diff --git a/grafana/grafana.yaml b/grafana/grafana.yaml index aafca8e..84ae904 100644 --- a/grafana/grafana.yaml +++ b/grafana/grafana.yaml @@ -8,6 +8,16 @@ stringData: client-id: "SI9HboFt4LgJWlMkLn1WBaCoB05tzOh4yxx3n1yM" client-secret: "jkornwtUxhDN9cRAktJhcolMywXpqOng9F8b9sVXeYbl7dyrta54LXPYqf24sTFrxHcd76OqM2CPtEVHZFTTuQywe1RwN5Gzax6QgOG41lU24QAxHtSLFym3G2bLZlc8" --- +apiVersion: v1 +kind: Secret +metadata: + name: grafana-admin-credentials + namespace: grafana +type: Opaque +stringData: + GF_SECURITY_ADMIN_USER: admin + GF_SECURITY_ADMIN_PASSWORD: your-password-here +--- apiVersion: grafana.integreatly.org/v1beta1 kind: Grafana metadata: @@ -16,19 +26,16 @@ metadata: labels: dashboards: "grafana" spec: + disableDefaultAdminSecret: true + config: log: mode: "console" - server: root_url: "https://grafana.apps.undercloud.dev" - auth: disable_login_form: "false" signout_redirect_url: "https://auth.apps.undercloud.dev/application/o/grafana/end-session/" - # optional later: - # oauth_auto_login: "true" - auth.generic_oauth: enabled: "true" name: "authentik" @@ -42,15 +49,6 @@ spec: email_attribute_path: "email" login_attribute_path: "preferred_username" name_attribute_path: "name" - # optional later: - # role_attribute_path: "contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'" - - security: - admin_user: admin - - adminPasswordSecret: - name: admin - key: pw persistentVolumeClaim: spec: @@ -68,6 +66,16 @@ spec: containers: - name: grafana env: + - name: GF_SECURITY_ADMIN_USER + valueFrom: + secretKeyRef: + name: grafana-admin-credentials + key: GF_SECURITY_ADMIN_USER + - name: GF_SECURITY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: grafana-admin-credentials + key: GF_SECURITY_ADMIN_PASSWORD - name: AUTH_CLIENT_ID valueFrom: secretKeyRef: