github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/thanos/values.yaml

## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass

## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
## @param global.storageClass Global StorageClass for Persistent Volume(s)
##
global:
  imageRegistry: ""
  ## e.g:
  ## imagePullSecrets:
  ##   - myRegistryKeySecretName
  ##
  imagePullSecrets: []
  storageClass: ""

## @section Common parameters

## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
##
kubeVersion: ""
## @param nameOverride String to partially override common.names.fullname template (will maintain the release name)
##
nameOverride: ""
## @param fullnameOverride String to fully override common.names.fullname template
##
fullnameOverride: ""
## @param commonLabels Add labels to all the deployed resources
##
commonLabels: {}
## @param commonAnnotations Add annotations to all the deployed resources
##
commonAnnotations: {}
## @param clusterDomain Kubernetes Cluster Domain
##
clusterDomain: cluster.local
## @param extraDeploy Array of extra objects to deploy with the release
##
extraDeploy: []

## @section Thanos common parameters

## Bitnami Thanos image
## ref: https://hub.docker.com/r/bitnami/thanos/tags/
## @param image.registry Thanos image registry
## @param image.repository Thanos image repository
## @param image.tag Thanos image tag (immutable tags are recommended)
## @param image.digest Thanos image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy Thanos image pull policy
## @param image.pullSecrets Specify docker-registry secret names as an array
##
image:
  registry: docker.io
  repository: bitnami/thanos
  tag: 0.30.2-scratch-r4
  digest: ""
  ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
  ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
  ##
  pullPolicy: IfNotPresent
  ## Optionally specify an array of imagePullSecrets.
  ## Secrets must be manually created in the namespace.
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
  ## e.g:
  ## pullSecrets:
  ##   - myRegistryKeySecretName
  ##
  pullSecrets: []
## @param objstoreConfig The [objstore configuration](https://thanos.io/tip/thanos/storage.md/)
## Specify content for objstore.yml
##
objstoreConfig: ""
## @param indexCacheConfig The [index cache configuration](https://thanos.io/tip/components/store.md/)
## Specify content for index-cache.yml
##
indexCacheConfig: ""
## @param bucketCacheConfig The [bucket cache configuration](https://thanos.io/tip/components/store.md/)
## Specify content for bucket-cache.yml
##
bucketCacheConfig: ""
## @param existingObjstoreSecret Secret with Objstore Configuration
## Note: This will override objstoreConfig
##
existingObjstoreSecret: ""
## @param existingObjstoreSecretItems Optional item list for specifying a custom Secret key. If so, path should be objstore.yml
##
existingObjstoreSecretItems: []
## @param httpConfig The [https and basic auth configuration](https://thanos.io/tip/operating/https.md/)
## If provided, overrides settings under https.* and auth.*
httpConfig: ""
## @param existingHttpConfigSecret Secret containing the HTTPS and Basic auth configuration
##
existingHttpConfigSecret: ""

## HTTPS configuration (Experimental)
## Ref: https://thanos.io/tip/operating/https.md/
##
https:
  ## @param https.enabled Set to true to enable HTTPS. Requires a secret containing the certificate and key.
  ##
  enabled: false
  ## @param https.autoGenerated Create self-signed TLS certificates.
  ##
  autoGenerated: false
  ## @param https.existingSecret Existing secret containing your own server key and certificate
  ##
  existingSecret: ""
  ## @param https.certFilename
  ##
  certFilename: "tls.crt"
  ## @param https.keyFilename
  ##
  keyFilename: "tls.key"
  ## @param https.caFilename
  ##
  caFilename: "ca.crt"
  ## @param https.key TLS Key for Thanos HTTPS - ignored if existingSecret is provided
  ## @param https.cert TLS Certificate for Thanos HTTPS - ignored if existingSecret is provided
  ## @param https.ca (Optional, used for client) CA Certificate for Thanos HTTPS - ignored if existingSecret is provided
  ##
  key: ""
  cert: ""
  ca: ""
  ## @param https.clientAuthType Server policy for client authentication using certificates. Maps to ClientAuth Policies.
  ## For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType
  clientAuthType: ""
## Thanos Basic authentication (Experimental)
##
auth:
  ## @param auth.basicAuthUsers Object containing <user>:<passwords> key-value pairs for each user that will have access via basic authentication
  ## Note: Passwords will be later encrypted using bcrypt
  basicAuthUsers: {}

## Common Service Account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
## @param serviceAccount.create Specifies whether a ServiceAccount should be created
## @param serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account
## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
##
serviceAccount:
  create: false
  name: ""
  automountServiceAccountToken: true
  annotations: {}

## DEPRECATED - existingServiceAccount. This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead
##
## existingServiceAccount: ""

## @section Thanos Query parameters

query:
  ## @param query.enabled Set to true to enable Thanos Query component
  ##
  enabled: true
  ## @param query.logLevel Thanos Query log level
  ##
  logLevel: info
  ## @param query.logFormat Thanos Query log format
  ##
  logFormat: logfmt
  ## @param query.replicaLabel Replica indicator(s) along which data is de-duplicated
  ##
  replicaLabel: [replica]
  ## Dynamically configure store APIs using DNS discovery
  ## @param query.dnsDiscovery.enabled Enable store APIs discovery via DNS
  ## @param query.dnsDiscovery.sidecarsService Sidecars service name to discover them using DNS discovery
  ## @param query.dnsDiscovery.sidecarsNamespace Sidecars namespace to discover them using DNS discovery
  ##
  dnsDiscovery:
    enabled: true
    sidecarsService: ""
    sidecarsNamespace: ""
  ## @param query.stores Statically configure store APIs to connect with Thanos Query
  ##
  stores: []
  ## @param query.sdConfig Query Service Discovery Configuration
  ## Specify content for servicediscovery.yml
  ##
  sdConfig: ""
  ## @param query.existingSDConfigmap Name of existing ConfigMap with Ruler configuration
  ## NOTE: This will override query.sdConfig
  ##
  existingSDConfigmap: ""
  ## @param query.extraEnvVars Extra environment variables for Thanos Query container
  ## e.g:
  ## extraEnvVars:
  ##   - name: FOO
  ##     value: "bar"
  ##
  extraEnvVars: []
  ## @param query.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Query nodes
  ##
  extraEnvVarsCM: ""
  ## @param query.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Query nodes
  ##
  extraEnvVarsSecret: ""
  ## @param query.extraFlags Extra Flags to passed to Thanos Query
  ##
  extraFlags: []
  ## @param query.command Override default container command (useful when using custom images)
  ##
  command: []
  ## @param query.args Override default container args (useful when using custom images)
  ##
  args: []
  ## @param query.replicaCount Number of Thanos Query replicas to deploy
  ##
  replicaCount: 1
  ## @param query.updateStrategy.type Update strategy type for Thanos Query replicas
  ##
  updateStrategy:
    type: RollingUpdate
  ## K8s Pod Security Context for Thanos Query pods
  ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ## @param query.podSecurityContext.enabled Enable security context for the Thanos Query pods
  ## @param query.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Query pods
  ##
  podSecurityContext:
    enabled: true
    fsGroup: 1001
  ## K8s containers' Security Context for Thanos Query containers
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
  ## @param query.containerSecurityContext.enabled Enable container security context for the Thanos Query containers
  ## @param query.containerSecurityContext.runAsUser User ID for the service user running the Thanos Query containers
  ## @param query.containerSecurityContext.runAsNonRoot Force the Thanos Query containers to run as a non root user
  ## @param query.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Query containers
  ## @param query.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Query containers
  ##
  containerSecurityContext:
    enabled: true
    runAsUser: 1001
    runAsNonRoot: true
    allowPrivilegeEscalation: false
    readOnlyRootFilesystem: true
  ## Thanos Query containers' resource requests and limits
  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
  ## @param query.resources.limits The resources limits for the Thanos Query container
  ## @param query.resources.requests The requested resources for the Thanos Query container
  ##
  resources:
    limits: {}
    requests: {}
  ## Configure extra options for Thanos Query containers' liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
  ## @param query.livenessProbe.enabled Enable livenessProbe on Thanos Query containers
  ## @param query.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
  ## @param query.livenessProbe.periodSeconds Period seconds for livenessProbe
  ## @param query.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
  ## @param query.livenessProbe.failureThreshold Failure threshold for livenessProbe
  ## @param query.livenessProbe.successThreshold Success threshold for livenessProbe
  ##
  livenessProbe:
    enabled: true
    initialDelaySeconds: 30
    timeoutSeconds: 30
    periodSeconds: 10
    successThreshold: 1
    failureThreshold: 6
  ## @param query.readinessProbe.enabled Enable readinessProbe on Thanos Query containers
  ## @param query.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
  ## @param query.readinessProbe.periodSeconds Period seconds for readinessProbe
  ## @param query.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
  ## @param query.readinessProbe.failureThreshold Failure threshold for readinessProbe
  ## @param query.readinessProbe.successThreshold Success threshold for readinessProbe
  ##
  readinessProbe:
    enabled: true
    initialDelaySeconds: 30
    timeoutSeconds: 30
    periodSeconds: 10
    successThreshold: 1
    failureThreshold: 6
  ## @param query.startupProbe.enabled Enable startupProbe on Thanos Query containers
  ## @param query.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
  ## @param query.startupProbe.periodSeconds Period seconds for startupProbe
  ## @param query.startupProbe.timeoutSeconds Timeout seconds for startupProbe
  ## @param query.startupProbe.failureThreshold Failure threshold for startupProbe
  ## @param query.startupProbe.successThreshold Success threshold for startupProbe
  ##
  startupProbe:
    enabled: false
    initialDelaySeconds: 5
    periodSeconds: 5
    timeoutSeconds: 1
    failureThreshold: 15
    successThreshold: 1
  ## @param query.customLivenessProbe Custom livenessProbe that overrides the default one
  ##
  customLivenessProbe: {}
  ## @param query.customReadinessProbe Custom readinessProbe that overrides the default one
  ##
  customReadinessProbe: {}
  ## @param query.customStartupProbe Custom startupProbe that overrides the default one
  ##
  customStartupProbe: {}
  ## @param query.initContainers Add additional init containers to the Thanos Query pods
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
  ## e.g:
  ## initContainers:
  ##  - name: your-image-name
  ##    image: your-image
  ##    imagePullPolicy: Always
  ##    command: ['sh', '-c', 'echo "hello world"']
  ##
  initContainers: []
  ## @param query.sidecars Extra containers running as sidecars to Thanos Query pods
  ## e.g:
  ## sidecars:
  ##   - name: your-image-name
  ##     image: your-image
  ##     imagePullPolicy: Always
  ##     ports:
  ##       - name: portname
  ##         containerPort: 1234
  ##
  sidecars: []
  ## @param query.extraVolumes Extra volumes to add to Thanos Query
  ##
  extraVolumes: []
  ## @param query.extraVolumeMounts Extra volume mounts to add to the query container
  ##
  extraVolumeMounts: []
  ## @param query.podAffinityPreset Thanos Query pod affinity preset
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ##
  podAffinityPreset: ""
  ## @param query.podAntiAffinityPreset Thanos Query pod anti-affinity preset. Ignored if `query.affinity` is set. Allowed values: `soft` or `hard`
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ##
  podAntiAffinityPreset: soft
  ## @param query.podAntiAffinityPresetTopologyKey Thanos Query pod anti-affinity topologyKey. Ignored if `query.affinity` is set.
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ##
  podAntiAffinityPresetTopologyKey: ""
  ## Thanos Query node affinity preset
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
  ##
  nodeAffinityPreset:
    ## @param query.nodeAffinityPreset.type Thanos Query node affinity preset type. Ignored if `query.affinity` is set. Allowed values: `soft` or `hard`
    ##
    type: ""
    ## @param query.nodeAffinityPreset.key Thanos Query node label key to match Ignored if `query.affinity` is set.
    ## e.g:
    ## key: "kubernetes.io/e2e-az-name"
    ##
    key: ""
    ## @param query.nodeAffinityPreset.values Thanos Query node label values to match. Ignored if `query.affinity` is set.
    ## e.g:
    ## values:
    ##   - e2e-az1
    ##   - e2e-az2
    ##
    values: []
  ## @param query.affinity Thanos Query affinity for pod assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ## Note: query.podAffinityPreset, query.podAntiAffinityPreset, and query.nodeAffinityPreset will be ignored when it's set
  ##
  affinity: {}
  ## @param query.nodeSelector Thanos Query node labels for pod assignment
  ## ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## @param query.tolerations Thanos Query tolerations for pod assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## @param query.podLabels Thanos Query pod labels
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
  ##
  podLabels: {}
  ## @param query.podAnnotations Annotations for Thanos Query pods
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## @param query.hostAliases Deployment pod host aliases
  ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
  ##
  hostAliases: []
  ## @param query.lifecycleHooks for the Thanos Query container(s) to automate configuration before or after startup
  ##
  lifecycleHooks: {}
  ## @param query.priorityClassName Thanos Query priorityClassName
  ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
  ##
  priorityClassName: ""
  ## @param query.schedulerName Name of the k8s scheduler (other than default) for Thanos Query pods
  ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
  ##
  schedulerName: ""
  ## @param query.topologySpreadConstraints Topology Spread Constraints for Thanos Query pods assignment spread across your cluster among failure-domains
  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
  ##
  topologySpreadConstraints: []
  ## Thanos Query GRPC parameters
  ## ref: https://github.com/thanos-io/thanos/blob/master/docs/components/query.md#flags
  ##
  grpc:
    ## GRPC server side
    ##
    server:
      ## TLS configuration
      ## @param query.grpc.server.tls.enabled Enable TLS encryption in the GRPC server
      ## @param query.grpc.server.tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates
      ## @param query.grpc.server.tls.cert TLS Certificate for GRPC server - ignored if existingSecret is provided
      ## @param query.grpc.server.tls.key TLS Key for GRPC server - ignored if existingSecret is provided
      ## @param query.grpc.server.tls.ca TLS CA to verify clients against - ignored if existingSecret is provided
      ## @param query.grpc.server.tls.existingSecret Existing secret containing your own TLS certificates
      ## e.g:
      ## existingSecret:
      ##   name: foo
      ##   keyMapping:
      ##     ca-cert: ca.pem
      ##     tls-cert: cert.pem
      ##     tls-key: key.pem
      ##
      tls:
        enabled: false
        autoGenerated: false
        cert: ""
        key: ""
        ca: ""
        existingSecret: {}
    ## GRPC client side
    ##
    client:
      ## @param query.grpc.client.serverName Server name to verify the hostname on the returned GRPC certificates
      ##
      serverName: ""
      ## TLS configuration
      ## @param query.grpc.client.tls.enabled Enable TLS encryption in the GRPC server
      ## @param query.grpc.client.tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates
      ## @param query.grpc.client.tls.cert TLS Certificate for GRPC server - ignored if existingSecret is provided
      ## @param query.grpc.client.tls.key TLS Key for GRPC server - ignored if existingSecret is provided
      ## @param query.grpc.client.tls.ca TLS CA to verify clients against - ignored if existingSecret is provided
      ## @param query.grpc.client.tls.existingSecret Existing secret containing your own TLS certificates
      ## e.g:
      ## existingSecret:
      ##   name: foo
      ##   keyMapping:
      ##     ca-cert: ca.pem
      ##     tls-cert: cert.pem
      ##     tls-key: key.pem
      ##
      tls:
        enabled: false
        autoGenerated: false
        cert: ""
        key: ""
        ca: ""
        existingSecret: {}
  ## Service parameters
  ##
  service:
    ## @param query.service.type Kubernetes service type
    ##
    type: ClusterIP
    ## @param query.service.ports.http Thanos Query service HTTP port
    ##
    ports:
      http: 9090
    ## @param query.service.nodePorts.http Specify the Thanos Query HTTP nodePort value for the LoadBalancer and NodePort service types
    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
    ##
    nodePorts:
      http: ""
    ## @param query.service.clusterIP Thanos Query service clusterIP IP
    ## e.g:
    ## clusterIP: None
    ##
    clusterIP: ""
    ## @param query.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer`
    ## Set the LoadBalancer service type to internal only
    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
    ##
    loadBalancerIP: ""
    ## @param query.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer
    ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
    ## e.g:
    ## loadBalancerSourceRanges:
    ## - 10.10.10.0/24
    ##
    loadBalancerSourceRanges: []
    ## @param query.service.externalTrafficPolicy Thanos Query service externalTrafficPolicy
    ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
    ##
    externalTrafficPolicy: Cluster
    ## @param query.service.annotations Annotations for Thanos Query service
    ##
    annotations: {}
    ## @param query.service.extraPorts Extra ports to expose in the Thanos Query service
    ##
    extraPorts: []
    ## @param query.service.labelSelectorsOverride Selector for Thanos Query service
    ##
    labelSelectorsOverride: {}
    ## @param query.service.additionalHeadless Additional Headless service
    ##
    additionalHeadless: false

  ## Service GRPC parameters
  ##
  serviceGrpc:
    ## @param query.serviceGrpc.type Kubernetes service type
    ##
    type: ClusterIP
    ## @param query.serviceGrpc.ports.grpc Thanos Query service GRPC port
    ##
    ports:
      grpc: 10901
    ## @param query.serviceGrpc.nodePorts.grpc Specify the Thanos Query GRPC nodePort value for the LoadBalancer and NodePort service types
    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
    ##
    nodePorts:
      grpc: ""
    ## @param query.serviceGrpc.clusterIP Thanos Query service clusterIP IP
    ## e.g:
    ## clusterIP: None
    ##
    clusterIP: ""
    ## @param query.serviceGrpc.loadBalancerIP Load balancer IP if service type is `LoadBalancer`
    ## Set the LoadBalancer service type to internal only
    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
    ##
    loadBalancerIP: ""
    ## @param query.serviceGrpc.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer
    ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
    ## e.g:
    ## loadBalancerSourceRanges:
    ## - 10.10.10.0/24
    ##
    loadBalancerSourceRanges: []
    ## @param query.serviceGrpc.externalTrafficPolicy Thanos Query service externalTrafficPolicy
    ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
    ##
    externalTrafficPolicy: Cluster
    ## @param query.serviceGrpc.annotations Annotations for Thanos Query service
    ##
    annotations: {}
    ## @param query.serviceGrpc.extraPorts Extra ports to expose in the Thanos Query service
    ##
    extraPorts: []
    ## @param query.serviceGrpc.labelSelectorsOverride Selector for Thanos Query service
    ##
    labelSelectorsOverride: {}
    ## @param query.serviceGrpc.additionalHeadless Additional Headless service
    ##
    additionalHeadless: false

