crds:
  # -- Whether to install CRDs for monitoring.
  create: true

## Various Alloy settings. For backwards compatibility with the grafana-agent
## chart, this field may also be called "agent". Naming this field "agent" is
## deprecated and will be removed in a future release.
alloy:
  configMap:
    # -- Create a new ConfigMap for the config file.
    create: false

    # -- Name of existing ConfigMap to use. Used when create is false.
    name: alloy-config
    # -- Key in ConfigMap to get config from.
    key: config.alloy

  clustering: 
    enabled: true

  # -- Minimum stability level of components and behavior to enable. Must be
  # one of "experimental", "public-preview", or "generally-available".
  stabilityLevel: "generally-available"

  # -- Enables Grafana Alloy container's http server port for debugging purposes.
  enableHttpServerPort: true

  # -- Enables sending Grafana Labs anonymous usage stats to help improve Grafana Alloy.
  enableReporting: false

  # DAC_READ_SEARCH: this is required so that Alloy can read the kube-apiserver audit logs written as `nobody` user
  securityContext:
    capabilities:
      add:
        - DAC_READ_SEARCH

  mounts:
    # -- Mount /var/log from the host into the container for log collection.
    varlog: true
    # -- Mount /var/lib/docker/containers from the host into the container for log collection.
    dockercontainers: true

rbac:
  # -- Whether to create RBAC resources for Alloy.
  create: true

  # -- The rules to create for the ClusterRole or Role objects.
  rules:
    # -- Rules required for the `discovery.kubernetes` component.
    - apiGroups: ["", "discovery.k8s.io", "networking.k8s.io"]
      resources:
        ["endpoints", "endpointslices", "ingresses", "pods", "services"]
      verbs: ["get", "list", "watch"]
    # -- Rules required for the `loki.source.kubernetes` component.
    - apiGroups: [""]
      resources: ["pods", "pods/log", "namespaces"]
      verbs: ["get", "list", "watch"]
    # -- Rules required for the `loki.source.podlogs` component.
    - apiGroups: ["monitoring.grafana.com"]
      resources: ["podlogs"]
      verbs: ["get", "list", "watch"]
    # -- Rules required for the `mimir.rules.kubernetes` component.
    - apiGroups: ["monitoring.coreos.com"]
      resources: ["prometheusrules"]
      verbs: ["get", "list", "watch"]
    # -- Rules required for the `prometheus.operator.*` components.
    - apiGroups: ["monitoring.coreos.com"]
      resources: ["podmonitors", "servicemonitors", "probes", "scrapeconfigs"]
      verbs: ["get", "list", "watch"]
    # -- Rules required for the `loki.source.kubernetes_events` component.
    - apiGroups: [""]
      resources: ["events"]
      verbs: ["get", "list", "watch"]
    # -- Rules required for the `remote.kubernetes.*` components.
    - apiGroups: [""]
      resources: ["configmaps", "secrets"]
      verbs: ["get", "list", "watch"]
    # -- Rules required for the `otelcol.processor.k8sattributes` component.
    - apiGroups: ["apps", "extensions"]
      resources: ["replicasets"]
      verbs: ["get", "list", "watch"]

  # -- The rules to create for the ClusterRole objects.
  clusterRules:
    # -- Rules required for the `discovery.kubernetes` component.
    - apiGroups: [""]
      resources: ["nodes", "nodes/proxy", "nodes/metrics"]
      verbs: ["get", "list", "watch"]
    # -- Rules required for accessing metrics endpoint.
    - nonResourceURLs: ["/metrics"]
      verbs: ["get"]

serviceAccount:
  # -- Whether to create a service account for the Grafana Alloy deployment.
  create: true
  # -- Additional labels to add to the created service account.
  additionalLabels: {}
  # -- Annotations to add to the created service account.
  annotations: {}
  # -- The name of the existing service account to use when
  # serviceAccount.create is false.
  name: null
  # Whether the Alloy pod should automatically mount the service account token.
  automountServiceAccountToken: true

controller:
  # -- Type of controller to use for deploying Grafana Alloy in the cluster.
  # Must be one of 'daemonset', 'deployment', or 'statefulset'.
  type: "daemonset"

  # -- Tolerations to apply to Grafana Alloy pods.
  tolerations:
    - key: node-role.kubernetes.io/control-plane
      operator: Exists
      effect: NoSchedule
    - key: node-role.kubernetes.io/master
      operator: Exists
      effect: NoSchedule

# Options for the extra controller used for config reloading.
configReloader:
  # -- Enables automatically reloading when the Alloy config changes.
  enabled: true
  image:
    # -- Config reloader image registry (defaults to docker.io)
    registry: "quay.io"
    # -- Repository to get config reloader image from.
    repository: prometheus-operator/prometheus-config-reloader
    # -- Tag of image to use for config reloading.
    tag: v0.89.0@sha256:cb4ac6a56555bef0e202bec11e367dfe07ffb241cf4d30566b12b864692607a8
    # -- SHA256 digest of image to use for config reloading (either in format "sha256:XYZ" or "XYZ"). When set, will override `configReloader.image.tag`
    digest: ""
  # -- Override the args passed to the container.
  customArgs: []
  # -- Resource requests and limits to apply to the config reloader container.
  resources:
    requests:
      cpu: "10m"
      memory: "50Mi"
  # -- Security context to apply to the Grafana configReloader container.
  securityContext: {}

service:
  # -- Creates a Service for the controller's pods.
  enabled: true
  # -- Service type
  type: ClusterIP
  # -- NodePort port. Only takes effect when `service.type: NodePort`
  nodePort: 31128
  # -- Cluster IP, can be set to None, empty "" or an IP address
  clusterIP: ""
  # -- Value for internal traffic policy. 'Cluster' or 'Local'
  internalTrafficPolicy: Cluster
  annotations: {}