---

k8s_prometheus_helm__name: "prometheus"
k8s_prometheus_helm__release_namespace: "monitoring"

k8s_prometheus_basic_auth_secret_name: "prometheus-basic-auth" 
k8s_alertmanager_basic_auth_secret_name: "alertmanager-basic-auth"

# https://github.com/grafana/helm-charts
# https://github.com/prometheus-community/helm-charts
k8s_prometheus_helm__release_values:
  prometheus:
    ingress:
      enabled: true
      annotations:
        cert-manager.io/cluster-issuer: letsencrypt-prod
        cert-manager.io/issue-temporary-certificate: "true"
        kubernetes.io/ingress.class: nginx
        nginx.ingress.kubernetes.io/ssl-redirect: "false"
        nginx.ingress.kubernetes.io/whitelist-source-range: "{{ ( ip_whitelist + ip_whitelist_admins ) | join(',') }}"
        nginx.ingress.kubernetes.io/auth-type: "basic"
        nginx.ingress.kubernetes.io/auth-secret: "{{ k8s_prometheus_basic_auth_secret_name }}"
        nginx.ingress.kubernetes.io/auth-realm: "Authentication Required"
      hosts:
        - "{{ stage }}-kube-prometheus.{{ domain }}"
      tls:
        - secretName: "{{ stage }}-kube-prometheus-cert"
          hosts:
            - "{{ stage }}-kube-prometheus.{{ domain }}"
    prometheusSpec:
      # TODO Using PersistentVolumeClaim
      storageSpec: {}
      serviceMonitorSelectorNilUsesHelmValues: false
      podMonitorSelectorNilUsesHelmValues: false
      externalLabels:
        stage: "{{ stage }}"
    deploymentStrategy:
      type: Recreate
  alertmanager:
    ingress:
      enabled: true
      annotations:
        cert-manager.io/cluster-issuer: letsencrypt-prod
        cert-manager.io/issue-temporary-certificate: "true"
        kubernetes.io/ingress.class: nginx
        nginx.ingress.kubernetes.io/ssl-redirect: "false"
        nginx.ingress.kubernetes.io/whitelist-source-range: "{{ ( ip_whitelist + ip_whitelist_admins ) | join(',') }}"
        nginx.ingress.kubernetes.io/auth-type: "basic"
        nginx.ingress.kubernetes.io/auth-secret: "{{ k8s_alertmanager_basic_auth_secret_name }}"
        nginx.ingress.kubernetes.io/auth-realm: "Authentication Required"
      hosts:
        - "{{ stage }}-kube-alertmanager.{{ domain }}"
      tls:
        - secretName: "{{ stage }}-kube-alertmanager-cert"
          hosts:
            - "{{ stage }}-kube-alertmanager.{{ domain }}"
    deploymentStrategy:
      type: Recreate
  grafana:
    adminUser: "{{ grafana_admin_username }}"
    adminPassword: "{{ grafana_admin_password }}"
    ingress:
      enabled: true
      annotations:
        cert-manager.io/cluster-issuer: letsencrypt-prod
        cert-manager.io/issue-temporary-certificate: "true"
        kubernetes.io/ingress.class: nginx
        nginx.ingress.kubernetes.io/ssl-redirect: "false"
        nginx.ingress.kubernetes.io/whitelist-source-range: "{{ ( ip_whitelist + ip_whitelist_admins ) | join(',') }}"
      hosts:
        - "{{ stage }}-kube-grafana.{{ domain }}"
      tls:
        - secretName: "{{ stage }}-kube-grafana-cert"
          hosts:
            - "{{ stage }}-kube-grafana.{{ domain }}"
    persistence:
      enabled: true
      size: 10Gi
    deploymentStrategy:
      type: Recreate
  kubeControllerManager:
    service:
      port: 10257
      targetPort: 10257
    serviceMonitor:
      https: true
      insecureSkipVerify: true
  kube-state-metrics:
    metricLabelsAllowlist:
      - pods=[*]
      - deployments=[app.kubernetes.io/name,app.kubernetes.io/component,app.kubernetes.io/instance]