agent:

  replicas: 1
  name: ametnes-cloud-agent
  labels:
    app.kubernetes.io/module: agent
    app.kubernetes.io/instance: ametnes-cloud-agent

  selectorLabels:
    app.kubernetes.io/module: agent
    app.kubernetes.io/instance: ametnes-cloud-agent

  image:
    repository: ametnes/cloud-agent
    pullPolicy: IfNotPresent
    tag: "0.3.4728"

  # imagePullSecrets:
  #   - name: pull-secret

  extraEnvs: []
  extraInitContainers: []
  extraVolumes: []
  extraVolumeMounts: []
  tls:
    trust:
      enabled: false
      # PEM CAs to append to the system bundle (e.g. TLS interception roots). Chart creates a Secret when secret.create is true.
      additionalCAs: []
      # Example (single CA):
      # additionalCAs:
      #   - crt: |
      #       -----BEGIN CERTIFICATE-----
      #       <your-interception-or-root-ca>
      #       -----END CERTIFICATE-----
      # Example (multiple CAs):
      # additionalCAs:
      #   - crt: |
      #       -----BEGIN CERTIFICATE-----
      #       <corporate-root-ca>
      #       -----END CERTIFICATE-----
      #   - crt: |
      #       -----BEGIN CERTIFICATE-----
      #       <corporate-intermediate-ca>
      #       -----END CERTIFICATE-----
      # secret.create: true — build Secret from additionalCAs (default name <release>-tls-trust).
      # secret.create: false + name — use an existing Secret; all keys under that Secret are appended to the bundle.
      secret:
        create: true
        name: ""
      initImage: curlimages/curl:8.11.1
      targetBundlePath: /etc/ssl/certs/ca-certificates.crt
  # clientCertSecret: client-tls
  rbac:
    enabled: true

  serviceAccount:
    # Specifies whether a service account should be created
    create: true
    # Annotations to add to the service account
    annotations: {}
    # The name of the service account to use.
    # If not set and create is true, a name is generated using the fullname template
    name: ametnes-cloud-agent

  config:
    # A location is a essentially a single kubernetes cluster. You need to login into your Ametnes Cloud account
    # and create a location. Then use the location_id here
    location: location_id
    # Endpoint requires clientCertSecret and uses client authentication. clientCertSecret MUST be set
    # You'll need to log into to your Ametnes Cloud account to generate the client certs
    # resource_endpoint: https://api.resources.cloud.ametnes.com
    
    # Endpoint does not use client authentication. clientCertSecret MUST be left out
    resource_endpoint: https://cloud.ametnes.com
    namespace: ametnes-system
    proxy:
      enabled: false
      http: ""
      https: ""
      no_proxy: "127.0.0.1,localhost,.svc,.cluster.local,10.96.0.1,kubernetes.default.svc"

    memcache:
      hosts:
        - system-cache:11211
      session:
        expiry: 86400
      mysql:
        resources:
          data_expiry: 1
          lock_expiry: 1
    
    persistence:
      writeOnceStorageClass:
      writeManyStorageClass:

    worker:
      interval: 5
      attempts: 5

    # tolerations:
    #   - key: ametnes.io/role
    #     operator: Equal
    #     value: Resources
    #     effect: NoSchedule

    # persistence:
      # storageClass: ametnes-resources-efs
      # accessModes:
      #   - ReadWriteMany

    # affinity:
    #   - matchExpressions:
    #     - key: ametnes.io/role
    #       operator: In
    #       values:
    #       - Resources

  podAnnotations: {}

  podSecurityContext:
    runAsNonRoot: true
    runAsUser: 65532
    runAsGroup: 65532
    fsGroup: 65532
    seccompProfile:
      type: RuntimeDefault

  securityContext: {}
  resources:
    limits:
     cpu: 500m
     memory: 512Mi
    requests:
     cpu: 100m
     memory: 128Mi

  autoscaling:
    enabled: true
    minReplicas: 1
    maxReplicas: 100
    targetCPUUtilizationPercentage: 80
    # targetMemoryUtilizationPercentage: 80

  nodeSelector: {}

  tolerations: []

  affinity: {}
  
  networkPolicy:
    enabled: false
    allowExternal: false
    # Allow egress to specific namespaces (empty list means no cross-namespace access)
    allowedNamespaces:
      - name: "default"
        ports:
          - protocol: TCP
            port: 443
    # Allow egress to specific pods in the same namespace (empty list means all pods in same namespace)
    allowedSameNamespacePods: []
    # Kubernetes API server configuration
    kubernetesAPI:
      enabled: true
      # IP address/CIDR of the Kubernetes API server
      serverIP: "10.96.0.1/32"
      # Ports to allow for K8s API server (default: 443)
      ports:
        - protocol: TCP
          port: 443
    # List of external IP addresses/CIDRs to allow egress to
    externalIPs:
      - "8.8.8.8/32"
      - "35.246.98.44/32"
    # Ports to allow for external IPs (default: all ports)
    externalPorts:
      - protocol: TCP
        port: 53
      - protocol: UDP
        port: 53
      - protocol: TCP
        port: 443
      - protocol: TCP
        port: 80

memcached:
  fullnameOverride: system-cache
  image:
    repository: ametnes/memcached
    tag: 1.6.17-debian-11-r9
  metrics:
    image:
      repository: ametnes/memcached-exporter
      tag: 0.15.0-debian-12-r3

nfs-server-provisioner:
  enabled: false
  persistence:
    enabled: true
    size: 20Gi
  storageClass:
    name: sharedfs