  ## Autoscaling parameters
  ## @param query.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment
  ##
  automountServiceAccountToken: true
  ## ServiceAccount configuration
  ## @param query.serviceAccount.create Specifies whether a ServiceAccount should be created
  ## @param query.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
  ## @param query.serviceAccount.annotations Annotations for Thanos Query Service Account
  ## @param query.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token
  ## DEPRECATED query.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead
  ##
  serviceAccount:
    create: true
    name: ""
    annotations: {}
    automountServiceAccountToken: true
    ## existingServiceAccount: ""
  ## RBAC configuration
  ##
  rbac:
    ## @param query.rbac.create Create a ClusterRole and ClusterRoleBinding for the Thanos Query Service Account
    ##
    create: false
    ## @param query.rbac.rules Custom RBAC rules to set
    ## e.g:
    ## rules:
    ##   - apiGroups:
    ##       - ""
    ##     resources:
    ##       - pods
    ##     verbs:
    ##       - get
    ##       - list
    ##
    rules: []
  ## @param query.pspEnabled Whether to create a PodSecurityPolicy for Thanos Query
  ## WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
  ##
  pspEnabled: false
  ## Thanos Query Autoscaling configuration
  ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
  ## @param query.autoscaling.enabled Enable autoscaling for Thanos Query
  ## @param query.autoscaling.minReplicas Minimum number of Thanos Query replicas
  ## @param query.autoscaling.maxReplicas Maximum number of Thanos Query replicas
  ## @param query.autoscaling.targetCPU Target CPU utilization percentage
  ## @param query.autoscaling.targetMemory Target Memory utilization percentage
  ##
  autoscaling:
    enabled: false
    minReplicas: ""
    maxReplicas: ""
    targetCPU: ""
    targetMemory: ""
  ## Thanos Query Pod Disruption Budget configuration
  ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
  ## @param query.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Query
  ## @param query.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
  ## @param query.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
  ##
  pdb:
    create: false
    minAvailable: 1
    maxUnavailable: ""
  ## Configure the ingress resource that allows you to access Thanos Query
  ## ref: https://kubernetes.io/docs/user-guide/ingress/
  ##
  ingress:
    ## @param query.ingress.enabled Enable ingress controller resource
    ##
    enabled: false
    ## @param query.ingress.hostname Default host for the ingress resource
    ##
    hostname: thanos.local
    ## @param query.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
    ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
    ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
    ##
    ingressClassName: ""
    ## @param query.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
    ## For a full list of possible ingress annotations, please see
    ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
    ## Use this parameter to set the required annotations for cert-manager, see
    ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
    ##
    ## e.g:
    ## annotations:
    ##   kubernetes.io/ingress.class: nginx
    ##   cert-manager.io/cluster-issuer: cluster-issuer-name
    ##
    annotations: {}
    ## @param query.ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
    ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
    ## extraHosts:
    ## - name: thanos.local
    ##   path: /
    ##   pathType: ImplementationSpecific
    ##
    extraHosts: []
    ## @param query.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
    ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
    ## extraTls:
    ## - hosts:
    ##     - thanos.local
    ##   secretName: thanos.local-tls
    ##
    extraTls: []
    ## @param query.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
    ## key and certificate should start with -----BEGIN CERTIFICATE----- or
    ## -----BEGIN RSA PRIVATE KEY-----
    ##
    ## name should line up with a tlsSecret set further up
    ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
    ##
    ## It is also possible to create and manage the certificates outside of this helm chart
    ## Please see README.md for more information
    ## e.g:
    ## - name: thanos.local-tls
    ##   key:
    ##   certificate:
    ##
    secrets: []
    ## @param query.ingress.extraRules Additional rules to be covered with this ingress record
    ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
    ## e.g:
    ## extraRules:
    ## - host: example.local
    ##     http:
    ##       path: /
    ##       backend:
    ##         service:
    ##           name: example-svc
    ##           port:
    ##             name: http
    ##
    extraRules: []
    ## @param query.ingress.tls Enable TLS configuration for the hostname defined at `query.ingress.hostname` parameter
    ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.query.ingress.hostname }}`
    ## You can:
    ##   - Use the `query.ingress.secrets` parameter to create this TLS secret
    ##   - Rely on cert-manager to create it by setting the corresponding annotations
    ##   - Rely on Helm to create self-signed certificates by setting `query.ingress.selfSigned=true`
    ##
    tls: false
    ## @param query.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
    ##
    selfSigned: false
    ## @param query.ingress.apiVersion Force Ingress API version (automatically detected if not set)
    ##
    apiVersion: ""
    ## @param query.ingress.path Ingress path
    ##
    path: /
    ## @param query.ingress.pathType Ingress path type
    ##
    pathType: ImplementationSpecific
    ## Create an ingress object for the GRPC service. This requires an HTTP/2
    ## capable Ingress controller (eg. traefik using AWS NLB). Example annotations
    ## - ingress.kubernetes.io/protocol: h2c
    ## - service.beta.kubernetes.io/aws-load-balancer-type: nlb
    ## - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
    ## For more information see https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/
    ## and also the documentation for your ingress controller.
    ##
    ## The options that are accepted are identical to the HTTP one listed above
    ##
    grpc:
      ## @param query.ingress.grpc.enabled Enable ingress controller resource (GRPC)
      ##
      enabled: false
      ## @param query.ingress.grpc.hostname Default host for the ingress resource (GRPC)
      ##
      hostname: thanos-grpc.local
      ## @param query.ingress.grpc.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
      ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
      ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
      ##
      ingressClassName: ""
      ## @param query.ingress.grpc.annotations Additional annotations for the Ingress resource (GRPC). To enable certificate autogeneration, place here your cert-manager annotations.
      ## For a full list of possible ingress annotations, please see
      ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
      ## Use this parameter to set the required annotations for cert-manager, see
      ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
      ##
      ## Examples:
      ## kubernetes.io/ingress.class: nginx
      ## cert-manager.io/cluster-issuer: cluster-issuer-name
      ##
      annotations: {}
      ## @param query.ingress.grpc.extraHosts The list of additional hostnames to be covered with this ingress record.
      ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
      ## extraHosts:
      ## - name: thanos-grpc.local
      ##   path: /
      ##
      extraHosts: []
      ## @param query.ingress.grpc.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
      ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
      ## extraTls:
      ## - hosts:
      ##     - thanos-grpc.local
      ##   secretName: thanos-grpc.local-tls
      ##
      extraTls: []
      ## @param query.ingress.grpc.secrets If you're providing your own certificates, please use this to add the certificates as secrets
      ## key and certificate should start with -----BEGIN CERTIFICATE----- or
      ## -----BEGIN RSA PRIVATE KEY-----
      ##
      ## name should line up with a tlsSecret set further up
      ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
      ##
      ## It is also possible to create and manage the certificates outside of this helm chart
      ## Please see README.md for more information
      ## e.g:
      ## - name: thanos-grpc.local-tls
      ##   key:
      ##   certificate:
      ##
      secrets: []
      ## @param query.ingress.grpc.extraRules Additional rules to be covered with this ingress record
      ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
      ## e.g:
      ## extraRules:
      ## - host: example.local
      ##     http:
      ##       path: /
      ##       backend:
      ##         service:
      ##           name: example-svc
      ##           port:
      ##             name: http
      ##
      extraRules: []
      ## @param query.ingress.grpc.tls Enable TLS configuration for the hostname defined at `query.ingress.grpc.hostname` parameter
      ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.query.ingress.grpc.hostname }}`
      ## You can:
      ##   - Use the `query.ingress.grpc.secrets` parameter to create this TLS secret
      ##   - Rely on cert-manager to create it by setting the corresponding annotations
      ##   - Rely on Helm to create self-signed certificates by setting `query.ingress.grpc.selfSigned=true`
      ##
      tls: false
      ## @param query.ingress.grpc.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
      ##
      selfSigned: false
      ## @param query.ingress.grpc.apiVersion Override API Version (automatically detected if not set)
      ##
      apiVersion: ""
      ## @param query.ingress.grpc.path Ingress Path
      ##
      path: /
      ## @param query.ingress.grpc.pathType Ingress Path type
      ##
      pathType: ImplementationSpecific

## @section Thanos Query Frontend parameters

queryFrontend:
  ## @param queryFrontend.enabled Enable/disable Thanos Query Frontend component
  ##
  enabled: true
  ## @param queryFrontend.logLevel Thanos Query Frontend log level
  ##
  logLevel: info
  ## @param queryFrontend.logFormat Thanos Query Frontend log format
  ##
  logFormat: logfmt
  ## @param queryFrontend.config Thanos Query Frontend configuration
  ## Specify content for config.yml
  ##
  config: ""
  ## @param queryFrontend.existingConfigmap Name of existing ConfigMap with Thanos Query Frontend configuration
  ## NOTE: This will override queryFrontend.config
  ##
  existingConfigmap: ""
  ## @param queryFrontend.extraEnvVars Extra environment variables for Thanos Query Frontend container
  ## e.g:
  ## extraEnvVars:
  ##   - name: FOO
  ##     value: "bar"
  ##
  extraEnvVars: []
  ## @param queryFrontend.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Query Frontend nodes
  ##
  extraEnvVarsCM: ""
  ## @param queryFrontend.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Query Frontend nodes
  ##
  extraEnvVarsSecret: ""
  ## @param queryFrontend.extraFlags Extra Flags to passed to Thanos Query Frontend
  ##
  extraFlags: []
  ## @param queryFrontend.command Override default container command (useful when using custom images)
  ##
  command: []
  ## @param queryFrontend.args Override default container args (useful when using custom images)
  ##
  args: []
  ## @param queryFrontend.replicaCount Number of Thanos Query Frontend replicas to deploy
  ##
  replicaCount: 1
  ## @param queryFrontend.updateStrategy.type Update strategy type for Thanos Query Frontend replicas
  ##
  updateStrategy:
    type: RollingUpdate
  ## K8s Pod Security Context for Thanos Query Frontend pods
  ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ## @param queryFrontend.podSecurityContext.enabled Enable security context for the Thanos Query Frontend pods
  ## @param queryFrontend.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Query Frontend pods
  ##
  podSecurityContext:
    enabled: true
    fsGroup: 1001
  ## K8s containers' Security Context for Thanos Query Frontend containers
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
  ## @param queryFrontend.containerSecurityContext.enabled Enable container security context for the Thanos Query Frontend containers
  ## @param queryFrontend.containerSecurityContext.runAsUser User ID for the service user running the Thanos Query Frontend containers
  ## @param queryFrontend.containerSecurityContext.runAsNonRoot Force the Thanos Query Frontend containers to run as a non root user
  ## @param queryFrontend.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Query Frontend containers
  ## @param queryFrontend.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Query Frontend containers
  ##
  containerSecurityContext:
    enabled: true
    runAsUser: 1001
    runAsNonRoot: true
    allowPrivilegeEscalation: false
    readOnlyRootFilesystem: true
  ## Thanos Query Frontend containers' resource requests and limits
  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
  ## @param queryFrontend.resources.limits The resources limits for the Thanos Query Frontend container
  ## @param queryFrontend.resources.requests The requested resources for the Thanos Query Frontend container
  ##
  resources:
    limits: {}
    requests: {}
  ## Configure extra options for Thanos Query Frontend containers' liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
  ## @param queryFrontend.livenessProbe.enabled Enable livenessProbe on Thanos Query Frontend containers
  ## @param queryFrontend.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
  ## @param queryFrontend.livenessProbe.periodSeconds Period seconds for livenessProbe
  ## @param queryFrontend.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
  ## @param queryFrontend.livenessProbe.failureThreshold Failure threshold for livenessProbe
  ## @param queryFrontend.livenessProbe.successThreshold Success threshold for livenessProbe
  ##
  livenessProbe:
    enabled: true
    initialDelaySeconds: 30
    timeoutSeconds: 30
    periodSeconds: 10
    successThreshold: 1
    failureThreshold: 6
  ## @param queryFrontend.readinessProbe.enabled Enable readinessProbe on Thanos Query Frontend containers
  ## @param queryFrontend.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
  ## @param queryFrontend.readinessProbe.periodSeconds Period seconds for readinessProbe
  ## @param queryFrontend.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
  ## @param queryFrontend.readinessProbe.failureThreshold Failure threshold for readinessProbe
  ## @param queryFrontend.readinessProbe.successThreshold Success threshold for readinessProbe
  ##
  readinessProbe:
    enabled: true
    initialDelaySeconds: 30
    timeoutSeconds: 30
    periodSeconds: 10
    successThreshold: 1
    failureThreshold: 6
  ## @param queryFrontend.startupProbe.enabled Enable startupProbe on Thanos Query Frontend containers
  ## @param queryFrontend.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
  ## @param queryFrontend.startupProbe.periodSeconds Period seconds for startupProbe
  ## @param queryFrontend.startupProbe.timeoutSeconds Timeout seconds for startupProbe
  ## @param queryFrontend.startupProbe.failureThreshold Failure threshold for startupProbe
  ## @param queryFrontend.startupProbe.successThreshold Success threshold for startupProbe
  ##
  startupProbe:
    enabled: false
    initialDelaySeconds: 5
    periodSeconds: 5
    timeoutSeconds: 1
    failureThreshold: 15
    successThreshold: 1
  ## @param queryFrontend.customLivenessProbe Custom livenessProbe that overrides the default one
  ##
  customLivenessProbe: {}
  ## @param queryFrontend.customReadinessProbe Custom readinessProbe that overrides the default one
  ##
  customReadinessProbe: {}
  ## @param queryFrontend.customStartupProbe Custom startupProbe that overrides the default one
  ##
  customStartupProbe: {}
  ## @param queryFrontend.initContainers Add additional init containers to the Thanos Query Frontend pods
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
  ## e.g:
  ## initContainers:
  ##  - name: your-image-name
  ##    image: your-image
  ##    imagePullPolicy: Always
  ##    command: ['sh', '-c', 'echo "hello world"']
  ##
  initContainers: []
  ## @param queryFrontend.sidecars Extra containers running as sidecars to Thanos Query Frontend pods
  ## e.g:
  ## sidecars:
  ##   - name: your-image-name
  ##     image: your-image
  ##     imagePullPolicy: Always
  ##     ports:
  ##       - name: portname
  ##         containerPort: 1234
  ##
  sidecars: []
  ## @param queryFrontend.extraVolumes Extra volumes to add to Thanos Query Frontend
  ##
  extraVolumes: []
  ## @param queryFrontend.extraVolumeMounts Extra volume mounts to add to the query-frontend container
  ##
  extraVolumeMounts: []
  ## @param queryFrontend.podAffinityPreset Thanos Query Frontend pod affinity preset
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ##
  podAffinityPreset: ""
  ## @param queryFrontend.podAntiAffinityPreset Thanos Query Frontend pod anti-affinity preset. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard`
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ##
  podAntiAffinityPreset: soft
  ## Thanos Query Frontend node affinity preset
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
  ##
  nodeAffinityPreset:
    ## @param queryFrontend.nodeAffinityPreset.type Thanos Query Frontend node affinity preset type. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard`
    ##
    type: ""
    ## @param queryFrontend.nodeAffinityPreset.key Thanos Query Frontend node label key to match. Ignored if `queryFrontend.affinity` is set.
    ## e.g:
    ## key: "kubernetes.io/e2e-az-name"
    ##
    key: ""
    ## @param queryFrontend.nodeAffinityPreset.values Thanos Query Frontend node label values to match. Ignored if `queryFrontend.affinity` is set.
    ## e.g:
    ## values:
    ##   - e2e-az1
    ##   - e2e-az2
    ##
    values: []
  ## @param queryFrontend.affinity Thanos Query Frontend affinity for pod assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ## Note: queryFrontend.podAffinityPreset, queryFrontend.podAntiAffinityPreset, and queryFrontend.nodeAffinityPreset will be ignored when it's set
  ##
  affinity: {}
  ## @param queryFrontend.nodeSelector Thanos Query Frontend node labels for pod assignment
  ## ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## @param queryFrontend.tolerations Thanos Query Frontend tolerations for pod assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## @param queryFrontend.podLabels Thanos Query Frontend pod labels
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
  ##
  podLabels: {}
  ## @param queryFrontend.podAnnotations Annotations for Thanos Query Frontend pods
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## @param queryFrontend.hostAliases Deployment pod host aliases
  ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
  ##
  hostAliases: []
  ## @param queryFrontend.lifecycleHooks for the Thanos Query Frontend container(s) to automate configuration before or after startup
  ##
  lifecycleHooks: {}
  ## @param queryFrontend.priorityClassName Thanos Query Frontend priorityClassName
  ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
  ##
  priorityClassName: ""
  ## @param queryFrontend.schedulerName Name of the k8s scheduler (other than default) for Thanos Query Frontend pods
  ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
  ##
  schedulerName: ""
  ## @param queryFrontend.topologySpreadConstraints Topology Spread Constraints for Thanos Query Frontend pods assignment spread across your cluster among failure-domains
  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
  ##
  topologySpreadConstraints: []
  ## Service parameters
  ##
  service:
    ## @param queryFrontend.service.type Kubernetes service type
    ##
    type: ClusterIP
    ## @param queryFrontend.service.ports.http Thanos Query Frontend service HTTP port
    ##
    ports:
      http: 9090
    ## @param queryFrontend.service.nodePorts.http Specify the Thanos Query Frontend HTTP nodePort value for the LoadBalancer and NodePort service types
    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
    ##
    nodePorts:
      http: ""
    ## @param queryFrontend.service.clusterIP Thanos Query Frontend service clusterIP IP
    ## e.g:
    ## clusterIP: None
    ##
    clusterIP: ""
    ## @param queryFrontend.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer`
    ## Set the LoadBalancer service type to internal only
    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
    ##
    loadBalancerIP: ""
    ## @param queryFrontend.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer
    ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
    ## e.g:
    ## loadBalancerSourceRanges:
    ## - 10.10.10.0/24
    ##
    loadBalancerSourceRanges: []
    ## @param queryFrontend.service.externalTrafficPolicy Thanos Query Frontend service externalTrafficPolicy
    ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
    ##
    externalTrafficPolicy: Cluster
    ## @param queryFrontend.service.annotations Annotations for Thanos Query Frontend service
    ##
    annotations: {}
    ## @param queryFrontend.service.labels Labels for Thanos Query Frontend service
    ##
    labels: {}
    ## @param queryFrontend.service.extraPorts Extra ports to expose in the Thanos Query Frontend service
    ##
    extraPorts: []
    ## @param queryFrontend.service.labelSelectorsOverride Selector for Thanos Query service
    ##
    labelSelectorsOverride: {}
  ## @param queryFrontend.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment
  ##
  automountServiceAccountToken: true
  ## ServiceAccount configuration
  ## @param queryFrontend.serviceAccount.create Specifies whether a ServiceAccount should be created
  ## @param queryFrontend.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
  ## @param queryFrontend.serviceAccount.annotations Annotations for Thanos Query Frontend Service Account
  ## @param queryFrontend.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token
  ## DEPRECATED queryFrontend.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead
  ##
  serviceAccount:
    create: true
    name: ""
    annotations: {}
    automountServiceAccountToken: true
    ## existingServiceAccount: ""
  ## RBAC configuration
  ##
  rbac:
    ## @param queryFrontend.rbac.create Create a ClusterRole and ClusterRoleBinding for the Thanos Query Frontend Service Account
    ##
    create: false
    ## @param queryFrontend.rbac.rules Custom RBAC rules to set
    ## e.g:
    ## rules:
    ##   - apiGroups:
    ##       - ""
    ##     resources:
    ##       - pods
    ##     verbs:
    ##       - get
    ##       - list
    ##
    rules: []
  ## @param queryFrontend.pspEnabled Whether to create a PodSecurityPolicy for Thanos Query Frontend
  ## WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
  ##
  pspEnabled: false
  ## Thanos Query Frontend Autoscaling configuration
  ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
  ## @param queryFrontend.autoscaling.enabled Enable autoscaling for Thanos Query Frontend
  ## @param queryFrontend.autoscaling.minReplicas Minimum number of Thanos Query Frontend replicas
  ## @param queryFrontend.autoscaling.maxReplicas Maximum number of Thanos Query Frontend replicas
  ## @param queryFrontend.autoscaling.targetCPU Target CPU utilization percentage
  ## @param queryFrontend.autoscaling.targetMemory Target Memory utilization percentage
  ##
  autoscaling:
    enabled: false
    minReplicas: ""
    maxReplicas: ""
    targetCPU: ""
    targetMemory: ""
  ## Thanos Query Frontend Pod Disruption Budget configuration
  ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
  ## @param queryFrontend.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Query Frontend
  ## @param queryFrontend.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
  ## @param queryFrontend.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
  ##
  pdb:
    create: false
    minAvailable: 1
    maxUnavailable: ""
  ## Configure the ingress resource that allows you to access Thanos Query Frontend
  ## ref: https://kubernetes.io/docs/user-guide/ingress/
  ##
  ingress:
    ## @param queryFrontend.ingress.enabled Enable ingress controller resource
    ##
    enabled: false
    ## @param queryFrontend.ingress.hostname Default host for the ingress resource
    ##
    hostname: thanos.local
    ## @param queryFrontend.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
    ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
    ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
    ##
    ingressClassName: ""
    ## @param queryFrontend.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
    ## For a full list of possible ingress annotations, please see
    ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
    ## Use this parameter to set the required annotations for cert-manager, see
    ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
    ##
    ## e.g:
    ## annotations:
    ##   kubernetes.io/ingress.class: nginx
    ##   cert-manager.io/cluster-issuer: cluster-issuer-name
    ##
    annotations: {}
    ## @param queryFrontend.ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
    ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
    ## extraHosts:
    ## - name: thanos.local
    ##   path: /
    ##   pathType: ImplementationSpecific
    ##
    extraHosts: []
    ## @param queryFrontend.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
    ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
    ## extraTls:
    ## - hosts:
    ##     - thanos.local
    ##   secretName: thanos.local-tls
    ##
    extraTls: []
    ## @param queryFrontend.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
    ## key and certificate should start with -----BEGIN CERTIFICATE----- or
    ## -----BEGIN RSA PRIVATE KEY-----
    ##
    ## name should line up with a tlsSecret set further up
    ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
    ##
    ## It is also possible to create and manage the certificates outside of this helm chart
    ## Please see README.md for more information
    ## e.g:
    ## - name: thanos.local-tls
    ##   key:
    ##   certificate:
    ##
    secrets: []
    ## @param queryFrontend.ingress.extraRules Additional rules to be covered with this ingress record
    ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
    ## e.g:
    ## extraRules:
    ## - host: example.local
    ##     http:
    ##       path: /
    ##       backend:
    ##         service:
    ##           name: example-svc
    ##           port:
    ##             name: http
    ##
    extraRules: []
    ## @param queryFrontend.ingress.tls Enable TLS configuration for the hostname defined at `queryFrontend.ingress.hostname` parameter
    ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.queryFrontend.ingress.hostname }}`
    ## You can:
    ##   - Use the `queryFrontend.ingress.secrets` parameter to create this TLS secret
    ##   - Rely on cert-manager to create it by setting the corresponding annotations
    ##   - Rely on Helm to create self-signed certificates by setting `queryFrontend.ingress.selfSigned=true`
    ##
    tls: false
    ## @param queryFrontend.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
    ##
    selfSigned: false
    ## @param queryFrontend.ingress.apiVersion Force Ingress API version (automatically detected if not set)
    ##
    apiVersion: ""
    ## @param queryFrontend.ingress.path Ingress path
    ##
    path: /
    ## @param queryFrontend.ingress.pathType Ingress path type
    ##
    pathType: ImplementationSpecific

