diff options
Diffstat (limited to 'kubernetes')
| -rw-r--r-- | kubernetes/namespaces/monitoring/grafana/configmap-ldap-toml.yaml | 51 | ||||
| -rw-r--r-- | kubernetes/namespaces/monitoring/grafana/configmap-ldap.yaml | 14 |
2 files changed, 65 insertions, 0 deletions
diff --git a/kubernetes/namespaces/monitoring/grafana/configmap-ldap-toml.yaml b/kubernetes/namespaces/monitoring/grafana/configmap-ldap-toml.yaml new file mode 100644 index 0000000..6b5d5ea --- /dev/null +++ b/kubernetes/namespaces/monitoring/grafana/configmap-ldap-toml.yaml @@ -0,0 +1,51 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-ldap-toml + namespace: monitoring +data: + grafana-ldap.toml: | + [[servers]] + # Ldap server host (specify multiple hosts space separated) + host = "ldap01.box.pydis.wtf" + # Default port is 389 or 636 if use_ssl = true + port = 636 + # Set to true if LDAP server should use an encrypted TLS connection (either with STARTTLS or LDAPS) + use_ssl = true + # If set to true, use LDAP with STARTTLS instead of LDAPS + start_tls = false + + root_ca_cert = "/opt/ipa-ca/pydis-ipa-cert.pem" + + # Search user bind dn + bind_dn = "uid=grafana,cn=users,cn=accounts,dc=box,dc=pydis,dc=wtf" + bind_password = "${LDAP_GRAFANA_PASSWORD}" + + timeout = 10 + + # Allow login using both username or username@email + search_filter = "(|(uid=%s)(mail=%s))" + + search_base_dns = ["cn=users,cn=accounts,dc=box,dc=pydis,dc=wtf"] + + [servers.attributes] + member_of = "memberOf" + email = "mail" + username = "uid" + name = "displayName" + + [[servers.group_mappings]] + group_dn = "cn=devops,cn=groups,cn=accounts,dc=box,dc=pydis,dc=wtf" + org_role = "Admin" + org_id = 2 + grafana_admin = true + + [[servers.group_mappings]] + group_dn = "cn=administrators,cn=groups,cn=accounts,dc=box,dc=pydis,dc=wtf" + org_id = 2 + org_role = "Editor" + + [[servers.group_mappings]] + group_dn = "*" + org_id = 2 + org_role = "Viewer" diff --git a/kubernetes/namespaces/monitoring/grafana/configmap-ldap.yaml b/kubernetes/namespaces/monitoring/grafana/configmap-ldap.yaml new file mode 100644 index 0000000..266bf7d --- /dev/null +++ b/kubernetes/namespaces/monitoring/grafana/configmap-ldap.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-ldap + namespace: monitoring +data: + # Enable LDAP Auth + GF_AUTH_LDAP_ENABLED: "true" + + # Set config file to the LDAP toml we mount in + GF_AUTH_LDAP_CONFIG_FILE: "/opt/pydis/grafana-ldap.toml" + + # Allow new users to be created from LDAP data + GF_AUTH_LDAP_ALLOW_SIGN_UP: "true" |