apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
  name: kibana-{{ .Values.env }}
  namespace: monitoring
spec:
  version: 8.12.0
  count: 1
  elasticsearchRef:
    name: elasticsearch-{{ .Values.env }}
  config:
    xpack.security.authc.providers:
      oidc.oidc1:
        order: 0
        realm: "keycloak"
    xpack.security.authc.oidc.realms.keycloak:
      order: 0
      rp.client_id: "kibana"
      rp.response_type: "code"
      rp.redirect_uri: "https://{{ .Values.host }}/api/security/oidc/callback"
      rp.post_logout_redirect_uri: "https://{{ .Values.host }}"
      rp.client_secret: {{ (lookup "v1" "Secret" "monitoring" .Values.oidc.existingSecret).data.clientSecret | b64dec | quote }}
      idp.metadata_url: "https://keycloak.dvirlabs.com/realms/{{ .Values.oidc.realm }}/.well-known/openid-configuration"
      idp.entity_id: "https://keycloak.dvirlabs.com/realms/{{ .Values.oidc.realm }}"
      claim_patterns.principal: "preferred_username"
      claim_patterns.groups: "roles"
  http:
    tls:
      selfSignedCertificate:
        disabled: true
    service:
      spec:
        type: ClusterIP