{{ if .Values.tempo.enabled }}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: tempo
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
  finalizers:
  - resources-finalizer.argocd.argoproj.io
spec:
  destination:
    namespace: tempo
    server: 'https://kubernetes.default.svc'
  project: sys
  syncPolicy:
    managedNamespaceMetadata:
      labels:
        component: sys
    syncOptions:
      - CreateNamespace=true
      - ApplyOutOfSyncOnly=true
    {{ if .Values.tempo.autosync }}
    automated:
      prune: true
      # selfHeal: false
    {{ end }}
  sources:
  - repoURL: {{ .Values.cluster_config.manifests }}
    path: {{ .Values.cluster_config.policies }}/tempo
    targetRevision: HEAD
  - repoURL: 'https://grafana.github.io/helm-charts'
    targetRevision: {{ .Values.tempo.version }}
    chart: tempo
    helm:
      values: |
        tempo:
          reportingEnabled: false
          storage:
            trace:
              backend: s3
              s3:
                bucket: {{ .Values.tempo.bucketName | default "tempo-traces" }}
                endpoint: {{ .Values.tempo.s3.endpoint | default "https://s3.production.itpartner.no" }}
                prefix: traces
                access_key: ${S3KEY}
                secret_key: ${S3SECRET}
                forcepathstyle: true
                region: us-east-1
                {{- if .Values.tempo.s3.insecure_skip_verify }}
                tls_insecure_skip_verify: true
                {{- end }}
              local:
                path: /var/tempo/traces
              wal:
                path: /var/tempo/wal
          metricsGenerator:
            enabled: true
            remoteWriteUrl: "http://prom-prometheus.prometheus:9090/api/v1/write"
          extraArgs: { config.expand-env=true }
          extraEnv:
          - name: S3KEY
            valueFrom:
              secretKeyRef:
                name: {{ .Values.tempo.secret.name | default "s3-credentials"}}
                key: {{ .Values.tempo.secret.access_key | default "access_key" }}
          - name: S3SECRET
            valueFrom:
              secretKeyRef:
                name: {{ .Values.tempo.secret.name | default "s3-credentials"}}
                key: {{ .Values.tempo.secret.access_key | default "access_secret" }}
        tempoQuery:
          ingress:
            enabled: true
            ingressClassName: nginx
            annotations:
              cert-manager.io/cluster-issuer: {{ .Values.cluster_config.ingress_clusterissuer }}
              nginx.ingress.kubernetes.io/ssl-redirect: "true"
              {{- with .Values.cluster_config.ingress_whitelist_ips }}
              nginx.ingress.kubernetes.io/whitelist-source-range: {{ join "," . }}
              {{- end }}
            path: /
            pathType: Prefix
            hosts:
              - query.tempo.{{ .Values.cluster_config.domain }}
            tls:
             - secretName: tempo-query-tls
               hosts:
                 - query.tempo.{{ .Values.cluster_config.domain }}
{{ end }}