From ff70f82ca865b68c408236bcf0dcd1d2c95c5c69 Mon Sep 17 00:00:00 2001 From: mbelfares Date: Mon, 8 Jun 2026 15:35:03 +0200 Subject: [PATCH] ingress for monitoring --- .github/workflows/deploy.yml | 10 +++++++++- helm/monitoring/values.yaml | 4 +++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index d768b39..50b6acb 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -79,10 +79,18 @@ jobs: if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }} run: | kubectl create namespace monitoring --dry-run=client -o yaml | kubectl apply -f - + + - name: Create Grafana OAuth secret + if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }} + run: | + kubectl create secret generic grafana-oauth-secret \ + -n monitoring \ + --from-literal=GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET="${{ secrets.GRAFANA_CLIENT_SECRET }}" \ + --dry-run=client -o yaml | kubectl apply -f - + - name: Create oauth2-proxy secrets if: ${{ inputs.service == 'all' || inputs.service == 'monitoring' }} run: | - kubectl create secret generic oauth2-proxy-prometheus \ -n monitoring \ --from-literal=client-id=prometheus \ diff --git a/helm/monitoring/values.yaml b/helm/monitoring/values.yaml index e0e155a..2a1d05e 100644 --- a/helm/monitoring/values.yaml +++ b/helm/monitoring/values.yaml @@ -1,6 +1,8 @@ grafana: enabled: true + envFromSecret: grafana-oauth-secret + grafana.ini: server: root_url: http://grafana.13.140.150.2.nip.io @@ -14,7 +16,7 @@ grafana: name: Keycloak allow_sign_up: true client_id: grafana - client_secret: kvULFcvaeWLYzivg1eJFYT9s0Nj674Qr + client_secret: $__env{GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET} scopes: openid email profile auth_url: http://keycloak.13.140.150.2.nip.io/auth/realms/airflow-realm/protocol/openid-connect/auth token_url: http://keycloak.13.140.150.2.nip.io/auth/realms/airflow-realm/protocol/openid-connect/token