From e5eec5b779c38de2f938fe19f723ae3c839c1764 Mon Sep 17 00:00:00 2001
From: mbelfares <belfares.idir@gmail.com>
Date: Mon, 8 Jun 2026 16:23:50 +0200
Subject: [PATCH] keycloak for grafana

---
 helm/monitoring/values.yaml | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/helm/monitoring/values.yaml b/helm/monitoring/values.yaml
index eb7de95..af83570 100644
--- a/helm/monitoring/values.yaml
+++ b/helm/monitoring/values.yaml
@@ -1,33 +1,31 @@
 grafana:
   enabled: true
 
-  envFromSecret: grafana-oauth-secret
-
-  env:
-    GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
+  extraSecretMounts:
+    - name: grafana-oauth-secret
+      secretName: grafana-oauth-secret
+      mountPath: /etc/secrets
+      readOnly: true
 
   grafana.ini:
     server:
       root_url: http://grafana.13.140.150.2.nip.io
 
     auth:
-      signout_redirect_url: http://grafana.13.140.150.2.nip.io
       disable_login_form: true
-      oauth_auto_login: true
 
     auth.generic_oauth:
       enabled: true
       name: Keycloak
       allow_sign_up: true
       client_id: grafana
-      client_secret: $__env{GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET}
+      client_secret: $__file{/etc/secrets/GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET}
       scopes: openid email profile
       auth_url: http://keycloak.13.140.150.2.nip.io/auth/realms/airflow-realm/protocol/openid-connect/auth
       token_url: http://keycloak.13.140.150.2.nip.io/auth/realms/airflow-realm/protocol/openid-connect/token
       api_url: http://keycloak.13.140.150.2.nip.io/auth/realms/airflow-realm/protocol/openid-connect/userinfo
       email_attribute_path: email
       login_attribute_path: preferred_username
-      name_attribute_path: full_name
 
   ingress:
     enabled: true