grafana,jitsi: enable pkce and tcp fallback
This commit is contained in:
parent
23f5f03047
commit
0db786c343
@ -142,7 +142,7 @@ spec:
|
|||||||
- { name: JVB_TCP_HARVESTER_DISABLED, value: "false" }
|
- { name: JVB_TCP_HARVESTER_DISABLED, value: "false" }
|
||||||
- { name: JVB_TCP_PORT, value: "4443" }
|
- { name: JVB_TCP_PORT, value: "4443" }
|
||||||
- name: JVB_OPTS
|
- name: JVB_OPTS
|
||||||
value: "-Dorg.ice4j.ice.harvest.DISABLE_TCP_HARVESTER=false -Dorg.jitsi.videobridge.TCP_HARVESTER_PORT=4443 -Dorg.jitsi.videobridge.TCP_HARVESTER_MAPPED_PORT=4443"
|
value: "-Dorg.jitsi.videobridge.DISABLE_TCP_HARVESTER=false -Dorg.ice4j.ice.harvest.DISABLE_TCP_HARVESTER=false -Dorg.jitsi.videobridge.TCP_HARVESTER_PORT=4443 -Dorg.jitsi.videobridge.TCP_HARVESTER_MAPPED_PORT=4443"
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- { name: cfg, mountPath: /config }
|
- { name: cfg, mountPath: /config }
|
||||||
volumes:
|
volumes:
|
||||||
|
|||||||
@ -16,6 +16,7 @@ data:
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
sip-communicator.properties: |
|
sip-communicator.properties: |
|
||||||
|
org.jitsi.videobridge.DISABLE_TCP_HARVESTER=false
|
||||||
org.ice4j.ice.harvest.DISABLE_TCP_HARVESTER=false
|
org.ice4j.ice.harvest.DISABLE_TCP_HARVESTER=false
|
||||||
org.jitsi.videobridge.TCP_HARVESTER_PORT=4443
|
org.jitsi.videobridge.TCP_HARVESTER_PORT=4443
|
||||||
org.jitsi.videobridge.TCP_HARVESTER_MAPPED_PORT=4443
|
org.jitsi.videobridge.TCP_HARVESTER_MAPPED_PORT=4443
|
||||||
|
|||||||
@ -248,6 +248,8 @@ spec:
|
|||||||
service:
|
service:
|
||||||
type: ClusterIP
|
type: ClusterIP
|
||||||
env:
|
env:
|
||||||
|
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "grafana"
|
||||||
|
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: ""
|
||||||
GF_AUTH_ANONYMOUS_ENABLED: "true"
|
GF_AUTH_ANONYMOUS_ENABLED: "true"
|
||||||
GF_AUTH_ANONYMOUS_ORG_ROLE: "Viewer"
|
GF_AUTH_ANONYMOUS_ORG_ROLE: "Viewer"
|
||||||
GF_SECURITY_ALLOW_EMBEDDING: "true"
|
GF_SECURITY_ALLOW_EMBEDDING: "true"
|
||||||
@ -259,17 +261,9 @@ spec:
|
|||||||
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "https://sso.bstein.dev/realms/atlas/protocol/openid-connect/token"
|
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "https://sso.bstein.dev/realms/atlas/protocol/openid-connect/token"
|
||||||
GF_AUTH_GENERIC_OAUTH_API_URL: "https://sso.bstein.dev/realms/atlas/protocol/openid-connect/userinfo"
|
GF_AUTH_GENERIC_OAUTH_API_URL: "https://sso.bstein.dev/realms/atlas/protocol/openid-connect/userinfo"
|
||||||
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(groups, 'admin') && 'Admin' || 'Viewer'"
|
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(groups, 'admin') && 'Admin' || 'Viewer'"
|
||||||
|
GF_AUTH_GENERIC_OAUTH_USE_PKCE: "true"
|
||||||
GF_AUTH_GENERIC_OAUTH_TLS_SKIP_VERIFY_INSECURE: "false"
|
GF_AUTH_GENERIC_OAUTH_TLS_SKIP_VERIFY_INSECURE: "false"
|
||||||
GF_AUTH_SIGNOUT_REDIRECT_URL: "https://sso.bstein.dev/realms/atlas/protocol/openid-connect/logout?redirect_uri=https://metrics.bstein.dev/"
|
GF_AUTH_SIGNOUT_REDIRECT_URL: "https://sso.bstein.dev/realms/atlas/protocol/openid-connect/logout?redirect_uri=https://metrics.bstein.dev/"
|
||||||
envValueFrom:
|
|
||||||
GF_AUTH_GENERIC_OAUTH_CLIENT_ID:
|
|
||||||
secretKeyRef:
|
|
||||||
name: grafana-oidc
|
|
||||||
key: client_id
|
|
||||||
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET:
|
|
||||||
secretKeyRef:
|
|
||||||
name: grafana-oidc
|
|
||||||
key: client_secret
|
|
||||||
grafana.ini:
|
grafana.ini:
|
||||||
server:
|
server:
|
||||||
domain: metrics.bstein.dev
|
domain: metrics.bstein.dev
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user