fix(grafana): Use existing secret for admin credentials

Switch to admin.existingSecret to avoid rendering the admin password into git. The secret must be created manually in the cluster. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 16:59:58 +02:00 · 2026-04-04 16:59:58 +02:00 · 524ccc2611
parent aa55722803
commit 524ccc2611
2 changed files with 5 additions and 3 deletions
--- a/prototypes/grafana/helm/grafana.yaml
+++ b/prototypes/grafana/helm/grafana.yaml
@ -1,4 +1,7 @@
 ---
+admin:
+  existingSecret: grafana-admin
+
 initChownData:
  enabled: false

--- a/rendered/envs/production/grafana/deployment-grafana.yaml
+++ b/rendered/envs/production/grafana/deployment-grafana.yaml
@ -25,7 +25,6 @@ spec:
        checksum/config: de8d6f16e9721409f5848bcc101e6aa9815e6455bd4fb9b59306159e705ac1cb
        checksum/dashboards-json-config: 63ff5f7bd5ab0b6c241c689c0aa4d78be9bef984e63c1089dc988905fbb61f74
        checksum/sc-dashboard-provider-config: e70bf6a851099d385178a76de9757bb0bef8299da6d8443602590e44f05fdf24
-        checksum/secret: 8f37444562de973fdc7cb492e33bb12625463982ca068e8b65c28bc073359926
        kubectl.kubernetes.io/default-container: grafana
      labels:
        app.kubernetes.io/instance: grafana
@ -44,12 +43,12 @@ spec:
              valueFrom:
                secretKeyRef:
                  key: admin-user
-                  name: grafana
+                  name: grafana-admin
            - name: GF_SECURITY_ADMIN_PASSWORD
              valueFrom:
                secretKeyRef:
                  key: admin-password
-                  name: grafana
+                  name: grafana-admin
            - name: GF_PATHS_DATA
              value: /var/lib/grafana/
            - name: GF_PATHS_LOGS