diff --git a/chart/google-auth-example-values.yaml b/chart/google-auth-example-values.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..a52de28a6cc388ab2a77b2b3e00e660e94c4aded
--- /dev/null
+++ b/chart/google-auth-example-values.yaml
@@ -0,0 +1,17 @@
+#
+# The values below demonstrate how to override the default SSO provider (Keycloak) in favor of google auth.
+#
+# Current tested implementations and reference docs:
+# * grafana - https://grafana.com/docs/grafana/latest/auth/google/
+#
+
+monitoring:
+ sso:
+ grafana:
+ client_id: <client_id>
+ client_secret: <client_secret>
+ scopes: "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email"
+ allowed_domains: <allowed_domains>
+ auth_url: https://accounts.google.com/o/oauth2/auth
+ token_url: https://oauth2.googleapis.com/token
+ signout_redirect_url: https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=https://grafana.bigbang.dev
\ No newline at end of file
diff --git a/chart/templates/monitoring/values.yaml b/chart/templates/monitoring/values.yaml
index d30f60d5122687f148bc944cdc604a141738c923..d83f81e578f71299c4d532f6008acc1af1b89412 100644
--- a/chart/templates/monitoring/values.yaml
+++ b/chart/templates/monitoring/values.yaml
@@ -44,18 +44,19 @@ grafana:
{{- end }}
auth:
- signout_redirect_url: https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/logout
+ signout_redirect_url: {{ .Values.monitoring.sso.grafana.signout_redirect_url | default (tpl "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/logout" .) }}
auth.generic_oauth:
enabled: {{ .Values.monitoring.sso.enabled }}
client_id: {{ .Values.monitoring.sso.grafana.client_id }}
client_secret: {{ .Values.monitoring.sso.grafana.client_secret }}
scopes: {{ .Values.monitoring.sso.grafana.scopes | default "openid profile email" }}
- auth_url: https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/auth
- token_url: https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/token
- api_url: https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/userinfo
+ auth_url: {{ .Values.monitoring.sso.grafana.auth_url | default (tpl .Values.sso.auth_url .) }}
+ token_url: {{ .Values.monitoring.sso.grafana.token_url | default (tpl .Values.sso.token_url .) }}
+ api_url: {{ .Values.monitoring.sso.grafana.api_url | default (tpl "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/userinfo" .) }}
allow_sign_up: {{ .Values.monitoring.sso.grafana.allow_sign_up | default "True" }}
role_attribute_path: {{ .Values.monitoring.sso.grafana.role_attribute_path | default "Viewer" }}
+ allowed_domains: {{ .Values.monitoring.sso.grafana.allowed_domains }}
prometheus-node-exporter:
serviceAccount:
diff --git a/chart/values.yaml b/chart/values.yaml
index 959ab3e0e1a8d0a31206d8400c81549bcfac84bb..33a36eee61747c1d7416cb2b541692662307b422 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -67,6 +67,12 @@ sso:
# -- OIDC client secret used for packages authenticated through authservice
client_secret: ""
+ # -- OIDC token URL template string (to be used as default)
+ token_url: "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/token"
+
+ # -- OIDC auth URL template string (to be used as default)
+ auth_url: "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/auth"
+
# -- (Advanced) Flux reconciliation parameters.
# The default values provided will be sufficient for the majority of workloads.
flux: