apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
  name: kibana-{{ .Values.env }}
  namespace: monitoring
spec:
  version: 8.12.0
  count: 1
  elasticsearchRef:
    name: elasticsearch-{{ .Values.env }}
  config:
    xpack.security.authc.providers:
      oidc.oidc1:
        order: 0
        realm: "keycloak"
{{- if and .Values.oidc .Values.oidc.existingSecret }}
  {{- $secret := lookup "v1" "Secret" "monitoring" .Values.oidc.existingSecret }}
  {{- if and $secret (hasKey $secret "data") }}
    {{- $clientSecret := (hasKey $secret.data "clientSecret") | ternary ($secret.data.clientSecret | b64dec | quote) "\"\"" }}
    xpack.security.authc.oidc.realms.keycloak:
      order: 0
      rp.client_id: "kibana"
      rp.response_type: "code"
      rp.redirect_uri: "https://{{ .Values.host }}/api/security/oidc/callback"
      rp.post_logout_redirect_uri: "https://{{ .Values.host }}"
      rp.client_secret: {{ $clientSecret }}
      idp.metadata_url: "https://keycloak.dvirlabs.com/realms/{{ .Values.oidc.realm }}/.well-known/openid-configuration"
      idp.entity_id: "https://keycloak.dvirlabs.com/realms/{{ .Values.oidc.realm }}"
      claim_patterns.principal: "preferred_username"
      claim_patterns.groups: "roles"
  {{- end }}
{{- end }}