k8s-apps/grafana/grafana.yaml

apiVersion: grafana.integreatly.org/v1beta1
kind: Grafana
metadata:
  name: grafana
  namespace: grafana
  labels:
    dashboards: "grafana"
spec:
  config:
    log:
      mode: "console"
    server:
      root_url: "https://grafana.apps.undercloud.dev"
    auth:
      disable_login_form: "false"
      signout_redirect_url: "https://auth.apps.undercloud.dev/application/o/grafana/end-session/"
    auth.generic_oauth:
      enabled: "true"
      name: "authentik"
      allow_sign_up: "true"
      client_id: "${AUTH_CLIENT_ID}"
      client_secret: "${AUTH_CLIENT_SECRET}"
      scopes: "openid profile email groups"
      auth_url: "https://auth.apps.undercloud.dev/application/o/authorize/"
      token_url: "https://auth.apps.undercloud.dev/application/o/token/"
      api_url: "https://auth.apps.undercloud.dev/application/o/userinfo/"
      email_attribute_path: "email"
      login_attribute_path: "preferred_username"
      name_attribute_path: "name"
      role_attribute_path: "contains(groups[*], 'undercloud-administrators') && 'Admin' || 'Viewer'"

  persistentVolumeClaim:
    spec:
      accessModes:
        - ReadWriteMany
      storageClassName: cephfs-hyper
      resources:
        requests:
          storage: 5Gi

  deployment:
    spec:
      template:
        spec:
          containers:
            - name: grafana
              env:
                - name: GF_SECURITY_ADMIN_USER
                  valueFrom:
                    secretKeyRef:
                      name: grafana-admin-credentials
                      key: GF_SECURITY_ADMIN_USER
                - name: GF_SECURITY_ADMIN_PASSWORD
                  valueFrom:
                    secretKeyRef:
                      name: grafana-admin-credentials
                      key: GF_SECURITY_ADMIN_PASSWORD
                - name: AUTH_CLIENT_ID
                  valueFrom:
                    secretKeyRef:
                      name: grafana-oauth
                      key: client-id
                - name: AUTH_CLIENT_SECRET
                  valueFrom:
                    secretKeyRef:
                      name: grafana-oauth
                      key: client-secret