---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: thanos
  namespace: monitoring
spec:
  interval: 5m
  chart:
    spec:
      # renovate: registryUrl=https://charts.bitnami.com/bitnami
      chart: thanos
      version: 8.0.3
      sourceRef:
        kind: HelmRepository
        name: bitnami-charts
        namespace: flux-system
      interval: 5m
  values:
    query:
      enabled: true
      replicaCount: 2
      replicaLabels:
        - replica
      dnsDiscovery:
        sidecarsService: kube-prometheus-stack-thanos-discovery
        sidecarsNamespace: monitoring
      ingress:
        enabled: true
        hostname: "thanos.${SECRET_CLUSTER_DOMAIN}"
        annotations:
          nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
          nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
          # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          # traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
        tls: true
    queryFrontend:
      enabled: false
    bucketweb:
      enabled: true
    compactor:
      enabled: true
      strategyType: Recreate
      persistence:
        size: 30Gi
    storegateway:
      enabled: true
    ruler:
      enabled: false
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
    objstoreConfig: |-
      type: s3
      config:
        bucket: thanos
        endpoint: ${SECRET_MINIO_ENDPOINT}
        access_key: "${SECRET_MINIO_ACCESS_KEY}"
        secret_key: "${SECRET_MINIO_SECRET_KEY}"
        insecure: false

  postRenderers:
    - kustomize:
        patchesJson6902:
          - target:
              kind: Ingress
              name: thanos-query
            patch:
              - op: add
                path: /spec/ingressClassName
                value: nginx