use authelia as login source

apps/monitoring/grafana.values.yaml

@@ -16,6 +16,12 @@ serviceMonitor:
   ##
   enabled: false
 
+envValueFrom:
+  AUTH_GRAFANA_CLIENT_SECRET:
+    secretKeyRef:
+      name: grafana-auth
+      key: client_secret
+
 ingress:
   enabled: false
 
@@ -67,3 +73,21 @@ grafana.ini:
   default_theme: dark
   unified_alerting:
     enabled: false
+  analytics:
+    check_for_updates: false
+  server:
+    domain: grafana.kluster.moll.re
+    root_url: https://grafana.kluster.moll.re
+  auth.generic_oauth:
+    name: Authelia
+    enabled: true
+    allow_sign_up: true
+    client_id: grafana
+    client_secret: ${AUTH_GRAFANA_CLIENT_SECRET}
+    scopes: openid profile email groups
+    auth_url: https://auth.kluster.moll.re/api/oidc/authorization
+    token_url: https://auth.kluster.moll.re/api/oidc/token
+    api_url: https://auth.kluster.moll.re/api/oidc/authorization/userinfo
+    tls_skip_verify_insecure: true
+    auto_login: true
+    use_pkce: true