From 0f8282ead68f085dd4c47416333c7335175dd1b6 Mon Sep 17 00:00:00 2001
From: richardrobertreitz <Richard-Robert.Reitz@telekom.de>
Date: Fri, 28 Feb 2025 14:08:07 +0000
Subject: [PATCH] Update template/stacks/monitoring/kube-prometheus/values.yaml

---
 .../monitoring/kube-prometheus/values.yaml    | 21 ++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/template/stacks/monitoring/kube-prometheus/values.yaml b/template/stacks/monitoring/kube-prometheus/values.yaml
index 942f6a6..22ffb4c 100644
--- a/template/stacks/monitoring/kube-prometheus/values.yaml
+++ b/template/stacks/monitoring/kube-prometheus/values.yaml
@@ -30,7 +30,7 @@ grafana:
 
   grafana.ini:
     server:
-      domain: {{{ .Env.DOMAIN }}}
+      domain: factory-172-18-0-2.traefik.me
       root_url: "%(protocol)s://%(domain)s/grafana"
       serve_from_sub_path: true
     auth:
@@ -41,19 +41,26 @@ grafana:
       enabled: true
       name: Keycloak-OAuth
       allow_sign_up: true
-      client_id: grafana-oauth
-      #client_secret: todo need to be set elsewhere
+      client_id: $__file{/etc/secrets/auth_generic_oauth/client_id}
+      client_secret: $__file{/etc/secrets/auth_generic_oauth/client_secret}
       scopes: openid email profile offline_access roles
       email_attribute_path: email
       login_attribute_path: username
       name_attribute_path: full_name
       tls_skip_verify_insecure: true
-      auth_url: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/protocol/openid-connect/auth
-      token_url: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/protocol/openid-connect/token
-      api_url: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/protocol/openid-connect/userinfo
-      redirect_uri: http://{{{ .Env.DOMAIN }}}/grafana/login/generic_oauth
+      auth_url: https://factory-172-18-0-2.traefik.me/keycloak/realms/cnoe/protocol/openid-connect/auth
+      token_url: https://factory-172-18-0-2.traefik.me/keycloak/realms/cnoe/protocol/openid-connect/token
+      api_url: https://factory-172-18-0-2.traefik.me/keycloak/realms/cnoe/protocol/openid-connect/userinfo
+      redirect_uri: http://factory-172-18-0-2.traefik.me/grafana/login/generic_oauth
       role_attribute_path: contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'
       
+  extraSecretMounts:
+    - name: auth-generic-oauth-secret-mount
+      secretName: auth-generic-oauth-secret
+      defaultMode: 0440
+      mountPath: /etc/secrets/auth_generic_oauth
+      readOnly: true
+
   serviceMonitor:
     # If true, a ServiceMonitor CRD is created for a prometheus operator https://github.com/coreos/prometheus-operator
     enabled: true