---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  name: elasticsearch-metrics
  namespace: elasticsearch-system
  labels:
    app: elasticsearch
spec:
  selector:
    matchLabels:
      elasticsearch.k8s.elastic.co/cluster-name: elasticsearch
  endpoints:
  - port: https
    path: /_prometheus/metrics
    scheme: https
    tlsConfig:
      insecureSkipVerify: true  # Use self-signed certs
    basicAuth:
      username:
        name: elasticsearch-es-elastic-user
        key: elastic
      password:
        name: elasticsearch-es-elastic-user  
        key: elastic
    interval: 30s
    scrapeTimeout: 10s
  namespaceSelector:
    matchNames:
    - elasticsearch-system

---
# Optional: Kibana ServiceMonitor if you want to monitor Kibana as well
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  name: kibana-metrics
  namespace: elasticsearch-system
  labels:
    app: kibana
spec:
  selector:
    matchLabels:
      kibana.k8s.elastic.co/name: kibana
  endpoints:
  - port: https
    path: /api/status
    scheme: https
    tlsConfig:
      insecureSkipVerify: true
    basicAuth:
      username:
        name: elasticsearch-es-elastic-user
        key: elastic
      password:
        name: elasticsearch-es-elastic-user
        key: elastic
    interval: 60s
    scrapeTimeout: 30s
  namespaceSelector:
    matchNames:
    - elasticsearch-system

---
# Note: Kibana is exposed via Tailscale LoadBalancer service (configured in cluster.yaml)
# No Ingress needed - the service type LoadBalancer with loadBalancerClass: tailscale
# automatically creates a Tailscale proxy pod and exposes the service via MagicDNS