# Default values for rancher-pushprox.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

# Default image containing both the proxy and the client was generated from the following Dockerfile
# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15

# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s)
# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions,
# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node),
# you will need to set the clients / proxy nodeSelector and tolerations accordingly

# Configuration

global:
  cattle:
    systemDefaultRegistry: ""

# The component that is being monitored (i.e. etcd)
component: "component"

# The port containing the metrics that need to be scraped
metricsPort: 2739

# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint
serviceMonitor: 
  enabled: true

clients:
  enabled: true
  # The port which the PushProx client will post PushProx metrics to
  port: 9369
  # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}}
  # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null
  proxyUrl: ""
  # If set to true, the client will forward any requests from the host IP to 127.0.0.1
  # It will only allow proxy requests to the metricsPort specified
  useLocalhost: false
  # Configuration for accessing metrics via HTTPS
  https:
    # Does the client require https to access the metrics?
    enabled: false
    # If set to true, the client will create a service account with adequate permissions and set a flag
    # on the client to use the service account token provided by it to make authorized scrape requests
    useServiceAccountCredentials: false
    # If set to true, the client will disable SSL security checks
    insecureSkipVerify: false
    # Directory on host where necessary TLS cert and key to scrape metrics can be found
    certDir: ""
    # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings
    certFile: ""
    keyFile: ""
    caCertFile: ""

  # Resource limits
  resources: {}

  # Options to select all nodes to deploy client DaemonSet on
  nodeSelector: {}
  tolerations: []

  image:
    repository: rancher/pushprox-client
    tag: v0.1.0-rancher1-client
  command: ["pushprox-client"]

  copyCertsImage:
    repository: rancher/library-busybox
    tag: 1.31.1

proxy:
  enabled: true
  # The port through which PushProx clients will communicate to the proxy
  port: 8080
  
  # Resource limits
  resources: {}
  
  # Options to select a node to run a single proxy deployment on
  nodeSelector: {}
  tolerations: []

  image:
    repository: rancher/pushprox-proxy
    tag: v0.1.0-rancher1-proxy
  command: ["pushprox-proxy"]