## edp-install configuration
## Ref: https://github.com/epam/edp-install
##
##

global:
  # -- EDP version
  version: "3.5.3"
   # -- platform type that can be "kubernetes" or "openshift"
  platform: "kubernetes"
  # -- a cluster DNS wildcard name
  dnsWildCard:
  # -- Can be gerrit, github or gitlab. By default: github
  gitProvider: github
  # -- Gerrit SSH node port
  # gerritSSHPort: "22"
  dockerRegistry:
    # -- Define Image Registry that will to be used in Pipelines. Can be ecr (default), harbor
    type: "ecr"
    # -- Docker Registry endpoint
    url: "<AWS_ACCOUNT_ID>.dkr.ecr.<AWS_REGION>.amazonaws.com"

# -- AWS Region, e.g. "eu-central-1"
awsRegion:

# -- Enable SSO for EDP components. Required keycloak-operator deployment. Default: false
sso:
  enabled: false
  # -- Keycloak URL
  keycloakUrl: https://keycloak.example.com
  # -- Administrators of your tenant
  admins:
    - "stub_user_one@example.com"
  # -- Developers of your tenant
  developers:
    - "stub_user_one@example.com"
    - "stub_user_two@example.com"

argocd:
  # -- Configure Argo CD for EDP platform.
  enabled: false
  # -- Custom secret name for argo-cd keycloak client. Ignored if external secret enabled.
  oidcSecretName:
  # -- @default -- `""` (defaults to https://argocd.{{ .Values.global.dnsWildCard }})
  url:

# Configure External Secrets Operator to provision secrets for Platform and/or EDP
# https://external-secrets.io/latest/provider-aws-secrets-manager/
externalSecrets:
  # -- Configure External Secrets for EDP platform. Deploy SecretStore
  enabled: false
  secretProvider:
    aws:
      # -- Use AWS as a Secret Provider. Can be ParameterStore or SecretsManager
      service: ParameterStore
      # -- IAM Role to be used for Accessing AWS either Parameter Store or Secret Manager. Format: arn:aws:iam::<AWS_ACCOUNT_ID>:role/<AWS_IAM_ROLE_NAME>
      role:
      # -- AWS Region where secrets are stored, e.g. eu-central-1
      region: eu-central-1

  # When installing EDP, three secrets must be created: super-admin-db, db-admin-console, keycloak and kaniko-docker-config
  # see https://epam.github.io/edp-install/operator-guide/install-edp/
  # manageEDPInstallSecrets creates required secrets using ExternalSecretOperator
  # Ensure external secret source is configured properly
  # -- Create necessary secrets for EDP installation, using External Secret Operator
  manageEDPInstallSecrets: true
  # -- Value name in AWS ParameterStore or AWS SecretsManager. Used when manageEDPInstallSecrets is true
  manageEDPInstallSecretsName: /edp/deploy-secrets

annotations: {}

keycloak-operator:
  enabled: false
  # image:
  #   repository: epamedp/keycloak-operator
  #   tag:

codebase-operator:
  enabled: true
  # image:
  #   repository: epamedp/codebase-operator
  #   tag:
  # envs:
  #   - name: RECONCILATION_PERIOD
  #     value: "360"  # The value should be typed in minutes
  #   # Maximum number of parallel reconciliation codebasebranches
  #   - name: CODEBASE_BRANCH_MAX_CONCURRENT_RECONCILES
  #     value: 3
  # jira:
  #   integration: false
  #   name: "jira"
  #   apiUrl: "https://jiraeu-api.example.com"
  #   rootUrl: "https://jiraeu.example.com"
  #   credentialName: "ci-jira"

cd-pipeline-operator:
  enabled: true
  # image:
  #   repository: epamedp/cd-pipeline-operator
  #   tag:
  # -- defines the type of the tenant engine that can be "none", "kiosk" or "capsule"
  tenancyEngine: "none"

nexus-operator:
  enabled: false
  # image:
  #   repository: epamedp/nexus-operator
  #   tag:
  # nexus:
  #   deploy: true
  #   name: "nexus"
  #   image: "sonatype/nexus3"
  #   version:
  #   basePath: ""
  #   imagePullSecrets:
  #   storage:
  #     class: gp2
  #     size: 10Gi

sonar-operator:
  enabled: false
#  image:
#    repository: epamedp/sonar-operator
#    tag:
#  sonar:
#    deploy: true
#    name: "sonar"
#    image: "sonarqube"
#    version:
#    initImage: "busybox"
#    dbImage: "postgres:9.6"
#    storage:
#      data:
#        class: gp2
#        size: 1Gi
#      database:
#        class: gp2
#        size: 1Gi
#     imagePullSecrets:
#     basePath: ""

gerrit-operator:
  enabled: false
  # image:
  #   repository: epamedp/gerrit-operator
  #   tag:
  # gerrit:
  #   deploy: true
  #   name: "gerrit"
  #   image: "openfrontier/gerrit"
  #   version:
  #   imagePullSecrets:
  #   storage:
  #     size: 1Gi
  #     class: gp2

edp-headlamp:
  enabled: true
  config:
    oidc:
      enabled: false
      clientID: "kubernetes"
      clientSecretName: "keycloak-client-headlamp-secret"
      clientSecretKey: "clientSecret"
      issuerRealm: "openshift"
  # image:
  #   repository: epamedp/edp-headlamp
  #   tag:

edp-tekton:
  enabled: true

  dashboard:
    # -- Deploy EDP Dashboard as a part of pipeline library when true. Default: true
    enabled: true

