apiVersion: v1
kind: ConfigMap
metadata:
  name: thanos-12.13.13-d2iq-defaults
  namespace: ${releaseNamespace}
data:
  values.yaml: |
    ---
    storegateway:
      enabled: false
    compactor:
      enabled: false
    bucketweb:
      enabled: false
    ruler:
      enabled: false
    receive:
      enabled: false
    receiveDistributor:
      enabled: false
    queryFrontend:
      enabled: false
    query:
      priorityClassName: "dkp-critical-priority"
      # Enable DNS discovery for stores
      dnsDiscovery:
        enabled: false
        # Enable DNS discovery for sidecars (this is for the chart built-in sidecar service)
        sidecarsService: false
      # Addresses of statically configured store API servers (repeatable).
      stores: []
      # Names of configmap that contain addresses of store API servers, used for file service discovery.
      existingSDConfigmap: kommander-thanos-query-stores
      # Add extra arguments to the compact service
      extraFlags:
      # Refresh interval to re-read file SD files. It is used as a resync fallback.
      - "--store.sd-interval=5m"
      - "--store.sd-files=/conf/sd/stores.yaml"
      # Name of HTTP request header used for dynamic prefixing of UI links and redirects.
      - "--web.prefix-header=X-Forwarded-Prefix"
      # configuring client tls secret using .grpc.client.tls.existingSecret has assumption on the keys within secret
      # that is not compatible with cert-manager cert secret
      ## start grpc client tls config ##
      - "--grpc-client-tls-secure"
      - "--grpc-client-tls-cert=/etc/certs/tls.crt"
      - "--grpc-client-tls-key=/etc/certs/tls.key"
      - "--grpc-client-tls-ca=/etc/certs/ca.crt"
      - "--grpc-client-server-name=server.thanos.localhost.localdomain"
      extraVolumes:
      - name: kommander-thanos-client-tls
        secret:
          defaultMode: 420
          secretName: kommander-thanos-client-tls
      extraVolumeMounts:
        - mountPath: /etc/certs
          name: kommander-thanos-client-tls
          readOnly: true
      ## end grpc client tls config ##

      service:
        ports:
          http: 10902
      serviceGrpc:
        ports:
          grpc: 10901
      commonAnnotations:
        secret.reloader.stakater.com/reload: kommander-thanos-client-tls
      # TODO: make an upstream change to add a change to so that this label will only be applied to service
      commonLabels:
        servicemonitor.kommander.mesosphere.io/path: "metrics"
      ingress:
        hostname: ""
        enabled: true
        annotations:
          kubernetes.io/ingress.class: kommander-traefik
          traefik.ingress.kubernetes.io/router.tls: "true"
          traefik.ingress.kubernetes.io/router.middlewares: "${workspaceNamespace}-stripprefixes@kubernetescrd,${workspaceNamespace}-forwardauth@kubernetescrd"
        # the way upstream chart defined doesn't support ingress rule without hostname
        extraRules:
          - http:
              paths:
              - backend:
                  service:
                    name: thanos-query
                    port:
                      number: 10902
                path: /dkp/kommander/monitoring/query
                pathType: ImplementationSpecific
        extraHosts: []
        tls: []