---
# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: thanos
spec:
  interval: 30m
  timeout: 15m
  chart:
    spec:
      chart: thanos
      version: 1.17.2
      sourceRef:
        kind: HelmRepository
        name: stevehipwell
        namespace: flux-system
  install:
    remediation:
      retries: 3
  upgrade:
    cleanupOnFail: true
    remediation:
      strategy: rollback
      retries: 3
  valuesFrom:
    - targetPath: objstoreConfig.value.config.bucket
      kind: Secret
      name: thanos-secret
      valuesKey: S3_BUCKET
    - targetPath: objstoreConfig.value.config.endpoint
      kind: Secret
      name: thanos-secret
      valuesKey: S3_HOST
    - targetPath: objstoreConfig.value.config.region
      kind: Secret
      name: thanos-secret
      valuesKey: S3_REGION
    - targetPath: objstoreConfig.value.config.access_key
      kind: Secret
      name: thanos-secret
      valuesKey: S3_ACCESS_KEY
    - targetPath: objstoreConfig.value.config.secret_key
      kind: Secret
      name: thanos-secret
      valuesKey: S3_SECRET_KEY
  values:
    objstoreConfig:
      value:
        type: s3
        config:
          insecure: false
    additionalEndpoints:
      - dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.observability.svc.cluster.local
    additionalReplicaLabels: ["__replica__"]
    serviceMonitor:
      enabled: true
    compact:
      enabled: true
      extraArgs:
        - --compact.concurrency=4
        - --delete-delay=30m
        - --retention.resolution-raw=14d
        - --retention.resolution-5m=30d
        - --retention.resolution-1h=60d
      persistence: &persistence
        enabled: true
        storageClass: openebs-zfs
        size: 10Gi
    query:
      replicas: 1
      extraArgs: ["--alert.query-url=https://thanos.jahanson.tech"]
    queryFrontend:
      enabled: true
      replicas: 1
      extraEnv: &extraEnv
        - name: THANOS_CACHE_CONFIG
          valueFrom:
            configMapKeyRef:
              name: &configMap thanos-cache-configmap
              key: cache.yaml
      extraArgs: ["--query-range.response-cache-config=$(THANOS_CACHE_CONFIG)"]
      ingress:
        enabled: true
        ingressClassName: internal-nginx
        hosts:
          - &host thanos.jahanson.tech
        tls:
          - hosts: [*host]
      podAnnotations: &podAnnotations
        configmap.reloader.stakater.com/reload: *configMap
    rule:
      enabled: true
      replicas: 1
      extraArgs: ["--web.prefix-header=X-Forwarded-Prefix"]
      alertmanagersConfig:
        value: |-
          alertmanagers:
            - api_version: v2
              static_configs:
                - dnssrv+_http-web._tcp.alertmanager-operated.observability.svc.cluster.local
      rules:
        value: |-
          groups:
            - name: PrometheusWatcher
              rules:
                - alert: PrometheusDown
                  annotations:
                    summary: A Prometheus has disappeared from Prometheus target discovery
                  expr: absent(up{job="kube-prometheus-stack-prometheus"})
                  for: 5m
                  labels:
                    severity: critical
      persistence: *persistence
    storeGateway:
      replicas: 1
      extraEnv: *extraEnv
      extraArgs: ["--index-cache.config=$(THANOS_CACHE_CONFIG)"]
      persistence: *persistence
      podAnnotations: *podAnnotations