defaultRules:
  rules:
    etcd: false

kubeEtcd:
  enabled: false

alertmanager:
  alertmanagerSpec:
    externalUrl: 'https://%SERVICE_FQDN%'
    storage:
      volumeClaimTemplate:
        spec:
          accessModes: [ "ReadWriteOnce" ]
          storageClassName: %PVC_STORAGECLASS%
          resources:
            requests:
              storage: %PVC_STORAGE_SIZE% 

prometheus:
  prometheusSpec:
    # https://prometheus.io/docs/prometheus/latest/storage/#operational-aspects
    # retention: '7d'
    retentionSize: "10GB"
    ## Prometheus StorageSpec for persistent data
    ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/storage.md
    storageSpec:
      volumeClaimTemplate:
        spec:
          accessModes: [ "ReadWriteOnce" ]
          storageClassName: %PVC_STORAGECLASS%
          resources:
            requests:
              storage: %PVC_STORAGE_SIZE%


## Using default values from https://github.com/grafana/helm-charts/blob/main/charts/grafana/values.yaml
grafana:
  enabled: true

  # https://github.com/prometheus-community/helm-charts/issues/436#issuecomment-867472963
  deploymentStrategy:
    type: Recreate
  
  # https://github.com/prometheus-community/helm-charts/issues/436#issuecomment-740664621
  persistence:
    enabled: true
    type: pvc
    storageClassName: %PVC_STORAGECLASS%
    accessModes:
    - ReadWriteOnce
    size: %PVC_STORAGE_SIZE_GRAFANA%
    finalizers:
    - kubernetes.io/pvc-protection

  # https://github.com/prometheus-community/helm-charts/issues/1969#issuecomment-1119567241
  grafana.ini:
    server:
      root_url: 'https://%SERVICE_FQDN%/'
    smtp:
      enabled: true
      # SMTP config follows here as per 
      # https://grafana.com/docs/grafana/latest/administration/configuration/#smtp
      host: '%SMTP_HOST%'
      user: '%SMTP_USER%'
      password: '%SMTP_PASSWORD%'
      from_address: '%SMTP_SENDER_ADDRESS%'
      from_name: '%SMTP_FROM_HEADER%'
      ehlo_identity: '%SERVICE_FQDN%'
      startTLS_policy: 'MandatoryStartTLS'
    auth.ldap:
      enabled: true
      allow_sign_up: true
      config_file: /etc/grafana/ldap.toml

  ldap:
    enabled: true
    # for Grafana in a key `ldap-toml`.
    #existingSecret: ""
    # `config` is the content of `ldap.toml` that will be stored in the created secret
    # https://grafana.com/docs/grafana/v9.0/setup-grafana/configure-security/configure-authentication/ldap/
    config: |-
      verbose_logging = false

      [[servers]]
      host = "%LDAP_SERVER%"
      port = %LDAP_PORT%
      use_ssl = false
      bind_dn = "%LDAP_BINDDN%"
      bind_password = "%LDAP_BINDPW%"
      search_base_dns = ["%LDAP_USER_BASE%"]
      search_filter = "%LDAP_USER_SEARCHFILTER%"
      
      [servers.attributes]
      member_of = "memberOf"
      name = "givenName"
      surname = "sn"
      username = "cn"
      email = "mail"

      [[servers.group_mappings]]
      group_dn = "%LDAP_ADMIN_GROUPDN%"
      org_role = "Admin"
      
      [[servers.group_mappings]]
      group_dn = "%LDAP_EDITOR_GROUPDN%"
      org_role = "Editor"
      
      [[servers.group_mappings]]
      group_dn = "*"
      org_role = "Viewer"

kubeProxy:
  enabled: true
  endpoints: ["%MASTER_NODE_IPV4_ADDR%"]
  service:
    enabled: true
    port: 10249
    targetPort: 10249

kubeScheduler:
  enabled: true
  endpoints: ["%MASTER_NODE_IPV4_ADDR%"]
  service:
    enabled: true
    port: 10251
    targetPort: 10251
  serviceMonitor:
    enabled: true
    https: false

kubeControllerManager:
  enabled: true
  endpoints: ["%MASTER_NODE_IPV4_ADDR%"]
  service:
    enabled: true
    port: 10252
    targetPort: 10252
  serviceMonitor:
    enabled: true
    https: false