apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: loki
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
  finalizers:
  - resources-finalizer.argocd.argoproj.io
spec:
  destination:
    namespace: loki
    server: 'https://kubernetes.default.svc'
  project: aux
  ignoreDifferences:
  - group: apps
    kind: StatefulSet
    jsonPointers:
    - /spec/persistentVolumeClaimRetentionPolicy
  syncPolicy:
    managedNamespaceMetadata:
      labels:
        component: aux
    syncOptions:
      - CreateNamespace=true
      - ApplyOutOfSyncOnly=true
    automated:
      prune: true
      selfHeal: true
  sources:
  - repoURL: https://gitlab.com/serit/k8s/serit-platform-manifests.git
    path: network-policies/netpol-loki
    targetRevision: HEAD
  - repoURL: 'https://grafana.github.io/helm-charts'
    targetRevision: 3.3.4
    chart: loki
    helm:
      values: |
        loki:
          auth_enabled: false
          storage:
            bucketNames:
              chunks: loki-chunks
              ruler: loki-chunks
              admin: loki-chunks
            s3:
              endpoint: http://10.255.241.30:30080
              region: tos
              secretAccessKey: ${S3SECRET}
              accessKeyId: ${S3KEY}
              s3ForcePathStyle: true
              http_config:
                insecure_skip_verify: true
        write:
          extraArgs:
            - -config.expand-env=true
          extraEnv:
          - name: S3KEY
            valueFrom:
              secretKeyRef:
                name: loki-s3
                key: AWS_ACCESS_KEY_ID
          - name: S3SECRET
            valueFrom:
              secretKeyRef:
                name: loki-s3
                key: AWS_ACCESS_KEY_SECRET
          tolerations:
          - effect: "NoSchedule"
            operator: "Equal"
            key: "unschedulable"
            value: "true"
        read:
          extraArgs:
            - -config.expand-env=true
          extraEnv:
          - name: S3KEY
            valueFrom:
              secretKeyRef:
                name: loki-s3
                key: AWS_ACCESS_KEY_ID
          - name: S3SECRET
            valueFrom:
              secretKeyRef:
                name: loki-s3
                key: AWS_ACCESS_KEY_SECRET
          tolerations:
          - effect: "NoSchedule"
            operator: "Equal"
            key: "unschedulable"
            value: "true"
        ingress:
          enabled: true
          ingressClassName: nginx
          annotations:
            cert-manager.io/cluster-issuer: letsencrypt-staging
            nginx.ingress.kubernetes.io/ssl-redirect: "true"
            atlantis.oceanbox.io/expose: internal
          paths:
            # -- Paths that are exposed by Loki Distributor.
            # If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.distributorFullname"}}`.
            # If deployment mode is SimpleScalable, the requests are forwarded to write k8s service: `{{"loki.writeFullname"}}`.
            # If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}`
            distributor:
              - /api/prom/push
              - /loki/api/v1/push
              - /otlp/v1/logs
            # -- Paths that are exposed by Loki Query Frontend.
            # If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.queryFrontendFullname"}}`.
            # If deployment mode is SimpleScalable, the requests are forwarded to write k8s service: `{{"loki.readFullname"}}`.
            # If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}`
            queryFrontend:
              - /api/prom/query
              # this path covers labels and labelValues endpoints
              - /api/prom/label
              - /api/prom/series
              - /api/prom/tail
              - /loki/api/v1/query
              - /loki/api/v1/query_range
              - /loki/api/v1/tail
              # this path covers labels and labelValues endpoints
              - /loki/api/v1/label
              - /loki/api/v1/labels
              - /loki/api/v1/series
              - /loki/api/v1/index/stats
              - /loki/api/v1/index/volume
              - /loki/api/v1/index/volume_range
              - /loki/api/v1/format_query
              - /loki/api/v1/detected_fields
              - /loki/api/v1/detected_labels
              - /loki/api/v1/patterns
            # -- Paths that are exposed by Loki Ruler.
            # If deployment mode is Distributed, the requests are forwarded to the service: `{{"loki.rulerFullname"}}`.
            # If deployment mode is SimpleScalable, the requests are forwarded to k8s service: `{{"loki.backendFullname"}}`.
            # If deployment mode is SimpleScalable but `read.legacyReadTarget` is `true`, the requests are forwarded to k8s service: `{{"loki.readFullname"}}`.
            # If deployment mode is SingleBinary, the requests are forwarded to the central/single k8s service: `{{"loki.singleBinaryFullname"}}`
            ruler:
              - /api/prom/rules
              - /api/prom/api/v1/rules
              - /api/prom/api/v1/alerts
              - /loki/api/v1/rules
              - /prometheus/api/v1/rules
              - /prometheus/api/v1/alerts
          hosts:
            - loki.adm.oceanbox.io
          tls:
            - hosts:
               - loki.adm.oceanbox.io
              secretName: loki-distributed-tls