apiVersion: grafana.integreatly.org/v1beta1 kind: Grafana metadata: name: grafana labels: dashboards: "grafana" spec: persistentVolumeClaim: metadata: annotations: everest.io/disk-volume-type: GPSSD everest.io/crypt-key-id: 7032bf53-33aa-4bfa-bca2-052df19f6225 spec: storageClassName: csi-disk accessModes: - ReadWriteOnce resources: requests: storage: 10Gi deployment: spec: template: spec: containers: - name: grafana env: - name: OAUTH_CLIENT_SECRET valueFrom: secretKeyRef: key: clientSecret name: dex-grafana-client config: log.console: level: debug server: root_url: "https://grafana.edp.buildth.ing" auth: disable_login: "true" disable_login_form: "true" auth.generic_oauth: enabled: "true" name: Forgejo allow_sign_up: "true" use_refresh_token: "true" client_id: grafana client_secret: $__env{OAUTH_CLIENT_SECRET} scopes: openid email profile offline_access groups auth_url: https://dex.edp.buildth.ing/auth token_url: https://dex.edp.buildth.ing/token api_url: https://dex.edp.buildth.ing/userinfo redirect_uri: https://grafana.edp.buildth.ing/login/generic_oauth role_attribute_path: "contains(groups[*], 'DevFW') && 'GrafanaAdmin' || 'None'" allow_assign_grafana_admin: "true" ingress: metadata: annotations: cert-manager.io/cluster-issuer: main nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: ingressClassName: nginx rules: - host: grafana.edp.buildth.ing http: paths: - backend: service: name: grafana-service port: number: 3000 path: / pathType: Prefix tls: - hosts: - grafana.edp.buildth.ing secretName: grafana-net-tls