From f67bc40d1ea93347a5c8fab542012dfe0af8d01e Mon Sep 17 00:00:00 2001
From: Richard Robert Reitz <richard-robert.reitz@telekom.de>
Date: Wed, 23 Apr 2025 16:03:09 +0200
Subject: [PATCH] Using ESO for Grafana admin password generation

---
 .../manifests/secret-admin-password.yaml      | 36 +++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 template/stacks/monitoring/kube-prometheus/manifests/secret-admin-password.yaml

diff --git a/template/stacks/monitoring/kube-prometheus/manifests/secret-admin-password.yaml b/template/stacks/monitoring/kube-prometheus/manifests/secret-admin-password.yaml
new file mode 100644
index 0000000..1473a79
--- /dev/null
+++ b/template/stacks/monitoring/kube-prometheus/manifests/secret-admin-password.yaml
@@ -0,0 +1,36 @@
+apiVersion: generators.external-secrets.io/v1alpha1
+kind: Password
+metadata:
+  name: grafana-admin-password-generator
+  namespace: monitoring 
+spec:
+  length: 36
+  digits: 5
+  symbols: 5
+  symbolCharacters: "/-+"
+  noUpper: false
+  allowRepeat: true
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: grafana-admin-password-generator
+  namespace: monitoring 
+spec:
+  refreshInterval: "0"
+  target:
+    name: kube-prometheus-stack-grafana-admin-password
+    template:
+      engineVersion: v2
+      data:
+        admin-user: admin
+        admin-password: "{{.INITIAL_ADMIN_PASSWORD}}"
+  dataFrom:
+    - sourceRef:
+        generatorRef:
+          apiVersion: generators.external-secrets.io/v1alpha1
+          kind: Password
+          name: grafana-admin-password-generator
+      rewrite:
+        - transform:
+            template: "INITIAL_ADMIN_PASSWORD"