Füge OAuth-Client-Secret für Grafana hinzu und erstelle PhaseSecret für geheime Daten
This commit is contained in:
Matthias Hinrichs
@@ -17,6 +17,11 @@ spec:
|
|||||||
helm:
|
helm:
|
||||||
values: |
|
values: |
|
||||||
grafana:
|
grafana:
|
||||||
|
envValueFrom:
|
||||||
|
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET:
|
||||||
|
secretKeyRef:
|
||||||
|
name: kube-prometheus-secret
|
||||||
|
key: GENERIC_OAUTH_CLIENT_SECRET
|
||||||
grafana.ini:
|
grafana.ini:
|
||||||
server:
|
server:
|
||||||
root_url: https://grafana.k8s.hnrx.net
|
root_url: https://grafana.k8s.hnrx.net
|
||||||
@@ -26,7 +31,6 @@ spec:
|
|||||||
allow_sign_up: true
|
allow_sign_up: true
|
||||||
auto_login: false # Auf true setzen, wenn das Standard-Login-Formular übersprungen werden soll
|
auto_login: false # Auf true setzen, wenn das Standard-Login-Formular übersprungen werden soll
|
||||||
client_id: "4JtTfw2apna4ZnnXgPH6mnDfLCPoW6qy5fXiC03z"
|
client_id: "4JtTfw2apna4ZnnXgPH6mnDfLCPoW6qy5fXiC03z"
|
||||||
client_secret: "MI7Fsw22Fl6ruiOhG3Z55F1QhuMoQKzF2GR3qGO3x41encrmubcGeqJc0JpQIKEFiVIUiNXQkQU0FGiaTshEZx5HK8qzPBMz8VbR2gGmcNy7szHkTrBfNsosHDFndvWi" # Am besten via Secret einbinden (siehe unten)
|
|
||||||
scopes: "openid profile email"
|
scopes: "openid profile email"
|
||||||
auth_url: "https://auth.hnrx.net/application/o/authorize/"
|
auth_url: "https://auth.hnrx.net/application/o/authorize/"
|
||||||
token_url: "https://auth.hnrx.net/application/o/token/"
|
token_url: "https://auth.hnrx.net/application/o/token/"
|
||||||
@@ -126,4 +130,23 @@ spec:
|
|||||||
value: /
|
value: /
|
||||||
backendRefs:
|
backendRefs:
|
||||||
- name: alertmanager-operated
|
- name: alertmanager-operated
|
||||||
port: 9093
|
port: 9093
|
||||||
|
---
|
||||||
|
apiVersion: secrets.phase.dev/v1alpha1
|
||||||
|
kind: PhaseSecret
|
||||||
|
metadata:
|
||||||
|
name: kube-prometheus-secret
|
||||||
|
namespace: kube-prometheus-stack
|
||||||
|
spec:
|
||||||
|
phaseApp: 'prometheus-stack' # The name of your Phase application
|
||||||
|
phaseAppEnv: 'production' # OPTIONAL - The Phase App Environment to fetch secrets from
|
||||||
|
phaseAppEnvPath: '/' # OPTIONAL Path within the Phase application environment to fetch secrets from
|
||||||
|
phaseHost: 'https://phase.hnrx.net' # OPTIONAL - URL of a Phase Console instance
|
||||||
|
authentication:
|
||||||
|
serviceToken:
|
||||||
|
serviceTokenSecretReference:
|
||||||
|
secretName: 'phase-service-token' # Name of the Phase Service Token with access to your application
|
||||||
|
secretNamespace: 'default'
|
||||||
|
managedSecretReferences:
|
||||||
|
- secretName: 'kube-prometheus-secret' # Name of the Kubernetes managed secret that Phase will sync
|
||||||
|
secretNamespace: 'kube-prometheus-stack'
|
||||||
Reference in New Issue
Block a user