## @section Thanos Bucket Web parameters

bucketweb:
  ## @param bucketweb.enabled Enable/disable Thanos Bucket Web component
  ##
  enabled: false
  ## @param bucketweb.logLevel Thanos Bucket Web log level
  ##
  logLevel: info
  ## @param bucketweb.logFormat Thanos Bucket Web log format
  ##
  logFormat: logfmt
  ## @param bucketweb.refresh Refresh interval to download metadata from remote storage
  ##
  refresh: 30m
  ## @param bucketweb.timeout Timeout to download metadata from remote storage
  ##
  timeout: 5m
  ## @param bucketweb.extraEnvVars Extra environment variables for Thanos Bucket Web container
  ## e.g:
  ## extraEnvVars:
  ##   - name: FOO
  ##     value: "bar"
  ##
  extraEnvVars: []
  ## @param bucketweb.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Bucket Web nodes
  ##
  extraEnvVarsCM: ""
  ## @param bucketweb.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Bucket Web nodes
  ##
  extraEnvVarsSecret: ""
  ## @param bucketweb.extraFlags Extra Flags to passed to Thanos Bucket Web
  ##
  extraFlags: []
  ## @param bucketweb.command Override default container command (useful when using custom images)
  ##
  command: []
  ## @param bucketweb.args Override default container args (useful when using custom images)
  ##
  args: []
  ## @param bucketweb.replicaCount Number of Thanos Bucket Web replicas to deploy
  ##
  replicaCount: 1
  ## @param bucketweb.updateStrategy.type Update strategy type for Thanos Bucket Web replicas
  ##
  updateStrategy:
    type: RollingUpdate
  ## K8s Pod Security Context for Thanos Bucket Web pods
  ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ## @param bucketweb.podSecurityContext.enabled Enable security context for the Thanos Bucket Web pods
  ## @param bucketweb.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Bucket Web pods
  ##
  podSecurityContext:
    enabled: true
    fsGroup: 1001
  ## K8s containers' Security Context for Thanos Bucket Web containers
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
  ## @param bucketweb.containerSecurityContext.enabled Enable container security context for the Thanos Bucket Web containers
  ## @param bucketweb.containerSecurityContext.runAsUser User ID for the service user running the Thanos Bucket Web containers
  ## @param bucketweb.containerSecurityContext.runAsNonRoot Force the Thanos Bucket Web containers to run as a non root user
  ## @param bucketweb.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Bucket Web containers
  ## @param bucketweb.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Bucket Web containers
  ##
  containerSecurityContext:
    enabled: true
    runAsUser: 1001
    runAsNonRoot: true
    allowPrivilegeEscalation: false
    readOnlyRootFilesystem: true
  ## Thanos Bucket Web containers' resource requests and limits
  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
  ## @param bucketweb.resources.limits The resources limits for the Thanos Bucket Web container
  ## @param bucketweb.resources.requests The requested resources for the Thanos Bucket Web container
  ##
  resources:
    limits: {}
    requests: {}
  ## Configure extra options for Thanos Bucket Web containers' liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
  ## @param bucketweb.livenessProbe.enabled Enable livenessProbe on Thanos Bucket Web containers
  ## @param bucketweb.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
  ## @param bucketweb.livenessProbe.periodSeconds Period seconds for livenessProbe
  ## @param bucketweb.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
  ## @param bucketweb.livenessProbe.failureThreshold Failure threshold for livenessProbe
  ## @param bucketweb.livenessProbe.successThreshold Success threshold for livenessProbe
  ##
  livenessProbe:
    enabled: true
    initialDelaySeconds: 30
    timeoutSeconds: 30
    periodSeconds: 10
    successThreshold: 1
    failureThreshold: 6
  ## @param bucketweb.readinessProbe.enabled Enable readinessProbe on Thanos Bucket Web containers
  ## @param bucketweb.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
  ## @param bucketweb.readinessProbe.periodSeconds Period seconds for readinessProbe
  ## @param bucketweb.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
  ## @param bucketweb.readinessProbe.failureThreshold Failure threshold for readinessProbe
  ## @param bucketweb.readinessProbe.successThreshold Success threshold for readinessProbe
  ##
  readinessProbe:
    enabled: true
    initialDelaySeconds: 30
    timeoutSeconds: 30
    periodSeconds: 10
    successThreshold: 1
    failureThreshold: 6
  ## @param bucketweb.startupProbe.enabled Enable startupProbe on Thanos Bucket Web containers
  ## @param bucketweb.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
  ## @param bucketweb.startupProbe.periodSeconds Period seconds for startupProbe
  ## @param bucketweb.startupProbe.timeoutSeconds Timeout seconds for startupProbe
  ## @param bucketweb.startupProbe.failureThreshold Failure threshold for startupProbe
  ## @param bucketweb.startupProbe.successThreshold Success threshold for startupProbe
  ##
  startupProbe:
    enabled: false
    initialDelaySeconds: 5
    periodSeconds: 5
    timeoutSeconds: 1
    failureThreshold: 15
    successThreshold: 1
  ## @param bucketweb.customLivenessProbe Custom livenessProbe that overrides the default one
  ##
  customLivenessProbe: {}
  ## @param bucketweb.customReadinessProbe Custom readinessProbe that overrides the default one
  ##
  customReadinessProbe: {}
  ## @param bucketweb.customStartupProbe Custom startupProbe that overrides the default one
  ##
  customStartupProbe: {}
  ## @param bucketweb.initContainers Add additional init containers to the Thanos Bucket Web pods
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
  ## e.g:
  ## initContainers:
  ##  - name: your-image-name
  ##    image: your-image
  ##    imagePullPolicy: Always
  ##    command: ['sh', '-c', 'echo "hello world"']
  ##
  initContainers: []
  ## @param bucketweb.sidecars Extra containers running as sidecars to Thanos Bucket Web pods
  ## e.g:
  ## sidecars:
  ##   - name: your-image-name
  ##     image: your-image
  ##     imagePullPolicy: Always
  ##     ports:
  ##       - name: portname
  ##         containerPort: 1234
  ##
  sidecars: []
  ## @param bucketweb.extraVolumes Extra volumes to add to Bucket Web
  ##
  extraVolumes: []
  ## @param bucketweb.extraVolumeMounts Extra volume mounts to add to the bucketweb container
  ##
  extraVolumeMounts: []
  ## @param bucketweb.podAffinityPreset Thanos Bucket Web pod affinity preset
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ##
  podAffinityPreset: ""
  ## @param bucketweb.podAntiAffinityPreset Thanos Bucket Web pod anti-affinity preset. Ignored if `bucketweb.affinity` is set. Allowed values: `soft` or `hard`
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ##
  podAntiAffinityPreset: soft
  ## Thanos Bucket Web node affinity preset
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
  ##
  nodeAffinityPreset:
    ## @param bucketweb.nodeAffinityPreset.type Thanos Bucket Web node affinity preset type. Ignored if `bucketweb.affinity` is set. Allowed values: `soft` or `hard`
    ##
    type: ""
    ## @param bucketweb.nodeAffinityPreset.key Thanos Bucket Web node label key to match. Ignored if `bucketweb.affinity` is set.
    ## e.g:
    ## key: "kubernetes.io/e2e-az-name"
    ##
    key: ""
    ## @param bucketweb.nodeAffinityPreset.values Thanos Bucket Web node label values to match. Ignored if `bucketweb.affinity` is set.
    ## e.g:
    ## values:
    ##   - e2e-az1
    ##   - e2e-az2
    ##
    values: []
  ## @param bucketweb.affinity Thanos Bucket Web affinity for pod assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ## Note: bucketweb.podAffinityPreset, bucketweb.podAntiAffinityPreset, and bucketweb.nodeAffinityPreset will be ignored when it's set
  ##
  affinity: {}
  ## @param bucketweb.nodeSelector Thanos Bucket Web node labels for pod assignment
  ## ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## @param bucketweb.tolerations Thanos Bucket Web tolerations for pod assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## @param bucketweb.podLabels Thanos Bucket Web pod labels
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
  ##
  podLabels: {}
  ## @param bucketweb.podAnnotations Annotations for Thanos Bucket Web pods
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## @param bucketweb.hostAliases Deployment pod host aliases
  ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
  ##
  hostAliases: []
  ## @param bucketweb.lifecycleHooks for the Thanos Bucket Web container(s) to automate configuration before or after startup
  ##
  lifecycleHooks: {}
  ## @param bucketweb.priorityClassName Thanos Bucket Web priorityClassName
  ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
  ##
  priorityClassName: ""
  ## @param bucketweb.schedulerName Name of the k8s scheduler (other than default) for Thanos Bucket Web pods
  ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
  ##
  schedulerName: ""
  ## @param bucketweb.topologySpreadConstraints Topology Spread Constraints for Thanos Bucket Web pods assignment spread across your cluster among failure-domains
  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
  ##
  topologySpreadConstraints: []
  ## Service parameters
  ##
  service:
    ## @param bucketweb.service.type Kubernetes service type
    ##
    type: ClusterIP
    ## @param bucketweb.service.ports.http Thanos Bucket Web service HTTP port
    ##
    ports:
      http: 8080
    ## @param bucketweb.service.nodePorts.http Specify the Thanos Bucket Web HTTP nodePort value for the LoadBalancer and NodePort service types
    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
    ##
    nodePorts:
      http: ""
    ## @param bucketweb.service.clusterIP Thanos Bucket Web service clusterIP IP
    ## e.g:
    ## clusterIP: None
    ##
    clusterIP: ""
    ## @param bucketweb.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer`
    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
    ##
    loadBalancerIP: ""
    ## @param bucketweb.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer
    ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
    ##
    ## loadBalancerSourceRanges:
    ## - 10.10.10.0/24
    ##
    loadBalancerSourceRanges: []
    ## @param bucketweb.service.externalTrafficPolicy Thanos Bucket Web service externalTrafficPolicy
    ##
    externalTrafficPolicy: Cluster
    ## @param bucketweb.service.annotations Annotations for Thanos Bucket Web service
    ##
    annotations: {}
    ## @param bucketweb.service.extraPorts Extra ports to expose in the Thanos Bucket Web service
    ##
    extraPorts: []
    ## @param bucketweb.service.labelSelectorsOverride Selector for Thanos Query service
    ##
    labelSelectorsOverride: {}
  ## @param bucketweb.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment
  ##
  automountServiceAccountToken: true
  ## ServiceAccount configuration
  ## @param bucketweb.serviceAccount.create Specifies whether a ServiceAccount should be created
  ## @param bucketweb.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
  ## @param bucketweb.serviceAccount.annotations Annotations for Thanos Bucket Web Service Account
  ## @param bucketweb.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token
  ## DEPRECATED bucketweb.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead
  ##
  serviceAccount:
    create: true
    name: ""
    annotations: {}
    automountServiceAccountToken: true
    ## existingServiceAccount: ""
  ## Thanos Bucket Web Autoscaling configuration
  ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
  ## @param bucketweb.autoscaling.enabled Enable autoscaling for Thanos Bucket Web
  ## @param bucketweb.autoscaling.minReplicas Minimum number of Thanos Bucket Web replicas
  ## @param bucketweb.autoscaling.maxReplicas Maximum number of Thanos Bucket Web replicas
  ## @param bucketweb.autoscaling.targetCPU Target CPU utilization percentage
  ## @param bucketweb.autoscaling.targetMemory Target Memory utilization percentage
  ##
  autoscaling:
    enabled: false
    minReplicas: ""
    maxReplicas: ""
    targetCPU: ""
    targetMemory: ""
  ## Thanos Bucket Web Pod Disruption Budget configuration
  ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
  ## @param bucketweb.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Bucket Web
  ## @param bucketweb.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
  ## @param bucketweb.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
  ##
  pdb:
    create: false
    minAvailable: 1
    maxUnavailable: ""
  ## Configure the ingress resource that allows you to access Thanos Bucketweb
  ## ref: https://kubernetes.io/docs/user-guide/ingress/
  ##
  ingress:
    ## @param bucketweb.ingress.enabled Enable ingress controller resource
    ##
    enabled: false
    ## @param bucketweb.ingress.hostname Default host for the ingress resource
    ##
    hostname: thanos-bucketweb.local
    ## @param bucketweb.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
    ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
    ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
    ##
    ingressClassName: ""
    ## @param bucketweb.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
    ## For a full list of possible ingress annotations, please see
    ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
    ## Use this parameter to set the required annotations for cert-manager, see
    ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
    ##
    ## e.g:
    ## annotations:
    ##   kubernetes.io/ingress.class: nginx
    ##   cert-manager.io/cluster-issuer: cluster-issuer-name
    ##
    annotations: {}
    ## @param bucketweb.ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
    ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
    ## extraHosts:
    ## - name: thanos-bucketweb.local
    ##   path: /
    ##   pathType: ImplementationSpecific
    ##
    extraHosts: []
    ## @param bucketweb.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
    ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
    ## extraTls:
    ## - hosts:
    ##     - thanos-bucketweb.local
    ##   secretName: thanos-bucketweb.local-tls
    ##
    extraTls: []
    ## @param bucketweb.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
    ## key and certificate should start with -----BEGIN CERTIFICATE----- or
    ## -----BEGIN RSA PRIVATE KEY-----
    ##
    ## name should line up with a tlsSecret set further up
    ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
    ##
    ## It is also possible to create and manage the certificates outside of this helm chart
    ## Please see README.md for more information
    ## e.g:
    ## - name: thanos-bucketweb.local-tls
    ##   key:
    ##   certificate:
    ##
    secrets: []
    ## @param bucketweb.ingress.extraRules Additional rules to be covered with this ingress record
    ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
    ## e.g:
    ## extraRules:
    ## - host: example.local
    ##     http:
    ##       path: /
    ##       backend:
    ##         service:
    ##           name: example-svc
    ##           port:
    ##             name: http
    ##
    extraRules: []
    ## @param bucketweb.ingress.tls Enable TLS configuration for the hostname defined at `bucketweb.ingress.hostname` parameter
    ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.bucketweb.ingress.hostname }}`
    ## You can:
    ##   - Use the `bucketweb.ingress.secrets` parameter to create this TLS secret
    ##   - Rely on cert-manager to create it by setting the corresponding annotations
    ##   - Rely on Helm to create self-signed certificates by setting `bucketweb.ingress.selfSigned=true`
    ##
    tls: false
    ## @param bucketweb.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
    ##
    selfSigned: false
    ## @param bucketweb.ingress.apiVersion Force Ingress API version (automatically detected if not set)
    ##
    apiVersion: ""
    ## @param bucketweb.ingress.path Ingress path
    ##
    path: /
    ## @param bucketweb.ingress.pathType Ingress path type
    ##
    pathType: ImplementationSpecific

