# Default values for mirrord-operator-license-server.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

namespace: mirrord

## Whether we should create the namespace or not
createNamespace: false

server:
  image: ghcr.io/metalbear-co/operator

  podAnnotations: {}
  podLabels: {}
  jsonLog: false

  # Sets log level for the license server container.
  #
  # See reference: https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct.EnvFilter.html#directives.
  logLevel: mirrord=info,operator=info

  # imagePullSecrets:
  #   - name: value
  
  ## This should be enough for around 200~ concurrent sessions.
  limits:
    cpu: 200m
    memory: 200Mi

  ## Allow to specify tolerations for license-server deployment
  # tolerations:
  #   - key: "key1"
  #     operator: "Equal"
  #     value: "value1"
  #     effect: "NoSchedule"

  # affinity:
  #   podAntiAffinity:
  #     requiredDuringSchedulingIgnoredDuringExecution:
  #       - topologyKey: kubernetes.io/hostname
  #         labelSelector:
  #           matchLabels:
  #             k8s-app: mirrord

  # nodeSelector:
  #   kubernetes.io/os: linux

  # Port for license-server to listen on.
  # avoid using lower port since it might conflict with security policies.
  port: 8080

license:
  ## ID of a secret from the Google Secrets Manager.
  ##
  ## If provided, the license server will fetch the license file from this secret.
  ##
  ## To access the secret, the license server will use Application Default Credentials.
  ## The easiest way to provide credentials is by allowing the license server's
  ## Kubernetes ServiceAccount to impersonate a GCP service account.
  ## This can be done with `.sa.gcpSa` setting.
  # gsmRef: "projects/PROJECT_ID/secrets/SECRET_NAME/versions/SECRET_VERSION"
  key: ""
  file:
    secret: mirrord-operator-license-server-license
    # data:
    #   license.pem:
  keyRef: ""

service:
  name: mirrord-operator-license-server

  type: ClusterIP
  
  # Allow overriding port of service
  # port: 443

pvc:
  ## Allow to specify a StorageClass for license-server pvc, 
  # storageClassName: ""

  annotations: {}
  labels: {}

  ## This should be enough for about two hundred thousand sessions
  ## NOTE this might need to change this if this value is lower than minimal provisionable size
  requests:
    storage: 1Gi

sa:
  name: mirrord-operator-license-server

  ## GCP service account to impersonate.
  # gcpSa: <iam-sa-name>@<iam-sa-project-id>.iam.gserviceaccount.com

tls:
  secret: mirrord-operator-license-server-tls

  # if certmanager is disabled and no tls.key and tls.crt is set,
  # the operator will generate a self-signed certificate.
  certManager:
    enabled: false
    createIssuer: true

    issuer: mirrord-operator-license-server-issuer
    certificate: mirrord-operator-license-server-tls

  data:
    tls.key: ""
    tls.crt: ""