We’re migrating from Grafana Enterprise → OSS (on-prem, Kubernetes) and use Azure AD for authentication.
Each AD group maps to a Grafana org and role using a ConfigMap that injects environment variables into the deployment, like:
adgroup:orgid:role
When new orgs are created, our backend updates this ConfigMap with the new mapping. However, Grafana OSS reads env vars only at startup, so the changes take effect only after a pod restart.
Enterprise vs OSS
In Enterprise, org and auth configs were also written to the setting table in the DB, so updates were recognized without a reload.In OSS, that table doesn’t exist — only the ConfigMap/env var changes happen, and Grafana needs a restart to pick them up.
Question
Is there any way in Grafana OSS to:
Dynamically reload org mappings (AD group → org → role) without restarting Grafana, or
Push org membership/role changes via API that apply immediately?
Or is the ConfigMap update + rollout restart still the only practical approach?
Thanks!