# Default values for ako.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

featureGates:
  GatewayAPI: true # Enables/disables processing of Kubernetes Gateway API CRDs.
  EnablePrometheus: false # Enable/Disable prometheus scraping for AKO container
  EnableEndpointSlice: true #Enable/Disable endpoint slices in AKO (kubernetes version GA >= 1.21)


replicaCount: 1

image:
  repository:  projects.packages.broadcom.com/ako/ako
  pullPolicy: IfNotPresent

GatewayAPI:
  image:
    repository:  projects.packages.broadcom.com/ako/ako-gateway-api
    pullPolicy: IfNotPresent

### This section outlines the generic AKO settings
AKOSettings:
  primaryInstance: true # Defines AKO instance is primary or not. Value `true` indicates that AKO instance is primary. In a multiple AKO deployment in a cluster, only one AKO instance should be primary. Default value: true.
  enableEvents: 'true' # Enables/disables Event broadcasting via AKO 
  logLevel: WARN   # enum: INFO|DEBUG|WARN|ERROR
  fullSyncFrequency: '1800' # This frequency controls how often AKO polls the Avi controller to update itself with cloud configurations.
  apiServerPort: 8080 # Internal port for AKO's API server for the liveness probe of the AKO pod default=8080
  deleteConfig: 'false' # Has to be set to true in configmap if user wants to delete AKO created objects from AVI 
  disableStaticRouteSync: 'false' # If the POD networks are reachable from the Avi SE, set this knob to true.
  clusterName: chrisblog   # A unique identifier for the kubernetes cluster, that helps distinguish the objects for this cluster in the avi controller. // MUST-EDIT
  cniPlugin: 'antrea' # Set the string if your CNI is calico or openshift. enum: calico|canal|flannel|openshift|antrea|ncp
  enableEVH: true # This enables the Enhanced Virtual Hosting Model in Avi Controller for the Virtual Services
  layer7Only: false # If this flag is switched on, then AKO will only do layer 7 loadbalancing.
  # NamespaceSelector contains label key and value used for namespacemigration
  # Same label has to be present on namespace/s which needs migration/sync to AKO
  namespaceSelector:
    labelKey: ''
    labelValue: ''
  servicesAPI: false # Flag that enables AKO in services API mode: https://kubernetes-sigs.github.io/service-apis/. Currently implemented only for L4. This flag uses the upstream GA APIs which are not backward compatible 
                     # with the advancedL4 APIs which uses a fork and a version of v1alpha1pre1 
  vipPerNamespace: 'false' # Enabling this flag would tell AKO to create Parent VS per Namespace in EVH mode
  istioEnabled: true 
  # This is the list of system namespaces from which AKO will not listen any Kubernetes or Openshift object event.
  blockedNamespaceList: []
  #blockedNamespaceList:
  #   - kube-system 
  #   - kube-public
  #   - tanzu-system-registry
  ipFamily: 'V4' # This flag can take values V4 or V6 (default V4)
  useDefaultSecretsOnly: "false" # If this flag is set to true, AKO will only handle default secrets from the namespace where AKO is installed.
                                 # This flag is applicable only to Openshift clusters.
  vpcMode: true 


### This section outlines the network settings for virtualservices. 
NetworkSettings:
  ## This list of network and cidrs are used in pool placement network for vcenter cloud.
  ## Node Network details are not needed when in nodeport mode / static routes are disabled / non vcenter clouds.
  nodeNetworkList: []
  # nodeNetworkList:
  #   - networkName: "tenant1-se"
  #     cidrs:
  #       - 192.168.31.0/24
  enableRHI: false # This is a cluster wide setting for BGP peering.
  nsxtT1LR: '/orgs/default/projects/b3cf7140-ee60-4c57-afb5-e8941db4d252/vpcs/vpc-sfum' # T1 Logical Segment mapping for backend network. Only applies to NSX-T cloud.
  bgpPeerLabels: [] # Select BGP peers using bgpPeerLabels, for selective VsVip advertisement.
  # bgpPeerLabels:
  #   - peer1
  #   - peer2
  vipNetworkList: [] # Network information of the VIP network. Multiple networks allowed only for AWS Cloud.
    #vipNetworkList:
    #- networkName: vip-network
    #  cidr: 192.168.32.0/24
  #    v6cidr: 2002::1234:abcd:ffff:c0a8:101/64

### This section outlines all the knobs  used to control Layer 7 loadbalancing settings in AKO.
L7Settings:
  defaultIngController: 'false'
  noPGForSNI: false # Switching this knob to true, will get rid of poolgroups from SNI VSes. Do not use this flag, if you don't want http caching. This will be deprecated once the controller support caching on PGs.
  serviceType: NodePortLocal # enum NodePort|ClusterIP|NodePortLocal
  shardVSSize: SMALL   # Use this to control the layer 7 VS numbers. This applies to both secure/insecure VSes but does not apply for passthrough. ENUMs: LARGE, MEDIUM, SMALL, DEDICATED
  passthroughShardSize: SMALL   # Control the passthrough virtualservice numbers using this ENUM. ENUMs: LARGE, MEDIUM, SMALL
  enableMCI: 'false' # Enabling this flag would tell AKO to start processing multi-cluster ingress objects.
  fqdnReusePolicy: "InterNamespaceAllowed" # Use this to control whether AKO allows cross-namespace usage of FQDNs. enum Strict|InterNamespaceAllowed

### This section outlines all the knobs  used to control Layer 4 loadbalancing settings in AKO.
L4Settings:
  defaultDomain: '' # If multiple sub-domains are configured in the cloud, use this knob to set the default sub-domain to use for L4 VSes.
  autoFQDN: default   # ENUM: default(<svc>.<ns>.<subdomain>), flat (<svc>-<ns>.<subdomain>), "disabled" If the value is disabled then the FQDN generation is disabled.

### This section outlines settings on the Avi controller that affects AKO's functionality.
ControllerSettings:
  serviceEngineGroupName: Default-Group   # Name of the ServiceEngine Group.
  controllerVersion: '31.1.2' # The controller API version
  cloudName: sfo-w01-nsx01   # The configured cloud name on the Avi controller.
  controllerHost: '10.11.10.151' # IP address or Hostname of Avi Controller
  tenantName: b3cf7140-ee60-4c57-afb5-e8941db4d252 # Name of the tenant where all the AKO objects will be created in AVI.
  vrfName: "" # Name of the VRFContext. All Avi objects will be under this VRF. Applicable only in Vcenter Cloud.

nodePortSelector: # Only applicable if serviceType is NodePort
  key: ''
  value: ''

resources:
  limits:
    cpu: 350m
    memory: 400Mi
  requests:
    cpu: 200m
    memory: 300Mi

podSecurityContext: {}

rbac:
  # Creates the pod security policy if set to true
  pspEnable: false


avicredentials:
  username: 'admin'
  password: 'VMw@re1!VMw@re1!'
  authtoken:
  certificateAuthorityData:


persistentVolumeClaim: ''
mountPath: /log
logFile: avi.log

# values for dependency chart ako-crd-operator
ako-crd-operator:
 # enabled by default
  enabled: true

  controllerManager:
    container:
      image:
        repository: projects.packages.broadcom.com/ako/ako-crd-operator        
        imagePullPolicy: IfNotPresent
        pullSecrets: []
      resources:
        limits:
          cpu: 256m
          memory: 128Mi
        requests:
          cpu: 128m
          memory: 64Mi
      mountPath: "/log"
      logFile: "ako-crd-operator.log"
    persistentVolumeClaim: "" # this persistentVolumeClaim should be different from one in AKO. It can be same based on ReadMode of PVC only.