Sienna Meridian Satterwhite
ccfe8b877a
- Add Messages (email) service: backend, frontend, MTA in/out, MPA, SOCKS proxy, worker, DKIM config, and theme customization - Add Collabora deployment for document collaboration - Add Drive frontend nginx config and values - Add buildkitd namespace for in-cluster container builds - Add SeaweedFS remote sync and additional S3 buckets - Update vault secrets across namespaces (devtools, lasuite, media, monitoring, ory, storage) with expanded credential management - Update monitoring: rename grafana→metrics OAuth2Client, add Prometheus remote write and additional scrape configs - Update local/production overlays with resource patches - Remove stale login-ui resource patch from production overlay
33 lines
896 B
YAML
33 lines
896 B
YAML
# Hydra OAuth2Client for Grafana OIDC sign-in.
|
|
#
|
|
# Hydra Maester watches this CRD and:
|
|
# 1. Registers the client with Hydra
|
|
# 2. Creates K8s Secret "grafana-oidc" in monitoring namespace
|
|
# with CLIENT_ID and CLIENT_SECRET keys.
|
|
#
|
|
# Grafana picks up the secret via envFromSecret and interpolates
|
|
# ${CLIENT_ID} / ${CLIENT_SECRET} in grafana.ini at startup.
|
|
#
|
|
# DOMAIN_SUFFIX is substituted by sunbeam apply.
|
|
---
|
|
apiVersion: hydra.ory.sh/v1alpha1
|
|
kind: OAuth2Client
|
|
metadata:
|
|
name: grafana
|
|
namespace: monitoring
|
|
spec:
|
|
clientName: Grafana
|
|
grantTypes:
|
|
- authorization_code
|
|
- refresh_token
|
|
responseTypes:
|
|
- code
|
|
scope: openid email profile
|
|
redirectUris:
|
|
- https://metrics.DOMAIN_SUFFIX/login/generic_oauth
|
|
postLogoutRedirectUris:
|
|
- https://metrics.DOMAIN_SUFFIX/
|
|
tokenEndpointAuthMethod: client_secret_post
|
|
secretName: grafana-oidc
|
|
skipConsent: true
|