71 lines
2.7 KiB
YAML
71 lines
2.7 KiB
YAML
{{- if and
|
|
.Values.commons.auth.enabled (eq .Values.commons.auth.type "authentik")
|
|
.Values.grafana.ingress.enabled
|
|
}}
|
|
---
|
|
apiVersion: helm.toolkit.fluxcd.io/v2beta2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: authentik-application-grafana
|
|
spec:
|
|
chart:
|
|
spec:
|
|
sourceRef:
|
|
kind: GitRepository
|
|
name: "wrenix-helm-charts"
|
|
namespace: "flux-system"
|
|
chart: "./authentik-application"
|
|
reconcileStrategy: "Revision"
|
|
releaseName: authentik-application-infra-grafana
|
|
targetNamespace: {{ .Values.commons.auth.namespace }}
|
|
install:
|
|
{{- toYaml .Values.commons.helm.release.install | nindent 4 }}
|
|
test:
|
|
{{- toYaml .Values.commons.helm.release.test | nindent 4 }}
|
|
upgrade:
|
|
{{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
|
|
driftDetection:
|
|
{{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
|
|
interval: 10m
|
|
values:
|
|
{{- $url := default (printf "grafana.%s" .Values.commons.ingress.domain) .Values.grafana.ingress.host }}
|
|
blueprint:
|
|
authentik:
|
|
domain: "https://{{ .Values.commons.auth.authentik.domain }}"
|
|
provider:
|
|
type: "oidc"
|
|
name: "Grafana"
|
|
oidc:
|
|
clientType: "confidential"
|
|
redirectURL: "https://{{ $url }}/login/generic_oauth"
|
|
clientID: {{ .Values.grafana.auth.authentik.clientID | default (derivePassword 1 "long" .Values.commons.masterPassword "grafana" "clientID") | quote }}
|
|
clientSecret: {{ .Values.grafana.auth.authentik.clientSecret | default (derivePassword 1 "long" .Values.commons.masterPassword "grafana" "clientSecret") | quote }}
|
|
signingKey: "authentik Self-signed Certificate"
|
|
scopes:
|
|
- name: "authentik default OAuth Mapping: OpenID 'openid'"
|
|
- name: "authentik default OAuth Mapping: OpenID 'email'"
|
|
- name: "authentik default OAuth Mapping: OpenID 'profile'"
|
|
|
|
groups:
|
|
- slug: "app: infra"
|
|
bindID: "8c750219-36cd-47f4-8942-134f3dada96e"
|
|
|
|
- slug: "app: grafana - admin"
|
|
bindID: "d2bebd53-24b8-48d8-a479-d253971dc453"
|
|
parent: "app: infra"
|
|
|
|
- slug: "app: grafana - editor"
|
|
bind: "cff2982b-4b47-4e27-8d47-e6fec3e7cfac"
|
|
parent: "app: infra"
|
|
|
|
application:
|
|
group: "Infrastructure"
|
|
policyEngineMode: "any"
|
|
openInNewTab: true
|
|
publisher: "WrenIX's Infra"
|
|
slug: "infra-grafana"
|
|
name: "Grafana"
|
|
launchURL: "https://{{ $url }}"
|
|
icon: "https://{{ $url }}/public/img/grafana_icon.svg"
|
|
description: "Grafana is a multi-platform open source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the web when connected to supported data sources."
|
|
{{- end }}
|