grafana:
  enabled: true

  extraSecretMounts:
    - name: grafana-oauth-secret
      secretName: grafana-oauth-secret
      mountPath: /etc/secrets
      readOnly: true

  grafana.ini:
    server:
      root_url: https://grafana.idir-belfares.fr

    security:
      secret_key: $__file{/etc/secrets/GF_SECURITY_SECRET_KEY}

    auth:
      disable_login_form: true

    auth.generic_oauth:
      enabled: true
      name: Keycloak
      allow_sign_up: true
      client_id: grafana
      client_secret: $__file{/etc/secrets/GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET}
      scopes: openid email profile
      auth_url: https://keycloak.idir-belfares.fr/auth/realms/k8s-apps/protocol/openid-connect/auth
      token_url: http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/token
      api_url: http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/userinfo
      email_attribute_path: email
      login_attribute_path: preferred_username
      role_attribute_path: "contains(groups[*], 'admin') && 'Admin' || 'Viewer'"
      role_attribute_strict: false

  ingress:
    enabled: true
    ingressClassName: nginx
    annotations:
      cert-manager.io/cluster-issuer: letsencrypt-prod
      nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
    hosts:
      - grafana.idir-belfares.fr
    tls:
      - secretName: grafana-tls
        hosts:
          - grafana.idir-belfares.fr

kubelet:
  enabled: true
  serviceMonitor:
    resource: false
    relabelings:
      - sourceLabels: [__metrics_path__]
        regex: /metrics
        action: keep


prometheus:
  enabled: true
  prometheusSpec:
    serviceMonitorSelectorNilUsesHelmValues: false
    podMonitorSelectorNilUsesHelmValues: false
    ruleSelector: {}
    ruleNamespaceSelector: {}

alertmanager:
  enabled: true


defaultRules:
  rules:
    kubeControllerManager: false
    kubeProxy: false
    kubeScheduler: false
  additionalRuleLabels: {}
  disabled:
    CPUThrottlingHigh: true