Daniel Sy
ae26ec6a42
Update the OAuth client secret for Grafana and add new configurations for generic OAuth authentication. These changes enhance security and streamline the authentication process for Grafana by enabling OAuth with specific settings.
71 lines
1.7 KiB
YAML
71 lines
1.7 KiB
YAML
ingress:
|
|
enabled: true
|
|
className: nginx
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: main
|
|
hosts:
|
|
- host: dex.observability.t09.de
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
tls:
|
|
- hosts:
|
|
- dex.observability.t09.de
|
|
secretName: dex-cert
|
|
|
|
envVars:
|
|
- name: FORGEJO_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: dex-forgejo-client
|
|
key: clientSecret
|
|
- name: FORGEJO_CLIENT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: dex-forgejo-client
|
|
key: clientID
|
|
- name: OIDC_DEX_GRAFANA_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: dex-grafana-client
|
|
key: clientSecret
|
|
- name: OIDC_DEX_ARGO_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: dex-argo-client
|
|
key: clientSecret
|
|
|
|
config:
|
|
# Set it to a valid URL
|
|
issuer: https://dex.observability.t09.de
|
|
|
|
# See https://dexidp.io/docs/storage/ for more options
|
|
storage:
|
|
type: memory
|
|
|
|
oauth2:
|
|
skipApprovalScreen: true
|
|
alwaysShowLoginScreen: false
|
|
|
|
connectors:
|
|
- type: gitea
|
|
id: gitea
|
|
name: Forgejo
|
|
config:
|
|
clientID: "{{`{{ .Env.FORGEJO_CLIENT_ID }}`}}"
|
|
clientSecret: "{{`{{ .Env.FORGEJO_CLIENT_SECRET }}`}}"
|
|
redirectURI: https://dex.observability.t09.de/callback
|
|
baseURL: https://edp.buildth.ing
|
|
enablePasswordDB: false
|
|
|
|
staticClients:
|
|
- id: controller-argocd-dex
|
|
name: ArgoCD Client
|
|
redirectURIs:
|
|
- "http://argocd.observability.t09.de/auth/callback"
|
|
secret: "{{`{{ .Env.OIDC_DEX_ARGO_CLIENT_SECRET }}`}}"
|
|
- id: grafana
|
|
redirectURIs:
|
|
- "https://grafana.observability.t09.de/login/generic_oauth"
|
|
name: "Grafana"
|
|
secret: "thisisasecret"
|