## @section Thanos Compactor parameters

compactor:
  ## @param compactor.enabled Enable/disable Thanos Compactor component
  ##
  enabled: false
  ## @param compactor.logLevel Thanos Compactor log level
  ##
  logLevel: info
  ## @param compactor.logFormat Thanos Compactor log format
  ##
  logFormat: logfmt
  ## Resolution and Retention flags
  ## @param compactor.retentionResolutionRaw Resolution and Retention flag
  ## @param compactor.retentionResolution5m Resolution and Retention flag
  ## @param compactor.retentionResolution1h Resolution and Retention flag
  ##
  retentionResolutionRaw: 30d
  retentionResolution5m: 30d
  retentionResolution1h: 10y
  ## @param compactor.consistencyDelay Minimum age of fresh (non-compacted) blocks before they are being processed
  ##
  consistencyDelay: 30m
  ## @param compactor.extraEnvVars Extra environment variables for Thanos Compactor container
  ## e.g:
  ## extraEnvVars:
  ##   - name: FOO
  ##     value: "bar"
  ##
  extraEnvVars: []
  ## @param compactor.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Compactor nodes
  ##
  extraEnvVarsCM: ""
  ## @param compactor.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Compactor nodes
  ##
  extraEnvVarsSecret: ""
  ## @param compactor.extraFlags Extra Flags to passed to Thanos Compactor
  ##
  extraFlags: []
  ## @param compactor.command Override default container command (useful when using custom images)
  ##
  command: []
  ## @param compactor.args Override default container args (useful when using custom images)
  ##
  args: []
  ## K8s CronJob configuration
  ## ref: https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/
  ## @param compactor.cronJob.enabled Run compactor as a CronJob rather than a Deployment
  ## @param compactor.cronJob.schedule The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron
  ## @param compactor.cronJob.timeZone The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
  ## @param compactor.cronJob.concurrencyPolicy Specifies how to treat concurrent executions of a Job
  ## @param compactor.cronJob.startingDeadlineSeconds Optional deadline in seconds for starting the job if it misses scheduled time for any reason
  ## @param compactor.cronJob.suspend This flag tells the controller to suspend subsequent executions
  ## @param compactor.cronJob.successfulJobsHistoryLimit The number of successful finished jobs to retain
  ## @param compactor.cronJob.failedJobsHistoryLimit The number of failed finished jobs to retain
  ## @param compactor.cronJob.backoffLimit Specifies the number of retries before marking this job failed
  ##
  cronJob:
    enabled: false
    schedule: "0 */6 * * *"
    timeZone: ""
    startingDeadlineSeconds: ""
    concurrencyPolicy: Forbid
    suspend: ""
    successfulJobsHistoryLimit: ""
    failedJobsHistoryLimit: ""
    backoffLimit: ""
  ## @param compactor.restartPolicy Compactor container restart policy.
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
  ##
  restartPolicy: ""
  ## @param compactor.updateStrategy.type Update strategy type for Thanos Compactor replicas
  ##
  updateStrategy:
    type: Recreate
  ## K8s Pod Security Context for Thanos Compactor pods
  ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ## @param compactor.podSecurityContext.enabled Enable security context for the Thanos Compactor pods
  ## @param compactor.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Compactor pods
  ##
  podSecurityContext:
    enabled: true
    fsGroup: 1001
  ## K8s containers' Security Context for Thanos Compactor containers
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
  ## @param compactor.containerSecurityContext.enabled Enable container security context for the Thanos Compactor containers
  ## @param compactor.containerSecurityContext.runAsUser User ID for the service user running the Thanos Compactor containers
  ## @param compactor.containerSecurityContext.runAsNonRoot Force the Thanos Compactor containers to run as a non root user
  ## @param compactor.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Compactor containers
  ## @param compactor.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Compactor containers
  ##
  containerSecurityContext:
    enabled: true
    runAsUser: 1001
    runAsNonRoot: true
    allowPrivilegeEscalation: false
    readOnlyRootFilesystem: true
  ## Thanos Compactor containers' resource requests and limits
  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
  ## @param compactor.resources.limits The resources limits for the Thanos Compactor container
  ## @param compactor.resources.requests The requested resources for the Thanos Compactor container
  ##
  resources:
    limits: {}
    requests: {}
  ## Configure extra options for Thanos Compactor containers' liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
  ## @param compactor.livenessProbe.enabled Enable livenessProbe on Thanos Compactor containers
  ## @param compactor.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
  ## @param compactor.livenessProbe.periodSeconds Period seconds for livenessProbe
  ## @param compactor.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
  ## @param compactor.livenessProbe.failureThreshold Failure threshold for livenessProbe
  ## @param compactor.livenessProbe.successThreshold Success threshold for livenessProbe
  ##
  livenessProbe:
    enabled: true
    initialDelaySeconds: 30
    timeoutSeconds: 30
    periodSeconds: 10
    successThreshold: 1
    failureThreshold: 6
  ## @param compactor.readinessProbe.enabled Enable readinessProbe on Thanos Compactor containers
  ## @param compactor.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
  ## @param compactor.readinessProbe.periodSeconds Period seconds for readinessProbe
  ## @param compactor.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
  ## @param compactor.readinessProbe.failureThreshold Failure threshold for readinessProbe
  ## @param compactor.readinessProbe.successThreshold Success threshold for readinessProbe
  ##
  readinessProbe:
    enabled: true
    initialDelaySeconds: 30
    timeoutSeconds: 30
    periodSeconds: 10
    successThreshold: 1
    failureThreshold: 6
  ## @param compactor.startupProbe.enabled Enable startupProbe on Thanos Compactor containers
  ## @param compactor.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
  ## @param compactor.startupProbe.periodSeconds Period seconds for startupProbe
  ## @param compactor.startupProbe.timeoutSeconds Timeout seconds for startupProbe
  ## @param compactor.startupProbe.failureThreshold Failure threshold for startupProbe
  ## @param compactor.startupProbe.successThreshold Success threshold for startupProbe
  ##
  startupProbe:
    enabled: false
    initialDelaySeconds: 5
    periodSeconds: 5
    timeoutSeconds: 1
    failureThreshold: 15
    successThreshold: 1
  ## @param compactor.customLivenessProbe Custom livenessProbe that overrides the default one
  ##
  customLivenessProbe: {}
  ## @param compactor.customReadinessProbe Custom readinessProbe that overrides the default one
  ##
  customReadinessProbe: {}
  ## @param compactor.customStartupProbe Custom startupProbe that overrides the default one
  ##
  customStartupProbe: {}
  ## @param compactor.initContainers Add additional init containers to the Thanos Compactor pods
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
  ## e.g:
  ## initContainers:
  ##  - name: your-image-name
  ##    image: your-image
  ##    imagePullPolicy: Always
  ##    command: ['sh', '-c', 'echo "hello world"']
  ##
  initContainers: []
  ## @param compactor.sidecars Extra containers running as sidecars to Thanos Compactor pods
  ## e.g:
  ## sidecars:
  ##   - name: your-image-name
  ##     image: your-image
  ##     imagePullPolicy: Always
  ##     ports:
  ##       - name: portname
  ##         containerPort: 1234
  ##
  sidecars: []
  ## @param compactor.extraVolumes Extra volumes to add to Thanos Compactor
  ##
  extraVolumes: []
  ## @param compactor.extraVolumeMounts Extra volume mounts to add to the compactor container
  ##
  extraVolumeMounts: []
  ## @param compactor.podAffinityPreset Thanos Compactor pod affinity preset
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ##
  podAffinityPreset: ""
  ## @param compactor.podAntiAffinityPreset Thanos Compactor pod anti-affinity preset. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard`
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ##
  podAntiAffinityPreset: soft
  ## Thanos Compactor node affinity preset
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
  ##
  nodeAffinityPreset:
    ## @param compactor.nodeAffinityPreset.type Thanos Compactor node affinity preset type. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard`
    ##
    type: ""
    ## @param compactor.nodeAffinityPreset.key Thanos Compactor node label key to match. Ignored if `compactor.affinity` is set.
    ## e.g:
    ## key: "kubernetes.io/e2e-az-name"
    ##
    key: ""
    ## @param compactor.nodeAffinityPreset.values Thanos Compactor node label values to match. Ignored if `compactor.affinity` is set.
    ## e.g:
    ## values:
    ##   - e2e-az1
    ##   - e2e-az2
    ##
    values: []
  ## @param compactor.affinity Thanos Compactor affinity for pod assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ## Note: compactor.podAffinityPreset, compactor.podAntiAffinityPreset, and compactor.nodeAffinityPreset will be ignored when it's set
  ##
  affinity: {}
  ## @param compactor.nodeSelector Thanos Compactor node labels for pod assignment
  ## ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## @param compactor.tolerations Thanos Compactor tolerations for pod assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## @param compactor.podLabels Thanos Compactor pod labels
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
  ##
  podLabels: {}
  ## @param compactor.podAnnotations Annotations for Thanos Compactor pods
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## @param compactor.hostAliases Deployment pod host aliases
  ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
  ##
  hostAliases: []
  ## @param compactor.lifecycleHooks for the Thanos Compactor container(s) to automate configuration before or after startup
  ##
  lifecycleHooks: {}
  ## @param compactor.priorityClassName Thanos Compactor priorityClassName
  ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
  ##
  priorityClassName: ""
  ## @param compactor.schedulerName Name of the k8s scheduler (other than default) for Thanos Compactor pods
  ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
  ##
  schedulerName: ""
  ## @param compactor.topologySpreadConstraints Topology Spread Constraints for Thanos Compactor pods assignment spread across your cluster among failure-domains
  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
  ##
  topologySpreadConstraints: []
  ## Service parameters
  ##
  service:
    ## @param compactor.service.type Kubernetes service type
    ##
    type: ClusterIP
    ## @param compactor.service.ports.http Thanos Compactor service HTTP port
    ##
    ports:
      http: 9090
    ## @param compactor.service.nodePorts.http Specify the Thanos Compactor HTTP nodePort value for the LoadBalancer and NodePort service types
    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
    ##
    nodePorts:
      http: ""
    ## @param compactor.service.clusterIP Thanos Compactor service clusterIP IP
    ## e.g:
    ## clusterIP: None
    ##
    clusterIP: ""
    ## @param compactor.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer`
    ## Set the LoadBalancer service type to internal only
    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
    ##
    loadBalancerIP: ""
    ## @param compactor.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer
    ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
    ## e.g:
    ## loadBalancerSourceRanges:
    ## - 10.10.10.0/24
    ##
    loadBalancerSourceRanges: []
    ## @param compactor.service.externalTrafficPolicy Thanos Compactor service externalTrafficPolicy
    ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
    ##
    externalTrafficPolicy: Cluster
    ## @param compactor.service.annotations Annotations for Thanos Compactor service
    ##
    annotations: {}
    ## @param compactor.service.extraPorts Extra ports to expose in the Thanos Compactor service
    ##
    extraPorts: []
    ## @param compactor.service.labelSelectorsOverride Selector for Thanos Query service
    ##
    labelSelectorsOverride: {}
  ## @param compactor.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment
  ##
  automountServiceAccountToken: true
  ## ServiceAccount configuration
  ## @param compactor.serviceAccount.create Specifies whether a ServiceAccount should be created
  ## @param compactor.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
  ## @param compactor.serviceAccount.annotations Annotations for Thanos Compactor Service Account
  ## @param compactor.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token
  ## DEPRECATED compactor.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead
  ##
  serviceAccount:
    create: true
    name: ""
    annotations: {}
    automountServiceAccountToken: true
    ## existingServiceAccount: ""
  ## Configure the ingress resource that allows you to access Thanos Query Frontend
  ## ref: https://kubernetes.io/docs/user-guide/ingress/
  ##
  ingress:
    ## @param compactor.ingress.enabled Enable ingress controller resource
    ##
    enabled: false
    ## @param compactor.ingress.hostname Default host for the ingress resource
    ##
    hostname: thanos-compactor.local
    ## @param compactor.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
    ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
    ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
    ##
    ingressClassName: ""
    ## @param compactor.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
    ## For a full list of possible ingress annotations, please see
    ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
    ## Use this parameter to set the required annotations for cert-manager, see
    ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
    ##
    ## e.g:
    ## annotations:
    ##   kubernetes.io/ingress.class: nginx
    ##   cert-manager.io/cluster-issuer: cluster-issuer-name
    ##
    annotations: {}
    ## @param compactor.ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
    ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
    ## extraHosts:
    ## - name: thanos.local
    ##   path: /
    ##   pathType: ImplementationSpecific
    ##
    extraHosts: []
    ## @param compactor.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
    ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
    ## extraTls:
    ## - hosts:
    ##     - thanos.local
    ##   secretName: thanos.local-tls
    ##
    extraTls: []
    ## @param compactor.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
    ## key and certificate should start with -----BEGIN CERTIFICATE----- or
    ## -----BEGIN RSA PRIVATE KEY-----
    ##
    ## name should line up with a tlsSecret set further up
    ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
    ##
    ## It is also possible to create and manage the certificates outside of this helm chart
    ## Please see README.md for more information
    ## e.g:
    ## - name: thanos.local-tls
    ##   key:
    ##   certificate:
    ##
    secrets: []
    ## @param compactor.ingress.extraRules Additional rules to be covered with this ingress record
    ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
    ## e.g:
    ## extraRules:
    ## - host: example.local
    ##     http:
    ##       path: /
    ##       backend:
    ##         service:
    ##           name: example-svc
    ##           port:
    ##             name: http
    ##
    extraRules: []
    ## @param compactor.ingress.tls Enable TLS configuration for the hostname defined at `compactor.ingress.hostname` parameter
    ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.compactor.ingress.hostname }}`
    ## You can:
    ##   - Use the `compactor.ingress.secrets` parameter to create this TLS secret
    ##   - Rely on cert-manager to create it by setting the corresponding annotations
    ##   - Rely on Helm to create self-signed certificates by setting `compactor.ingress.selfSigned=true`
    ##
    tls: false
    ## @param compactor.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
    ##
    selfSigned: false
    ## @param compactor.ingress.apiVersion Force Ingress API version (automatically detected if not set)
    ##
    apiVersion: ""
    ## @param compactor.ingress.path Ingress path
    ##
    path: /
    ## @param compactor.ingress.pathType Ingress path type
    ##
    pathType: ImplementationSpecific
  ## Persistence parameters
  ##
  persistence:
    ## @param compactor.persistence.enabled Enable data persistence using PVC(s) on Thanos Compactor pods
    ##
    enabled: true
    ## @param compactor.persistence.storageClass Specify the `storageClass` used to provision the volume
    ## If defined, storageClassName: <storageClass>
    ## If set to "-", storageClassName: "", which disables dynamic provisioning
    ## If undefined (the default) or set to null, no storageClassName spec is
    ## set, choosing the default provisioner.
    ##
    storageClass: ""
    ## @param compactor.persistence.accessModes PVC Access Modes for data volume
    ##
    accessModes:
      - ReadWriteOnce
    ## @param compactor.persistence.size PVC Storage Request for data volume
    ##
    size: 8Gi
    ## @param compactor.persistence.annotations Annotations for the PVC
    ##
    annotations: {}
    ## @param compactor.persistence.existingClaim Name of an existing PVC to use
    ## If defined, PVC must be created manually before volume will be bound
    ##
    existingClaim: ""

