Added external secret for grafana keycloak client secret
This commit is contained in:
Richard Robert Reitz
parent
2d3ebadd50
commit
ec31f98889
3 changed files with 22 additions and 7 deletions
|
|
@ -41,7 +41,7 @@ grafana:
|
|||
name: Keycloak-OAuth
|
||||
allow_sign_up: true
|
||||
use_refresh_token: true
|
||||
client_id: $__file{/etc/secrets/auth_generic_oauth/client_id}
|
||||
client_id: grafana
|
||||
client_secret: $__file{/etc/secrets/auth_generic_oauth/client_secret}
|
||||
scopes: openid email profile offline_access roles
|
||||
email_attribute_path: email
|
||||
|
|
|
|||
|
|
@ -369,9 +369,6 @@ spec:
|
|||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID} | jq -e -r '.secret')
|
||||
|
||||
|
||||
|
||||
|
||||
echo "creating Grafana client"
|
||||
curl -sS -H "Content-Type: application/json" \
|
||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
|
|
@ -389,9 +386,6 @@ spec:
|
|||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID} | jq -e -r '.secret')
|
||||
|
||||
|
||||
|
||||
|
||||
echo "creating Backstage client"
|
||||
curl -sS -H "Content-Type: application/json" \
|
||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
|
|
|
|||
|
|
@ -0,0 +1,21 @@
|
|||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: auth-generic-oauth-secret
|
||||
namespace: monitoring
|
||||
spec:
|
||||
secretStoreRef:
|
||||
name: keycloak
|
||||
kind: ClusterSecretStore
|
||||
refreshInterval: "0"
|
||||
target:
|
||||
name: auth-generic-oauth-secret
|
||||
template:
|
||||
engineVersion: v2
|
||||
data:
|
||||
client_secret: "{{.GRAFANA_CLIENT_SECRET}}"
|
||||
data:
|
||||
- secretKey: GRAFANA_CLIENT_SECRET
|
||||
remoteRef:
|
||||
key: keycloak-clients
|
||||
property: GRAFANA_CLIENT_SECRET
|
||||
Loading…
Reference in a new issue