kube-prometheus-stack:
  crds:
    enabled: false
  defaultRules:
    create: true
    rules:
      kubeControllerManager: false
      kubeSchedulerAlerting: false
      kubeSchedulerRecording: false
  global:
    rbac:
      create: true
      createAggregateClusterRoles: true
  alertmanager:
    enabled: true
    config:
      route:
        group_by: ["namespace", "alertname"]
        group_wait: 30s
        group_interval: 5m
        repeat_interval: 24h
        receiver: discord
        routes:
          - receiver: "null"
            matchers:
              - alertname = "Watchdog"
          - receiver: "pushover"
            group_wait: 10s
            group_interval: 5m
            repeat_interval: 24h
            matchers:
              - severity = "critical"
      receivers:
        - name: "null"
        - name: discord
          discord_configs:
            - send_resolved: true
              webhook_url_file: /etc/alertmanager/secrets/alertmanager-config-secret/discord_webhook
        - name: pushover
          pushover_configs:
            - send_resolved: true
              user_key_file: /etc/alertmanager/secrets/alertmanager-config-secret/user_key
              token_file: /etc/alertmanager/secrets/alertmanager-config-secret/pushover_token
    alertmanagerSpec:
      secrets:
        - alertmanager-config-secret
      replicas: 1
  grafana:
    enabled: false
  kubeApiServer:
    tlsConfig:
      insecureSkipVerify: true
  kubeControllerManager:
    enabled: false
  kubeEtcd:
    enabled: true
  kubeScheduler:
    enabled: false
  kubeProxy:
    enabled: false
  kubeStateMetrics:
    enabled: true
  nodeExporter:
    operatingSystems:
      darwin:
        enabled: false
  prometheusOperator:
    admissionWebhooks:
      enabled: true
    namespaces:
      releaseNamespace: true
      additional:
        - kube-system
        - argo-cd
        - argo-workflows
        - authentik
        - blocky
        - cert-manager
        - cloudnative-pg
        - descheduler
        - directus
        - external-dns
        - freshrss
        - generic-device-plugin
        - gitea
        - grafana
        - harbor
        - hoarder
        - home-assistant
        - immich
        - jellystat
        - komodo
        - lidarr2
        - linkwarden
        - loki
        - matrix-synapse
        - ollama
        - outline
        - photoview
        - qbittorrent
        - radarr5
        - radarr5-4k
        - radarr5-anime
        - radarr5-standup
        - reloader
        - rook-ceph
        - roundcube
        - slskd
        - sonarr4
        - sonarr4-4k
        - sonarr4-anime
        - speedtest-exporter
        - spegel
        - stalwart
        - tdarr
        - traefik
        - trivy
        - unpoller
        - vault
        - vaultwarden
        - volsync
  prometheus:
    ingress:
      enabled: true
      ingressClassName: tailscale
      labels:
        tailscale.com/proxy-class: no-metrics
      hosts:
        - prometheus-cl01tl
      tls:
        - secretName: prometheus-cl01tl
          hosts:
            - prometheus-cl01tl
    prometheusSpec:
      scrapeInterval: 30s
      retention: 30d
      externalUrl: https://prometheus-cl01tl.boreal-beaufort.ts.net
      serviceMonitorSelectorNilUsesHelmValues: false
      podMonitorSelectorNilUsesHelmValues: false
      storageSpec:
        volumeClaimTemplate:
          spec:
            storageClassName: synology-iscsi-delete
            accessModes: ["ReadWriteOnce"]
            resources:
              requests:
                storage: 200Gi