44 lines
1.2 KiB
HCL
44 lines
1.2 KiB
HCL
resource "kubernetes_config_map_v1" "config" {
|
|
metadata {
|
|
name = "grafana"
|
|
namespace = var.namespace
|
|
labels = local.common-labels
|
|
}
|
|
data = {
|
|
"grafana.ini" = <<-EOF
|
|
[analytics]
|
|
check_for_updates = true
|
|
[grafana_net]
|
|
url = https://grafana.net
|
|
[log]
|
|
mode = console
|
|
[paths]
|
|
data = /var/lib/grafana/
|
|
logs = /var/log/grafana
|
|
plugins = /var/lib/grafana/plugins
|
|
provisioning = /etc/grafana/provisioning
|
|
[server]
|
|
domain = ''
|
|
root_url = 'https://${local.dns_name}/'
|
|
[users]
|
|
auto_assign_org = true
|
|
auto_assign_org_id = 1
|
|
[auth]
|
|
oauth_allow_insecure_email_lookup = true
|
|
signout_redirect_url = '${module.oauth2.sso_signout_url}'
|
|
oauth_auto_login = true
|
|
[auth.generic_oauth]
|
|
enabled = true
|
|
name = vynil
|
|
scopes = openid profile email
|
|
${var.issuer=="letsencrypt-prod"?";":""}tls_client_ca = /etc/local-certs/ca.crt
|
|
client_id = '${module.oauth2.client_id}'
|
|
client_secret = '${module.oauth2.client_secret}'
|
|
auth_url = '${module.oauth2.sso_authorize_url}'
|
|
api_url = '${module.oauth2.sso_userinfo_url}'
|
|
token_url = '${module.oauth2.sso_token_url}'
|
|
role_attribute_path = contains(groups, '${module.application.main_group}-admin') && 'Admin' || contains(groups, '${module.application.main_group}') && 'Editor' || 'Viewer'
|
|
EOF
|
|
}
|
|
}
|