apiVersion: v1
kind: ConfigMap
metadata:
  name: obs-gateway-config
  namespace: openchoreo-data-plane
data:
  values.yaml: |
    gateway:
      config:
        controller:
          server:
            api_port: 9090
            xds_port: 18000
            shutdown_timeout: 15s
            gateway_id: "platform-gateway-id"
          policy_server:
            port: 18001
            tls:
              enabled: false
          storage:
            type: sqlite
            sqlite:
              path: ./data/gateway.db
          logging:
            level: info
            format: json
        router:
          gateway_host: "*"
          listener_port: 22893
          https_enabled: true
          https_port: 22894
          access_logs:
            enabled: true
            format: json
          policy_engine:
            mode: uds
            timeout_ms: 60000
            failure_mode_allow: false
            route_cache_action: RETAIN
            allow_mode_override: true
            message_timeout_ms: 60000
            tls:
              enabled: false
          logging:
            level: info
            format: json
        policy_engine:
          server:
            extproc_port: 9001
          admin:
            enabled: true
            port: 9002
          config_mode:
            mode: xds
          xds:
            connect_timeout: 10s
            request_timeout: 5s
            initial_reconnect_delay: 1s
            max_reconnect_delay: 60s
            tls:
              enabled: false
          logging:
            level: info
            format: json
        policy_configurations:
          jwtauth_v0:
            keymanagers:
            - name: agent-manager-service
              issuer: agent-manager-service
              jwks:
                remote:
                  uri: http://amp-api.wso2-amp.svc.cluster.local:9000/auth/external/jwks.json
                  skipTlsVerify: true
            - name: ThunderKeyManager
              issuer: http://thunder.amp.localhost:8080
              jwks:
                remote:
                  uri: http://amp-thunder-extension-service.amp-thunder:8090/oauth2/jwks
                  skipTlsVerify: true
            headername: x-amp-api-key
            authheaderscheme: ""
            onfailurestatuscode: 401
            errormessageformat: json
            errormessage: "Authentication failed"
            leeway: 30s
            allowedalgorithms:
              - RS256
              - ES256
            jwkscachettl: 5m
            jwksfetchtimeout: 5s
            jwksfetchretrycount: 3
            jwksfetchretryinterval: 2s
            validateissuer: true

      controller:
        image:
          repository: ghcr.io/wso2/api-platform/gateway-controller
          tag: "0.9.0"
          pullPolicy: Always
        controlPlane:
          host: host.docker.internal
          port: 8443
          token:
            value: ""
            secretName: ""
            key: token
        tls:
          enabled: true
          certificateProvider: cert-manager
          certManager:
            createIssuer: true
        storage:
          type: sqlite
          sqlitePath: ./data/gateway.db
        persistence:
          enabled: true
          size: 100Mi
        logging:
          level: info

      gatewayRuntime:
        image:
          repository: ghcr.io/wso2/api-platform/gateway-runtime
          tag: "0.9.0"
          pullPolicy: Always
        service:
          type: LoadBalancer
          ports:
            http: 22893
            https: 22894
            envoyAdmin: 9901
            policyEngineAdmin: 9002
            policyEngineMetrics: 9003