feat(observability): add Authentik OIDC login to Grafana
Configures generic_oauth in Grafana to authenticate via Authentik. Client secret loaded from grafana-oidc K8s secret. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -1,4 +1,22 @@
|
||||
grafana:
|
||||
envFromSecret: "grafana-oidc"
|
||||
grafana.ini:
|
||||
server:
|
||||
root_url: "https://grafana.alexandre-vazquez.cloud"
|
||||
auth.generic_oauth:
|
||||
enabled: true
|
||||
name: Authentik
|
||||
icon: signin
|
||||
client_id: 7ZYROfeGdeJ6WhmTucgWd3pxzhsIasqpUtWyk5ya
|
||||
client_secret: ${GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET}
|
||||
scopes: openid email profile
|
||||
auth_url: https://authentik.alexandre-vazquez.cloud/application/o/authorize/
|
||||
token_url: https://authentik.alexandre-vazquez.cloud/application/o/token/
|
||||
api_url: https://authentik.alexandre-vazquez.cloud/application/o/userinfo/
|
||||
use_pkce: true
|
||||
allow_sign_up: true
|
||||
auto_login: false
|
||||
role_attribute_path: "contains(groups[*], 'admins') && 'Admin' || 'Viewer'"
|
||||
additionalDataSources:
|
||||
- name: loki
|
||||
type: loki
|
||||
|
||||
Reference in New Issue
Block a user