codefresh/values.yaml

# -- Credentials for Image Pull Secret object
imageCredentials: {}
# Pass sa.json (as a single line). Obtain GCR Service Account JSON (sa.json) at support@codefresh.io
# E.g.:
# imageCredentials:
#   registry: us-docker.pkg.dev
#   username: _json_key
#   password: '{ "type": "service_account", "project_id": "codefresh-enterprise", "private_key_id": ... }'

# -- Job to generate internal runtime secrets. Required at first install.
# @default -- See below
gencerts:
  enabled: true
  image:
    registry: quay.io
    repository: codefresh/kubectl
    tag: 1.31.2
  rbac:
    enabled: true
  ttlSecondsAfterFinished: 300
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  resources: {}
  tolerations: []

# -- Seed jobs
# @default -- See below
seed:
  # -- Enable all seed jobs
  enabled: true
  # -- Mongo Seed Job. Required at first install. Seeds the required data (default idp/user/account), creates cfuser and required databases.
  # @default -- See below
  mongoSeedJob:
    enabled: true
    image:
      registry: quay.io
      repository: codefresh/mongosh
      tag: 2.3.7
    # -- Root user in plain text (required ONLY for seed job!).
    mongodbRootUser: "root"
    # -- Root user from existing secret
    mongodbRootUserSecretKeyRef: {}
    # E.g.
    # mongodbRootUserSecretKeyRef:
    #   name: my-secret
    #   key: mongodb-root-user

    # -- Root password in plain text (required ONLY for seed job!).
    mongodbRootPassword: "XT9nmM8dZD"
    # -- Root password from existing secret
    mongodbRootPasswordSecretKeyRef: {}
    # E.g.
    # mongodbRootPasswordSecretKeyRef:
    #   name: my-secret
    #   key: mongodb-root-password

  # -- Postgres Seed Job. Required at first install. Creates required user and databases.
  # @default -- See below
  postgresSeedJob:
    enabled: true
    image:
      registry: quay.io
      repository: codefresh/postgresql
      tag: 13
    # -- (optional) "postgres" admin user in plain text (required ONLY for seed job!)
    # Must be a privileged user allowed to create databases and grant roles.
    # If omitted, username and password from `.Values.global.postgresUser/postgresPassword` will be used.
    postgresUser: ""
    # -- (optional) "postgres" admin user from exising secret
    postgresUserSecretKeyRef: {}
    # E.g.
    # postgresUserSecretKeyRef:
    #   name: my-secret
    #   key: postgres-user

    # -- (optional) Password for "postgres" admin user (required ONLY for seed job!)
    postgresPassword: ""
    # -- (optional) Password for "postgres" admin user from existing secret
    postgresPasswordSecretKeyRef: {}
    # E.g.
    # postgresPasswordSecretKeyRef:
    #   name: my-secret
    #   key: postgres-password

  ttlSecondsAfterFinished: 300
  backoffLimit: 10
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  resources: {}
  tolerations: []

# -- Ingress
ingress:
  # -- Enable the Ingress
  enabled: true
  # -- Set the ingressClass that is used for the ingress.
  # Default `nginx-codefresh` is created from `ingress-nginx` controller subchart
  ingressClassName: nginx-codefresh
  # -- Override Ingress resource name
  nameOverride: ""
  tls:
    # -- Enable TLS
    enabled: false
    # -- Default secret name to be created with provided `cert` and `key` below
    secretName: "star.codefresh.io"
    # -- Certificate (base64 encoded)
    cert: ""
    # -- Private key (base64 encoded)
    key: ""
    # -- Existing `kubernetes.io/tls` type secret with TLS certificates (keys: `tls.crt`, `tls.key`)
    existingSecret: ""
  # -- Default services and corresponding paths
  # @default -- See below
  services:
    internal-gateway:
      - /
  # -- Set annotations for ingress.
  # @default -- See below
  annotations:
    nginx.ingress.kubernetes.io/service-upstream: "true"
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.org/redirect-to-https: "false"

# -- Global parameters
# @default -- See below
global:
  # -- Application root url. Will be used in Ingress objects as hostname
  appUrl: onprem.codefresh.local
  # -- Application protocol.
  appProtocol: https

  # -- Firebase URL for logs streaming in plain text
  firebaseUrl: "https://codefresh-on-prem.firebaseio.com/on-prem"
  # -- Firebase URL for logs streaming from existing secret
  firebaseUrlSecretKeyRef: {}
  # E.g.
  # firebaseUrlSecretKeyRef:
  #   name: my-secret
  #   key: firebase-url

