DevFW-CICD/stacks
12
0
Fork 2
Code Issues Pull requests 3 Projects Releases Packages Wiki Activity Actions

Simplified Keycloaks Grafana config

Browse source
This commit is contained in:
Richard Robert Reitz 2025-03-02 14:52:08 +01:00
parent b58e373da9
commit 2d3ebadd50
2 changed files with 6 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
template/stacks/monitoring/kube-prometheus/values.yaml
View file

@ -51,7 +51,7 @@ grafana:
token_url: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/protocol/openid-connect/token token_url: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/protocol/openid-connect/token
api_url: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/protocol/openid-connect/userinfo api_url: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/protocol/openid-connect/userinfo
redirect_uri: http://{{{ .Env.DOMAIN }}}/grafana/login/generic_oauth redirect_uri: http://{{{ .Env.DOMAIN }}}/grafana/login/generic_oauth
role_attribute_path: "contains(resource_access.\"grafana\".roles[*], 'admin') && 'Admin' || contains(resource_access.\"grafana\".roles[*], 'editor') && 'Editor' || 'Viewer'" role_attribute_path: "contains(groups[*], 'admin') && 'Admin' || contains(groups[*], 'editor') && 'Editor' || 'Viewer'"
extraSecretMounts: extraSecretMounts:
- name: auth-generic-oauth-secret-mount - name: auth-generic-oauth-secret-mount

48
template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml
View file

@ -189,20 +189,13 @@ data:
"rootUrl": "https://{{{ .Env.DOMAIN }}}/grafana", "rootUrl": "https://{{{ .Env.DOMAIN }}}/grafana",
"adminUrl": "https://{{{ .Env.DOMAIN }}}/grafana", "adminUrl": "https://{{{ .Env.DOMAIN }}}/grafana",
"baseUrl": "https://{{{ .Env.DOMAIN }}}/grafana", "baseUrl": "https://{{{ .Env.DOMAIN }}}/grafana",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false, "alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "aQ1UV9Z6ZuLBwrgw8vV9ijf6LA95yMZL",
"redirectUris": [ "redirectUris": [
"http://{{{ .Env.DOMAIN }}}/grafana/*" "http://{{{ .Env.DOMAIN }}}/grafana/*"
], ],
"webOrigins": [ "webOrigins": [
"https://{{{ .Env.DOMAIN }}}/grafana" "https://{{{ .Env.DOMAIN }}}/grafana"
], ],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true, "standardFlowEnabled": true,
"implicitFlowEnabled": false, "implicitFlowEnabled": false,
"directAccessGrantsEnabled": true, "directAccessGrantsEnabled": true,
@ -211,50 +204,19 @@ data:
"frontchannelLogout": true, "frontchannelLogout": true,
"protocol": "openid-connect", "protocol": "openid-connect",
"attributes": { "attributes": {
"saml_idp_initiated_sso_url_name": "",
"oidc.ciba.grant.enabled": "false", "oidc.ciba.grant.enabled": "false",
"backchannel.logout.session.required": "true", "oauth2.device.authorization.grant.enabled": "false"
"display.on.consent.screen": "false",
"oauth2.device.authorization.grant.enabled": "false",
"backchannel.logout.revoke.offline.tokens": "false"
}, },
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"protocolMappers": [
{
"name": "client roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-client-role-mapper",
"consentRequired": false,
"config": {
"multivalued": "true",
"userinfo.token.claim": "false",
"user.attribute": "foo",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "resource_access.${client_id}.roles",
"jsonType.label": "String"
}
}
],
"defaultClientScopes": [ "defaultClientScopes": [
"web-origins", "web-origins",
"acr", "acr",
"roles",
"offline_access", "offline_access",
"roles",
"profile", "profile",
"groups",
"email" "email"
], ]
"optionalClientScopes": [
"address",
"phone",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
} }
--- ---