service:
  port: 5000
  appPort: 8080

image:
  repository: orkesio/orkes-conductor-server
  pullPolicy: IfNotPresent
  livenessPort: 5000

workerImage:
  repository: orkesio/orkes-conductor-workers
  pullPolicy: IfNotPresent

app:
  replicaCount: 3
  env: aws
  s3Region: "us-east-1"
  springProfilesActive: "logrotate,postgres"
  sweepBatchSize: "20"
  schedulerPollingInterval: "50"
  lockTimeToTry: "75"
  documentStoreUploaderThreadCount: "15"
  dbIndexerThreadCount: "5"
  dbIndexerPollingInterval: "1"
  swaggerUrl: "/"
  sweeperThreadCount: "20"
  schedulerPollBatchSize: "10"
  dbIndexerPollBatchSize: "30"
  sweepFrequencyMillis: "1"
  # The max memory should be at least 300M less than pod resource limit
  jvmSettings: "-Xms1500M -Xmx2500M"
  systemTaskMaxPollCount: "20"
  workflowExecutionLockEnabled: "true"
  limits:
    maxWorkflowSizeInMiB: "20"
    maxTaskSizeInKiB: "200"
    maxTaskInWorkflowExecution: "1000"
    maxTaskInWorkflowDefinition: "1000"
  apiRateLimiterEnabled: "true"
  humanTasksEnabled: "false"
  # documentStoreS3BucketName: Required if archiveStoreType = s3
  documentStoreS3BucketName:
  # documentStoreAzureBlobContainerName, documentStoreAzureBlobEndpoint: Required if archiveStoreType = azureblob
  documentStoreAzureBlobContainerName:
  documentStoreAzureBlobEndpoint:
  documentStoreAzureUseSASToken: "false"
  customLogoUrl:
  # postgres, s3, azureblob, gcp
  archiveStoreType: "postgres"
  resources:
    cpuLimit: "3"
    memoryLimit: "3Gi"
    cpuRequests: "2"
    memoryRequests: "2Gi"

# Provide the name of the key vault if you are using key vault for secret management
# Pre-requisite - the Azure SDK used by Conductor expects the host (i.e. pod/container) to be able to access this vault
# by credentials from the environment. Typically, you would use something like Azure Workload Identity
# Read more here: https://aka.ms/azsdk/java/identity/environmentcredential/troubleshoot
azureKeyVaultName:

secrets:
  type: memory
  ssmPath:

workers:
  replicaCount: 2
  accessKeyId:  #  Key ID (random value)
  accessKeySecret:  # Secret (secret value)
  springProfilesActive: "logrotate"
  blockIps: "127.0.0.1"
  # The max memory should be at least 300M less than pod resource limit
  jvmSettings: "-Xms750M -Xmx1500M"
  resources:
    cpuLimit: "2"
    memoryLimit: "2Gi"
    cpuRequests: "1"
    memoryRequests: "1Gi"

redis:
  port: 6379
  ssl: false
  host:
  password:
  dbIndex: 0
  clusterMode: false

postgres:
  username:
  password:
  url:

conductor:
  persistence:
    type: postgres

imageCredentials:
  registry: https://index.docker.io/v1/
  username: orkesdocker
  email: dockeracess@orkes.io
  password:

enableCustomTrustStore: false
# If you are using a custom trust store, provide the following variables
# jksFileName:
# jksFilePassword:

security:
  allowedOrigins: "*"
  enabled: false
  overwriteDefault: true
  createUserOnAuthentication: false
# Please note that the admin user has to login first and create this group
  defaultUserGroupsOnCreate: all_users
  defaultUserEmail:
  defaultUserName:
  # Secret used to sign JWTs. How to generate it? openssl rand -base64 172 | tr -d '\n'
  jwt:
    secret: ""
# Create an account in Auth0, Create a SPA - get the following info.
# clientSecret is only needed if useIdToken: false
#  auth0:
#    useIdToken: true
#    clientSecret:
#    clientId:
#    domain:
#  Get this config from your OIDC Provider
#  oidc:
#    clientId:
#    audience:
#    metadataUrl:
#    emailClaim:
#  okta:
#    clientId:
#    audience:
#    issuer:
#    useInteractionCodeFlow:
#    idpConf: