# Grafana Helm values for blumeops
# Chart: https://github.com/grafana/helm-charts/tree/main/charts/grafana

# Admin credentials from pre-created secret
# Secret must exist before deploying - see grafana-config/README.md
admin:
  existingSecret: grafana-admin
  userKey: admin-user
  passwordKey: admin-password

# Environment variables from secrets (for datasource credentials)
envFromSecrets:
  - name: grafana-teslamate-datasource
    optional: true
  - name: grafana-dex-oauth
    optional: true

# Persistence with PVC for SQLite database
persistence:
  enabled: true
  type: pvc
  size: 1Gi
  accessModes:
    - ReadWriteOnce

# Grafana configuration via grafana.ini
grafana.ini:
  server:
    root_url: https://grafana.ops.eblu.me
  security:
    # Embedding disabled - iframe approach didn't work well for Homepage
    allow_embedding: false
  auth.generic_oauth:
    enabled: true
    name: Dex
    client_id: grafana
    client_secret: $__env{GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET}
    scopes: openid profile email
    auth_url: https://dex.ops.eblu.me/auth
    token_url: https://dex.ops.eblu.me/token
    api_url: https://dex.ops.eblu.me/userinfo
    allow_sign_up: true
    role_attribute_path: "'Admin'"
    auto_login: false
  analytics:
    check_for_updates: false
    reporting_enabled: false

# Datasources - point to k8s-internal services
datasources:
  datasources.yaml:
    apiVersion: 1
    datasources:
      - name: Prometheus
        type: prometheus
        access: proxy
        orgId: 1
        uid: prometheus
        url: http://prometheus.monitoring.svc.cluster.local:9090
        isDefault: true
        editable: false
      - name: Loki
        type: loki
        access: proxy
        orgId: 1
        uid: loki
        url: http://loki.monitoring.svc.cluster.local:3100
        editable: false
      - name: TeslaMate
        type: postgres
        access: proxy
        orgId: 1
        uid: TeslaMate
        url: blumeops-pg-rw.databases.svc.cluster.local:5432
        database: teslamate
        user: teslamate
        editable: false
        jsonData:
          sslmode: disable
          maxOpenConns: 5
          maxIdleConns: 2
          connMaxLifetime: 14400
        secureJsonData:
          password: $TESLAMATE_DB_PASSWORD

# Dashboard provisioning - sidecar watches for ConfigMaps with label
sidecar:
  dashboards:
    enabled: true
    label: grafana_dashboard
    labelValue: "1"
    folderAnnotation: grafana_folder
    provider:
      foldersFromFilesStructure: false

# Service configuration (Ingress will handle external access)
service:
  type: ClusterIP
  port: 80

# Resource limits for minikube
resources:
  requests:
    memory: "128Mi"
    cpu: "100m"
  limits:
    memory: "512Mi"
    cpu: "500m"