  # -- Firebase Secret in plain text
  firebaseSecret: ""
  # -- Firebase Secret from existing secret
  firebaseSecretSecretKeyRef: {}
  # E.g.
  # firebaseSecretSecretKeyRef:
  #   name: my-secret
  #   key: firebase-secret

  # -- Global Docker image registry
  imageRegistry: ""

  # -- Global Docker registry secret names as array
  imagePullSecrets:
    - 'codefresh-registry'

  # -- Global StorageClass for Persistent Volume(s)
  storageClass: ""

  # -- Global Env vars
  env: {}

  # -- Global tolerations constraints
  # Apply toleratons to all Codefresh subcharts. Will not be applied on Bitnami subcharts.
  tolerations: []

  # -- Global affinity constraints
  # Apply affinity to all Codefresh subcharts. Will not be applied on Bitnami subcharts.
  affinity: {}

  # -- Global nodeSelector constraints
  # Apply nodeSelector to all Codefresh subcharts. Will not be applied on Bitnami subcharts.
  nodeSelector: {}

  # -- New Relic Key
  newrelicLicenseKey: ""

  # -- Definitions for internal-gateway nginx resolver
  dnsService: kube-dns
  dnsNamespace: kube-system
  clusterDomain: cluster.local

#--------
# OIDC Provider
#--------
  # -- Default OIDC Provider service name (Provider URL).
  oidcProviderService: ""
  # -- Default OIDC Provider service port.
  oidcProviderPort: 443
  # -- Default OIDC Provider service protocol.
  oidcProviderProtocol: "https"
  # -- Default OIDC Provider service token endpoint.
  oidcProviderTokenEndpoint: "/token"
  # -- Default OIDC Provider service client ID in plain text.
  oidcProviderClientId: null
  # -- Default OIDC Provider service client secret in plain text.
  oidcProviderClientSecret: null

#--------
# MongoDB
#--------
  # -- LEGACY (but still supported) - Use `.global.mongodbProtocol` + `.global.mongodbUser/mongodbUserSecretKeyRef` + `.global.mongodbPassword/mongodbPasswordSecretKeyRef` + `.global.mongodbHost/mongodbHostSecretKeyRef` + `.global.mongodbOptions` instead
  # Default MongoDB URI. Will be used by ALL services to communicate with MongoDB.
  # Ref: https://www.mongodb.com/docs/manual/reference/connection-string/
  # Note! `defaultauthdb` is omitted on purpose (i.e. mongodb://.../[defaultauthdb]).
  mongoURI: ""
  # E.g.
  # mongoURI: "mongodb://cfuser:mTiXcU2wafr9@cf-mongodb:27017/"

  # -- Set mongodb protocol (`mongodb` / `mongodb+srv`)
  mongodbProtocol: mongodb
  # -- Set mongodb user in plain text
  mongodbUser: "cfuser"
  # -- Set mongodb user from existing secret
  mongodbUserSecretKeyRef: {}
  # E.g.
  # mongodbUserSecretKeyRef:
  #   name: my-secret
  #   key: mongodb-user

  # -- Set mongodb password in plain text
  mongodbPassword: "mTiXcU2wafr9"
  # -- Set mongodb password from existing secret
  mongodbPasswordSecretKeyRef: {}
  # E.g.
  # mongodbPasswordSecretKeyRef:
  #   name: my-secret
  #   key: mongodb-password

  # -- Set mongodb host in plain text
  mongodbHost: "cf-mongodb"
  # -- Set mongodb host from existing secret
  mongodbHostSecretKeyRef: {}
  # E.g.
  # mongodbHostSecretKeyRef:
  #   name: my-secret
  #   key: mongodb-host

  # -- Set mongodb connection string options
  # Ref: https://www.mongodb.com/docs/manual/reference/connection-string/#connection-string-options
  mongodbOptions: "retryWrites=true"
  # -- Default MongoDB database name. Don't change!
  mongodbDatabase: codefresh

#-----------
# Postgresql
#-----------
  # -- Set postgres user in plain text
  postgresUser: postgres
  # -- Set postgres user from existing secret
  postgresUserSecretKeyRef: {}
  # E.g.
  # postgresUserSecretKeyRef:
  #   name: my-secret
  #   key: postgres-user

  # -- Set postgres password in plain text
  postgresPassword: eC9arYka4ZbH
  # -- Set postgres password from existing secret
  postgresPasswordSecretKeyRef: {}
  # E.g.
  # postgresPasswordSecretKeyRef:
  #   name: my-secret
  #   key: postgres-password

