From 1e23ae83274e781facd54646d0a332ced5a9dece Mon Sep 17 00:00:00 2001 From: Alexander Rogov Date: Thu, 7 May 2026 16:27:09 +0300 Subject: [PATCH] Fix Grafana OIDC: add root_url and update role_attribute_path to MAS ULID --- .../metrics/kube-prometheus-stack-values.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/manifests/metrics/kube-prometheus-stack-values.yaml b/manifests/metrics/kube-prometheus-stack-values.yaml index c4fb4b3..ec1baef 100644 --- a/manifests/metrics/kube-prometheus-stack-values.yaml +++ b/manifests/metrics/kube-prometheus-stack-values.yaml @@ -88,3 +88,17 @@ grafana: access: proxy url: http://victoria-metrics.metrics.svc.cluster.local:8428 isDefault: false + assertNoLeakedSecrets: false + grafana.ini: + server: + root_url: https://grafana.mrt0rtikize.ru + auth.generic_oauth: + enabled: true + name: MAS + client_id: 01KQZH732S9CB8008FG115A38J + client_secret: KefR7H9CwS9UWvJP3vP5 + scopes: openid email + auth_url: https://auth.t0rt1k.tech/authorize + token_url: https://auth.t0rt1k.tech/oauth2/token + api_url: https://auth.t0rt1k.tech/oauth2/userinfo + role_attribute_path: "contains(sub, '01KKXR69CG7Y7BEM4QD2DYKMXN') && 'Admin' || 'Viewer'"