47 lines
2.3 KiB
YAML
47 lines
2.3 KiB
YAML
version: "3.4"
|
|
services:
|
|
grafana:
|
|
image: grafana/grafana:latest
|
|
restart: unless-stopped
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
|
|
- "traefik.http.routers.grafana.rule=Host(`grafana.tobiasmanske.de`)"
|
|
- "traefik.http.routers.grafana.entryPoints=websecure"
|
|
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
|
|
environment:
|
|
- "GF_SERVER_ROOT_URL=https://grafana.tobiasmanske.de"
|
|
- "GF_SECURITY_ADMIN_USER={{ grafana.admin.user }}"
|
|
- "GF_SECURITY_ADMIN_PASSWORD={{ grafana.admin.password }}"
|
|
- "GF_AUTH_GENERIC_OAUTH_NAME=Keycloak"
|
|
- "GF_AUTH_GENERIC_OAUTH_ENABLED=true"
|
|
- "GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=true"
|
|
- "GF_AUTH_GENERIC_OAUTH_CLIENT_ID={{ grafana.oidc.client_id }}"
|
|
- "GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET={{ grafana.oidc.client_secret }}"
|
|
- "GF_AUTH_GENERIC_OAUTH_SCOPES=openid email profile offline_access roles"
|
|
- "GF_AUTH_GENERIC_OAUTH_GROUP_ATTRIBUTE_PATH=groups"
|
|
- "GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH=email"
|
|
- "GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=preferred_username"
|
|
- "GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=full_name"
|
|
- "GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://{{ grafana.oidc.url }}/realms/{{ grafana.oidc.realm_name }}/protocol/openid-connect/auth"
|
|
- "GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://{{ grafana.oidc.url }}/realms/{{ grafana.oidc.realm_name }}/protocol/openid-connect/token"
|
|
- "GF_AUTH_GENERIC_OAUTH_API_URL=https://{{ grafana.oidc.url }}/realms/{{ grafana.oidc.realm_name }}/protocol/openid-connect/userinfo"
|
|
- "GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH=contains(resource_access.grafana.roles[*], 'serveradmin') && 'GrafanaAdmin' || contains(resource_access.grafana.roles[*], 'admin') && 'Admin' || contains(resource_access.grafana.roles[*], 'editor') && 'Editor' || 'Viewer'"
|
|
- "GF_AUTH_GENERIC_OAUTH_ALLOW_ASSIGN_GRAFANA_ADMIN=true"
|
|
volumes:
|
|
- data:/var/lib/grafana
|
|
- ./grafana-ds.yml:/etc/grafana/provisioning/datasources/datasource.yml:ro,Z
|
|
- ./grafana-db.yml:/etc/grafana/provisioning/dashboards/datasource.yml:ro,Z
|
|
- ./grafana-dashboards:/var/lib/grafana/dashboards:ro,Z
|
|
networks:
|
|
- default
|
|
- metrics
|
|
|
|
volumes:
|
|
data:
|
|
networks:
|
|
backend:
|
|
internal: true
|
|
metrics:
|
|
external: true
|