---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: grafana-operator
  namespace: flux-system
spec:
  chart:
    spec:
      chart: grafana-operator
      reconcileStrategy: ChartVersion
      sourceRef:
        kind: HelmRepository
        name: bitnami
      version: 4.9.11
  install:
    crds: Create
    createNamespace: true
  interval: 1h0m0s
  targetNamespace: grafana
  upgrade:
    crds: CreateReplace
  values:
    operator:
      podSecurityContext:
        # TODO fix cluster compatibility about ids w/ user namespacing
        fsGroup: null
      containerSecurityContext:
        # explicitly set it sets mounterArgs.FsUser, and make token 600
        runAsUser: null
      zapLevel: error
    grafana:
      image:
        # TODO remove once upstream updated to one not yet trimmed
        tag: "11"
      config:
        server:
          root_url: https://grafana.xdavidwu.link
        users:
          viewers_can_edit: 'true'
        auth:
          disable_login_form: 'true'
        auth.gitlab:
          enabled: 'true'
          allow_sign_up: 'true'
          client_id: 26c3ec83c4adf31cdd63403a8c0e0cde2bf58cbe3b8e16de95681db6f204cc80
          client_secret: TO_BE_OVERRIDDEN  # GF_AUTH_GITLAB_CLIENT_SECRET
          scopes: read_user
          auth_url: https://gitlab.xdavidwu.link/oauth/authorize
          token_url: https://gitlab.xdavidwu.link/oauth/token
          api_url: https://gitlab.xdavidwu.link/api/v4
      envFrom:
        - secretRef:
            name: overrides