## @section Thanos Store Gateway parameters

storegateway:
  ## @param storegateway.enabled Enable/disable Thanos Store Gateway component
  ##
  enabled: false
  ## @param storegateway.logLevel Thanos Store Gateway log level
  ##
  logLevel: info
  ## @param storegateway.logFormat Thanos Store Gateway log format
  ##
  logFormat: logfmt
  ## @param storegateway.config Thanos Store Gateway configuration
  ## Specify content for config.yml
  ##
  config: ""
  ## @param storegateway.existingConfigmap Name of existing ConfigMap with Thanos Store Gateway configuration
  ## NOTE: This will override storegateway.config
  ##
  existingConfigmap: ""
  ## Thanos Store Gateway GRPC parameters
  ## ref: https://github.com/thanos-io/thanos/blob/master/docs/components/store.md#flags
  ##
  grpc:
    ## GRPC server side
    ##
    server:
      ## TLS configuration
      ## @param storegateway.grpc.server.tls.enabled Enable TLS encryption in the GRPC server
      ## @param storegateway.grpc.server.tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates
      ## @param storegateway.grpc.server.tls.cert TLS Certificate for GRPC server - ignored if existingSecret is provided
      ## @param storegateway.grpc.server.tls.key TLS Key for GRPC server - ignored if existingSecret is provided
      ## @param storegateway.grpc.server.tls.ca TLS CA to verify clients against - ignored if existingSecret is provided
      ## @param storegateway.grpc.server.tls.existingSecret Existing secret containing your own TLS certificates
      ## e.g:
      ## existingSecret:
      ##   name: foo
      ##   keyMapping:
      ##     ca-cert: ca.pem
      ##     tls-cert: cert.pem
      ##     tls-key: key.pem
      ##
      tls:
        enabled: false
        autoGenerated: false
        cert: ""
        key: ""
        ca: ""
        existingSecret: {}
  ## @param storegateway.extraEnvVars Extra environment variables for Thanos Store Gateway container
  ## e.g:
  ## extraEnvVars:
  ##   - name: FOO
  ##     value: "bar"
  ##
  extraEnvVars: []
  ## @param storegateway.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Store Gateway nodes
  ##
  extraEnvVarsCM: ""
  ## @param storegateway.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Store Gateway nodes
  ##
  extraEnvVarsSecret: ""
  ## @param storegateway.extraFlags Extra Flags to passed to Thanos Store Gateway
  ##
  extraFlags: []
  ## @param storegateway.command Override default container command (useful when using custom images)
  ##
  command: []
  ## @param storegateway.args Override default container args (useful when using custom images)
  ##
  args: []
  ## @param storegateway.replicaCount Number of Thanos Store Gateway replicas to deploy
  ##
  replicaCount: 1
  ## @param storegateway.updateStrategy.type Update strategy type for Thanos Store Gateway replicas
  ##
  updateStrategy:
    type: RollingUpdate
  ## @param storegateway.podManagementPolicy Statefulset Pod management policy: OrderedReady (default) or Parallel
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
  ##
  podManagementPolicy: OrderedReady
  ## K8s Pod Security Context for Thanos Store Gateway pods
  ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ## @param storegateway.podSecurityContext.enabled Enable security context for the Thanos Store Gateway pods
  ## @param storegateway.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Store Gateway pods
  ##
  podSecurityContext:
    enabled: true
    fsGroup: 1001
  ## K8s containers' Security Context for Thanos Store Gateway containers
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
  ## @param storegateway.containerSecurityContext.enabled Enable container security context for the Thanos Store Gateway containers
  ## @param storegateway.containerSecurityContext.runAsUser User ID for the service user running the Thanos Store Gateway containers
  ## @param storegateway.containerSecurityContext.runAsNonRoot Force the Thanos Store Gateway containers to run as a non root user
  ## @param storegateway.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Store Gateway containers
  ## @param storegateway.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Store Gateway containers
  ##
  containerSecurityContext:
    enabled: true
    runAsUser: 1001
    runAsNonRoot: true
    allowPrivilegeEscalation: false
    readOnlyRootFilesystem: true
  ## Thanos Store Gateway containers' resource requests and limits
  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
  ## @param storegateway.resources.limits The resources limits for the Thanos Store Gateway container
  ## @param storegateway.resources.requests The requested resources for the Thanos Store Gateway container
  ##
  resources:
    limits: {}
    requests: {}
  ## Configure extra options for Thanos Store Gateway containers' liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
  ## @param storegateway.livenessProbe.enabled Enable livenessProbe on Thanos Store Gateway containers
  ## @param storegateway.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
  ## @param storegateway.livenessProbe.periodSeconds Period seconds for livenessProbe
  ## @param storegateway.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
  ## @param storegateway.livenessProbe.failureThreshold Failure threshold for livenessProbe
  ## @param storegateway.livenessProbe.successThreshold Success threshold for livenessProbe
  ##
  livenessProbe:
    enabled: true
    initialDelaySeconds: 30
    timeoutSeconds: 30
    periodSeconds: 10
    successThreshold: 1
    failureThreshold: 6
  ## @param storegateway.readinessProbe.enabled Enable readinessProbe on Thanos Store Gateway containers
  ## @param storegateway.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
  ## @param storegateway.readinessProbe.periodSeconds Period seconds for readinessProbe
  ## @param storegateway.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
  ## @param storegateway.readinessProbe.failureThreshold Failure threshold for readinessProbe
  ## @param storegateway.readinessProbe.successThreshold Success threshold for readinessProbe
  ##
  readinessProbe:
    enabled: true
    initialDelaySeconds: 30
    timeoutSeconds: 30
    periodSeconds: 10
    successThreshold: 1
    failureThreshold: 6
  ## @param storegateway.startupProbe.enabled Enable startupProbe on Thanos Store Gateway containers
  ## @param storegateway.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
  ## @param storegateway.startupProbe.periodSeconds Period seconds for startupProbe
  ## @param storegateway.startupProbe.timeoutSeconds Timeout seconds for startupProbe
  ## @param storegateway.startupProbe.failureThreshold Failure threshold for startupProbe
  ## @param storegateway.startupProbe.successThreshold Success threshold for startupProbe
  ##
  startupProbe:
    enabled: false
    initialDelaySeconds: 5
    periodSeconds: 5
    timeoutSeconds: 1
    failureThreshold: 15
    successThreshold: 1
  ## @param storegateway.customLivenessProbe Custom livenessProbe that overrides the default one
  ##
  customLivenessProbe: {}
  ## @param storegateway.customReadinessProbe Custom readinessProbe that overrides the default one
  ##
  customReadinessProbe: {}
  ## @param storegateway.customStartupProbe Custom startupProbe that overrides the default one
  ##
  customStartupProbe: {}
  ## @param storegateway.initContainers Add additional init containers to the Thanos Store Gateway pods
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
  ## e.g:
  ## initContainers:
  ##  - name: your-image-name
  ##    image: your-image
  ##    imagePullPolicy: Always
  ##    command: ['sh', '-c', 'echo "hello world"']
  ##
  initContainers: []
  ## @param storegateway.sidecars Extra containers running as sidecars to Thanos Store Gateway pods
  ## e.g:
  ## sidecars:
  ##   - name: your-image-name
  ##     image: your-image
  ##     imagePullPolicy: Always
  ##     ports:
  ##       - name: portname
  ##         containerPort: 1234
  ##
  sidecars: []
  ## @param storegateway.extraVolumes Extra volumes to add to Thanos Store Gateway
  ##
  extraVolumes: []
  ## @param storegateway.extraVolumeMounts Extra volume mounts to add to the storegateway container
  ##
  extraVolumeMounts: []
  ## @param storegateway.podAffinityPreset Thanos Store Gateway pod affinity preset
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ##
  podAffinityPreset: ""
  ## @param storegateway.podAntiAffinityPreset Thanos Store Gateway pod anti-affinity preset. Ignored if `storegateway.affinity` is set. Allowed values: `soft` or `hard`
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ##
  podAntiAffinityPreset: soft
  ## Thanos Store Gateway node affinity preset
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
  ##
  nodeAffinityPreset:
    ## @param storegateway.nodeAffinityPreset.type Thanos Store Gateway node affinity preset type. Ignored if `storegateway.affinity` is set. Allowed values: `soft` or `hard`
    ##
    type: ""
    ## @param storegateway.nodeAffinityPreset.key Thanos Store Gateway node label key to match. Ignored if `storegateway.affinity` is set.
    ## e.g:
    ## key: "kubernetes.io/e2e-az-name"
    ##
    key: ""
    ## @param storegateway.nodeAffinityPreset.values Thanos Store Gateway node label values to match. Ignored if `storegateway.affinity` is set.
    ## e.g:
    ## values:
    ##   - e2e-az1
    ##   - e2e-az2
    ##
    values: []
  ## @param storegateway.affinity Thanos Store Gateway affinity for pod assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ## Note: storegateway.podAffinityPreset, storegateway.podAntiAffinityPreset, and storegateway.nodeAffinityPreset will be ignored when it's set
  ##
  affinity: {}
  ## @param storegateway.nodeSelector Thanos Store Gateway node labels for pod assignment
  ## ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## @param storegateway.tolerations Thanos Store Gateway tolerations for pod assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## @param storegateway.podLabels Thanos Store Gateway pod labels
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
  ##
  podLabels: {}
  ## @param storegateway.podAnnotations Annotations for Thanos Store Gateway pods
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## @param storegateway.hostAliases Deployment pod host aliases
  ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
  ##
  hostAliases: []
  ## @param storegateway.lifecycleHooks for the Thanos Store Gateway container(s) to automate configuration before or after startup
  ##
  lifecycleHooks: {}
  ## @param storegateway.priorityClassName Thanos Store Gateway priorityClassName
  ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
  ##
  priorityClassName: ""
  ## @param storegateway.topologySpreadConstraints Topology Spread Constraints for Thanos Store Gateway pods assignment spread across your cluster among failure-domains
  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
  ##
  topologySpreadConstraints: []
  ## @param storegateway.schedulerName Name of the k8s scheduler (other than default) for Thanos Store Gateway pods
  ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
  ##
  schedulerName: ""
  ## Service parameters
  ##
  service:
    ## @param storegateway.service.type Kubernetes service type
    ##
    type: ClusterIP
    ## @param storegateway.service.ports.http Thanos Store Gateway service HTTP port
    ## @param storegateway.service.ports.grpc Thanos Store Gateway service GRPC port
    ##
    ports:
      http: 9090
      grpc: 10901
    ## @param storegateway.service.nodePorts.http Specify the Thanos Store Gateway HTTP nodePort value for the LoadBalancer and NodePort service types
    ## @param storegateway.service.nodePorts.grpc Specify the Thanos Store Gateway GRPC nodePort value for the LoadBalancer and NodePort service types
    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
    ##
    nodePorts:
      http: ""
      grpc: ""
    ## @param storegateway.service.clusterIP Thanos Store Gateway service clusterIP IP
    ## e.g:
    ## clusterIP: None
    ##
    clusterIP: ""
    ## @param storegateway.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer`
    ## Set the LoadBalancer service type to internal only
    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
    ##
    loadBalancerIP: ""
    ## @param storegateway.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer
    ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
    ## e.g:
    ## loadBalancerSourceRanges:
    ## - 10.10.10.0/24
    ##
    loadBalancerSourceRanges: []
    ## @param storegateway.service.externalTrafficPolicy Thanos Store Gateway service externalTrafficPolicy
    ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
    ##
    externalTrafficPolicy: Cluster
    ## @param storegateway.service.annotations Annotations for Thanos Store Gateway service
    ##
    annotations: {}
    ## @param storegateway.service.extraPorts Extra ports to expose in the Thanos Store Gateway service
    ##
    extraPorts: []
    ## @param storegateway.service.labelSelectorsOverride Selector for Thanos Query service
    ##
    labelSelectorsOverride: {}
    ## @param storegateway.service.additionalHeadless Additional Headless service
    ##
    additionalHeadless: false
  ## Persistence parameters
  ##
  persistence:
    ## @param storegateway.persistence.enabled Enable data persistence using PVC(s) on Thanos Store Gateway pods
    ##
    enabled: true
    ## @param storegateway.persistence.storageClass Specify the `storageClass` used to provision the volume
    ## If defined, storageClassName: <storageClass>
    ## If set to "-", storageClassName: "", which disables dynamic provisioning
    ## If undefined (the default) or set to null, no storageClassName spec is
    ## set, choosing the default provisioner.
    ##
    storageClass: ""
    ## @param storegateway.persistence.accessModes PVC Access Modes for data volume
    ##
    accessModes:
      - ReadWriteOnce
    ## @param storegateway.persistence.size PVC Storage Request for data volume
    ##
    size: 8Gi
    ## @param storegateway.persistence.labels Labels for the PVC
    ##
    labels: {}
    ## @param storegateway.persistence.annotations Annotations for the PVC
    ##
    annotations: {}
    ## @param storegateway.persistence.existingClaim Name of an existing PVC to use
    ## If defined, PVC must be created manually before volume will be bound
    ##
    existingClaim: ""
  ## @param storegateway.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the sts
  ##
  automountServiceAccountToken: true
  ## ServiceAccount configuration
  ## @param storegateway.serviceAccount.create Specifies whether a ServiceAccount should be created
  ## @param storegateway.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
  ## @param storegateway.serviceAccount.annotations Annotations for Thanos Store Gateway Service Account
  ## @param storegateway.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token
  ## DEPRECATED storegateway.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead
  ##
  serviceAccount:
    create: true
    name: ""
    annotations: {}
    automountServiceAccountToken: true
    ## existingServiceAccount: ""
  ## Thanos Store Gateway Autoscaling configuration
  ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
  ## @param storegateway.autoscaling.enabled Enable autoscaling for Thanos Store Gateway
  ## @param storegateway.autoscaling.minReplicas Minimum number of Thanos Store Gateway replicas
  ## @param storegateway.autoscaling.maxReplicas Maximum number of Thanos Store Gateway replicas
  ## @param storegateway.autoscaling.targetCPU Target CPU utilization percentage
  ## @param storegateway.autoscaling.targetMemory Target Memory utilization percentage
  ##
  autoscaling:
    enabled: false
    minReplicas: ""
    maxReplicas: ""
    targetCPU: ""
    targetMemory: ""
  ## Thanos Store Gateway Pod Disruption Budget configuration
  ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
  ## @param storegateway.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Store Gateway
  ## @param storegateway.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
  ## @param storegateway.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
  ##
  pdb:
    create: false
    minAvailable: 1
    maxUnavailable: ""
  ## Configure the ingress resource that allows you to access Thanos Query Frontend
  ## ref: https://kubernetes.io/docs/user-guide/ingress/
  ##
  ingress:
    ## @param storegateway.ingress.enabled Enable ingress controller resource
    ##
    enabled: false
    ## @param storegateway.ingress.hostname Default host for the ingress resource
    ##
    hostname: thanos-storegateway.local
    ## @param storegateway.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
    ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
    ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
    ##
    ingressClassName: ""
    ## @param storegateway.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
    ## For a full list of possible ingress annotations, please see
    ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
    ## Use this parameter to set the required annotations for cert-manager, see
    ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
    ##
    ## e.g:
    ## annotations:
    ##   kubernetes.io/ingress.class: nginx
    ##   cert-manager.io/cluster-issuer: cluster-issuer-name
    ##
    annotations: {}
    ## @param storegateway.ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
    ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
    ## extraHosts:
    ## - name: thanos.local
    ##   path: /
    ##   pathType: ImplementationSpecific
    ##
    extraHosts: []
    ## @param storegateway.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
    ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
    ## extraTls:
    ## - hosts:
    ##     - thanos.local
    ##   secretName: thanos.local-tls
    ##
    extraTls: []
    ## @param storegateway.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
    ## key and certificate should start with -----BEGIN CERTIFICATE----- or
    ## -----BEGIN RSA PRIVATE KEY-----
    ##
    ## name should line up with a tlsSecret set further up
    ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
    ##
    ## It is also possible to create and manage the certificates outside of this helm chart
    ## Please see README.md for more information
    ## e.g:
    ## - name: thanos.local-tls
    ##   key:
    ##   certificate:
    ##
    secrets: []
    ## @param storegateway.ingress.extraRules Additional rules to be covered with this ingress record
    ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
    ## e.g:
    ## extraRules:
    ## - host: example.local
    ##     http:
    ##       path: /
    ##       backend:
    ##         service:
    ##           name: example-svc
    ##           port:
    ##             name: http
    ##
    extraRules: []
    ## @param storegateway.ingress.tls Enable TLS configuration for the hostname defined at `storegateway.ingress.hostname` parameter
    ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.storegateway.ingress.hostname }}`
    ## You can:
    ##   - Use the `storegateway.ingress.secrets` parameter to create this TLS secret
    ##   - Rely on cert-manager to create it by setting the corresponding annotations
    ##   - Rely on Helm to create self-signed certificates by setting `storegateway.ingress.selfSigned=true`
    ##
    tls: false
    ## @param storegateway.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
    ##
    selfSigned: false
    ## @param storegateway.ingress.apiVersion Force Ingress API version (automatically detected if not set)
    ##
    apiVersion: ""
    ## @param storegateway.ingress.path Ingress path
    ##
    path: /
    ## @param storegateway.ingress.pathType Ingress path type
    ##
    pathType: ImplementationSpecific
    ## Create an ingress object for the GRPC service. This requires an HTTP/2
    ## capable Ingress controller (eg. traefik using AWS NLB). Example annotations
    ## - ingress.kubernetes.io/protocol: h2c
    ## - service.beta.kubernetes.io/aws-load-balancer-type: nlb
    ## - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
    ## For more information see https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/
    ## and also the documentation for your ingress controller.
    ##
    ## The options that are accepted are identical to the HTTP one listed above
    ##
    grpc:
      ## @param storegateway.ingress.grpc.enabled Enable ingress controller resource (GRPC)
      ##
      enabled: false
      ## @param storegateway.ingress.grpc.hostname Default host for the ingress resource (GRPC)
      ##
      hostname: thanos-grpc.local
      ## @param storegateway.ingress.grpc.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
      ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
      ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
      ##
      ingressClassName: ""
      ## @param storegateway.ingress.grpc.annotations Additional annotations for the Ingress resource (GRPC). To enable certificate autogeneration, place here your cert-manager annotations.
      ## For a full list of possible ingress annotations, please see
      ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
      ## Use this parameter to set the required annotations for cert-manager, see
      ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
      ##
      ## Examples:
      ## kubernetes.io/ingress.class: nginx
      ## cert-manager.io/cluster-issuer: cluster-issuer-name
      ##
      annotations: {}
      ## @param storegateway.ingress.grpc.extraHosts The list of additional hostnames to be covered with this ingress record.
      ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
      ## extraHosts:
      ## - name: thanos-grpc.local
      ##   path: /
      ##
      extraHosts: []
      ## @param storegateway.ingress.grpc.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
      ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
      ## extraTls:
      ## - hosts:
      ##     - thanos-grpc.local
      ##   secretName: thanos-grpc.local-tls
      ##
      extraTls: []
      ## @param storegateway.ingress.grpc.secrets If you're providing your own certificates, please use this to add the certificates as secrets
      ## key and certificate should start with -----BEGIN CERTIFICATE----- or
      ## -----BEGIN RSA PRIVATE KEY-----
      ##
      ## name should line up with a tlsSecret set further up
      ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
      ##
      ## It is also possible to create and manage the certificates outside of this helm chart
      ## Please see README.md for more information
      ## e.g:
      ## - name: thanos-grpc.local-tls
      ##   key:
      ##   certificate:
      ##
      secrets: []
      ## @param storegateway.ingress.grpc.extraRules Additional rules to be covered with this ingress record
      ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
      ## e.g:
      ## extraRules:
      ## - host: example.local
      ##     http:
      ##       path: /
      ##       backend:
      ##         service:
      ##           name: example-svc
      ##           port:
      ##             name: http
      ##
      extraRules: []
      ## @param storegateway.ingress.grpc.tls Enable TLS configuration for the hostname defined at `storegateway.ingress.grpc.hostname` parameter
      ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.storegateway.ingress.grpc.hostname }}`
      ## You can:
      ##   - Use the `storegateway.ingress.grpc.secrets` parameter to create this TLS secret
      ##   - Rely on cert-manager to create it by setting the corresponding annotations
      ##   - Rely on Helm to create self-signed certificates by setting `storegateway.ingress.grpc.selfSigned=true`
      ##
      tls: false
      ## @param storegateway.ingress.grpc.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
      ##
      selfSigned: false
      ## @param storegateway.ingress.grpc.apiVersion Override API Version (automatically detected if not set)
      ##
      apiVersion: ""
      ## @param storegateway.ingress.grpc.path Ingress Path
      ##
      path: /
      ## @param storegateway.ingress.grpc.pathType Ingress Path type
      ##
      pathType: ImplementationSpecific
  ## Sharded parameters
  ## @param storegateway.sharded.enabled Enable sharding for Thanos Store Gateway
  ## @param storegateway.sharded.hashPartitioning.shards Setting hashPartitioning will create multiple store statefulsets based on the number of shards specified using the hashmod of the blocks
  ## @param storegateway.sharded.timePartitioning [array] Setting time timePartitioning will create multiple store deployments based on the number of partitions
  ## @param storegateway.sharded.service.clusterIPs Array of cluster IPs for each Store Gateway service. Length must be the same as the number of shards
  ## e.g:
  ## clusterIPs:
  ##   - X.X.X.X
  ##   - Y.Y.Y.Y
  ## @param storegateway.sharded.service.loadBalancerIPs Array of load balancer IPs for each Store Gateway service. Length must be the same as the number of shards
  ## e.g:
  ## loadBalancerIPs:
  ##   - X.X.X.X
  ##   - Y.Y.Y.Y
  ## @param storegateway.sharded.service.http.nodePorts Array of http node ports used for Store Gateway service. Length must be the same as the number of shards
  ## e.g:
  ## nodePorts:
  ##   - 30001
  ##   - 30002
  ## @param storegateway.sharded.service.grpc.nodePorts Array of grpc node ports used for Store Gateway service. Length must be the same as the number of shards
  ## e.g:
  ## nodePorts:
  ##   - 30011
  ##   - 30012
  ##
  sharded:
    enabled: false
    hashPartitioning:
      shards: ""
    timePartitioning:
      - min: ""
        max: ""
    service:
      clusterIPs: []
      loadBalancerIPs: []
      http:
        nodePorts: []
      grpc:
        nodePorts: []

