---
# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
  name: grafana
spec:
  interval: 30m
  chart:
    spec:
      chart: grafana
      version: 7.3.3
      sourceRef:
        kind: HelmRepository
        name: grafana
        namespace: flux-system
  install:
    remediation:
      retries: 3
  upgrade:
    cleanupOnFail: true
    remediation:
      retries: 3
  uninstall:
    keepHistory: false
  dependsOn:
    - name: kube-prometheus-stack
      namespace: observability
    - name: loki
      namespace: observability
  values:
    replicas: 2
    envFromSecret: grafana-secret
    grafana.ini:
      analytics:
        check_for_updates: false
        check_for_plugin_updates: false
        reporting_enabled: false
      # auth:
      #   oauth_auto_login: true
      #   oauth_allow_insecure_email_lookup: true
      # auth.generic_oauth:
      #   enabled: true
      #   name: Authentik
      #   icon: signin
      #   scopes: openid profile email
      #   empty_scopes: false
      #   login_attribute_path: preferred_username
      #   groups_attribute_path: groups
      #   name_attribute_path: name
      #   use_pkce: true
      #   client_id: CoV7ae1HxuNzwCbVPf3U7TfYMX2rVqC5T9RAUo5M
      #   client_secret: # Set by env vars
      #   auth_url: https://auth.hsn.dev/application/o/authorize/
      #   token_url: https://auth.hsn.dev/application/o/token/
      #   api_url: https://auth.hsn.dev/application/o/userinfo/
      #   role_attribute_path: |
      #     contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'
      # auth.basic:
      #   enabled: false
      # auth.anonymous:
      #   enabled: false
      #   # org_id: 1
      #   # org_role: Viewer
      # news:
      #   news_feed_enabled: false