grafana: namespaceOverride: "monitoring" admin: existingSecret: "kube-prometheus-stack-grafana-admin-password" userKey: admin-user passwordKey: admin-password defaultDashboardsTimezone: Europe/Berlin additionalDataSources: - name: Loki type: loki url: http://loki-loki-distributed-gateway.monitoring:80 # syncPolicy: # syncOptions: # - ServerSideApply=true sidecar: dashboards: enabled: true label: grafana_dashboard folder: /tmp/dashboards updateIntervalSeconds: 10 folderAnnotation: grafana_folder provider: allowUiUpdates: true foldersFromFilesStructure: true grafana.ini: server: domain: {{{ .Env.DOMAIN }}} root_url: "%(protocol)s://%(domain)s/grafana" serve_from_sub_path: true auth: disable_login: true disable_login_form: true auth.generic_oauth: enabled: true name: Keycloak-OAuth allow_sign_up: true use_refresh_token: true client_id: grafana client_secret: $__file{/etc/secrets/auth_generic_oauth/client_secret} scopes: openid email profile offline_access roles email_attribute_path: email login_attribute_path: username name_attribute_path: full_name auth_url: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/protocol/openid-connect/auth token_url: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/protocol/openid-connect/token api_url: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/protocol/openid-connect/userinfo redirect_uri: http://{{{ .Env.DOMAIN }}}/grafana/login/generic_oauth role_attribute_path: "contains(groups[*], 'admin') && 'Admin' || contains(groups[*], 'editor') && 'Editor' || 'Viewer'" extraSecretMounts: - name: auth-generic-oauth-secret-mount secretName: auth-generic-oauth-secret defaultMode: 0440 mountPath: /etc/secrets/auth_generic_oauth readOnly: true serviceMonitor: # If true, a ServiceMonitor CRD is created for a prometheus operator https://github.com/coreos/prometheus-operator enabled: true #monitoring nginx prometheus: prometheusSpec: podMonitorSelectorNilUsesHelmValues: false serviceMonitorSelectorNilUsesHelmValues: false