  # -- Set postgres service address in plain text. Takes precedence over `global.postgresService`!
  postgresHostname: ""
  # -- Set postgres service from existing secret
  postgresHostnameSecretKeyRef: {}
  # E.g.
  # postgresHostnameSecretKeyRef:
  #   name: my-secret
  #   key: postgres-hostname

  # -- Set postgres port number
  postgresPort: 5432
  # -- Set postgres database name
  postgresDatabase: codefresh
  # -- Default internal postgresql service address from bitnami/postgresql subchart
  postgresService: postgresql

#---------
# RabbitMQ
#---------
  # -- Set rabbitmq protocol (`amqp/amqps`)
  rabbitmqProtocol: amqp
  # -- Set rabbitmq username in plain text
  rabbitmqUsername: user
  # -- Set rabbitmq username from existing secret
  rabbitmqUsernameSecretKeyRef: {}
  # E.g.
  # rabbitmqUsernameSecretKeyRef:
  #   name: my-secret
  #   key: rabbitmq-username

  # -- Set rabbitmq password in plain text
  rabbitmqPassword: cVz9ZdJKYm7u
  # -- Set rabbitmq password from existing secret
  rabbitmqPasswordSecretKeyRef: {}
  # E.g.
  # rabbitmqPasswordSecretKeyRef:
  #   name: my-secret
  #   key: rabbitmq-password

  # -- Set rabbitmq service address in plain text. Takes precedence over `global.rabbitService`!
  rabbitmqHostname: ""
  # -- Set rabbitmq service address from existing secret.
  rabbitmqHostnameSecretKeyRef: {}
  # E.g.
  # rabbitmqHostnameSecretKeyRef:
  #   name: my-secret
  #   key: rabbitmq-hostname

  # -- Default internal rabbitmq service address from bitnami/rabbitmq subchart.
  rabbitService: rabbitmq:5672

#------
# Redis
#------
  # -- Set redis password in plain text
  redisPassword: hoC9szf7NtrU
  # -- Set redis service port
  redisPort: 6379
  # -- Set redis password from existing secret
  redisPasswordSecretKeyRef: {}
  # E.g.
  # redisPasswordSecretKeyRef:
  #   name: my-secret
  #   key: redis-password

  # -- Set redis hostname in plain text. Takes precedence over `global.redisService`!
  redisUrl: ""
  # -- Set redis hostname from existing secret.
  redisUrlSecretKeyRef: {}
  # E.g.
  # redisUrlSecretKeyRef:
  #   name: my-secret
  #   key: redis-url

  # -- Default internal redis service address from bitnami/redis subchart
  redisService: redis-master

#----------------------------------
# Codefresh services. Don't change!
#----------------------------------
  # -- Default API service name.
  cfapiService: cfapi
  # -- Default API service port.
  cfapiInternalPort: 3000
  # -- Default API endpoints service name
  cfapiEndpointsService: cfapi
  # -- Default builder service name.
  builderService: builder
  # -- Default runner service name.
  runnerService: runner
  # -- Default tls-sign service name.
  tlsSignService: cfsign
  # -- Default tls-sign service port.
  tlsSignPort: 4999
  # -- Default nats service name.
  natsService: nats
  # -- Default nats service port.
  natsPort: 4222
  # -- Default Consul service name.
  consulService: consul-headless
  # -- Default Consul service port.
  consulHttpPort: 8500
  # -- Default cluster-providers service name.
  clusterProvidersService: cluster-providers
  # -- Default cluster-providers service port.
  clusterProvidersPort: 9000
  # -- Default kube-integration service name.
  kubeIntegrationService: kube-integration
  # -- Default kube-integration service port.
  kubeIntegrationPort: 9000
  # -- Default charts-manager service name.
  chartsManagerService: charts-manager
  # -- Default chart-manager service port.
  chartsManagerPort: 9000
  # -- Default context-manager service name.
  contextManagerService: context-manager
  # -- Default context-manager service port.
  contextManagerPort: 9000
  # -- Default pipeline-manager service name.
  pipelineManagerService: pipeline-manager
  # -- Default pipeline-manager service port.
  pipelineManagerPort: 9000
  # -- Default gitops-dashboarad-manager service name.
  gitopsDashboardManagerService: gitops-dashboard-manager
  # -- Default gitops-dashboarad-manager service port.
  gitopsDashboardManagerPort: 9000
  # -- Default gitops-dashboarad-manager db collection.
  gitopsDashboardManagerDatabase: pipeline-manager
  # -- Default runtime-environment-manager service name.
  runtimeEnvironmentManagerService: runtime-environment-manager
  # -- Default runtime-environment-manager service port.
  runtimeEnvironmentManagerPort: 80
  # -- Default helm-repo-manager service name.
  helmRepoManagerService: helm-repo-manager
  # -- Default hermes service name.
  hermesService: hermes
  # -- Default broadcaster service name.
  broadcasterService: cf-broadcaster
  # -- Default broadcaster service port.
  broadcasterPort: 80
  # -- Default k8s-monitor service name.
  cfk8smonitorService: k8s-monitor
  # -- Default platform-analytics service name.
  platformAnalyticsService: platform-analytics
  # -- Default platform-analytics service port.
  platformAnalyticsPort: 80

