New grafana-sso secret template, grafana passthroughs to faciliate new config

cb57cbbf · Ryan Garcia · 91be008f · cb57cbbf · cb57cbbf
Commit cb57cbbf authored 2 years ago by Ryan Garcia
--- a/chart/templates/monitoring/secret-sso.yaml
+++ b/chart/templates/monitoring/secret-sso.yaml
+{{- if and .Values.monitoring.enabled .Values.monitoring.sso.enabled .Values.monitoring.sso.grafana.client_id }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: grafana-sso
+  namespace: monitoring
+type: kubernetes.io/opaque
+stringData:
+  {{- if .Values.monitoring.sso.grafana.client_id }}
+  client_id: {{ .Values.monitoring.sso.grafana.client_id }}
+  {{- end }}
+  {{- if .Values.monitoring.sso.grafana.client_secret }}
+  client_secret: {{ .Values.monitoring.sso.grafana.client_secret }}
+  {{- end }}
+{{- end }}
--- a/chart/templates/monitoring/values.yaml
+++ b/chart/templates/monitoring/values.yaml
@@ -314,8 +314,12 @@ grafana:
      {{- if .Values.sso.name }}
      name: {{ .Values.sso.name }}
      {{- end }}
-      client_id: {{ .Values.monitoring.sso.grafana.client_id }}
-      client_secret: {{ .Values.monitoring.sso.grafana.client_secret }}
+      {{- if and .Values.monitoring.sso.enabled .Values.monitoring.sso.grafana.client_id }}
+      client_id: $__file{/etc/secrets/auth_generic_oauth/client_id}
+      {{- end }}
+      {{- if and .Values.monitoring.sso.enabled .Values.monitoring.sso.grafana.client_secret }}
+      client_secret: $__file{/etc/secrets/auth_generic_oauth/client_secret}
+      {{- end }}
      scopes: {{ .Values.monitoring.sso.grafana.scopes | default "openid profile email" }}
      auth_url: {{ default (include "sso.oidc.auth" .) .Values.monitoring.sso.grafana.auth_url }}
      token_url: {{ default (include "sso.oidc.token" .) .Values.monitoring.sso.grafana.token_url }}
@@ -330,6 +334,15 @@ grafana:
      {{- list "tls_client_key" .tls_client_key | include "bigbang.addValueIfSet" | indent 6 }}
    {{- end }}

+  {{- if and .Values.monitoring.sso.enabled .Values.monitoring.sso.grafana.client_id }}
+  extraSecretMounts:
+    - name: auth-generic-oauth-secret
+      mountPath: /etc/secrets/auth_generic_oauth
+      secretName: grafana-sso
+      defaultMode: 0440    
+      readOnly: true
+  {{- end }}
+
  {{- if $istioInjection }}
  serviceMonitor:
    scheme: https