# Default values for hvs

nameOverride: "" # The name for HVS chart<br> (Default: `.Chart.Name`)
controlPlaneHostname: <user input> # K8s control plane IP/Hostname<br> (**REQUIRED**)

# Warning: Ensure that the naming is applied consistently for all dependent services when modifying nameOverride
# TODO: Services should be be able to be deployed in different namespaces
dependentServices: # The dependent Service Name for deploying  HVS chart, default is the chart name and override is from nameOverride value.
  cms: cms
  aas: aas

config:
  envVarPrefix: HVS
  dbPort: 5432 # PostgreSQL DB port
  dbSSL: on # PostgreSQL DB SSL<br> (Allowed Values: `on`/`off`)
  dbSSLCert: /etc/postgresql/secrets/server.crt # PostgreSQL DB SSL Cert
  dbSSLKey: /etc/postgresql/secrets/server.key  # PostgreSQL DB SSL Key
  dbSSLCiphers: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256 # PostgreSQL DB SSL Ciphers
  dbListenAddresses: "*" # PostgreSQL DB Listen Address
  dbName: hvsdb # HVS DB Name
  dbSSLMode: verify-full # PostgreSQL DB SSL Mode
  dbhostSSLPodRange: 10.1.0.0/8 # PostgreSQL DB Host Address(IP address/subnet-mask). IP range varies for different k8s network plugins(Ex: Flannel - 10.1.0.0/8 (default), Calico - 192.168.0.0/16).
  requireEKCertForHostProvision: <user input> # If set to true, worker node EK certificate should be registered in HVS DB, for AIK provisioning step of TA. (Allowed values: `true`\`false`)
  verifyQuoteForHostRegistration: <user input> # If set to true, when the worker node is being registered to HVS, quote verification will be done. Default value is false. (Allowed values: `true`\`false`)
  nats:
    enabled: false # Enable/Disable NATS mode<br> (Allowed values: `true`\`false`)
    servers: ""  # NATS Server IP/Hostname  
    serviceMode: "" # The model for TA<br> (Allowed values: `outbound`)

# The values provided for serviceUsername and servicePassword here should be same as that of provided for aas.hvs.secret.serviceUsername and aas.hvs.secret.servicePassword in values.yaml file for aas-manager chart
secret:
  dbUsername:  # DB Username for HVS DB
  dbPassword:  # DB Password for HVS DB
  serviceUsername:  # Admin Username for HVS
  servicePassword:  # Admin Password for HVS

image:
  db:
    registry: dockerhub.io # The image registry where PostgreSQL image is pulled from
    name: postgres:11.7 # The image name of PostgreSQL
    pullPolicy: Always # The pull policy for pulling from container registry for PostgreSQL image
  svc:
    name: <user input> # The image name with which HVS image is pushed to registry<br> (**REQUIRED**)
    pullPolicy: Always # The pull policy for pulling from container registry for HVS<br> (Allowed values: `Always`/`IfNotPresent`)
    imagePullSecret:  # The image pull secret for authenticating with image registry, can be left empty if image registry does not require authentication

storage:
  nfs:
    server: <user input> # The NFS Server IP/Hostname<br> (**REQUIRED**)
    reclaimPolicy: Retain # The reclaim policy for NFS<br> (Allowed values: `Retain`/)
    accessModes: ReadWriteMany # The access modes for NFS<br> (Allowed values: `ReadWriteMany`)
    path: /mnt/nfs_share # The path for storing persistent data on NFS
    dbSize: 5Gi # The DB size for storing DB data for HVS in NFS path
    configSize: 10Mi # The configuration size for storing config for HVS in NFS path
    logsSize: 1Gi # The logs size for storing logs for HVS in NFS path
    baseSize: 6.1Gi # The base volume size (configSize + logSize + dbSize)

securityContext:
  hvsdbInit: # The fsGroup id for init containers for HVS DB
    fsGroup: 2000
  hvsdb: # The security content for HVS DB Service Pod
    runAsUser: 1001
    runAsGroup: 1001
  hvsInit: # The fsGroup id for init containers for HVS
    fsGroup: 1001
  hvs: # The security content for HVS Pod
    runAsUser: 1001
    runAsGroup: 1001
    capabilities:
      drop:
        - all
    allowPrivilegeEscalation: false

service:
  directoryName: hvs
  cms:
    containerPort: 8445 # The containerPort on which CMS can listen
  aas: 
    containerPort: 8444 # The containerPort on which AAS can listen
    port: 30444 # The externally exposed NodePort on which AAS can listen to external traffic
  hvsdb:
    containerPort: 5432 # The containerPort on which HVS DB can listen 
  hvs:
    containerPort: 8443 # The containerPort on which HVS can listen 
    port: 30443 # The externally exposed NodePort on which HVS can listen to external traffic
  ingress:
    enable: false # Accept true or false to notify ingress rules are enable or disabled