  # -- LEGACY - Keep as is!
  # Used for subcharts to access external secrets and configmaps.
  codefresh: codefresh
  onprem: true
  gceProject: ""
  stepsCatalogOnPremise: "1"

  # -- DEPRECATED
  # Use `.Values.seed.mongoSeedJob` instead.
  mongodbRootUser: ""
  # Use `.Values.seed.mongoSeedJob` instead.
  mongodbRootPassword: ""
  # Use `.Values.seed.postgresSeedJob` instead
  postgresSeedJob: {}

  # -- Bitnami
  security:
    allowInsecureImages: true

# -- Pre/post-upgrade Job hooks.
# Updates images in `system/default` runtime.
# @default -- See below
hooks:
  enabled: true
  image:
    registry: quay.io
    repository: codefresh/mongosh
    tag: 2.3.7
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  resources: {}
  tolerations: []

# -- Maintenance postgresql clean job.
# Removes a certain number of the last records in the event store table.
# @default -- See below
postgresqlCleanJob:
  enabled: true
  image:
    registry: quay.io
    repository: codefresh/postgresql
    tag: 13
  schedule:  "0 0 * * *"
  successfulJobsHistoryLimit: 1
  failedJobsHistoryLimit: 1
  backoffLimit: 0
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  resources: {}
  tolerations: []

# -- runtimeImages
# @default -- See below
runtimeImages:
  COMPOSE_IMAGE: quay.io/codefresh/compose:v2.32.2-1.5.2
  CONTAINER_LOGGER_IMAGE: quay.io/codefresh/cf-container-logger:1.12.2
  DIND_IMAGE: quay.io/codefresh/dind:26.1.4-1.28.8
  DOCKER_BUILDER_IMAGE: quay.io/codefresh/cf-docker-builder:1.4.3
  DOCKER_PULLER_IMAGE: quay.io/codefresh/cf-docker-puller:8.0.18
  DOCKER_PUSHER_IMAGE: quay.io/codefresh/cf-docker-pusher:6.0.16
  DOCKER_TAG_PUSHER_IMAGE: quay.io/codefresh/cf-docker-tag-pusher:1.3.15
  ENGINE_IMAGE: quay.io/codefresh/engine:1.177.5
  FS_OPS_IMAGE: quay.io/codefresh/fs-ops:1.2.8
  GIT_CLONE_IMAGE: quay.io/codefresh/cf-git-cloner:10.2.0
  KUBE_DEPLOY: quay.io/codefresh/cf-deploy-kubernetes:16.2.6
  PIPELINE_DEBUGGER_IMAGE: quay.io/codefresh/cf-debugger:1.3.7
  TEMPLATE_ENGINE: quay.io/codefresh/pikolo:0.14.2
  CR_6177_FIXER: docker.io/library/alpine:3.21
  GC_BUILDER_IMAGE: docker.io/library/alpine:3.21

#--------------------
# Codefresh subcharts
#--------------------

# -- cf-api
cfapi: &cf-api
  # -- Enable cf-api
  enabled: true
  # -- Controller configuration
  controller:
    # -- Replicas number
    replicas: 2
  # -- Container configuration
  container:
    # -- Image
    image:
      # -- Registry prefix
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      # -- Repository
      repository: codefresh/cf-api
    # -- Env vars
    # @default -- See below
    env:
      AUDIT_AUTO_CREATE_DB: true
      GITHUB_API_PATH_PREFIX: /api/v3
      LOGGER_LEVEL: debug
      ON_PREMISE: true
      RUNTIME_MONGO_DB: codefresh
      RUNTIME_REDIS_DB: 0
      OIDC_PROVIDER_URI: '{{ .Values.global.oidcProviderService }}'
      OIDC_PROVIDER_PORT: '{{ .Values.global.oidcProviderPort }}'
      OIDC_PROVIDER_PROTOCOL: '{{ .Values.global.oidcProviderProtocol }}'
      OIDC_PROVIDER_TOKEN_ENDPOINT: '{{ .Values.global.oidcProviderTokenEndpoint }}'
      DEFAULT_SYSTEM_TYPE: PROJECT_ONE
  secrets:
    secret:
      enabled: true
      type: Opaque
      stringData:
        OIDC_PROVIDER_CLIENT_ID: '{{ .Values.global.oidcProviderClientId }}'
        OIDC_PROVIDER_CLIENT_SECRET: '{{ .Values.global.oidcProviderClientSecret }}'