    # -- Make it possible to use openshift as OIDC provider to hide tekton-dashboard.
    # -- Only for openshift deploy scenario,
    # -- For EKS scenario - uncomment dashboard.ingress.annotations block and
    # -- set the value of the oauth2_proxy.enable to true
    # -- More details:
    # -- https://epam.github.io/edp-install/operator-guide/oauth2-proxy/?h=#enable-oauth2-proxy-on-tekton-dashboard
    openshift_proxy:
      # -- Enable oauth-proxy to include authorization layer on tekton-dashboard. Default: flase
      enabled: false

    ingress:
      # -- Annotations for Ingress resource
      annotations: {}
        # -- Uncomment it to enable tekton-dashboard OIDC on EKS cluster
        # nginx.ingress.kubernetes.io/auth-signin='https://<oauth-ingress-host>/oauth2/start?rd=https://$host$request_uri'
        # nginx.ingress.kubernetes.io/auth-url='http://oauth2-proxy.edp.svc.cluster.local:8080/oauth2/auth'


  ctLint:
    # -- This block make possible to modify ct-lint configuration. It setup ct-lint parameters: "--config", "--chart-yaml-schema" and "--lint-conf".
    # -- Config block.
    validateMaintainers: false  # -- true or false

    # -- Chart schema block.
    # -- Example parameters: https://github.com/helm/chart-testing/blob/main/etc/chart_schema.yaml
    # chartSchema: |
    #   name: str()
    #   home: str()
    #   version: str()
    #   type: str()

    # -- Lint-conf block.
    # -- Example parameters: https://github.com/helm/chart-testing/blob/main/etc/lintconf.yaml
    # lintconf: |
    #   ---
    #   rules:
    #     braces:
    #       min-spaces-inside: 0
    #       max-spaces-inside: 0

# Proxy configuration section
oauth2_proxy:
  # oauth2-proxy requires keycloak to be configured properly before deployment
  # you can set enable: true, when your platform is deployed and keycloak is
  # configured.
  # -- Install oauth2-proxy as a part of EDP deployment. Default: false
  enabled: false

  image:
    # -- oauth2-proxy image repository
    repository: quay.io/oauth2-proxy/oauth2-proxy
    # -- oauth2-proxy image tag
    tag: v7.4.0

  # Create a cookie-secret with the following command
  # openssl rand -base64 32 | head -c 32 | base64
  # Use an existing secret for OAuth2 cookie-secret
  existingSecret:
    # -- Secret name which stores cookie-secret
    secretName: oauth2-proxy-cookie-secret
    # -- Secret key which stores cookie-secret
    secretKey: cookie-secret

  extraEnv: []
  extraArgs: {}

  # -- Additional volumes to be added to the oauth2-proxy pod
  extraVolumes: []
  #  - name: custom-ca
  #    secret:
  #      defaultMode: 420
  #      secretName: custom-ca

  # -- Additional volumeMounts to be added to the oauth2-proxy container
  extraVolumeMounts: []
  #  - name: custom-ca
  #    mountPath: /etc/ssl/certs/CA.crt
  #    readOnly: true
  #    subPath: CA.crt

  ingress:
    annotations: {}
    # -- pathType is only for k8s >= 1.1=
    pathType: Prefix
    # -- For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
    # -- See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
    # ingressClassName: nginx
    tls: []
    #  - secretName: chart-example-tls
    #    hosts:
    #      - chart-example.local

# define EDPComponents, more details: https://github.com/epam/edp-component-operator/
EDPComponents: {}
  # - prometheus:
  #     url: https://ingress-prometheus.example.com
  #     visible: true
  #     icon: icon_in_base64
  # - kibana:
  #     url: https://ingress-kibana.example.com
  #     visible: false
  #     icon: icon_in_base64
  # - another_tool:
  #     url: https://ingress-anothertool.example.com
  #     visible: true
  #     icon: icon_in_base64

# -- Array of extra K8s manifests to deploy
extraObjects: []
  # - apiVersion: external-secrets.io/v1beta1
  #   kind: ExternalSecret
  #   metadata:
  #     name: example-secret-1
  #   spec:
  #     data:
  #       - remoteRef:
  #           key: /edp/deploy-secrets
  #           property: example-secret-1.username
  #         secretKey: username
  #       - remoteRef:
  #           key: /edp/deploy-secrets
  #           property: example-secret-1.password
  #         secretKey: password
  #     secretStoreRef:
  #       kind: SecretStore
  #       name: example-parameterstore
  # - |
  #       apiVersion: external-secrets.io/v1beta1
  #       kind: ExternalSecret
  #       metadata:
  #         name: example-secret-2
  #       spec:
  #         data:
  #           - remoteRef:
  #               key: /edp/deploy-secrets
  #               property: example-secret-2.username
  #             secretKey: username
  #           - remoteRef:
  #               key: /edp/deploy-secrets
  #               property: example-secret-2.password
  #             secretKey: password
  #         secretStoreRef:
  #           kind: SecretStore
  #           name: example-parameterstore