55 lines
1.8 KiB
YAML
55 lines
1.8 KiB
YAML
persistence:
|
|
enabled: true
|
|
storageClassName: nfs-client
|
|
|
|
grafana.ini:
|
|
server:
|
|
root_url: https://grafana.mainscnt.eu
|
|
smtp:
|
|
enabled: true
|
|
host: smtp.system.svc.cluster.local
|
|
from_address: grafana@mainscnt.eu
|
|
from_name: "Mainscnt Grafana Pseudouser"
|
|
log:
|
|
level: debug
|
|
emails:
|
|
welcome_email_on_sign_up: true
|
|
security:
|
|
cookie_secure: true
|
|
cookie_samesite: none
|
|
auth:
|
|
disable_login_form: true
|
|
auth.anonymous:
|
|
enabled: true
|
|
org_name: "Main Org."
|
|
org_role: Viewer
|
|
auth.generic_oauth:
|
|
enabled: true
|
|
name: Mainscnt Grafana via Keycloak
|
|
allow_sign_up: true
|
|
client_id: mainscnt-grafana
|
|
scopes: openid email profile offline_access roles
|
|
email_attribute_path: email
|
|
login_attribute_path: username
|
|
name_attribute_path: fullname
|
|
auth_url: https://auth2.hottis.de/realms/hottis/protocol/openid-connect/auth
|
|
token_url: https://auth2.hottis.de/realms/hottis/protocol/openid-connect/token
|
|
api_url: https://auth2.hottis.de/realms/hottis/protocol/openid-connect/userinfo
|
|
role_attribute_path: "contains(roles[*], 'GrafanaAdmin') && 'GrafanaAdmin' || contains(roles[*], 'Admin') && 'Admin' || contains(roles[*], 'Editor') && 'Editor' || contains(roles[*], 'Viewer') && 'Viewer'"
|
|
role_attribute_strict: true
|
|
allow_assign_grafana_admin: true
|
|
tls_skip_verify_insecure: true
|
|
database:
|
|
type: postgres
|
|
host: timescaledb.database.svc.cluster.local
|
|
name: mainscntgrafana
|
|
ssl_mode: require
|
|
|
|
# add the oauth client secret in this secret with the key GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
|
|
# example:
|
|
# kubectl create secret generic grafana-oauth-secret --from-literal=GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET="geheim"
|
|
envFromSecrets:
|
|
- name: grafana-oauth-secret
|
|
- name: grafana-db-cred
|
|
|