## @section Thanos Ruler parameters

ruler:
  ## @param ruler.enabled Enable/disable Thanos Ruler component
  ##
  enabled: false
  ## @param ruler.logLevel Thanos Ruler log level
  ##
  logLevel: info
  ## @param ruler.logFormat Thanos Ruler log format
  ##
  logFormat: logfmt
  ## @param ruler.replicaLabel Label to treat as a replica indicator along which data is de-duplicated
  ##
  replicaLabel: replica
  ## @param ruler.dnsDiscovery.enabled Dynamically configure Query APIs using DNS discovery
  ##
  dnsDiscovery:
    enabled: true
  ## @param ruler.alertmanagers Alert managers URLs array
  ## NOTE: This is only used when ruler.alertmanagersConfig is not set
  ##
  alertmanagers: []
  ## @param ruler.alertmanagersConfig Alert managers configuration
  ## NOTE: This is only used when ruler.alertmanagers is not set
  ## ref: https://thanos.io/tip/components/rule.md/#alertmanager
  ## e.g:
  ## alertmanagersConfig:
  ##   alertmanagers:
  ##     - http_config:
  ##         basic_auth:
  ##           username: some_user
  ##           password: some_pass
  ##       static_configs:
  ##         - alertmanager.thanos.io
  ##       scheme: http
  ##       timeout: 10s
  ##       api_version: v2
  ##
  alertmanagersConfig: ""
  ## @param ruler.evalInterval The default evaluation interval to use
  ##
  evalInterval: 1m
  ## @param ruler.clusterName Used to set the 'ruler_cluster' label
  ##
  clusterName: ""
  ## @param ruler.config Ruler configuration
  ## Specify content for ruler.yml
  ##
  config: ""
  ## @param ruler.existingConfigmap Name of existing ConfigMap with Ruler configuration
  ## NOTE: This will override ruler.config
  ##
  existingConfigmap: ""
  ## @param ruler.extraEnvVars Extra environment variables for Thanos Ruler container
  ## e.g:
  ## extraEnvVars:
  ##   - name: FOO
  ##     value: "bar"
  ##
  extraEnvVars: []
  ## @param ruler.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Ruler nodes
  ##
  extraEnvVarsCM: ""
  ## @param ruler.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Ruler nodes
  ##
  extraEnvVarsSecret: ""
  ## @param ruler.extraFlags Extra Flags to passed to Thanos Ruler
  ##
  extraFlags: []
  ## @param ruler.command Override default container command (useful when using custom images)
  ##
  command: []
  ## @param ruler.args Override default container args (useful when using custom images)
  ##
  args: []
  ## @param ruler.replicaCount Number of Thanos Ruler replicas to deploy
  ##
  replicaCount: 1
  ## @param ruler.updateStrategy.type Update strategy type for Thanos Ruler replicas
  ##
  updateStrategy:
    type: RollingUpdate
  ## @param ruler.podManagementPolicy Statefulset Pod Management Policy Type
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
  ##
  podManagementPolicy: OrderedReady
  ## K8s Pod Security Context for Thanos Ruler pods
  ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ## @param ruler.podSecurityContext.enabled Enable security context for the Thanos Ruler pods
  ## @param ruler.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Ruler pods
  ##
  podSecurityContext:
    enabled: true
    fsGroup: 1001
  ## K8s containers' Security Context for Thanos Ruler containers
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
  ## @param ruler.containerSecurityContext.enabled Enable container security context for the Thanos Ruler containers
  ## @param ruler.containerSecurityContext.runAsUser User ID for the service user running the Thanos Ruler containers
  ## @param ruler.containerSecurityContext.runAsNonRoot Force the Thanos Ruler containers to run as a non root user
  ## @param ruler.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Ruler containers
  ## @param ruler.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Ruler containers
  ##
  containerSecurityContext:
    enabled: true
    runAsUser: 1001
    runAsNonRoot: true
    allowPrivilegeEscalation: false
    readOnlyRootFilesystem: true
  ## Thanos Ruler containers' resource requests and limits
  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
  ## @param ruler.resources.limits The resources limits for the Thanos Ruler container
  ## @param ruler.resources.requests The requested resources for the Thanos Ruler container
  ##
  resources:
    limits: {}
    requests: {}
  ## Configure extra options for Thanos Ruler containers' liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
  ## @param ruler.livenessProbe.enabled Enable livenessProbe on Thanos Ruler containers
  ## @param ruler.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
  ## @param ruler.livenessProbe.periodSeconds Period seconds for livenessProbe
  ## @param ruler.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
  ## @param ruler.livenessProbe.failureThreshold Failure threshold for livenessProbe
  ## @param ruler.livenessProbe.successThreshold Success threshold for livenessProbe
  ##
  livenessProbe:
    enabled: true
    initialDelaySeconds: 30
    timeoutSeconds: 30
    periodSeconds: 10
    successThreshold: 1
    failureThreshold: 6
  ## @param ruler.readinessProbe.enabled Enable readinessProbe on Thanos Ruler containers
  ## @param ruler.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
  ## @param ruler.readinessProbe.periodSeconds Period seconds for readinessProbe
  ## @param ruler.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
  ## @param ruler.readinessProbe.failureThreshold Failure threshold for readinessProbe
  ## @param ruler.readinessProbe.successThreshold Success threshold for readinessProbe
  ##
  readinessProbe:
    enabled: true
    initialDelaySeconds: 30
    timeoutSeconds: 30
    periodSeconds: 10
    successThreshold: 1
    failureThreshold: 6
  ## @param ruler.startupProbe.enabled Enable startupProbe on Thanos Ruler containers
  ## @param ruler.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
  ## @param ruler.startupProbe.periodSeconds Period seconds for startupProbe
  ## @param ruler.startupProbe.timeoutSeconds Timeout seconds for startupProbe
  ## @param ruler.startupProbe.failureThreshold Failure threshold for startupProbe
  ## @param ruler.startupProbe.successThreshold Success threshold for startupProbe
  ##
  startupProbe:
    enabled: false
    initialDelaySeconds: 5
    periodSeconds: 5
    timeoutSeconds: 1
    failureThreshold: 15
    successThreshold: 1
  ## @param ruler.customLivenessProbe Custom livenessProbe that overrides the default one
  ##
  customLivenessProbe: {}
  ## @param ruler.customReadinessProbe Custom readinessProbe that overrides the default one
  ##
  customReadinessProbe: {}
  ## @param ruler.customStartupProbe Custom startupProbe that overrides the default one
  ##
  customStartupProbe: {}
  ## @param ruler.initContainers Add additional init containers to the Thanos Ruler pods
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
  ## e.g:
  ## initContainers:
  ##  - name: your-image-name
  ##    image: your-image
  ##    imagePullPolicy: Always
  ##    command: ['sh', '-c', 'echo "hello world"']
  ##
  initContainers: []
  ## @param ruler.sidecars Extra containers running as sidecars to Thanos Ruler pods
  ## e.g:
  ## sidecars:
  ##   - name: your-image-name
  ##     image: your-image
  ##     imagePullPolicy: Always
  ##     ports:
  ##       - name: portname
  ##         containerPort: 1234
  ##
  sidecars: []
  ## @param ruler.extraVolumes Extra volumes to add to Thanos Ruler
  ##
  extraVolumes: []
  ## @param ruler.extraVolumeMounts Extra volume mounts to add to the ruler container
  ##
  extraVolumeMounts: []
  ## @param ruler.podAffinityPreset Thanos Ruler pod affinity preset
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ##
  podAffinityPreset: ""
  ## @param ruler.podAntiAffinityPreset Thanos Ruler pod anti-affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard`
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ##
  podAntiAffinityPreset: soft
  ## Thanos Ruler node affinity preset
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
  ##
  nodeAffinityPreset:
    ## @param ruler.nodeAffinityPreset.type Thanos Ruler node affinity preset type. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard`
    ##
    type: ""
    ## @param ruler.nodeAffinityPreset.key Thanos Ruler node label key to match. Ignored if `ruler.affinity` is set.
    ## e.g:
    ## key: "kubernetes.io/e2e-az-name"
    ##
    key: ""
    ## @param ruler.nodeAffinityPreset.values Thanos Ruler node label values to match. Ignored if `ruler.affinity` is set.
    ## e.g:
    ## values:
    ##   - e2e-az1
    ##   - e2e-az2
    ##
    values: []
  ## @param ruler.affinity Thanos Ruler affinity for pod assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ## Note: ruler.podAffinityPreset, ruler.podAntiAffinityPreset, and ruler.nodeAffinityPreset will be ignored when it's set
  ##
  affinity: {}
  ## @param ruler.nodeSelector Thanos Ruler node labels for pod assignment
  ## ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## @param ruler.tolerations Thanos Ruler tolerations for pod assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## @param ruler.podLabels Thanos Ruler pod labels
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
  ##
  podLabels: {}
  ## @param ruler.podAnnotations Annotations for Thanos Ruler pods
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## @param ruler.hostAliases Deployment pod host aliases
  ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
  ##
  hostAliases: []
  ## @param ruler.lifecycleHooks for the Thanos Ruler container(s) to automate configuration before or after startup
  ##
  lifecycleHooks: {}
  ## @param ruler.priorityClassName Thanos Ruler priorityClassName
  ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
  ##
  priorityClassName: ""
  ## @param ruler.schedulerName Name of the k8s scheduler (other than default) for Thanos Ruler pods
  ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
  ##
  schedulerName: ""
  ## @param ruler.topologySpreadConstraints Topology Spread Constraints for Thanos Ruler pods assignment spread across your cluster among failure-domains
  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
  ##
  topologySpreadConstraints: []
  ## Service parameters
  ##
  service:
    ## @param ruler.service.type Kubernetes service type
    ##
    type: ClusterIP
    ## @param ruler.service.ports.http Thanos Ruler service HTTP port
    ## @param ruler.service.ports.grpc Thanos Ruler service GRPC port
    ##
    ports:
      http: 9090
      grpc: 10901
    ## @param ruler.service.nodePorts.http Specify the Thanos Ruler HTTP nodePort value for the LoadBalancer and NodePort service types
    ## @param ruler.service.nodePorts.grpc Specify the Thanos Ruler GRPC nodePort value for the LoadBalancer and NodePort service types
    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
    ##
    nodePorts:
      http: ""
      grpc: ""
    ## @param ruler.service.clusterIP Thanos Ruler service clusterIP IP
    ## e.g:
    ## clusterIP: None
    ##
    clusterIP: ""
    ## @param ruler.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer`
    ## Set the LoadBalancer service type to internal only
    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
    ##
    loadBalancerIP: ""
    ## @param ruler.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer
    ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
    ## e.g:
    ## loadBalancerSourceRanges:
    ## - 10.10.10.0/24
    ##
    loadBalancerSourceRanges: []
    ## @param ruler.service.externalTrafficPolicy Thanos Ruler service externalTrafficPolicy
    ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
    ##
    externalTrafficPolicy: Cluster
    ## @param ruler.service.annotations Annotations for Thanos Ruler service
    ##
    annotations: {}
    ## @param ruler.service.extraPorts Extra ports to expose in the Thanos Ruler service
    ##
    extraPorts: []
    ## @param ruler.service.labelSelectorsOverride Selector for Thanos Query service
    ##
    labelSelectorsOverride: {}
    ## @param ruler.service.additionalHeadless Additional Headless service
    ##
    additionalHeadless: false
  ## Persistence parameters
  ##
  persistence:
    ## @param ruler.persistence.enabled Enable data persistence using PVC(s) on Thanos Ruler pods
    ##
    enabled: true
    ## @param ruler.persistence.storageClass Specify the `storageClass` used to provision the volume
    ## If defined, storageClassName: <storageClass>
    ## If set to "-", storageClassName: "", which disables dynamic provisioning
    ## If undefined (the default) or set to null, no storageClassName spec is
    ## set, choosing the default provisioner.
    ##
    storageClass: ""
    ## @param ruler.persistence.accessModes PVC Access Modes for data volume
    ##
    accessModes:
      - ReadWriteOnce
    ## @param ruler.persistence.size PVC Storage Request for data volume
    ##
    size: 8Gi
    ## @param ruler.persistence.annotations Annotations for the PVC
    ##
    annotations: {}
    ## @param ruler.persistence.existingClaim Name of an existing PVC to use
    ## If defined, PVC must be created manually before volume will be bound
    ##
    existingClaim: ""
  ## @param ruler.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the sts
  ##
  automountServiceAccountToken: true
  ## ServiceAccount configuration
  ## @param ruler.serviceAccount.create Specifies whether a ServiceAccount should be created
  ## @param ruler.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
  ## @param ruler.serviceAccount.annotations Annotations for Thanos Ruler Service Account
  ## @param ruler.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token
  ## DEPRECATED ruler.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead
  ##
  serviceAccount:
    create: true
    name: ""
    annotations: {}
    automountServiceAccountToken: true
    ## existingServiceAccount: ""
  ## Thanos Ruler Autoscaling configuration
  ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
  ## @param ruler.autoscaling.enabled Enable autoscaling for Thanos Ruler
  ## @param ruler.autoscaling.minReplicas Minimum number of Thanos Ruler replicas
  ## @param ruler.autoscaling.maxReplicas Maximum number of Thanos Ruler replicas
  ## @param ruler.autoscaling.targetCPU Target CPU utilization percentage
  ## @param ruler.autoscaling.targetMemory Target Memory utilization percentage
  ##
  autoscaling:
    enabled: false
    minReplicas: ""
    maxReplicas: ""
    targetCPU: ""
    targetMemory: ""
  ## Thanos Ruler Pod Disruption Budget configuration
  ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
  ## @param ruler.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Ruler
  ## @param ruler.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
  ## @param ruler.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
  ##
  pdb:
    create: false
    minAvailable: 1
    maxUnavailable: ""
  ## Configure the ingress resource that allows you to access Thanos Ruler
  ## ref: https://kubernetes.io/docs/user-guide/ingress/
  ##
  ingress:
    ## @param ruler.ingress.enabled Enable ingress controller resource
    ##
    enabled: false
    ## @param ruler.ingress.hostname Default host for the ingress resource
    ##
    hostname: thanos-ruler.local
    ## @param ruler.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
    ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
    ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
    ##
    ingressClassName: ""
    ## @param ruler.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
    ## For a full list of possible ingress annotations, please see
    ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
    ## Use this parameter to set the required annotations for cert-manager, see
    ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
    ##
    ## e.g:
    ## annotations:
    ##   kubernetes.io/ingress.class: nginx
    ##   cert-manager.io/cluster-issuer: cluster-issuer-name
    ##
    annotations: {}
    ## @param ruler.ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
    ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
    ## extraHosts:
    ## - name: thanos.local
    ##   path: /
    ##   pathType: ImplementationSpecific
    ##
    extraHosts: []
    ## @param ruler.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
    ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
    ## extraTls:
    ## - hosts:
    ##     - thanos.local
    ##   secretName: thanos.local-tls
    ##
    extraTls: []
    ## @param ruler.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
    ## key and certificate should start with -----BEGIN CERTIFICATE----- or
    ## -----BEGIN RSA PRIVATE KEY-----
    ##
    ## name should line up with a tlsSecret set further up
    ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
    ##
    ## It is also possible to create and manage the certificates outside of this helm chart
    ## Please see README.md for more information
    ## e.g:
    ## - name: thanos.local-tls
    ##   key:
    ##   certificate:
    ##
    secrets: []
    ## @param ruler.ingress.extraRules Additional rules to be covered with this ingress record
    ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
    ## e.g:
    ## extraRules:
    ## - host: example.local
    ##     http:
    ##       path: /
    ##       backend:
    ##         service:
    ##           name: example-svc
    ##           port:
    ##             name: http
    ##
    extraRules: []
    ## @param ruler.ingress.apiVersion Force Ingress API version (automatically detected if not set)
    ##
    apiVersion: ""
    ## @param ruler.ingress.path Ingress path
    ##
    path: /
    ## @param ruler.ingress.pathType Ingress path type
    ##
    pathType: ImplementationSpecific

