sync with latest changes

namespaces/monitoring/grafana-config.yml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-config
+  namespace: monitoring  # Change if using a different namespace
+data:
+  grafana.ini: |
+    [auth]
+    signout_redirect_url = https://authentik.company/application/o/<Slug of the application>/end-session/
+    oauth_auto_login = true
+
+    [auth.generic_oauth]
+    name = authentik
+    enabled = true
+    client_id = "<Client ID from above>"
+    client_secret = "<Client Secret from above>"
+    scopes = openid profile email
+    auth_url = https://authentik.company/application/o/authorize/
+    token_url = https://authentik.company/application/o/token/
+    api_url = https://authentik.company/application/o/userinfo/
+    role_attribute_path = contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'

namespaces/monitoring/kube-prometheus-stack-chart.yml

@@ -8,8 +8,26 @@ spec:
   targetNamespace: monitoring
   repo: https://prometheus-community.github.io/helm-charts
   # https://artifacthub.io/packages/helm/prometheus-community/kube-prometheus-stack
-  version: 69.4.1
+  version: 70.0.2
   valuesContent: |-
+
+  grafana.ini:
+    auth:
+        signout_redirect_url: "https://login.keligrubb.com/application/o/<Slug of the application from above>/end-session/"
+        oauth_auto_login: true
+    auth.generic_oauth:
+        name: authentik
+        enabled: true
+        client_id: "<Client ID from above>"
+        client_secret: "<Client Secret from above>"
+        scopes: "openid profile email"
+        auth_url: "https://login.keligrubb.com/application/o/authorize/"
+        token_url: "https://login.keligrubb.com/application/o/ti needoken/"
+        api_url: "https://login.keligrubb.com/application/o/userinfo/"
+        # Optionally map user groups to Grafana roles
+        role_attribute_path: contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'
+
+
     grafana:
       defaultDashboardsTimezone: "US/Eastern"
       ingress:
@@ -32,6 +50,21 @@ spec:
           access: proxy
           basicAuth: false
           url: http://loki-gateway.monitoring.svc.cluster.local
+      config:
+        auth:
+          signout_redirect_url: "https://login.keligrubb.com/application/o/grafana/end-session/"
+          oauth_auto_login: true
+        auth.generic_oauth:
+          name: authentik
+          enabled: true
+          client_id: "<Client ID from above>"
+          client_secret: "<Client Secret from above>"
+          scopes: "openid profile email"
+          auth_url: "https://login.keligrubb.com/application/o/authorize/"
+          token_url: "https://login.keligrubb.com/application/o/token/"
+          api_url: "https://login.keligrubb.com/application/o/userinfo/"
+          role_attribute_path: "contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'"
+
     kubelet:
       serviceMonitor:
         metricRelabelings:

namespaces/monitoring/loki-chart.yml

@@ -8,7 +8,7 @@ spec:
   targetNamespace: monitoring
   repo: https://grafana.github.io/helm-charts
   # https://artifacthub.io/packages/helm/grafana/loki
-  version: 6.27.0
+  version: 6.28.0
   valuesContent: |-
     loki:
       commonConfig: