# Default values for netscaler-ingress-controller.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

# NetScaler Ingress Controller config details
imageRegistry: quay.io
imageRepository: netscaler/netscaler-k8s-ingress-controller
imageTag: 2.2.10
image: "{{ .Values.imageRegistry }}/{{ .Values.imageRepository }}:{{ .Values.imageTag }}"
pullPolicy: IfNotPresent
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
openshift: false
adcCredentialSecret: "" # K8s Secret Name
# Enable secretStore to implement CSI Secret Provider classes for holding the nslogin credentials
secretStore:
  enabled: false
  username: {}
    #valueFrom:
    #  configMapKeyRef:
    #    name: test1
    #    key: username
  password: {}
    #valueFrom:
    #  configMapKeyRef:
    #    name: test1
    #    key: password
nsIP: ""
nsVIP: ""
nsSNIPS: []
license:
   accept: no
nsPort: 443
nsProtocol: HTTPS
nsEnableLabel: true
# nitroReadTimeout is timeout value in seconds for nitro api read timeout(default is 20)
nitroReadTimeout: 20
logLevel: INFO
jsonLog: false
multiClusterPrefix:
entityPrefix: ""
kubernetesURL: ""
clusterName: ""
ingressClass: []
setAsDefaultIngressClass: False
serviceClass: []
defaultSSLCertSecret: ""
defaultSSLSNICertSecret: ""
podIPsforServiceGroupMembers: False
ignoreNodeExternalIP: False
ipam: False
# API server Cert verification can be disabled, while communicating with API Server, if disableAPIServerCertVerify set to True
disableAPIServerCertVerify: False
logProxy: ""
nodeWatch: false
nsncPbr: False
nodeSelector:
  key: ""
  value: ""
tolerations: []
updateIngressStatus: True
nsHTTP2ServerSide: "OFF"
nsCookieVersion: "0"
nsConfigDnsRec: False
nsSvcLbDnsRec: False
nsDnsNameserver: ""
optimizeEndpointBinding: False
routeLabels: ""
namespaceLabels: ""
disableOpenshiftRoutes: False
profileSslFrontend: {}
  # preconfigured: my_ssl_profile
  #  OR
  # config:
  #   tls13: 'ENABLED'
  #   hsts: 'ENABLED'
profileHttpFrontend: {}
  # preconfigured: my_http_profile
  #  OR
  # config:
  #   dropinvalreqs: 'ENABLED'
  #   websocket: 'ENABLED'
profileTcpFrontend: {}
  # preconfigured: my_tcp_profile
  #  OR
  # config:
  #   sack: 'ENABLED'
  #   nagle: 'ENABLED'

# Exporter config details
exporter:
  required: false
  imageRegistry: quay.io
  imageRepository: netscaler/netscaler-adc-metrics-exporter
  imageTag: 1.4.9
  image: "{{ .Values.exporter.imageRegistry }}/{{ .Values.exporter.imageRepository }}:{{ .Values.exporter.imageTag }}"
  pullPolicy: IfNotPresent
  ports:
    containerPort: 8888
  resources: {}
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #   cpu: 100m
    #   memory: 128Mi
    # requests:
    #   cpu: 100m
    #   memory: 128Mi
  extraVolumeMounts: []
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user.
  #- name: github-key
  #  mountPath: /etc/config/keys/
  #  readOnly: true
  #- name: agent-init-scripts
  #  mountPath: /docker-entrypoint.d/

  serviceMonitorExtraLabels: {}

# Enable RBAC role (so called local role), by default NSIC deployed with ClusterRole.
# below variable to deploy NSIC with RBAC role, only ingress service supported with this config
rbacRole: False

# Config required to be done by NetScaler Ingress Controller for sending metrics to NetScaler Observability Exporter
analyticsConfig:
  required: false
  distributedTracing:
    enable: false
    samplingrate: 100
  endpoint:
    metrics:
      service: ""
    transactions:
      service: ""
  timeseries:
    port: 30002
    metrics:
      enable: false
      mode: 'avro'
      exportFrequency: 30
      schemaFile: schema.json
      enableNativeScrape: false
    auditlogs:
      enable: false
    events:
      enable: false
  transactions:
    enable: false
    port: 30001

nsLbHashAlgo:
  required: false
  hashFingers: 256
  hashAlgorithm: 'DEFAULT'

# Specifies whether a ServiceAccount should be created
serviceAccount:
  create: true
  tokenExpirationSeconds: 31536000
  # The name of the ServiceAccount to use.
  # If not set and `create` is true, a name is generated using the fullname template
  # name:

podAnnotations: {}

resources:
  requests:
    cpu: 32m
    memory: 128Mi
  # Following values depends on no of ingresses configured by Ingress Controllers, so it is
  # advised to test with maximum no of ingresses to set these values.
  # limits:
  #   cpu: 1000m
  #   memory: 1000Mi
  limits: {}
  # Following values depends on no of ingresses configured by Ingress Controllers, so it is
  # advised to test with maximum no of ingresses to set these values.
  # limits:
  #   cpu: 1000m
  #   memory: 1000Mi

affinity: {}

bgpAdvertisement: False
nodeLabels: ""
enableReadinessProbe: True
readinessProbe:
  exec:
    command:
    - cat
    - /tmp/readiness
  initialDelaySeconds: 10
  periodSeconds: 60
  failureThreshold: 3
  successThreshold: 1

enableLivenessProbe: True
livenessProbe:
  exec:
    command:
    - /bin/sh
    - -c
    - |
      FILE_PATH="$LIVENESS_FILE_PATH"
      [ -f "$FILE_PATH" ] && [ $(( $(date +%s) - $(stat -c %Y "$FILE_PATH") )) -lt 60 ] && exit 0 || exit 1
  initialDelaySeconds: 30
  periodSeconds: 60

# to validate the NetScaler certificate set the nsValidateCert to true
# and create the nsCertSecret with the CA Certificate of the NetScaler. 
# Create nsCA.pem file with the CA Certificate of the NetScaler and run the below command.
# kubectl create secret generic nscacert --from-file=nsCA.pem –namespace <namespace>
# provide the secret name nscacert in nsCertSecret
# to use feature run "set hostname <hostname>" on NetScaler
# in hostAlias.ip give the NSIP and hostName as the hostname set on the NetScaler.
# use this hostname in the nsIP field above.
nsValidateCert: false
nsCertSecret:
hostAlias:
  ip:
  hostName:

extraVolumeMounts: []
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user.
  #- name: github-key
  #  mountPath: /etc/config/keys/
  #  readOnly: true
  #- name: agent-init-scripts
  #  mountPath: /docker-entrypoint.d/

extraVolumes: []
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user.
  #- name: agent-init-scripts
  #  configMap:
  #     name: agent-init-scripts
  #     defaultMode: 0755
  #- name: github-key
  #  secret:
  #    secretName: github-key
  #    defaultMode: 0744