version: "3" services: grafana: image: grafana/grafana-oss:8.5.1 container_name: grafana user: "0:0" environment: GF_AUTH_GENERIC_OAUTH_ENABLED: 'True' GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: 'True' # otherwise no login is possible #GF_AUTH_GENERIC_OAUTH_TEAM_IDS: '' #GF_AUTH_GENERIC_OAUTH_ALLOWED_ORGANIZATIONS: '' #GF_AUTH_GENERIC_OAUTH_ALLOWED_DOMAINS: '' #GF_SECURITY_ADMIN_PASSWORD: ${GRAFANA_ADMIN_PASSWORD} # ignored? GF_AUTH_GENERIC_OAUTH_NAME: Keycloak GF_AUTH_GENERIC_OAUTH_CLIENT_ID: grafana GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email GF_SERVER_ROOT_URL: https://${GRAFANA_HOSTNAME}.${DOMAIN_NAME}/ GF_SERVER_DOMAIN: ${GRAFANA_HOSTNAME}.${DOMAIN_NAME} GF_AUTH_GENERIC_OAUTH_AUTH_URL: ${AUTH_URL} GF_AUTH_GENERIC_OAUTH_TOKEN_URL: ${TOKEN_URL} GF_AUTH_GENERIC_OAUTH_API_URL: ${USERINFO_URL} GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: ${GRAFANA_CLIENT_SECRET} # reset the admin password on every run, since otherwise it defaults to admin/admin entrypoint: ["sh", "-c", "grafana-cli admin reset-admin-password ${GRAFANA_ADMIN_PASSWORD} && /run.sh"] volumes: - ./data/grafana/data:/var/lib/grafana - ./grafana/provisioning:/etc/grafana/provisioning:ro - ./grafana/dashboards:/etc/grafana/dashboards:ro restart: always # ports: # - 3000:3000 # add the grafana nginx configuration into the nginx volume nginx: volumes: - ./grafana/nginx.conf:/etc/nginx/templates/grafana.conf.template:ro # add the grafana client secrets to the keycloak-setup volume keycloak: volumes: - ./grafana/keycloak.sh:/keycloak-setup/grafana.sh:ro - ./data/grafana/secrets:/run/secrets/grafana:ro