roles/kube_prometheus_stack/defaults/main.yml

# Copyright (c) 2023 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

kube_prometheus_stack_helm_release_name: kube-prometheus-stack
kube_prometheus_stack_helm_chart_path: "../../charts/kube-prometheus-stack/"
kube_prometheus_stack_helm_chart_ref: /usr/local/src/kube-prometheus-stack

kube_prometheus_stack_helm_release_namespace: monitoring
kube_prometheus_stack_helm_kubeconfig: "{{ kubeconfig_path | default('/etc/kubernetes/admin.conf') }}"
kube_prometheus_stack_helm_values: {}

kube_prometheus_stack_node_exporter_tls_template: "{{ _kube_prometheus_stack_tls_template }}"
kube_prometheus_stack_node_exporter_config:
  tls_server_config:
    # NOTE(mnaser): The kubelet doesn't have the ability of sending a client
    #               certificate, so we can't verify with a client certificate.
    client_auth_type: VerifyClientCertIfGiven
    client_ca_file: /certs/ca.crt
    cert_file: /certs/tls.crt
    key_file: /certs/tls.key

kube_prometheus_stack_ingress_class_name: "{{ atmosphere_ingress_class_name }}"
kube_prometheus_stack_ingress_cluster_issuer: "{{ atmosphere_ingress_cluster_issuer }}"

kube_prometheus_stack_grafana_admin_password: "{{ undef('You must specify a Grafana password using kube_prometheus_stack_grafana_admin_password') }}"

kube_prometheus_stack_grafana_host: "{{ undef('You must specify a Grafana host using kube_prometheus_stack_grafana_host') }}"
kube_prometheus_stack_grafana_ingress_annotations:
  cert-manager.io/cluster-issuer: "{{ kube_prometheus_stack_ingress_cluster_issuer }}"
  cert-manager.io/common-name: "{{ kube_prometheus_stack_grafana_host }}"

kube_prometheus_stack_alertmanager_host: "{{ undef('You must specify a Alertmanager host using kube_prometheus_stack_alertmanager_host') }}"
kube_prometheus_stack_alertmanager_ingress_annotations:
  cert-manager.io/cluster-issuer: "{{ kube_prometheus_stack_ingress_cluster_issuer }}"
  cert-manager.io/common-name: "{{ kube_prometheus_stack_alertmanager_host }}"

kube_prometheus_stack_prometheus_host: "{{ undef('You must specify a Prometheus host using kube_prometheus_stack_prometheus_host') }}"
kube_prometheus_stack_prometheus_ingress_annotations:
  cert-manager.io/cluster-issuer: "{{ kube_prometheus_stack_ingress_cluster_issuer }}"
  cert-manager.io/common-name: "{{ kube_prometheus_stack_prometheus_host }}"
kube_prometheus_stack_prometheus_tls_template: "{{ _kube_prometheus_stack_tls_template }}"

kube_prometheus_stack_keycloak_server_url: "https://{{ keycloak_host }}"
kube_prometheus_stack_keycloak_admin_realm_name: master
kube_prometheus_stack_keycloak_admin_client_id: admin-cli
kube_prometheus_stack_keycloak_admin_user: admin
kube_prometheus_stack_keycloak_admin_password: "{{ keycloak_admin_password }}"
kube_prometheus_stack_keycloak_realm: atmosphere
kube_prometheus_stack_keycloak_realm_name: Atmosphere

kube_prometheus_stack_keycloak_clients:
  - id: alertmanager
    port: 9093
    roles: ["member"]
    oauth2_proxy: true
    redirect_uris:
      - "https://{{ kube_prometheus_stack_alertmanager_host }}/oauth2/callback"
  - id: grafana
    roles: ["admin", "editor", "viewer"]
    oauth2_proxy: false
    redirect_uris:
      - "https://{{ kube_prometheus_stack_grafana_host }}/login"
      - "https://{{ kube_prometheus_stack_grafana_host }}/login/generic_oauth"
  - id: prometheus
    port: 9090
    roles: ["member"]
    oauth2_proxy: true
    redirect_uris:
      - "https://{{ kube_prometheus_stack_prometheus_host }}/oauth2/callback"