keligrubb/kubernetes
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

enable gitea actions. add working grafana authentik auth

Browse Source
This commit is contained in:
Madison Grubb
2025-05-08 10:07:36 -04:00
parent 1aa205b004
commit 85ff210135
3 changed files with 31 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
namespaces/git/gitea-chart.yml
View File

@@ -39,6 +39,8 @@ spec:
database: database:
DB_TYPE: sqlite3 DB_TYPE: sqlite3
NAME: /data/gitea/gitea.db NAME: /data/gitea/gitea.db
actions:
ENABLED: true
actions: actions:
enabled: true enabled: true
provisioning: provisioning:

8
namespaces/monitoring/authentik-oauth-client-secret.yml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
name: authentik-oauth-client-secret
namespace: monitoring
type: Opaque
stringData:
client-secret: "P6VVD9VSOpewht6kYMqRpsPNp3BUcwcJ4DUzIYIwnQ6XWtfZU3sGF3y229dqpA52e9aQVS3Bcn7SZso7ANyb6z3kcsCS7V173nH7tZtrpmHE5e7mNnLfD4LdxPWn1iWO"

40
namespaces/monitoring/kube-prometheus-stack-chart.yml
View File

@@ -8,27 +8,14 @@ spec:
targetNamespace: monitoring targetNamespace: monitoring
repo: https://prometheus-community.github.io/helm-charts repo: https://prometheus-community.github.io/helm-charts
# https://artifacthub.io/packages/helm/prometheus-community/kube-prometheus-stack # https://artifacthub.io/packages/helm/prometheus-community/kube-prometheus-stack
version: 70.0.2 version: 70.7.0
valuesContent: |- valuesContent: |-
grafana.ini:
auth:
signout_redirect_url: "https://login.keligrubb.com/application/o/<Slug of the application from above>/end-session/"
oauth_auto_login: true
auth.generic_oauth:
name: authentik
enabled: true
client_id: "<Client ID from above>"
client_secret: "<Client Secret from above>"
scopes: "openid profile email"
auth_url: "https://login.keligrubb.com/application/o/authorize/"
token_url: "https://login.keligrubb.com/application/o/ti needoken/"
api_url: "https://login.keligrubb.com/application/o/userinfo/"
# Optionally map user groups to Grafana roles
role_attribute_path: contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'
grafana: grafana:
envValueFrom:
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET:
secretKeyRef:
name: authentik-oauth-client-secret
key: client-secret
defaultDashboardsTimezone: "US/Eastern" defaultDashboardsTimezone: "US/Eastern"
ingress: ingress:
enabled: true enabled: true
@@ -44,6 +31,21 @@ spec:
- secretName: monitoring-tls - secretName: monitoring-tls
hosts: hosts:
- monitoring.keligrubb.com - monitoring.keligrubb.com
grafana.ini:
server:
root_url: https://monitoring.keligrubb.com
auth:
signout_redirect_url: "https://login.keligrubb.com/application/o/grafana/end-session/"
oauth_auto_login: true
auth.generic_oauth:
name: authentik
enabled: true
client_id: "exAcNQX8GILZdQHGUQfa9Dpj0XGSjTVBpfagQ8VL"
scopes: "openid profile email"
auth_url: "https://login.keligrubb.com/application/o/authorize/"
token_url: "https://login.keligrubb.com/application/o/token/"
api_url: "https://login.keligrubb.com/application/o/userinfo/"
role_attribute_path: contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'
additionalDataSources: additionalDataSources:
- name: Loki - name: Loki
type: loki type: loki