## @section Thanos Receive parameters

receive:
  ## @param receive.enabled Enable/disable Thanos Receive component
  ##
  enabled: false
  ## @param receive.mode Mode to run receiver in. Valid options are "standalone" or "dual-mode"
  ## ref: https://github.com/thanos-io/thanos/blob/release-0.22/docs/proposals-accepted/202012-receive-split.md
  ## Enables running the Thanos Receiver in dual mode. Setting this to "dual-mode" will create a deployment for
  ## the stateless thanos distributor.
  mode: standalone
  ## @param receive.logLevel Thanos Receive log level
  ##
  logLevel: info
  ## @param receive.logFormat Thanos Receive log format
  ##
  logFormat: logfmt
  ## @param receive.tsdbRetention Thanos Receive TSDB retention period
  ##
  tsdbRetention: 15d
  ## @param receive.replicationFactor Thanos Receive replication-factor
  ##
  replicationFactor: 1
  ## @param receive.config Receive Hashring configuration
  ## Note: json formatted string and yaml allowed.
  ## e.g:
  ## config:
  ##   - endpoints:
  ##     - "127.0.0.1:10901"
  ##
  config: []
  ## @param receive.existingConfigmap Name of existing ConfigMap with Thanos Receive Hashring configuration
  ## NOTE: This will override receive.config
  ##
  existingConfigmap: ""
  ## @param receive.replicaLabel Label to treat as a replica indicator along which data is de-duplicated
  ##
  replicaLabel: replica
  ## Thanos Receive parameters
  ## ref: https://github.com/thanos-io/thanos/blob/master/docs/components/receive.md#flags
  ##
  grpc:
    ## GRPC server side
    ##
    server:
      ## TLS configuration
      ## @param receive.grpc.server.tls.enabled Enable TLS encryption in the GRPC server
      ## @param receive.grpc.server.tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates
      ## @param receive.grpc.server.tls.cert TLS Certificate for GRPC server - ignored if existingSecret is provided
      ## @param receive.grpc.server.tls.key TLS Key for GRPC server - ignored if existingSecret is provided
      ## @param receive.grpc.server.tls.ca TLS CA to verify clients against - ignored if existingSecret is provided
      ## @param receive.grpc.server.tls.existingSecret Existing secret containing your own TLS certificates
      ## e.g:
      ## existingSecret:
      ##   name: foo
      ##   keyMapping:
      ##     ca-cert: ca.pem
      ##     tls-cert: cert.pem
      ##     tls-key: key.pem
      ##
      tls:
        enabled: false
        autoGenerated: false
        cert: ""
        key: ""
        ca: ""
        existingSecret: {}
  ## @param receive.extraEnvVars Extra environment variables for Thanos Receive container
  ## e.g:
  ## extraEnvVars:
  ##   - name: FOO
  ##     value: "bar"
  ##
  extraEnvVars: []
  ## @param receive.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Receive nodes
  ##
  extraEnvVarsCM: ""
  ## @param receive.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Receive nodes
  ##
  extraEnvVarsSecret: ""
  ## @param receive.extraFlags Extra Flags to passed to Thanos Receive
  ##
  extraFlags: []
  ## @param receive.command Override default container command (useful when using custom images)
  ##
  command: []
  ## @param receive.args Override default container args (useful when using custom images)
  ##
  args: []
  ## @param receive.replicaCount Number of Thanos Receive replicas to deploy
  ##
  replicaCount: 1
  ## @param receive.updateStrategy.type Update strategy type for Thanos Receive replicas
  ##
  updateStrategy:
    type: RollingUpdate
  ## @param receive.podManagementPolicy
  ## @param receive.podManagementPolicy Statefulset Pod management policy: OrderedReady (default) or Parallel
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
  ##
  podManagementPolicy: OrderedReady
  ## K8s Pod Security Context for Thanos Receive pods
  ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ## @param receive.podSecurityContext.enabled Enable security context for the Thanos Receive pods
  ## @param receive.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Receive pods
  ##
  podSecurityContext:
    enabled: true
    fsGroup: 1001
  ## K8s containers' Security Context for Thanos Receive containers
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
  ## @param receive.containerSecurityContext.enabled Enable container security context for the Thanos Receive containers
  ## @param receive.containerSecurityContext.runAsUser User ID for the service user running the Thanos Receive containers
  ## @param receive.containerSecurityContext.runAsNonRoot Force the Thanos Receive containers to run as a non root user
  ## @param receive.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Receive containers
  ## @param receive.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Receive containers
  ##
  containerSecurityContext:
    enabled: true
    runAsUser: 1001
    runAsNonRoot: true
    allowPrivilegeEscalation: false
    readOnlyRootFilesystem: true
  ## Thanos Receive containers' resource requests and limits
  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
  ## @param receive.resources.limits The resources limits for the Thanos Receive container
  ## @param receive.resources.requests The requested resources for the Thanos Receive container
  ##
  resources:
    limits: {}
    requests: {}
  ## Configure extra options for Thanos Receive containers' liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
  ## @param receive.livenessProbe.enabled Enable livenessProbe on Thanos Receive containers
  ## @param receive.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
  ## @param receive.livenessProbe.periodSeconds Period seconds for livenessProbe
  ## @param receive.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
  ## @param receive.livenessProbe.failureThreshold Failure threshold for livenessProbe
  ## @param receive.livenessProbe.successThreshold Success threshold for livenessProbe
  ##
  livenessProbe:
    enabled: true
    initialDelaySeconds: 30
    timeoutSeconds: 30
    periodSeconds: 10
    successThreshold: 1
    failureThreshold: 6
  ## @param receive.readinessProbe.enabled Enable readinessProbe on Thanos Receive containers
  ## @param receive.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
  ## @param receive.readinessProbe.periodSeconds Period seconds for readinessProbe
  ## @param receive.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
  ## @param receive.readinessProbe.failureThreshold Failure threshold for readinessProbe
  ## @param receive.readinessProbe.successThreshold Success threshold for readinessProbe
  ##
  readinessProbe:
    enabled: true
    initialDelaySeconds: 30
    timeoutSeconds: 30
    periodSeconds: 10
    successThreshold: 1
    failureThreshold: 6
  ## @param receive.startupProbe.enabled Enable startupProbe on Thanos Receive containers
  ## @param receive.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
  ## @param receive.startupProbe.periodSeconds Period seconds for startupProbe
  ## @param receive.startupProbe.timeoutSeconds Timeout seconds for startupProbe
  ## @param receive.startupProbe.failureThreshold Failure threshold for startupProbe
  ## @param receive.startupProbe.successThreshold Success threshold for startupProbe
  ##
  startupProbe:
    enabled: false
    initialDelaySeconds: 5
    periodSeconds: 5
    timeoutSeconds: 1
    failureThreshold: 15
    successThreshold: 1
  ## @param receive.customLivenessProbe Custom livenessProbe that overrides the default one
  ##
  customLivenessProbe: {}
  ## @param receive.customReadinessProbe Custom readinessProbe that overrides the default one
  ##
  customReadinessProbe: {}
  ## @param receive.customStartupProbe Custom startupProbe that overrides the default one
  ##
  customStartupProbe: {}
  ## @param receive.initContainers Add additional init containers to the Thanos Receive pods
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
  ## e.g:
  ## initContainers:
  ##  - name: your-image-name
  ##    image: your-image
  ##    imagePullPolicy: Always
  ##    command: ['sh', '-c', 'echo "hello world"']
  ##
  initContainers: []
  ## @param receive.sidecars Extra containers running as sidecars to Thanos Receive pods
  ## e.g:
  ## sidecars:
  ##   - name: your-image-name
  ##     image: your-image
  ##     imagePullPolicy: Always
  ##     ports:
  ##       - name: portname
  ##         containerPort: 1234
  ##
  sidecars: []
  ## @param receive.extraVolumes Extra volumes to add to Thanos Receive
  ##
  extraVolumes: []
  ## @param receive.extraVolumeMounts Extra volume mounts to add to the receive container
  ##
  extraVolumeMounts: []
  ## @param receive.podAffinityPreset Thanos Receive pod affinity preset
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ## Allowed values: soft, hard
  ##
  podAffinityPreset: ""
  ## @param receive.podAntiAffinityPreset Thanos Receive pod anti-affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard`
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ##
  podAntiAffinityPreset: soft
  ## Thanos Receive node affinity preset
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
  ##
  nodeAffinityPreset:
    ## @param receive.nodeAffinityPreset.type Thanos Receive node affinity preset type. Ignored if `receive.affinity` is set. Allowed values: `soft` or `hard`
    ##
    type: ""
    ## @param receive.nodeAffinityPreset.key Thanos Receive node label key to match. Ignored if `receive.affinity` is set.
    ## e.g:
    ## key: "kubernetes.io/e2e-az-name"
    ##
    key: ""
    ## @param receive.nodeAffinityPreset.values Thanos Receive node label values to match. Ignored if `receive.affinity` is set.
    ## e.g:
    ## values:
    ##   - e2e-az1
    ##   - e2e-az2
    ##
    values: []
  ## @param receive.affinity Thanos Receive affinity for pod assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ## Note: receive.podAffinityPreset, receive.podAntiAffinityPreset, and receive.nodeAffinityPreset will be ignored when it's set
  ##
  affinity: {}
  ## @param receive.nodeSelector Thanos Receive node labels for pod assignment
  ## ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## @param receive.tolerations Thanos Receive tolerations for pod assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## @param receive.podLabels Thanos Receive pod labels
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
  ##
  podLabels: {}
  ## @param receive.podAnnotations Annotations for Thanos Receive pods
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## @param receive.hostAliases Deployment pod host aliases
  ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
  ##
  hostAliases: []
  ## @param receive.lifecycleHooks for the Thanos Receive container(s) to automate configuration before or after startup
  ##
  lifecycleHooks: {}
  ## @param receive.priorityClassName Thanos Receive priorityClassName
  ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
  ##
  priorityClassName: ""
  ## @param receive.schedulerName Name of the k8s scheduler (other than default) for Thanos Receive pods
  ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
  ##
  schedulerName: ""
  ## @param receive.topologySpreadConstraints Topology Spread Constraints for Thanos Receive pods assignment spread across your cluster among failure-domains
  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
  ##
  topologySpreadConstraints: []
  ## Service parameters
  ##
  service:
    ## @param receive.service.type Kubernetes service type
    ##
    type: ClusterIP
    ## @param receive.service.ports.http Thanos Ruler service HTTP port
    ## @param receive.service.ports.grpc Thanos Ruler service GRPC port
    ## @param receive.service.ports.remote Thanos Ruler service remote port
    ##
    ports:
      http: 10902
      grpc: 10901
      remote: 19291
    ## @param receive.service.nodePorts.http Specify the Thanos Ruler HTTP nodePort value for the LoadBalancer and NodePort service types
    ## @param receive.service.nodePorts.grpc Specify the Thanos Ruler GRPC nodePort value for the LoadBalancer and NodePort service types
    ## @param receive.service.nodePorts.remote Specify the Thanos Ruler remote nodePort value for the LoadBalancer and NodePort service types
    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
    ##
    nodePorts:
      http: ""
      grpc: ""
      remote: ""
    ## @param receive.service.clusterIP Thanos Ruler service clusterIP IP
    ## e.g:
    ## clusterIP: None
    ##
    clusterIP: ""
    ## @param receive.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer`
    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
    ##
    loadBalancerIP: ""
    ## @param receive.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer
    ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
    ## e.g:
    ## loadBalancerSourceRanges:
    ## - 10.10.10.0/24
    ##
    loadBalancerSourceRanges: []
    ## @param receive.service.externalTrafficPolicy Thanos Ruler service externalTrafficPolicy
    ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
    ##
    externalTrafficPolicy: Cluster
    ## @param receive.service.annotations Annotations for Thanos Receive service
    ##
    annotations: {}
    ## @param receive.service.extraPorts Extra ports to expose in the Thanos Receive service
    ##
    extraPorts: []
    ## @param receive.service.labelSelectorsOverride Selector for Thanos receive service
    ##
    labelSelectorsOverride: {}
    ## @param receive.service.additionalHeadless Additional Headless service
    ##
    additionalHeadless: false
  ## @param receive.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the sts
  ##
  automountServiceAccountToken: true
  ## ServiceAccount configuration
  ## @param receive.serviceAccount.create Specifies whether a ServiceAccount should be created
  ## @param receive.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
  ## @param receive.serviceAccount.annotations Annotations for Thanos Receive Service Account
  ## @param receive.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token
  ## DEPRECATED receive.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead
  ##
  serviceAccount:
    create: true
    name: ""
    annotations: {}
    automountServiceAccountToken: true
    ## existingServiceAccount: ""
  ## Thanos Receive Autoscaling configuration
  ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
  ## @param receive.autoscaling.enabled Enable autoscaling for Thanos Receive
  ## @param receive.autoscaling.minReplicas Minimum number of Thanos Receive replicas
  ## @param receive.autoscaling.maxReplicas Maximum number of Thanos Receive replicas
  ## @param receive.autoscaling.targetCPU Target CPU utilization percentage
  ## @param receive.autoscaling.targetMemory Target Memory utilization percentage
  ##
  autoscaling:
    enabled: false
    minReplicas: ""
    maxReplicas: ""
    targetCPU: ""
    targetMemory: ""
  ## Thanos Receive Pod Disruption Budget configuration
  ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
  ## @param receive.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Receive
  ## @param receive.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
  ## @param receive.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
  ##
  pdb:
    create: false
    minAvailable: 1
    maxUnavailable: ""
  ## Persistence parameters
  ##
  persistence:
    ## @param receive.persistence.enabled Enable data persistence using PVC(s) on Thanos Receive pods
    ##
    enabled: true
    ## @param receive.persistence.storageClass Specify the `storageClass` used to provision the volume
    ## If defined, storageClassName: <storageClass>
    ## If set to "-", storageClassName: "", which disables dynamic provisioning
    ## If undefined (the default) or set to null, no storageClassName spec is
    ## set, choosing the default provisioner.
    ##
    storageClass: ""
    ## @param receive.persistence.accessModes PVC Access Modes for data volume
    ##
    accessModes:
      - ReadWriteOnce
    ## @param receive.persistence.size PVC Storage Request for data volume
    ##
    size: 8Gi
    ## @param receive.persistence.annotations Annotations for the PVC
    ##
    annotations: {}
    ## @param receive.persistence.existingClaim Name of an existing PVC to use
    ## If defined, PVC must be created manually before volume will be bound
    ##
    existingClaim: ""
  ## Configure the ingress resource that allows you to access Thanos Receive
  ## ref: https://kubernetes.io/docs/user-guide/ingress/
  ##
  ingress:
    ## @param receive.ingress.enabled Set to true to enable ingress record generation
    ##
    enabled: false
    ## @param receive.ingress.hostname When the ingress is enabled, a host pointing to this will be created
    ##
    hostname: thanos-receive.local
    ## @param receive.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
    ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
    ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
    ##
    ingressClassName: ""
    ## @param receive.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
    ## For a full list of possible ingress annotations, please see
    ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
    ## Use this parameter to set the required annotations for cert-manager, see
    ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
    ##
    ## e.g:
    ## annotations:
    ##   kubernetes.io/ingress.class: nginx
    ##   cert-manager.io/cluster-issuer: cluster-issuer-name
    ##
    annotations: {}
    ## @param receive.ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
    ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
    ## extraHosts:
    ## - name: thanos.local
    ##   path: /
    ##   pathType: ImplementationSpecific
    ##
    extraHosts: []
    ## @param receive.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
    ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
    ## extraTls:
    ## - hosts:
    ##     - thanos.local
    ##   secretName: thanos.local-tls
    ##
    extraTls: []
    ## @param receive.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
    ## key and certificate should start with -----BEGIN CERTIFICATE----- or
    ## -----BEGIN RSA PRIVATE KEY-----
    ##
    ## name should line up with a tlsSecret set further up
    ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
    ##
    ## It is also possible to create and manage the certificates outside of this helm chart
    ## Please see README.md for more information
    ## e.g:
    ## - name: thanos.local-tls
    ##   key:
    ##   certificate:
    ##
    secrets: []
    ## @param receive.ingress.extraRules Additional rules to be covered with this ingress record
    ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
    ## e.g:
    ## extraRules:
    ## - host: example.local
    ##     http:
    ##       path: /
    ##       backend:
    ##         service:
    ##           name: example-svc
    ##           port:
    ##             name: http
    ##
    extraRules: []
    ## @param receive.ingress.tls Enable TLS configuration for the hostname defined at `receive.ingress.hostname` parameter
    ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.receive.ingress.hostname }}`
    ## You can:
    ##   - Use the `receive.ingress.secrets` parameter to create this TLS secret
    ##   - Rely on cert-manager to create it by setting the corresponding annotations
    ##   - Rely on Helm to create self-signed certificates by setting `receive.ingress.selfSigned=true`
    ##
    tls: false
    ## @param receive.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
    ##
    selfSigned: false
    ## @param receive.ingress.apiVersion Override API Version (automatically detected if not set)
    ##
    apiVersion: ""
    ## @param receive.ingress.path Ingress Path
    ##
    path: /
    ## @param receive.ingress.pathType Ingress Path type
    ##
    pathType: ImplementationSpecific

