# Default values for freeleaps-secret-operator
replicaCount: 1

secretOperator:
  image:
    registry: docker.io
    repository: freeleaps/secret-operator
    pullPolicy: IfNotPresent
    tag: "snapshot-36e5cf0"
    name: "secret-operator"

imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""

serviceAccount:
  create: true
  annotations: {}
  name: "freeleaps-secret-operator"

podAnnotations: {}

podSecurityContext: {}

securityContext:
  allowPrivilegeEscalation: false
  readOnlyRootFilesystem: true
  runAsNonRoot: true
  runAsUser: 1000
  capabilities:
    drop:
      - ALL

resources:
  limits:
    cpu: 500m
    memory: 512Mi
  requests:
    cpu: 100m
    memory: 128Mi

nodeSelector: {}

tolerations: []

affinity: {}

# Operator specific configuration
operator:
  # General Configuration
  debug: false
  apiServerPort: 8080
  watchedNamespaces: "" # Empty means watch all namespaces
  k8sClusterDomain: "kubernetes.default.svc.freeleaps.cluster"
  autoDiscoverK8sClusterDomainMaxRetries: 5

  # Kopf Configuration
  kopfPeeringName: "freeleaps-secret-operator"
  leaderElection:
    enabled: true

  # Namespace where the operator will be deployed
  namespace: "freeleaps-devops-system"

# Azure Key Vault Configuration
# These values should be provided through a secret
azureKeyVault:
  # If true, will create a secret for Azure Key Vault credentials
  createSecret: true
  # Reference to existing secret containing Azure credentials
  existingSecret: ""
  # Values used if createSecret is true
  credentials:
    tenantId: "cf151ee8-5c2c-4fe7-a1c4-809ba43c9f24"
    clientId: "7cd1df19-24ea-46d7-acd3-5336283139e0"
    clientSecret: "XMy8Q~XbsgiXC6Yrm7vCRCsHdLhQpIMYCSRvgcLH"
    vaultUrl: "https://freeleaps-vault-service.vault.azure.net/"
    vaultName: "freeleaps-vault-service"
    subscriptionId: "0a280068-dec4-4bf0-9f04-65b64f412b50"
    resourceGroup: "k8s"

# JWT Configuration
jwt:
  # If true, will create a secret for JWT configuration
  createSecret: true
  # Reference to existing secret containing JWT configuration
  existingSecret: ""
  # Values used if createSecret is true
  config:
    secretKey: "ea84edf152976b2fcec12b78aa8e45bc26a5cf0ef61bf16f5c317ae33b3fd8b0"
    algorithm: "HS256"

# HMAC Configuration
hmac:
  # If true, will create a secret for HMAC configuration
  createSecret: true
  # Reference to existing secret containing HMAC configuration
  existingSecret: ""
  # Values used if createSecret is true
  config:
    secretKey: "ea84edf152976b2fcec12b78aa8e45bc26a5cf0ef61bf16f5c317ae33b3fd8b0"

# CRDs configuration
crds:
  install: false # Set to false if you want to manage CRDs separately

apiServerService:
  enabled: true
  service:
    type: ClusterIP
    port: 8080