keycloak for grafana

helm/monitoring/values.yaml

@@ -1,33 +1,31 @@
 grafana:
   enabled: true
 
-  envFromSecret: grafana-oauth-secret
+  extraSecretMounts:
-
+    - name: grafana-oauth-secret
-  env:
+      secretName: grafana-oauth-secret
-    GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
+      mountPath: /etc/secrets
+      readOnly: true
 
   grafana.ini:
     server:
       root_url: http://grafana.13.140.150.2.nip.io
 
     auth:
-      signout_redirect_url: http://grafana.13.140.150.2.nip.io
       disable_login_form: true
-      oauth_auto_login: true
 
     auth.generic_oauth:
       enabled: true
       name: Keycloak
       allow_sign_up: true
       client_id: grafana
-      client_secret: $__env{GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET}
+      client_secret: $__file{/etc/secrets/GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET}
       scopes: openid email profile
       auth_url: http://keycloak.13.140.150.2.nip.io/auth/realms/airflow-realm/protocol/openid-connect/auth
       token_url: http://keycloak.13.140.150.2.nip.io/auth/realms/airflow-realm/protocol/openid-connect/token
       api_url: http://keycloak.13.140.150.2.nip.io/auth/realms/airflow-realm/protocol/openid-connect/userinfo
       email_attribute_path: email
       login_attribute_path: preferred_username
-      name_attribute_path: full_name
 
   ingress:
     enabled: true