  # -- Resource requests and limits
  resources:
    requests:
      cpu: 200m
      memory: "256Mi"
    limits: {}
  # -- Autoscaler configuration
  hpa:
    # -- Enable HPA
    enabled: false
    # -- Minimum number of replicas
    minReplicas: 2
    # -- Maximum number of replicas
    maxReplicas: 10
    # -- Average CPU utilization percentage
    targetCPUUtilizationPercentage: 70
  # -- Pod disruption budget configuration
  pdb:
    # -- Enable PDB
    enabled: false
    # -- Minimum number of replicas in percentage
    minAvailable: "50%"
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  tolerations: []

# cfapi roles
# @ignored internal
cfapi-auth:
  <<: *cf-api
  enabled: false
cfapi-internal:
  <<: *cf-api
  enabled: false
# @ignored ws
cfapi-ws:
  <<: *cf-api
  enabled: false
# @ignored admin
cfapi-admin:
  <<: *cf-api
  enabled: false
# @ignored endpoints
cfapi-endpoints:
  <<: *cf-api
  enabled: false
# @ignored terminators
cfapi-terminators:
  <<: *cf-api
  enabled: false
# @ignored sso-group-synchronizer
cfapi-sso-group-synchronizer:
  <<: *cf-api
  enabled: false
# @ignored buildmanager
cfapi-buildmanager:
  <<: *cf-api
  enabled: false
# @ignored cacheevictmanager
cfapi-cacheevictmanager:
  <<: *cf-api
  enabled: false
# @ignored eventsmanagersubscriptions
cfapi-eventsmanagersubscriptions:
  <<: *cf-api
  enabled: false
# @ignored kubernetesresourcemonitor
cfapi-kubernetesresourcemonitor:
  <<: *cf-api
  enabled: false
# @ignored environments
cfapi-environments:
  <<: *cf-api
  enabled: false
# @ignored gitops-resource-receiver
cfapi-gitops-resource-receiver:
  <<: *cf-api
  enabled: false
# @ignored downloadlogmanager
cfapi-downloadlogmanager:
  <<: *cf-api
  enabled: false
# @ignored teams
cfapi-teams:
  <<: *cf-api
  enabled: false
# @ignored kubernetes-endpoints
cfapi-kubernetes-endpoints:
  <<: *cf-api
  enabled: false
# @ignored test-reporting
cfapi-test-reporting:
  <<: *cf-api
  enabled: false

# -- internal-gateway
# @default -- See below
internal-gateway:
  enabled: true
  libraryMode: true
  controller:
    replicas: 2
  container:
    image:
      registry: docker.io
      repository: nginxinc/nginx-unprivileged
  nginx:
    config:
      locations:
        /api/auth/authenticate:
          locationDirectives:
              proxy_buffers: "4 180k"
              proxy_buffer_size: "180k"
  resources:
    requests:
      cpu: 100m
      memory: 128Mi
  hpa:
    enabled: false
  pdb:
    enabled: false
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  tolerations: []

# -- broadcaster
# @default -- See below
cf-broadcaster:
  enabled: true
  controller:
    replicas: 3
  container:
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh/cf-broadcaster
  env:
    RUNTIME_MONGO_DB: codefresh
    REDIS_DB: 0
  resources:
    requests:
      cpu: 100m
      memory: 128Mi
    limits: {}
  hpa:
    enabled: false
  pdb:
    enabled: false
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  tolerations: []

# -- etl-starter
# @default -- See below
cf-platform-analytics-etlstarter:
  nameOverride: etl-starter
  mongodbDatabase: "platform-analytics-postgres"
  redis:
    # -- Disable redis subchart
    enabled: false
  controller:
    # - Disable default deployment controller
    enabled: false
  # -- Only postgres ETL should be running in onprem
  system-etl-postgres:
    enabled: true
    controller:
      cronjob:
        ttlSecondsAfterFinished: 300
    container:
      env:
        BLUE_GREEN_ENABLED: true
  # @ignored
  system-etl-gitops:
    enabled: false
  # @ignored
  system-etl-metabase:
    enabled: false

  container:
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
    env:
      ENV: production
      DATASET_ID: etl
      MONGO_DB_DEFAULT_NAME: codefresh
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  tolerations: []

