enable gitea actions. add working grafana authentik auth

2025-05-08 10:07:36 -04:00
parent 1aa205b004
commit 85ff210135
3 changed files with 31 additions and 19 deletions
--- a/namespaces/git/gitea-chart.yml
+++ b/namespaces/git/gitea-chart.yml
@@ -39,6 +39,8 @@ spec:
        database:
          DB_TYPE: sqlite3
          NAME: /data/gitea/gitea.db
+        actions:
+          ENABLED: true
    actions:
      enabled: true
      provisioning:
--- a/namespaces/monitoring/authentik-oauth-client-secret.yml
+++ b/namespaces/monitoring/authentik-oauth-client-secret.yml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: authentik-oauth-client-secret
+  namespace: monitoring
+type: Opaque
+stringData:
+  client-secret: "P6VVD9VSOpewht6kYMqRpsPNp3BUcwcJ4DUzIYIwnQ6XWtfZU3sGF3y229dqpA52e9aQVS3Bcn7SZso7ANyb6z3kcsCS7V173nH7tZtrpmHE5e7mNnLfD4LdxPWn1iWO"
--- a/namespaces/monitoring/kube-prometheus-stack-chart.yml
+++ b/namespaces/monitoring/kube-prometheus-stack-chart.yml
@@ -8,27 +8,14 @@ spec:
  targetNamespace: monitoring
  repo: https://prometheus-community.github.io/helm-charts
  # https://artifacthub.io/packages/helm/prometheus-community/kube-prometheus-stack
-  version: 70.0.2
+  version: 70.7.0
  valuesContent: |-
-
-  grafana.ini:
-    auth:
-        signout_redirect_url: "https://login.keligrubb.com/application/o/<Slug of the application from above>/end-session/"
-        oauth_auto_login: true
-    auth.generic_oauth:
-        name: authentik
-        enabled: true
-        client_id: "<Client ID from above>"
-        client_secret: "<Client Secret from above>"
-        scopes: "openid profile email"
-        auth_url: "https://login.keligrubb.com/application/o/authorize/"
-        token_url: "https://login.keligrubb.com/application/o/ti needoken/"
-        api_url: "https://login.keligrubb.com/application/o/userinfo/"
-        # Optionally map user groups to Grafana roles
-        role_attribute_path: contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'
-
-
    grafana:
+      envValueFrom:
+        GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET:
+          secretKeyRef:
+            name: authentik-oauth-client-secret
+            key: client-secret
      defaultDashboardsTimezone: "US/Eastern"
      ingress:
        enabled: true
@@ -44,6 +31,21 @@ spec:
          - secretName: monitoring-tls
            hosts:
              - monitoring.keligrubb.com
+      grafana.ini:
+        server:
+          root_url: https://monitoring.keligrubb.com
+        auth:
+            signout_redirect_url: "https://login.keligrubb.com/application/o/grafana/end-session/"
+            oauth_auto_login: true
+        auth.generic_oauth:
+            name: authentik
+            enabled: true
+            client_id: "exAcNQX8GILZdQHGUQfa9Dpj0XGSjTVBpfagQ8VL"
+            scopes: "openid profile email"
+            auth_url: "https://login.keligrubb.com/application/o/authorize/"
+            token_url: "https://login.keligrubb.com/application/o/token/"
+            api_url: "https://login.keligrubb.com/application/o/userinfo/"
+            role_attribute_path: contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'
      additionalDataSources:
        - name: Loki
          type: loki