Github SSO for Grafana

ops/monitoring/templates/grafana-config.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana
+  labels:
+    app: grafana
+data:
+  GF_SERVER_ROOT_URL: https://grafana.{{.Values.baseDomain}}
+  # 1 refers to org id 1 (default main org)
+  GITHUB_ORG_MAPPING: "@FAForever/gitops-argocd:1:Admin @FAForever/grafana-editor-{{ .Values.environment }}:1:Editor @FAForever/grafana-viewer-{{ .Values.environment }}:1:Viewer"

ops/monitoring/values.yaml

@@ -23,6 +23,12 @@ victoria-metrics-k8s-stack:
         test: test
 
   grafana:
+    # Inject env specific values
+    envFromConfigMaps:
+     - name: grafana
+    # Inject Github OAuth credentials
+    envFromSecret: grafana
+
     # Disable sidecar installing default dashboards to allow custom dashboards
     # https://docs.victoriametrics.com/helm/victoriametrics-k8s-stack/#adding-external-dashboards
     sidecar:
@@ -34,7 +40,17 @@ victoria-metrics-k8s-stack:
     grafana.ini:
       security:
         angular_support_enabled: false
-
+      auth.github:
+        enabled: true
+        allow_sign_up: true
+        client_id: $__env{GITHUB_CLIENT_ID}
+        client_secret: $__env{GITHUB_CLIENT_SECRET}
+        scopes: read:org user:email
+        auth_url: https://github.com/login/oauth/authorize
+        token_url: https://github.com/login/oauth/access_token
+        api_url: https://api.github.com/user
+        org_name: FAForever
+        org_mapping: $__env{GITHUB_ORG_MAPPING}
     admin:
       existingSecret: grafana
       userKey: admin-user