Enhanced grafana yaml

template/stacks/monitoring/kube-prometheus/values.yaml

@@ -30,11 +30,10 @@ grafana:
 
   grafana.ini:
     server:
-      domain: factory-172-18-0-2.traefik.me
+      domain: {{{ .Env.DOMAIN }}}
       root_url: "%(protocol)s://%(domain)s/grafana"
       serve_from_sub_path: true
     auth:
-      oauth_allow_insecure_email_lookup: true
       disable_login: true
       disable_login_form: true
     auth.generic_oauth:
@@ -47,12 +46,11 @@ grafana:
       email_attribute_path: email
       login_attribute_path: username
       name_attribute_path: full_name
-      tls_skip_verify_insecure: true
-      auth_url: https://factory-172-18-0-2.traefik.me/keycloak/realms/cnoe/protocol/openid-connect/auth
-      token_url: https://factory-172-18-0-2.traefik.me/keycloak/realms/cnoe/protocol/openid-connect/token
-      api_url: https://factory-172-18-0-2.traefik.me/keycloak/realms/cnoe/protocol/openid-connect/userinfo
-      redirect_uri: http://factory-172-18-0-2.traefik.me/grafana/login/generic_oauth
-      role_attribute_path: contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'
+      auth_url: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/protocol/openid-connect/auth
+      token_url: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/protocol/openid-connect/token
+      api_url: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/protocol/openid-connect/userinfo
+      redirect_uri: http://{{{ .Env.DOMAIN }}}/grafana/login/generic_oauth
+      role_attribute_path: "contains(resource_access.\"grafana-oauth\".roles[*], 'admin') && 'Admin' || contains(resource_access.\"grafana-oauth\".roles[*], 'editor') && 'Editor' || 'Viewer'"
       
   extraSecretMounts:
     - name: auth-generic-oauth-secret-mount