# Default values for freeleaps-devops-reconciler
replicaCount: 1

image:
  repository: freeleaps/reconciler
  pullPolicy: IfNotPresent
  tag: ""

imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""

# Operator Configuration
operator:
  clusterwide: false
  priority: 100
  peeringName: "freeleaps-devops-reconciler"
  namespaces:
    - "freeleaps-devops-system"
  debug: false

serviceAccount:
  create: true
  annotations: {}
  name: ""

rbac:
  create: true
  additionalRules: []

podAnnotations: {}

podSecurityContext:
  fsGroup: 1000
  runAsNonRoot: true
  runAsUser: 1000

securityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - ALL
  readOnlyRootFilesystem: true
  runAsNonRoot: true
  runAsUser: 1000

service:
  type: ClusterIP
  port: 8080
  targetPort: 8080

ingress:
  enabled: false
  className: ""
  annotations: {}
  hosts:
    - host: devops-reconciler.local
      paths:
        - path: /
          pathType: Prefix
  tls: []

resources:
  limits:
    cpu: 500m
    memory: 512Mi
  requests:
    cpu: 100m
    memory: 128Mi

nodeSelector: {}
tolerations: []
affinity: {}

# Environment Configuration
env:
  # General Configuration
  reconcilerDebug: "false"
  defaultHttpTimeout: "30s"
  k8sClusterDomain: "cluster.local"
  kubernetesApiTimeout: "30s"
  autoDiscoverK8sClusterDomainMaxRetries: "5"
  logLevel: "INFO"
  logFormat: "text"
  operatorNamespace: "freeleaps-devops-system"
  reconcileInterval: "30s"
  allowHttpGitUrls: "false"

  # RabbitMQ Configuration
  rabbitmq:
    host: "localhost"
    port: "5672"
    vhost: "/"
    inputQueue: "freeleaps.devops.reconciler.input"
    outputQueue: "freeleaps.devops.reconciler.output"
    enableExchangeBinding: "true"
    inputExchange: "freeleaps.notification.exchange"
    inputExchangeType: "direct"
    inputRoutingKey: "freeleaps.devops.reconciler.input"
    outputExchange: "freeleaps.notification.exchange"
    outputRoutingKey: "freeleaps.devops.reconciler.output"

  # Jenkins Configuration
  jenkins:
    endpoint: "http://localhost:8080"
    apiTimeout: "30s"
    folderCreationRetryCount: "3"

  # ArgoCD Configuration
  argocd:
    endpoint: "http://localhost:8080"
    apiTimeout: "30s"
    resourceCreationTimeout: "300s"

  # Network Resource Management
  networkResources:
    domainTemplate: "{env}.{project_id}.example.com"
    ingressClassName: "nginx"
    certManagerClusterIssuer: "letsencrypt-prod"
    ingressControllerIp: "127.0.0.1"
    dnsCreationTimeout: "300s"
    certificateIssuanceTimeout: "600s"
    ingressReadyTimeout: "300s"
    networkResourceCleanupTimeout: "300s"
    networkResourceRetryCount: "3"
    networkResourceRetryDelay: "30s"

# Secret data
secrets:
  # RabbitMQ credentials
  rabbitmqCredentials:
    username: "admin"
    password: "changeme"

  # Jenkins credentials
  jenkinsCredentials:
    username: "admin"
    token: "changeme"

  # ArgoCD credentials
  argocdCredentials:
    username: "admin"
    password: "changeme"

  # Default Git credentials
  defaultGitCredentials:
    username: "git-user"
    password: "changeme"

  # Default Docker Registry credentials
  defaultDockerRegistryCredentials:
    username: "registry-user"
    password: "changeme"

  # Docker Registry PAT credentials
  dockerRegistryPat:
    username: "pat-user"
    token: "changeme"

  # Azure Key Vault configuration
  azureKeyVault:
    endpoint: "https://your-keyvault.vault.azure.net/"
    clientId: "your-client-id"
    clientSecret: "changeme"
    tenantId: "your-tenant-id"
    subscriptionId: "your-subscription-id"
    resourceGroup: "your-resource-group"
    name: "your-keyvault-name"

  # Azure DNS configuration
  azureDns:
    subscriptionId: "your-subscription-id"
    tenantId: "your-tenant-id"
    clientId: "your-client-id"
    clientSecret: "changeme"
    resourceGroup: "your-resource-group"
    zoneName: "your-zone.com"

# Monitoring
monitoring:
  serviceMonitor:
    enabled: false
    interval: 30s
    scrapeTimeout: 10s
    labels: {}
  grafanaDashboard:
    enabled: false
    labels: {}

# Health checks
healthcheck:
  livenessProbe:
    enabled: true
    httpGet:
      path: /healthz
      port: 8080
    initialDelaySeconds: 30
    periodSeconds: 10
    timeoutSeconds: 5
    failureThreshold: 3
  readinessProbe:
    enabled: true
    httpGet:
      path: /ready
      port: 8080
    initialDelaySeconds: 5
    periodSeconds: 5
    timeoutSeconds: 3
    failureThreshold: 3

# Deployment strategy
strategy:
  type: RollingUpdate
  rollingUpdate:
    maxUnavailable: 1
    maxSurge: 1

# Network Policy
networkPolicy:
  enabled: false
  ingress: []
  egress: []

# CRDs Management
crds:
  install: true
  keep: true