foundation/controllers/kube-prometheus-stack/values.yaml

alertmanager:
  alertsmanagerSpec:
    replicas: 1
  route:
    main:
      enabled: true
      hostnames:
        - "alerts.staging.huizinga.dev"
      parentRefs:
        - name: gateway
          namespace: default

prometheus:
  prometheusSpec:
    replicas: 1
  route:
    main:
      enabled: true
      hostnames:
        - "prometheus.staging.huizinga.dev"
      parentRefs:
        - name: gateway
          namespace: default

grafana:
  replicas: 1

  # ingress:
  #   enabled: true
  #   hosts:
  #     - grafana.${domain}
  #   tls:
  #     - secretName: ${domain//./-}-tls
  #   annotations:
  #     traefik.ingress.kubernetes.io/router.entryPoints: "websecure"
  #     traefik.ingress.kubernetes.io/router.middlewares: "authelia-forwardauth-authelia@kubernetescrd"
  #     traefik.ingress.kubernetes.io/router.tls: "true"

  envValueFrom:
    BIND_DN:
      secretKeyRef:
        name: grafana-lldap-credentials
        key: bind_dn
    LDAP_PASSWORD:
      secretKeyRef:
        name: grafana-lldap-credentials
        key: password

  grafana.ini:
    auth.ldap:
      enabled: true

    # auth.proxy:
    #   enabled: true
    #   header_name: Remote-User
    #   header_property: username
    #   auto_sign_up: true
    #   headers: Groups:Remote-Group
    #   enable_login_token: false
    #   sync_ttl: 0
    #   signout_redirect_url: https://login.${domain}/logout?rd=https://grafana.${domain}

    database:
      type: postgres
      host: $__file{/etc/secrets/db/host}
      name: $__file{/etc/secrets/db/dbname}
      user: $__file{/etc/secrets/db/user}
      password: $__file{/etc/secrets/db/password}

    remote_cache:
      type: redis
      connstr: addr=dragonflydb.monitoring:6379

  ldap:
    enabled: true
    existingSecret: grafana-ldap-toml

  extraSecretMounts:
    - name: db-app-mount
      secretName: db-app
      defaultMode: 0440
      mountPath: /etc/secrets/db
      readOnly: true

# We are not running kube-proxy
kubeProxy:
  enabled: false