From ce6c51eea97f94d27109a1774585347c9425f39d Mon Sep 17 00:00:00 2001
From: Richard Robert Reitz <reitzrobert77@gmail.com>
Date: Sun, 2 Mar 2025 10:47:25 +0100
Subject: [PATCH] Enhanced grafana yaml

---
 .../stacks/monitoring/kube-prometheus/values.yaml  | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/template/stacks/monitoring/kube-prometheus/values.yaml b/template/stacks/monitoring/kube-prometheus/values.yaml
index 22ffb4c..c0754b6 100644
--- a/template/stacks/monitoring/kube-prometheus/values.yaml
+++ b/template/stacks/monitoring/kube-prometheus/values.yaml
@@ -30,11 +30,10 @@ grafana:
 
   grafana.ini:
     server:
-      domain: factory-172-18-0-2.traefik.me
+      domain: {{{ .Env.DOMAIN }}}
       root_url: "%(protocol)s://%(domain)s/grafana"
       serve_from_sub_path: true
     auth:
-      oauth_allow_insecure_email_lookup: true
       disable_login: true
       disable_login_form: true
     auth.generic_oauth:
@@ -47,12 +46,11 @@ grafana:
       email_attribute_path: email
       login_attribute_path: username
       name_attribute_path: full_name
-      tls_skip_verify_insecure: true
-      auth_url: https://factory-172-18-0-2.traefik.me/keycloak/realms/cnoe/protocol/openid-connect/auth
-      token_url: https://factory-172-18-0-2.traefik.me/keycloak/realms/cnoe/protocol/openid-connect/token
-      api_url: https://factory-172-18-0-2.traefik.me/keycloak/realms/cnoe/protocol/openid-connect/userinfo
-      redirect_uri: http://factory-172-18-0-2.traefik.me/grafana/login/generic_oauth
-      role_attribute_path: contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'
+      auth_url: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/protocol/openid-connect/auth
+      token_url: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/protocol/openid-connect/token
+      api_url: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/protocol/openid-connect/userinfo
+      redirect_uri: http://{{{ .Env.DOMAIN }}}/grafana/login/generic_oauth
+      role_attribute_path: "contains(resource_access.\"grafana-oauth\".roles[*], 'admin') && 'Admin' || contains(resource_access.\"grafana-oauth\".roles[*], 'editor') && 'Editor' || 'Viewer'"
       
   extraSecretMounts:
     - name: auth-generic-oauth-secret-mount