---
alertmanager:
  alertmanagerSpec:
    podAntiAffinity: "hard"
    replicas: 2
    secrets:
      - "telegram-api"
    configMaps:
      - "templates"
    storage:
      volumeClaimTemplate:
        spec:
          accessModes: ["ReadWriteOnce"]
          resources:
            requests:
              storage: 5Gi
    useExistingSecret: false
  config:
    global:
      resolve_timeout: 5m
    templates:
      - '/etc/alertmanager/configmaps/templates/telegram.tmpl'
    route:
      group_by: ['alertname']
      group_wait: 30s
      group_interval: 30s
      repeat_interval: 24h
      receiver: 'tg1'
      routes:
        - matchers:
            - severity=warning
          receiver: 'tg1'
        - matchers:
            - severity=critical
          receiver: 'tg1'
    receivers:
      - name: tg1
        telegram_configs:
          - bot_token_file: '/etc/alertmanager/secrets/telegram-api/api_key'
            chat_id: -995270884
            api_url: "https://api.telegram.org"
            send_resolved: true
            parse_mode: "HTML"
            message: '{{ template "telegram.aaron" .}}'
    inhibit_rules:
      - source_matchers:
          - severity = critical
        target_matchers:
          - severity = warning
          - severity = info
        equal: ['node']
      - source_matchers:
          - alertname = KubeNodeUnreachable
        target_matchers:
          - severity =~ "warning|info"
  ingress:
    paths:
      - /
    enabled: true
    hosts:
      - alertmanager.services.yolokube.de
    annotations:
      traefik.ingress.kubernetes.io/router.middlewares: authentik-authentik@kubernetescrd
      kubernetes.io/tls-acme: "true"
    tls:
      - secretName: alertmanager-tls-key
        hosts:
          - alertmanager.services.yolokube.de
  ingressPerReplica:
    pathType: ImplementationSpecific
    paths:
      - /
    enabled: true
    hostPrefix: alertmanager
    hostDomain: services.yolokube.de
    annotations:
      traefik.ingress.kubernetes.io/router.middlewares: authentik-authentik@kubernetescrd
      kubernetes.io/tls-acme: "true"
    tlsSecretPerReplica:
      enabled: true
      prefix: alertmanager
  servicePerReplica:
    enabled: true
  podAntiAffinity: "hard"
grafana:
  defaultDashboardsTimezone: Europe/Berlin
  ingress:
    annotations:
      kubernetes.io/tls-acme: "true"
      traefik.ingress.kubernetes.io/router.middlewares: authentik-authentik@kubernetescrd
    enabled: true
    hosts:
      - grafana.services.yolokube.de
    tls:
      - secretName: grafana-tls-key
        hosts:
          - grafana.services.yolokube.de
  persistence:
    enabled: true
    accessModes:
      - ReadWriteMany
  grafana.ini:
    auth:
      disable_login_form: true
      disable_signout_menu: true
    auth.proxy:
      enabled: true
      header_name: X-Authentik-Username
      header_property: username
      auto_sign_up: true
      headers: Email:X-Authentik-Email, Name:X-Authentik-Name, Role:X-Authentik-Grafana-Role
      whitelist: 10.1.0.0/16
  additionalDataSources:
    - name: Thanos
      type: prometheus
      url: http://querier.thanos.svc.cluster.local:9090
prometheus-node-exporter:
  prometheus:
    monitor:
      enabled: true
      relabelings:
        - action: replace
          sourceLabels: [__meta_kubernetes_endpoint_node_name]
          targetLabel: node
  extraArgs:
    - '--collector.filesystem.mount-points-exclude=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/)'
    - '--collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$'
    - '--collector.textfile.directory=/host/root/var/log/'
    - '--collector.ethtool'
prometheus:
  servicePerReplica:
    enabled: true
  ingress:
    paths:
      - /
    enabled: true
    hosts:
      - prometheus.services.yolokube.de
    annotations:
      traefik.ingress.kubernetes.io/router.middlewares: authentik-authentik@kubernetescrd
      kubernetes.io/tls-acme: "true"
    tls:
      - secretName: prometheus-tls-key
        hosts:
          - prometheus.services.yolokube.de
  ingressPerReplica:
    pathType: ImplementationSpecific
    paths:
      - /
    enabled: true
    hostPrefix: prometheus
    hostDomain: services.yolokube.de
    annotations:
      traefik.ingress.kubernetes.io/router.middlewares: authentik-authentik@kubernetescrd
      kubernetes.io/tls-acme: "true"
    tlsSecretPerReplica:
      enabled: true
      prefix: prometheus
  prometheusSpec:
    remoteWrite:
      - url: http://receiver-write.thanos.svc.cluster.local:10908/api/v1/receive
        name: thanos
        queueConfig:
          maxSamplesPerSend: 1000
          maxShards: 200
          capacity: 2500
    retention: "6h"
    retentionSize: "9GB"
    replicas: 2
    storageSpec:
      volumeClaimTemplate:
        spec:
          storageClassName: longhorn
          accessModes: ["ReadWriteOnce"]
          resources:
            requests:
              storage: 10Gi
    serviceMonitorNamespaceSelector:
      matchLabels:
        prometheus: yolokube
    ruleNamespaceSelector:
      matchLabels:
        prometheus: yolokube
    ruleSelectorNilUsesHelmValues: false
    serviceMonitorSelectorNilUsesHelmValues: false
    podAntiAffinity: "hard"
defaultRules:
  create: true
customRules:
  KubeNodeUnreachable:
    for: 0m
    severity: "critical"