34 lines
1.1 KiB
YAML
34 lines
1.1 KiB
YAML
apiVersion: kibana.k8s.elastic.co/v1
|
|
kind: Kibana
|
|
metadata:
|
|
name: kibana-{{ .Values.env }}
|
|
namespace: monitoring
|
|
spec:
|
|
version: 8.12.0
|
|
count: 1
|
|
elasticsearchRef:
|
|
name: elasticsearch-{{ .Values.env }}
|
|
config:
|
|
xpack.security.authc.providers:
|
|
oidc.oidc1:
|
|
order: 0
|
|
realm: "keycloak"
|
|
xpack.security.authc.oidc.realms.keycloak:
|
|
order: 0
|
|
rp.client_id: "kibana"
|
|
rp.response_type: "code"
|
|
rp.redirect_uri: "https://{{ .Values.host }}/api/security/oidc/callback"
|
|
rp.post_logout_redirect_uri: "https://{{ .Values.host }}"
|
|
rp.client_secret: {{ (lookup "v1" "Secret" "monitoring" .Values.oidc.existingSecret).data.clientSecret | b64dec | quote }}
|
|
idp.metadata_url: "https://keycloak.dvirlabs.com/realms/{{ .Values.oidc.realm }}/.well-known/openid-configuration"
|
|
idp.entity_id: "https://keycloak.dvirlabs.com/realms/{{ .Values.oidc.realm }}"
|
|
claim_patterns.principal: "preferred_username"
|
|
claim_patterns.groups: "roles"
|
|
http:
|
|
tls:
|
|
selfSignedCertificate:
|
|
disabled: true
|
|
service:
|
|
spec:
|
|
type: ClusterIP
|