.hnrx.net' # OPTIONAL - URL of a Phase Console instance
authentication:
serviceToken:
serviceTokenSecretReference:
secretName: 'phase-service-token' # Name of the Phase Service Token with access to your application
secretNamespace: 'default'
managedSecretReferences:
- secretName: 'kube-prometheus-secret' # Name of the Kubernetes managed secret that Phase will sync
secretNamespace: 'kube-prometheus-stack'