feat(grafana): sso
This commit is contained in:
parent
0f320debab
commit
bf9aae1188
1 changed files with 15 additions and 1 deletions
|
|
@ -20,6 +20,20 @@ services:
|
|||
- GF_SECURITY_ADMIN_USER=admin
|
||||
- GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD}
|
||||
- GF_USERS_ALLOW_SIGN_UP=false
|
||||
- GF_SERVER_ROOT_URL=https://grafana.${PUBLIC_HOST}
|
||||
- GF_AUTH_GENERIC_OAUTH_ENABLED=true
|
||||
- GF_AUTH_GENERIC_OAUTH_NAME=SSO
|
||||
- GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=true
|
||||
- GF_AUTH_GENERIC_OAUTH_CLIENT_ID=grafana
|
||||
- GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=${GRAFANA_CLIENT_SECRET}
|
||||
- GF_AUTH_GENERIC_OAUTH_SCOPES=openid email profile offline_access roles
|
||||
- GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH=email
|
||||
- GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=preferred_username
|
||||
- GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=full_name
|
||||
- GF_AUTH_GENERIC_OAUTH_AUTH_URL=${OPENID_URL}/protocol/openid-connect/auth
|
||||
- GF_AUTH_GENERIC_OAUTH_TOKEN_URL=${OPENID_URL}/protocol/openid-connect/token
|
||||
- GF_AUTH_GENERIC_OAUTH_API_URL=${OPENID_URL}/protocol/openid-connect/userinfo
|
||||
- GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH=contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'
|
||||
networks:
|
||||
- monitoring
|
||||
- traefik
|
||||
|
|
@ -114,7 +128,7 @@ services:
|
|||
# - monitoring
|
||||
cadvisor:
|
||||
# ARM image
|
||||
image: gcr.io/cadvisor/cadvisor-arm64:v0.47.2
|
||||
image: gcr.io/cadvisor/cadvisor:v0.47.2
|
||||
container_name: cadvisor
|
||||
restart: unless-stopped
|
||||
command:
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue