thanos:
  # Object storage configuration
  objstoreConfig:
    create: false  # We create the secret via extraObjects
    name: thanos-objstore-secret
    key: objstore.yml

  # Image configuration
  image:
    registry: quay.io
    repository: thanos/thanos
    tag: v0.40.1

  # Query component
  query:
    enabled: true
    replicaCount: 2
    resources:
      requests:
        cpu: 100m
        memory: 256Mi
      limits:
        memory: 512Mi
    stores:
      - dnssrv+_grpc._tcp.thanos-storegateway.monitoring.svc.cluster.local
      - dnssrv+_grpc._tcp.thanos-receive.monitoring.svc.cluster.local

  # Query Frontend
  queryFrontend:
    enabled: true
    replicaCount: 1
    resources:
      requests:
        cpu: 50m
        memory: 128Mi
      limits:
        memory: 256Mi

  # Store Gateway
  storegateway:
    enabled: true
    replicaCount: 1
    persistence:
      enabled: true
      storageClass: ceph-block
      size: 10Gi
    resources:
      requests:
        cpu: 100m
        memory: 512Mi
      limits:
        memory: 1Gi

  # Compactor
  compactor:
    enabled: true
    persistence:
      enabled: true
      storageClass: ceph-block
      size: 10Gi
    retentionResolutionRaw: 14d
    retentionResolution5m: 90d
    retentionResolution1h: 2y
    resources:
      requests:
        cpu: 100m
        memory: 512Mi
      limits:
        memory: 1Gi
    extraFlags:
      - --deduplication.replica-label=prometheus_replica
      - --deduplication.replica-label=replica
      - --downsampling.disable=false
      - --compact.enable-vertical-compaction

  # Receive (for remote write from Prometheus)
  receive:
    enabled: true
    replicaCount: 1
    persistence:
      enabled: true
      storageClass: ceph-block
      size: 20Gi
    resources:
      requests:
        cpu: 100m
        memory: 512Mi
      limits:
        memory: 1Gi

  # Metrics and caching
  # Note: Memcached configuration would be added here if using external caching

  # Metrics
  metrics:
    enabled: true
    serviceMonitor:
      enabled: true

# S3 Bucket and credentials provisioning
extraObjects:
  # ObjectBucketClaim for Thanos metrics
  - apiVersion: objectbucket.io/v1alpha1
    kind: ObjectBucketClaim
    metadata:
      name: thanos-metrics
      namespace: monitoring
    spec:
      bucketName: thanos-metrics
      storageClassName: ceph-bucket
      additionalConfig:
        maxSize: "500Gi"

  # Secret with S3 credentials (will be populated by Rook)
  # This is a placeholder - actual credentials come from the OBC
  - apiVersion: v1
    kind: Secret
    metadata:
      name: thanos-objstore-secret
      namespace: monitoring
    type: Opaque
    stringData:
      objstore.yml: |-
        type: S3
        config:
          bucket: thanos-metrics
          endpoint: rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80
          insecure: true
          access_key: ${AWS_ACCESS_KEY_ID}
          secret_key: ${AWS_SECRET_ACCESS_KEY}