DevFW-CICD/stacks-instances
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Upgrade Grafana to 12.4.0 and add auth.jwt config for useKubeAuth

Browse source
This commit is contained in:
Martin McCaffery 2026-06-01 13:16:37 +01:00
parent 32fd6ffd54
commit e89d48c2a5
No known key found for this signature in database
GPG key ID: 7C4D0F375BCEE533
1 changed files with 13 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

13
otc/observability.buildth.ing/stacks/observability/grafana-operator/manifests/grafana.yaml
View file

@ -5,6 +5,7 @@ metadata:
labels:
dashboards: "grafana"
spec:
version: "12.4.0"
client:
useKubeAuth: true
persistentVolumeClaim:
@ -39,6 +40,18 @@ spec:
auth:
disable_login: "true"
disable_login_form: "true"
auth.jwt:
enabled: "true"
header_name: Authorization
username_claim: sub
email_claim: sub
auto_sign_up: "true"
role_attribute_strict: "true"
role_attribute_path: "contains(sub, 'system:serviceaccount:observability:grafana-operator') && 'GrafanaAdmin' || 'None'"
jwk_set_url: "https://kubernetes.default.svc:443/openid/v1/jwks"
jwk_set_bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
tls_client_ca: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
expect_claims: '{"aud": ["operator.grafana.com"]}'
auth.generic_oauth:
enabled: "true"
name: Forgejo