# Default values for api7ee.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

global:
  # Global image registry to use for all images
  imageRegistry: ""
  # Image pull secrets for all images
  imagePullSecrets: []

# Configuration for the Web component
web:
  enabled: true
  replicaCount: 2

  image:
    registry: gitea.server_url  # Will be replaced with actual Gitea URL
    repository: api7ee/web
    pullPolicy: IfNotPresent
    tag: "main"  # Override with specific version

  service:
    type: ClusterIP
    port: 8000
    targetPort: 8000
    annotations: {}

  resources:
    limits:
      cpu: 500m
      memory: 512Mi
    requests:
      cpu: 250m
      memory: 256Mi

  autoscaling:
    enabled: false
    minReplicas: 2
    maxReplicas: 10
    targetCPUUtilizationPercentage: 80
    targetMemoryUtilizationPercentage: 80

  nodeSelector: {}
  tolerations: []
  affinity: {}

  # Additional environment variables
  env: []

  # Liveness and readiness probes
  livenessProbe:
    httpGet:
      path: /docs
      port: http
    initialDelaySeconds: 30
    periodSeconds: 10

  readinessProbe:
    httpGet:
      path: /docs
      port: http
    initialDelaySeconds: 10
    periodSeconds: 5

# Configuration for the API component
api:
  enabled: true
  replicaCount: 3

  image:
    registry: gitea.server_url  # Will be replaced with actual Gitea URL
    repository: api7ee/api
    pullPolicy: IfNotPresent
    tag: "main"  # Override with specific version

  service:
    type: ClusterIP
    port: 8080
    targetPort: 8080
    annotations: {}

  resources:
    limits:
      cpu: 1000m
      memory: 1Gi
    requests:
      cpu: 500m
      memory: 512Mi

  autoscaling:
    enabled: true
    minReplicas: 3
    maxReplicas: 20
    targetCPUUtilizationPercentage: 70
    targetMemoryUtilizationPercentage: 75

  nodeSelector: {}
  tolerations: []
  affinity: {}

  # Additional environment variables
  env:
    - name: LOG_LEVEL
      value: "info"

  # Liveness and readiness probes
  livenessProbe:
    httpGet:
      path: /health
      port: http
    initialDelaySeconds: 30
    periodSeconds: 10

  readinessProbe:
    httpGet:
      path: /ready
      port: http
    initialDelaySeconds: 10
    periodSeconds: 5

# Ingress configuration
ingress:
  enabled: true
  className: "nginx"
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    cert-manager.io/cluster-issuer: "letsencrypt-prod"

  hosts:
    - host: demo.commandware.it
      paths:
        - path: /
          pathType: Prefix
          service: web  # Routes to web service
        - path: /api
          pathType: Prefix
          service: api  # Routes to API service

  tls:
    - secretName: api7ee-tls
      hosts:
        - demo.commandware.it

# ServiceAccount configuration
serviceAccount:
  create: true
  annotations: {}
  name: ""

# Pod Security Context
podSecurityContext:
  runAsNonRoot: true
  runAsUser: 1000
  fsGroup: 1000

# Security Context for containers
securityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL
  readOnlyRootFilesystem: true
  runAsNonRoot: true
  runAsUser: 1000

# Network Policies
networkPolicy:
  enabled: false
  policyTypes:
    - Ingress
    - Egress
  ingress: []
  egress: []

# Pod Disruption Budget
podDisruptionBudget:
  enabled: true
  minAvailable: 1
  # maxUnavailable: 1

# Monitoring and metrics
metrics:
  enabled: false
  serviceMonitor:
    enabled: false
    interval: 30s
    path: /metrics
    labels: {}

# ConfigMap for shared configuration
configMap:
  data: {}

# Secrets for sensitive data
secrets:
  create: false
  data: {}

# API7 Gateway Configuration
api7:
  enabled: true  # Enable API7 ADC configuration

  # ADC Container settings
  adc:
    image: ghcr.io/api7/adc:latest
    imagePullPolicy: IfNotPresent
    verbose: true
    tlsSkipVerify: false  # Set to true for self-signed certificates

  # API7 Gateway connection
  gateway:
    adminUrl: http://api7-gateway.api7ee.svc.cluster.local:9180
    adminKey: "edd1c9f034335f136f87ad84b625c8f1"  # Change this!
    group: default

  # Backend type (api7ee or apisix)
  backend: api7ee

  # Auto-publish routes after sync
  autoPublish: true

  # Hosts for routing
  hosts:
    - demo.commandware.it

  # TLS/SSL Configuration
  tls:
    enabled: true
    # Option 1: Use cert-manager
    certManager:
      enabled: true
      issuer: letsencrypt-prod  # ClusterIssuer name
      issuerKind: ClusterIssuer  # or Issuer
    # Option 2: Use existing secret
    secretName: ""  # Name of existing TLS secret
    # Option 3: Provide certificates directly (not recommended for production)
    certificate: ""
    key: ""

  # Service Discovery
  serviceDiscovery:
    enabled: true  # Use Kubernetes service discovery
    namespace: ""  # Leave empty to use release namespace

  # API7 Plugins Configuration
  plugins:
    # Rate limiting
    rateLimit:
      enabled: true
      count: 100
      timeWindow: 60
      apiCount: 1000  # Higher limit for API endpoints

    # CORS configuration
    cors:
      enabled: true
      allowOrigins: ["*"]
      allowMethods: ["GET", "POST", "PUT", "DELETE", "OPTIONS", "HEAD", "PATCH"]
      allowHeaders: ["*"]
      exposeHeaders: ["*"]
      maxAge: 3600
      allowCredentials: false

    # Authentication
    auth:
      enabled: false
      header: X-API-Key

    # Prometheus metrics
    prometheus:
      enabled: true

    # Request logging
    logging:
      enabled: false
      endpoint: http://logging-service:8080/logs
      batchMaxSize: 1000
      inactiveTimeout: 5

  # API Consumers (for authentication)
  consumers:
    - username: demo-user
      apiKey: demo-key-12345
    - username: admin
      apiKey: admin-key-67890