buun-stack/prometheus/values.gomplate.yaml

---
# kube-prometheus-stack Helm chart values
# https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/values.yaml

grafana:
  enabled: true

  admin:
    existingSecret: grafana-admin-credentials
    userKey: admin-user
    passwordKey: admin-password

  ingress:
    enabled: true
    ingressClassName: traefik
    annotations:
      traefik.ingress.kubernetes.io/router.entrypoints: websecure
    hosts:
      - {{ .Env.GRAFANA_HOST }}
    tls:
      - hosts:
          - {{ .Env.GRAFANA_HOST }}

  # Grafana configuration
  grafana.ini:
    server:
      root_url: https://{{ .Env.GRAFANA_HOST }}
{{- if eq (.Env.GRAFANA_OIDC_ENABLED | default "false") "true" }}
    auth.generic_oauth:
      enabled: true
      name: Keycloak
      allow_sign_up: true
      client_id: grafana
      client_secret: {{ .Env.GRAFANA_OIDC_CLIENT_SECRET }}
      scopes: openid profile email groups
      auth_url: https://{{ .Env.KEYCLOAK_HOST }}/realms/{{ .Env.KEYCLOAK_REALM }}/protocol/openid-connect/auth
      token_url: https://{{ .Env.KEYCLOAK_HOST }}/realms/{{ .Env.KEYCLOAK_REALM }}/protocol/openid-connect/token
      api_url: https://{{ .Env.KEYCLOAK_HOST }}/realms/{{ .Env.KEYCLOAK_REALM }}/protocol/openid-connect/userinfo
      use_refresh_token: true
      role_attribute_path: "contains(groups[*], 'grafana-admins') && 'Admin' || contains(groups[*], 'grafana-editors') && 'Editor' || 'Viewer'"
      signout_redirect_url: https://{{ .Env.KEYCLOAK_HOST }}/realms/{{ .Env.KEYCLOAK_REALM }}/protocol/openid-connect/logout?post_logout_redirect_uri=https://{{ .Env.GRAFANA_HOST }}/login
{{- end }}

  # Persist Grafana data
  persistence:
    enabled: true
    size: 10Gi

  # Resource configuration based on Goldilocks/VPA recommendations
  resources:
    requests:
      cpu: 15m
      memory: 480Mi
    limits:
      cpu: 50m
      memory: 704Mi

  sidecar:
    resources:
      requests:
        cpu: 15m
        memory: 128Mi
      limits:
        cpu: 25m
        memory: 192Mi

# Prometheus Configuration
prometheus:
  prometheusSpec:
    # Retention settings
    retention: 30d
    retentionSize: "50GB"

    # Storage
    storageSpec:
      volumeClaimTemplate:
        spec:
          accessModes: ["ReadWriteOnce"]
          resources:
            requests:
              storage: 50Gi

    # ServiceMonitor selection
    # Select ServiceMonitors with release label only in namespaces with enable-monitoring label
    serviceMonitorSelectorNilUsesHelmValues: true
    serviceMonitorNamespaceSelector:
      matchLabels:
        buun.channel/enable-monitoring: "true"

    # Resource configuration based on observed usage patterns
    resources:
      requests:
        cpu: 100m
        memory: 1.2Gi
      limits:
        cpu: 500m
        memory: 2.5Gi

{{- if .Env.PROMETHEUS_HOST }}
  ingress:
    enabled: true
    ingressClassName: traefik
    annotations:
      traefik.ingress.kubernetes.io/router.entrypoints: websecure
    hosts:
      - {{ .Env.PROMETHEUS_HOST }}
    tls:
      - hosts:
          - {{ .Env.PROMETHEUS_HOST }}
{{- end }}

# Alertmanager Configuration
alertmanager:
  alertmanagerSpec:
    # Storage
    storage:
      volumeClaimTemplate:
        spec:
          accessModes: ["ReadWriteOnce"]
          resources:
            requests:
              storage: 10Gi

    # Resource configuration based on observed usage patterns
    resources:
      requests:
        cpu: 15m
        memory: 64Mi
      limits:
        cpu: 50m
        memory: 128Mi

{{- if .Env.ALERTMANAGER_HOST }}
  ingress:
    enabled: true
    ingressClassName: traefik
    annotations:
      traefik.ingress.kubernetes.io/router.entrypoints: websecure
    hosts:
      - {{ .Env.ALERTMANAGER_HOST }}
    tls:
      - hosts:
          - {{ .Env.ALERTMANAGER_HOST }}
{{- end }}

# Enable default monitoring targets
kubeApiServer:
  enabled: true

kubelet:
  enabled: true

kubeControllerManager:
  enabled: true

coreDns:
  enabled: true

kubeEtcd:
  enabled: true

kubeScheduler:
  enabled: true

kubeProxy:
  enabled: true

kubeStateMetrics:
  enabled: true

# kube-state-metrics subchart configuration
kube-state-metrics:
  # Resource configuration based on Goldilocks/VPA recommendations
  resources:
    requests:
      cpu: 15m
      memory: 128Mi
    limits:
      cpu: 50m
      memory: 256Mi

nodeExporter:
  enabled: true

# prometheus-node-exporter subchart configuration
prometheus-node-exporter:
  # Resource configuration based on Goldilocks/VPA recommendations
  resources:
    requests:
      cpu: 15m
      memory: 128Mi
    limits:
      cpu: 50m
      memory: 256Mi

# Prometheus Operator Configuration
# Resource configuration based on Goldilocks/VPA recommendations
prometheusOperator:
  resources:
    requests:
      cpu: 15m
      memory: 110Mi
    limits:
      cpu: 50m
      memory: 192Mi