# -- platform-analytics
# @default -- See below
cf-platform-analytics-platform:
  nameOverride: platform-analytics
  mongodbDatabase: "platform-analytics-postgres"
  container:
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh/cf-platform-analytics
  redis:
    enabled: true
    nameOverride: redis-platform-analytics
  resources:
    requests:
      cpu: 100m
      memory: 128Mi
  env:
    ENV: production
    DATASET_ID: etl
    NODE_ENV: production
    CUBEJS_LOG_LEVEL: trace
    CUBEJS_SCHEDULED_REFRESH_TIMER: 60
    REDIS_TLS: false
    CUBEJS_DEV_MODE: false
    SUPPORTED_DATA_SOURCE: 'CSDP_POSTGRES,CLASSIC_POSTGRES'
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  tolerations: []

# -- tls-sign
# @default -- See below
cfsign:
  enabled: true
  container:
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh/cf-tls-sign
    # Explicit default volume mounts overrides due to legacy `cf-` prefix (backward compatibility)
    volumeMounts:
      cf-ca:
        path:
        - mountPath: /cacerts/cf-ca.pem
          subPath: ca.pem
        - mountPath: /cacerts/cf-ca-key.pem
          subPath: ca-key.pem
        - mountPath: /cacerts/cert.pem
          subPath: cert.pem
        - mountPath: /cacerts/key.pem
          subPath: key.pem
  secrets:
    # In onprem, this secret is created by `gencerts` job,
    # thus secret from `cfsign` chart is disabled
    cf-ca:
      enabled: false
  # Change permissions on /certs folder (backward compatibility)
  initContainers:
    volume-permissions:
      enabled: true
      image:
        registry: quay.io
        repository: codefresh/curl
        tag: 8.11.1
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  resources: {}
  tolerations: []

# -- cf-ui
# @default -- See below
cfui:
  enabled: true
  controller:
    replicas: 2
  container:
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh/cf-ui
    env:
      ON_PREMISE: true
  resources:
    requests:
      cpu: 100m
      memory: 128Mi
    limits: {}
  hpa:
    enabled: false
  pdb:
    enabled: false
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  tolerations: []

# -- charts-manager
# @default -- See below
charts-manager:
  enabled: true
  container:
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh/charts-manager
  resources:
    requests:
      cpu: 100m
      memory: 128Mi
    limits: {}
  hpa:
    enabled: false
  pdb:
    enabled: false
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  tolerations: []

# -- cluster-providers
# @default -- See below
cluster-providers:
  enabled: true
  container:
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh/cluster-providers
  resources:
    requests:
      cpu: 100m
      memory: 128Mi
    limits: {}
  hpa:
    enabled: false
  pdb:
    enabled: false
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  tolerations: []

# -- consul
# @default -- See below
# Ref: https://github.com/bitnami/charts/blob/main/bitnami/consul/values.yaml
consul:
  enabled: true
  datacenterName: codefresh-onprem
  replicaCount: 1
  extraEnvVars:
  - name: CONSUl_BIND_ADDR
    value: "127.0.0.1"

# -- context-manager
# @default -- See below
context-manager:
  enabled: true
  container:
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh/context-manager
  resources:
    requests:
      cpu: 100m
      memory: 128Mi
    limits: {}
  hpa:
    enabled: false
  pdb:
    enabled: false
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  tolerations: []

# -- cronus
# @default -- See below
cronus:
  enabled: true
  container:
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh/cronus
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  tolerations: []

# -- gitops-dashboard-manager
# @default -- See below
gitops-dashboard-manager:
  enabled: true
  container:
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh/gitops-dashboard-manager
  resources:
    requests:
      cpu: 100m
      memory: 128Mi
    limits: {}
  hpa:
    enabled: false
  pdb:
    enabled: false
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  tolerations: []

# -- helm-repo-manager
# @default -- See below
helm-repo-manager:
  enabled: true
  container:
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh/helm-repo-manager
    env:
      POSTGRES_DBNAME: codefresh
  chartmuseum:
    publicHelmRepo: true
    ingress:
      enabled: false
    image:
      repository: quay.io/codefresh/chartmuseum
      tag: 8795e993
  resources:
    requests:
      cpu: 100m
      memory: 128Mi
    limits: {}
  hpa:
    enabled: false
  pdb:
    enabled: false
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  tolerations: []

