replicas: 1

## Create a headless service for the deployment
headlessService: false

## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service).
## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it.
## ref: http://kubernetes.io/docs/user-guide/services/
##
service:
  enabled: true

serviceMonitor:
  ## If true, a ServiceMonitor CRD is created for a prometheus operator
  ## https://github.com/coreos/prometheus-operator
  ##
  enabled: false

envValueFrom:
  AUTH_GRAFANA_CLIENT_SECRET:
    secretKeyRef:
      name: grafana-auth
      key: client_secret

ingress:
  enabled: false

# credentials
admin:
  existingSecret: grafana-admin-secret
  userKey: user
  passwordKey: password

datasources:
  datasources.yaml:
    apiVersion: 1
    datasources:
      - name: Prometheus
        type: prometheus
        url: http://prometheus.monitoring.svc:9090
        isDefault: true
      - name: Thanos
        type: prometheus
        url: http://thanos-querier.monitoring.svc:10902
        isDefault: false
      - name: Loki
        type: loki
        url: http://loki.monitoring.svc:3100
        isDefault: false

dashboardProviders:
 dashboardproviders.yaml:
   apiVersion: 1
   providers:
   - name: 'default'
     orgId: 1
     folder: ''
     type: file
     disableDeletion: false
     editable: true
     options:
       path: /var/lib/grafana/dashboards/default
## Reference to external ConfigMap per provider. Use provider name as key and ConfigMap name as value.
## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both.
## ConfigMap data example:
##
## data:
##   example-dashboard.json: |
##     RAW_JSON
##
dashboardsConfigMaps:
  default: grafana-dashboards


grafana.ini:
  wal: true
  default_theme: dark
  unified_alerting:
    enabled: false
  analytics:
    check_for_updates: false
  server:
    domain: grafana.kluster.moll.re
    root_url: https://grafana.kluster.moll.re
  auth.generic_oauth:
    name: Authelia
    enabled: true
    allow_sign_up: true
    client_id: grafana
    client_secret: ${AUTH_GRAFANA_CLIENT_SECRET}
    scopes: openid profile email groups
    auth_url: https://auth.kluster.moll.re/api/oidc/authorization
    token_url: https://auth.kluster.moll.re/api/oidc/token
    api_url: https://auth.kluster.moll.re/api/oidc/authorization/userinfo
    tls_skip_verify_insecure: true
    auto_login: true
    use_pkce: true
    role_attribute_path: contains(groups[*], 'apps_admin') && 'Admin' || 'Editor'