I recently tried upgrading kube-prometheus-stack on my AWS EKS Kubernetes cluster via Helm to chart v56.2.1 using Terraform and it failed while upgrading Grafana with the following error:
Sensitive key ‘auth.generic_oauth.client_secret’ should not be defined explicitly in values. Use variable expansion instead.
I'm not specifying any client_secret via values.yml file for that Helm chart but we are using AzureAD for authentication.
How to fix this?
There are 2 possible solutions to fix this issue:
Set grafana.assertNoLeakedSecrets to false in the values.yml file.
If auth.generic.oauth.client_secret is specified in the values.yml file, remove it from that file and set GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET as the environment variable for Grafana.
References: