resource "kubectl_manifest" "prometheus" {
  yaml_body  = <<-EOF
    apiVersion: monitoring.coreos.com/v1
    kind: Prometheus
    metadata:
      name: prometheus
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.common_labels)}
    spec:
      image: "${var.images.prometheus.registry}/${var.images.prometheus.repository}:${var.images.prometheus.tag}"
      version: ${var.images.prometheus.tag}
      externalUrl: http://${var.instance}-${var.component}.${var.namespace}:9090
      replicas: ${var.replicas}
      shards: ${var.shards}
      logLevel:  ${var.logLevel}
      listenLocal: ${var.listenLocal}
      enableAdminAPI: ${var.enableAdminAPI}
      retention: "${var.retention}"
      tsdb:
        outOfOrderTimeWindow: 0s
      walCompression: true
      routePrefix: "/"
      alerting:
        alertmanagers:
          - namespace: ${var.namespace}
            name: ${var.alertmanager}
            port: http-web
            pathPrefix: "/"
            apiVersion: v2
      scrapeConfigNamespaceSelector: {}
      scrapeConfigSelector:
        matchLabels:
          app.kubernetes.io/managed-by: vynil
      serviceMonitorNamespaceSelector: {}
      serviceMonitorSelector:
        matchLabels:
          app.kubernetes.io/managed-by: vynil
      podMonitorNamespaceSelector: {}
      podMonitorSelector:
        matchLabels:
          app.kubernetes.io/managed-by: vynil
      probeNamespaceSelector: {}
      probeSelector:
        matchLabels:
          app.kubernetes.io/managed-by: vynil
      ruleNamespaceSelector: {}
      ruleSelector:
        matchLabels:
          app.kubernetes.io/managed-by: vynil
      serviceAccountName: prometheus-kube-prometheus-prometheus
      securityContext:
        fsGroup: 2000
        runAsGroup: 2000
        runAsNonRoot: true
        runAsUser: 1000
        seccompProfile:
          type: RuntimeDefault

      portName: http-web
      hostNetwork: false
  EOF
}