## @section Thanos Receive Distributor parameters

receiveDistributor:
  ## @param receiveDistributor.enabled Enable/disable Thanos Receive Distributor component
  ##
  enabled: false
  ## @param receiveDistributor.logLevel Thanos Receive Distributor log level
  ##
  logLevel: info
  ## @param receiveDistributor.logFormat Thanos Receive Distributor log format
  ##
  logFormat: logfmt
  ## @param receiveDistributor.replicaLabel Label to treat as a replica indicator along which data is de-duplicated
  ##
  replicaLabel: replica
  ## @param receiveDistributor.replicationFactor Thanos Receive Distributor replication-factor
  ##
  replicationFactor: 1
  ## @param receiveDistributor.extraEnvVars Extra environment variables for Thanos Receive Distributor container
  ## e.g:
  ## extraEnvVars:
  ##   - name: FOO
  ##     value: "bar"
  ##
  extraEnvVars: []
  ## @param receiveDistributor.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Receive Distributor nodes
  ##
  extraEnvVarsCM: ""
  ## @param receiveDistributor.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Receive Distributor nodes
  ##
  extraEnvVarsSecret: ""
  ## @param receiveDistributor.extraFlags Extra Flags to passed to Thanos Receive Distributor
  ##
  extraFlags: []
  ## @param receiveDistributor.command Override default container command (useful when using custom images)
  ##
  command: []
  ## @param receiveDistributor.args Override default container args (useful when using custom images)
  ##
  args: []
  ## @param receiveDistributor.replicaCount Number of Thanos Receive Distributor replicas to deploy
  ##
  replicaCount: 1
  ## @param receiveDistributor.updateStrategy.type Update strategy type for Thanos Receive Distributor replicas
  ##
  updateStrategy:
    type: RollingUpdate
  ## K8s Pod Security Context for Thanos Receive Distributor pods
  ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ## @param receiveDistributor.podSecurityContext.enabled Enable security context for the Thanos Receive Distributor pods
  ## @param receiveDistributor.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Receive Distributor pods
  ##
  podSecurityContext:
    enabled: true
    fsGroup: 1001
  ## K8s containers' Security Context for Thanos Receive Distributor containers
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
  ## @param receiveDistributor.containerSecurityContext.enabled Enable container security context for the Thanos Receive Distributor containers
  ## @param receiveDistributor.containerSecurityContext.runAsUser User ID for the service user running the Thanos Receive Distributor containers
  ## @param receiveDistributor.containerSecurityContext.runAsNonRoot Force the Thanos Receive Distributor containers to run as a non root user
  ## @param receiveDistributor.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Receive Distributor containers
  ## @param receiveDistributor.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Receive Distributor containers
  ##
  containerSecurityContext:
    enabled: true
    runAsUser: 1001
    runAsNonRoot: true
    allowPrivilegeEscalation: false
    readOnlyRootFilesystem: true
  ## Thanos Receive Distributor containers' resource requests and limits
  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
  ## @param receiveDistributor.resources.limits The resources limits for the Thanos Receive container
  ## @param receiveDistributor.resources.requests The requested resources for the Thanos Receive container
  ##
  resources:
    limits: {}
    requests: {}
  ## Configure extra options for Thanos Receive Distributor containers' liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
  ## @param receiveDistributor.livenessProbe.enabled Enable livenessProbe on Thanos Receive Distributor containers
  ## @param receiveDistributor.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
  ## @param receiveDistributor.livenessProbe.periodSeconds Period seconds for livenessProbe
  ## @param receiveDistributor.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
  ## @param receiveDistributor.livenessProbe.failureThreshold Failure threshold for livenessProbe
  ## @param receiveDistributor.livenessProbe.successThreshold Success threshold for livenessProbe
  ##
  livenessProbe:
    enabled: true
    initialDelaySeconds: 30
    timeoutSeconds: 30
    periodSeconds: 10
    successThreshold: 1
    failureThreshold: 6
  ## @param receiveDistributor.readinessProbe.enabled Enable readinessProbe on Thanos Receive Distributor containers
  ## @param receiveDistributor.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
  ## @param receiveDistributor.readinessProbe.periodSeconds Period seconds for readinessProbe
  ## @param receiveDistributor.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
  ## @param receiveDistributor.readinessProbe.failureThreshold Failure threshold for readinessProbe
  ## @param receiveDistributor.readinessProbe.successThreshold Success threshold for readinessProbe
  ##
  readinessProbe:
    enabled: true
    initialDelaySeconds: 30
    timeoutSeconds: 30
    periodSeconds: 10
    successThreshold: 1
    failureThreshold: 6
  ## @param receiveDistributor.startupProbe.enabled Enable startupProbe on Thanos Receive Distributor containers
  ## @param receiveDistributor.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
  ## @param receiveDistributor.startupProbe.periodSeconds Period seconds for startupProbe
  ## @param receiveDistributor.startupProbe.timeoutSeconds Timeout seconds for startupProbe
  ## @param receiveDistributor.startupProbe.failureThreshold Failure threshold for startupProbe
  ## @param receiveDistributor.startupProbe.successThreshold Success threshold for startupProbe
  ##
  startupProbe:
    enabled: false
    initialDelaySeconds: 5
    periodSeconds: 5
    timeoutSeconds: 1
    failureThreshold: 15
    successThreshold: 1
  ## @param receiveDistributor.customLivenessProbe Custom livenessProbe that overrides the default one
  ##
  customLivenessProbe: {}
  ## @param receiveDistributor.customReadinessProbe Custom readinessProbe that overrides the default one
  ##
  customReadinessProbe: {}
  ## @param receiveDistributor.customStartupProbe Custom startupProbe that overrides the default one
  ##
  customStartupProbe: {}
  ## @param receiveDistributor.initContainers Add additional init containers to the Thanos Receive Distributor pods
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
  ## e.g:
  ## initContainers:
  ##  - name: your-image-name
  ##    image: your-image
  ##    imagePullPolicy: Always
  ##    command: ['sh', '-c', 'echo "hello world"']
  ##
  initContainers: []
  ## @param receiveDistributor.sidecars Extra containers running as sidecars to Thanos Receive Distributor pods
  ## e.g:
  ## sidecars:
  ##   - name: your-image-name
  ##     image: your-image
  ##     imagePullPolicy: Always
  ##     ports:
  ##       - name: portname
  ##         containerPort: 1234
  ##
  sidecars: []
  ## @param receiveDistributor.extraVolumes Extra volumes to add to Thanos Receive Distributor
  ##
  extraVolumes: []
  ## @param receiveDistributor.extraVolumeMounts Extra volume mounts to add to the receive distributor container
  ##
  extraVolumeMounts: []
  ## @param receiveDistributor.podAffinityPreset Thanos Receive pod affinity preset
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ## Allowed values: soft, hard
  ##
  podAffinityPreset: ""
  ## @param receiveDistributor.podAntiAffinityPreset Thanos Receive pod anti-affinity preset. Ignored if `receiveDistributor.affinity` is set. Allowed values: `soft` or `hard`
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ##
  podAntiAffinityPreset: soft
  ## Thanos Receive node affinity preset
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
  ##
  nodeAffinityPreset:
    ## @param receiveDistributor.nodeAffinityPreset.type Thanos Receive node affinity preset type. Ignored if `receiveDistributor.affinity` is set. Allowed values: `soft` or `hard`
    ##
    type: ""
    ## @param receiveDistributor.nodeAffinityPreset.key Thanos Receive node label key to match. Ignored if `receiveDistributor.affinity` is set.
    ## e.g:
    ## key: "kubernetes.io/e2e-az-name"
    ##
    key: ""
    ## @param receiveDistributor.nodeAffinityPreset.values Thanos Receive node label values to match. Ignored if `receiveDistributor.affinity` is set.
    ## e.g:
    ## values:
    ##   - e2e-az1
    ##   - e2e-az2
    ##
    values: []
  ## @param receiveDistributor.affinity Thanos Receive Distributor affinity for pod assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ## Note: receiveDistributor.podAffinityPreset, receiveDistributor.podAntiAffinityPreset, and receiveDistributor.nodeAffinityPreset will be ignored when it's set
  ##
  affinity: {}
  ## @param receiveDistributor.nodeSelector Thanos Receive Distributor node labels for pod assignment
  ## ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## @param receiveDistributor.tolerations Thanos Receive Distributor tolerations for pod assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## @param receiveDistributor.podLabels Thanos Receive Distributor pod labels
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
  ##
  podLabels: {}
  ## @param receiveDistributor.podAnnotations Annotations for Thanos Receive Distributor pods
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## @param receiveDistributor.hostAliases Deployment pod host aliases
  ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
  ##
  hostAliases: []
  ## @param receiveDistributor.lifecycleHooks for the Thanos Receive Distributor container(s) to automate configuration before or after startup
  ##
  lifecycleHooks: {}
  ## @param receiveDistributor.priorityClassName Thanos Receive Distributor priorityClassName
  ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
  ##
  priorityClassName: ""
  ## @param receiveDistributor.schedulerName Name of the k8s scheduler (other than default) for Thanos Receive Distributor pods
  ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
  ##
  schedulerName: ""
  ## @param receiveDistributor.topologySpreadConstraints Topology Spread Constraints for Thanos Receive Distributor pods assignment spread across your cluster among failure-domains
  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
  ##
  topologySpreadConstraints: []
  ## @param receiveDistributor.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment
  ##
  automountServiceAccountToken: true
  ## ServiceAccount configuration
  ## @param receiveDistributor.serviceAccount.create Specifies whether a ServiceAccount should be created
  ## @param receiveDistributor.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
  ## @param receiveDistributor.serviceAccount.annotations Annotations for Thanos Receive Distributor Service Account
  ## @param receiveDistributor.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token
  ## DEPRECATED receive.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead
  ##
  serviceAccount:
    create: true
    name: ""
    annotations: {}
    automountServiceAccountToken: true
    ## existingServiceAccount: ""
  ## Thanos Receive Distributor Autoscaling configuration
  ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
  ## @param receiveDistributor.autoscaling.enabled Enable autoscaling for Thanos Receive Distributor
  ## @param receiveDistributor.autoscaling.minReplicas Minimum number of Thanos Receive Distributor replicas
  ## @param receiveDistributor.autoscaling.maxReplicas Maximum number of Thanos Receive Distributor replicas
  ## @param receiveDistributor.autoscaling.targetCPU Target CPU utilization percentage
  ## @param receiveDistributor.autoscaling.targetMemory Target Memory utilization percentage
  ##
  autoscaling:
    enabled: false
    minReplicas: ""
    maxReplicas: ""
    targetCPU: ""
    targetMemory: ""
  ## Thanos Receive Distributor Pod Disruption Budget configuration
  ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
  ## @param receiveDistributor.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Receive Distributor
  ## @param receiveDistributor.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
  ## @param receiveDistributor.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
  ##
  pdb:
    create: false
    minAvailable: 1
    maxUnavailable: ""

## @section Metrics parameters

## Prometheus metrics
##
metrics:
  ## @param metrics.enabled Enable the export of Prometheus metrics
  ##
  enabled: false
  ## Prometheus Operator ServiceMonitor configuration
  ##
  serviceMonitor:
    ## @param metrics.serviceMonitor.enabled Specify if a ServiceMonitor will be deployed for Prometheus Operator
    ##
    enabled: false
    ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running
    ##
    namespace: ""
    ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
    ##
    labels: {}
    ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus
    ##
    jobLabel: ""
    ## @param metrics.serviceMonitor.interval How frequently to scrape metrics
    ## e.g:
    ## interval: 10s
    ##
    interval: ""
    ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
    ## e.g:
    ## scrapeTimeout: 10s
    ##
    scrapeTimeout: ""
    ## @param metrics.serviceMonitor.metricRelabelings [array] Specify additional relabeling of metrics
    ##
    metricRelabelings: []
    ## @param metrics.serviceMonitor.relabelings [array] Specify general relabeling
    ##
    relabelings: []
    ## @param metrics.serviceMonitor.selector Prometheus instance selector labels
    ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration
    ##
    selector: {}

  ## PrometheusRule CRD configuration
  ##
  prometheusRule:
    ## @param metrics.prometheusRule.enabled If `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true`)
    ##
    enabled: false
    ## Configure prometheus rules
    ##
    default:
      ## @extra metrics.prometheusRule.default.absent_rules Enable absent_rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`)
      ## @extra metrics.prometheusRule.default.compaction Enable compaction rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`)
      ## @extra metrics.prometheusRule.default.query Enable query when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`)
      ## @extra metrics.prometheusRule.default.receive Enable receive rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`)
      ## @extra metrics.prometheusRule.default.replicate Enable replicate rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`)
      ## @extra metrics.prometheusRule.default.ruler Enable ruler rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`)
      ## @extra metrics.prometheusRule.default.sidecar Enable sidecar rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`)
      ## @extra metrics.prometheusRule.default.store_gateway Enable store_gateway rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`)
      ## @param metrics.prometheusRule.default.create would create all default prometheus alerts
      ##
      create: false
      ## @extra metrics.prometheusRule.default.disabled.ThanosCompactIsDown Disable ThanosCompactIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosQueryIsDown Disable ThanosQueryIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveIsDown Disable ThanosReceiveIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosRuleIsDown Disable ThanosRuleIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosSidecarIsDown Disable ThanosSidecarIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosStoreIsDown Disable ThanosStoreIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosCompactMultipleRunning Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosCompactHalted Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosCompactHighCompactionFailures Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosCompactBucketHighOperationFailures Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosCompactHasNotRun Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosQueryHttpRequestQueryErrorRateHigh Disable ThanosQueryHttpRequestQueryErrorRateHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosQueryHttpRequestQueryRangeErrorRateHigh Disable ThanosQueryHttpRequestQueryRangeErrorRateHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosQueryGrpcServerErrorRate Disable ThanosQueryGrpcServerErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosQueryGrpcClientErrorRate Disable ThanosQueryGrpcClientErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosQueryHighDNSFailures Disable ThanosQueryHighDNSFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosQueryInstantLatencyHigh Disable ThanosQueryInstantLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosQueryRangeLatencyHigh Disable ThanosQueryRangeLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosQueryOverload Disable ThanosQueryOverload rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHttpRequestErrorRateHigh Disable ThanosReceiveHttpRequestErrorRateHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHttpRequestLatencyHigh Disable ThanosReceiveHttpRequestLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHighReplicationFailures Disable ThanosReceiveHighReplicationFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHighForwardRequestFailures Disable ThanosReceiveHighForwardRequestFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHighHashringFileRefreshFailures Disable ThanosReceiveHighHashringFileRefreshFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveConfigReloadFailure Disable ThanosReceiveConfigReloadFailure rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveNoUpload Disable ThanosReceiveNoUpload rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveTrafficBelowThreshold Disable ThanosReceiveTrafficBelowThreshold rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosBucketReplicateErrorRate Disable ThanosBucketReplicateErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosBucketReplicateRunLatency Disable ThanosBucketReplicateRunLatency rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosRuleQueueIsDroppingAlerts Disable ThanosRuleQueueIsDroppingAlerts rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosRuleSenderIsFailingAlerts Disable ThanosRuleSenderIsFailingAlerts rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosRuleHighRuleEvaluationFailures Disable ThanosRuleHighRuleEvaluationFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosRuleHighRuleEvaluationWarnings Disable ThanosRuleHighRuleEvaluationWarnings rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosRuleRuleEvaluationLatencyHigh Disable ThanosRuleRuleEvaluationLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosRuleGrpcErrorRate Disable ThanosRuleGrpcErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosRuleConfigReloadFailure Disable ThanosRuleConfigReloadFailure rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosRuleQueryHighDNSFailures Disable ThanosRuleQueryHighDNSFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosRuleAlertmanagerHighDNSFailures Disable ThanosRuleAlertmanagerHighDNSFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosRuleNoEvaluationFor10Intervals Disable ThanosRuleNoEvaluationFor10Intervals rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosNoRuleEvaluations Disable ThanosNoRuleEvaluations rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosSidecarBucketOperationsFailed Disable ThanosSidecarBucketOperationsFailed rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.sidecar is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosSidecarNoConnectionToStartedPrometheus Disable ThanosSidecarNoConnectionToStartedPrometheus rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.sidecar is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosStoreGrpcErrorRate Disable ThanosSidecarNoConnectionToStartedPrometheus rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway  is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosStoreSeriesGateLatencyHigh Disable ThanosStoreSeriesGateLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway  is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosStoreBucketHighOperationFailures Disable ThanosStoreBucketHighOperationFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway  is true
      ## @extra metrics.prometheusRule.default.disabled.ThanosStoreObjstoreOperationLatencyHigh Disable ThanosStoreObjstoreOperationLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway  is true
      ## @param metrics.prometheusRule.default.disabled disable one specific prometheus alert rule
      ##
      disabled: {}
    ## @param metrics.prometheusRule.namespace Namespace in which the PrometheusRule CRD is created
    ##
    namespace: ""
    ## @param metrics.prometheusRule.additionalLabels Additional labels for the prometheusRule
    ##
    additionalLabels: {}
    ## @param metrics.prometheusRule.groups Prometheus Rule Groups for Thanos components
    ## These are just examples rules, please adapt them to your needs.
    ##   groups:
    ##     - name: Compactor
    ##       rules:
    ##         - alert: ThanosCompactMultipleRunning
    ##           annotations:
    ##             description: No more than one Thanos Compact instance should be running at once. There are {{`{{`}}$value{{`}}`}} instances running.
    ##             runbook_url: https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanoscompactmultiplerunning
    ##             summary: Thanos Compact has multiple instances running.
    ##           expr: sum by (job) (up{job=~"{{ template "common.names.fullname" . }}-compact.*"}) > 1
    ##           for: 5m
    ##           labels:
    ##             severity: warning
    groups: []

## @section Volume Permissions parameters

## 'volumePermissions' init container parameters
## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values
##   based on the *podSecurityContext/*containerSecurityContext parameters
##
volumePermissions:
  ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup`
  ##
  enabled: false
  ## @param volumePermissions.image.registry Init container volume-permissions image registry
  ## @param volumePermissions.image.repository Init container volume-permissions image repository
  ## @param volumePermissions.image.tag Init container volume-permissions image tag
  ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
  ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
  ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
  ##
  image:
    registry: docker.io
    repository: bitnami/bitnami-shell
    tag: 11-debian-11-r92
    digest: ""
    ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
    ## Optionally specify an array of imagePullSecrets.
    ## Secrets must be manually created in the namespace.
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
    ## e.g:
    ## pullSecrets:
    ##   - myRegistryKeySecretName
    ##
    pullSecrets: []

## @section MinIO&reg; chart parameters
## @extra minio For full list of MinIO&reg; values configurations please refere [here](https://github.com/bitnami/charts/tree/main/bitnami/minio)

minio:
  ## @param minio.enabled Enable/disable MinIO&reg; chart installation
  ## to be used as an objstore for Thanos
  ##
  enabled: false
  ## MinIO&reg; authentication parameters
  ##
  auth:
    ## @param minio.auth.rootUser MinIO&reg; root username
    ##
    rootUser: admin
    ## @param minio.auth.rootPassword Password for MinIO&reg; root user
    ##
    rootPassword: ""
  ## @param minio.defaultBuckets Comma, semi-colon or space separated list of MinIO&reg; buckets to create
  ##
  defaultBuckets: 'thanos'

## @section NetWorkPolicy parameters

networkPolicy:
  ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now.
  ##
  enabled: false
  ## @param networkPolicy.allowExternal Don't require client label for connections
  ## The Policy model to apply. When set to false, only pods with the correct
  ## client label will have network access to http and grpc thanos port.
  ## When true, thanos will accept connections from any source
  ## (with the correct destination port).
  ##
  allowExternal: true
  ## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed
  ## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace
  ## and that match other criteria, the ones that have the good label, can reach thanos.
  ## But sometimes, we want thanos to be accessible to clients from other namespaces, in this case, we can use this
  ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added.
  ##
  ## Example:
  ## explicitNamespacesSelector:
  ##   matchLabels:
  ##     role: frontend
  ##   matchExpressions:
  ##    - {key: role, operator: In, values: [frontend]}
  ##
  explicitNamespacesSelector: {}

verrazzano:
  isIstioEnabled: true