# -- hermes
# @default -- See below
hermes:
  controller:
    replicas: 1
  container:
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh/hermes
  redis:
    # Deprecation of a separate redis for hermes (CR-705)
    enabled: false
    redisPassword: kj57kfwjeg
    db: 15
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  tolerations: []

# -- ingress-nginx
# @default -- See below
# Ref: https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/values.yaml
ingress-nginx:
  enabled: true
  controller:
    enableAnnotationValidations: true
    allowSnippetAnnotations: false
    ingressClassResource:
      enabled: true
      default: false
      controllerValue: "k8s.io/ingress-nginx-codefresh"
      name: nginx-codefresh
    ingressClass: nginx-codefresh
    ingressClassByName: true
    scope:
      enabled: false
    admissionWebhooks:
      enabled: false
    config:
      ssl-redirect: "false"
      disable-access-log: "false"
      enable-vts-status: "true"
      client-body-buffer-size: "16k"
      proxy-body-size: "5M"
      log-format-escape-json: "true"
      log-format-upstream: '{ "time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x-forward-for": "$proxy_add_x_forwarded_for", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent", "http_x_github_delivery": "$http_x_github_delivery", "http_x_hook_uuid": "$http_x_hook_uuid", "metadata": { "correlationId": "$request_id", "service": "ingress", "time": "$time_iso8601" } }'
      http-snippet: |
        proxy_set_header X-Request-ID $request_id;

# -- k8s-monitor
# @default -- See below
k8s-monitor:
  enabled: true
  container:
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh/k8s-monitor
  resources:
    requests:
      cpu: 100m
      memory: 128Mi
    limits: {}
  hpa:
    enabled: false
  pdb:
    enabled: false
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  tolerations: []

# -- kube-integration
# @default -- See below
kube-integration:
  enabled: true
  container:
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh/kube-integration
  resources:
    requests:
      cpu: 100m
      memory: 128Mi
    limits: {}
  hpa:
    enabled: false
  pdb:
    enabled: false
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  tolerations: []

# -- mongodb
# @default -- See below
# Ref: https://github.com/bitnami/charts/blob/main/bitnami/mongodb/values.yaml
mongodb:
  enabled: true
  image:
    tag: "6.0"
  architecture: standalone
  useStatefulSet: true
  auth:
    enabled: true
    rootUser: root
    rootPassword: "XT9nmM8dZD"
  resources:
    requests:
      cpu: 200m
      memory: 256Mi
  migration:
    enabled: false
    featureCompatibilityVersion: "6.0"

# -- nats
# @default -- See below
# Ref: https://github.com/bitnami/charts/blob/main/bitnami/nats/values.yaml
nats:
  enabled: true
  replicaCount: 1
  auth:
    enabled: false
  cluster:
    auth:
      enabled: false

# -- nomios
# @default -- See below
nomios:
  enabled: true
  container:
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh/nomios
  ingress:
    main:
      enabled: false
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  tolerations: []

# -- postgresql
# @default -- See below
# Ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml
postgresql:
  enabled: true
  image:
    registry: quay.io
    repository: codefresh/postgresql
    tag: 13
  auth:
    enablePostgresUser: true
    postgresPassword: "eC9arYka4ZbH"
    database: "codefresh"
  architecture: standalone
  postgresqlSharedPreloadLibraries: pg_partman_bgw,pg_cron
  primary:
    extendedConfiguration: |
      pg_partman_bgw.interval = 3600
      pg_partman_bgw.role = 'postgres'
      pg_partman_bgw.dbname = 'postgres'
      cron.database_name = 'postgres'
    resources:
      requests:
        cpu: 200m
        memory: 256Mi

# -- postgresql
# @default -- See below
# Ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/values.yaml
postgresql-ha:
  enabled: false
  postgresql:
    image:
      registry: quay.io
      repository: codefresh/postgresql-repmgr
      tag: 13
    username: postgres
    password: "eC9arYka4ZbH"
    database: "codefresh"
    sharedPreloadLibraries: "pgaudit, repmgr, pg_partman_bgw, pg_cron"
    resources:
      requests:
        cpu: 200m
        memory: 256Mi
    extendedConf: |
      pg_partman_bgw.interval = 3600
      pg_partman_bgw.role = 'postgres'
      pg_partman_bgw.dbname = 'postgres'
      cron.database_name = 'postgres'

