kubeEtcd:
  enabled: true
  endpoints:
    - 192.168.2.120
    - 192.168.2.121
    - 192.168.2.122
  service:
    enabled: true
    port: 2381
    targetPort: 2381

kubeControllerManager:
  enabled: true
  endpoints:
    - 192.168.2.120
    - 192.168.2.121
    - 192.168.2.122
  service:
    enabled: true
    port: 10257
    targetPort: 10257
  serviceMonitor:
    enabled: true
    https: true
    insecureSkipVerify: true

# Enable the textfile collector in the node_exporter DaemonSet so
# check-nfs-mount.sh can expose nfs_mount_monitor_consecutive_failures
# as a Prometheus metric without needing a separate exporter.
# extraHostVolumeMounts is the prometheus-node-exporter sub-chart key
# for mounting host paths into the container; extraArgs adds the
# --collector.textfile.directory flag to enable the textfile scraper.
prometheus-node-exporter:
  extraArgs:
    - --collector.textfile.directory=/host/textfile_collector
  extraHostVolumeMounts:
    - name: textfile-collector
      hostPath: /var/lib/node_exporter/textfile_collector
      mountPath: /host/textfile_collector
      readOnly: true
      mountPropagation: None

prometheus:
  prometheusSpec:
    # Enable remote write receiver for accepting historic data with custom timestamps
    # Enable admin API for data deletion and management
    # In Prometheus 3.x, use web flags instead of feature flags
    additionalArgs:
      - name: web.enable-remote-write-receiver
        value: ""
      - name: web.enable-admin-api
        value: ""
    # Enable out-of-order ingestion to allow backfilling historic data
    # even when newer data already exists for the same time series
    enableFeatures:
      - exemplar-storage
      - otlp-write-receiver
    # Set out-of-order time window to 31 days (provides 1-day buffer for 30-day backfills)
    additionalScrapeConfigs: []
    tsdb:
      outOfOrderTimeWindow: 744h  # 31 days
    additionalScrapeConfigsSecret:
      enabled: true
      name: additional-scrape-configs
      key: additional-scrape-configs.yaml
    storageSpec:
      volumeClaimTemplate:
        spec:
          storageClassName: ""
          accessModes: ["ReadWriteOnce"]
          resources:
            requests:
              storage: 10Gi
          selector:
            matchLabels:
              type: local
              app: prometheus

grafana:
  persistence:
    enabled: true
    type: pvc
    existingClaim: "grafana-data-pvc"

  initChownData:
    enabled: false

  podSecurityContext:
    fsGroup: 911
    runAsUser: 911
    runAsGroup: 911

  # Disable sidecar-based datasource provisioning
  # Use direct ConfigMap mounting instead (following x-rag pattern)
  sidecar:
    datasources:
      enabled: false

  # Mount datasources ConfigMap directly to provisioning directory
  # This ensures Grafana reads datasources on startup without sidecar complexity
  extraVolumes:
    - name: datasources-volume
      configMap:
        name: grafana-datasources-all

  extraVolumeMounts:
    - name: datasources-volume
      mountPath: /etc/grafana/provisioning/datasources
      readOnly: true