feat: Simplification of Grafana OIDC Configuration

29d63756 · Ryan Garcia · Ryan Garcia · 9b9e9577 · 29d63756 · 29d63756
Commit 29d63756 authored 4 years ago by Ryan Garcia Committed by Ryan Garcia 4 years ago
--- a/chart/templates/monitoring/monitoring-helmrelease.yaml
+++ b/chart/templates/monitoring/monitoring-helmrelease.yaml
@@ -50,6 +50,24 @@ spec:
      image:
        pullSecrets:
        - private-registry
+      grafana.ini:
+{{- if .Values.istio.enabled }}
+        server:
+          root_url: https://grafana.{{ .Values.hostname }}/
+{{- end }}
+        auth: 
+          signout_redirect_url: https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/logout
+        auth.generic_oauth:
+          enabled: {{ .Values.monitoring.sso.enabled }}
+          client_id: {{ .Values.monitoring.sso.grafana.client_id }}
+          client_secret: {{ .Values.monitoring.sso.grafana.client_secret }}
+          scopes: {{ .Values.monitoring.sso.grafana.scopes }}
+          auth_url: https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/auth
+          token_url: https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/token
+          api_url: https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/userinfo
+          allow_sign_up: {{ .Values.monitoring.sso.grafana.allow_sign_up }}
+          role_attribute_path: {{ .Values.monitoring.sso.grafana.role_attribute_path }}
+
    prometheus-node-exporter:
      serviceAccount:
        imagePullSecrets:

--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -155,7 +155,7 @@ monitoring:
  git:
    repo: https://repo1.dsop.io/platform-one/big-bang/apps/core/monitoring.git
    path: "./chart"
-    tag: "11.0.0-bb.6"
+    branch: "sso-support"
  sso:
    enabled: false
    prometheus:
@@ -167,6 +167,9 @@ monitoring:
    grafana:
      client_id: grafana
      client_secret: "change_me"
+      scopes: "Grafana"
+      allow_sign_up: "true"
+      role_attribute_path: "Viewer"
  values: {}
 # ----------------------------------------------------------------------------------------------------------------------