# -- redis
# @default -- See below
# Ref: https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml
redis:
  enabled: true
  architecture: standalone
  auth:
    password: "hoC9szf7NtrU"
  master:
    count: 1
    resources:
      requests:
        cpu: 200m
        memory: 256Mi

# -- redis-ha
## Ref: https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha/values.yaml
redis-ha:
  enabled: false
  haproxy:
    enabled: true
    resources:
      requests:
        cpu: 100m
        memory: 128Mi
  auth: true
  redisPassword: "hoC9szf7NtrU"
  persistentVolume:
    enabled: true
    size: 10Gi
  redis:
    resources:
      requests:
        cpu: 100m
        memory: 128Mi

# -- rabbitmq
# @default -- See below
# Ref: https://github.com/bitnami/charts/blob/main/bitnami/rabbitmq/values.yaml
rabbitmq:
  enabled: true
  image:
    tag: 3.13.7-debian-12-r5
  replicaCount: 1
  auth:
    username: user
    password: "cVz9ZdJKYm7u"
    erlangCookie: "WIWVHCDTCIUAWANLMQAW"
  resources:
    requests:
      cpu: 200m
      memory: 256Mi

# -- builder
builder:
  enabled: true
  initContainers:
    register:
      image:
        registry: quay.io
        repository: codefresh/curl
        tag: 8.11.1
  container:
    image:
      registry: docker.io
      repository: library/docker
      tag: 28.0-dind
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  resources: {}
  tolerations: []

# -- runner
# @default -- See below
runner:
  enabled: true
  initContainers:
    register:
      image:
        registry: quay.io
        repository: codefresh/curl
        tag: 8.11.1
  container:
    image:
      registry: docker.io
      repository: library/docker
      tag: 28.0-dind
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  resources: {}
  tolerations: []

# -- pipeline-manager
# @default -- See below
pipeline-manager:
  enabled: true
  container:
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh/pipeline-manager
  resources:
    requests:
      cpu: 100m
      memory: 128Mi
    limits: {}
  hpa:
    enabled: false
  pdb:
    enabled: false
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  tolerations: []

# -- runtime-environment-manager
# @default -- See below
runtime-environment-manager:
  enabled: true
  container:
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh/runtime-environment-manager
    env:
      ON_PREMISE: true
  resources:
    requests:
      cpu: 100m
      memory: 128Mi
    limits: {}
  hpa:
    enabled: false
  pdb:
    enabled: false
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  tolerations: []

# -- tasker-kubernetes
tasker-kubernetes:
  enabled: true
  container:
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh/tasker-kubernetes
  resources:
    requests:
      cpu: 100m
      memory: 128Mi
    limits: {}
  hpa:
    enabled: false
  pdb:
    enabled: false
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  tolerations: []

# -- argo-hub-platform
# @default -- See below
argo-hub-platform:
  controller:
    deployment:
      replicas: 1
  container:
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh-io/argo-hub-platform
  imagePullSecrets:
    - '{{ .Release.Name }}-registry'
  resources:
    requests:
      cpu: 100m
      memory: 128Mi
    limits: {}
  hpa:
    enabled: false
  pdb:
    enabled: false
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  tolerations: []

# -- argo-platform
# @default -- See below
argo-platform:
  enabled: true

  # -- Use regular k8s secret object. Keep `false`!
  useExternalSecret: false
  # -- Anchors
  # @default -- See below
  anchors:
    cache-host: &cache-host '{{ coalesce .Values.redisUrl .Values.global.redisUrl (printf "%s-%s" .Release.Name .Values.global.redisService) }}'
    cache-password: &cache-password '{{ coalesce .Values.redisPassword .Values.global.redisPassword }}'
    cache-port: &cache-port '{{ coalesce .Values.redisPort .Values.global.redisPort }}'

    mongodb-readmodels-uri: &mongodb-readmodels-uri '{{ include "argo-patform-libs.calculate-mongo-uri" (dict "dbName" "read-models" "mongoURI" .Values.global.mongoURI) | default "null" }}'
    mongodb-audit-uri: &mongodb-audit-uri '{{ include "argo-patform-libs.calculate-mongo-uri" (dict "dbName" "audit" "mongoURI" .Values.global.mongoURI) | default "null" }}'

    pg-db-name: &pg-db-name analytics
    pg-host-name: &pg-host-name '{{ coalesce .Values.postgresHostname .Values.global.postgresHostname (printf "%s-%s" .Release.Name .Values.global.postgresService) }}'
    pg-password: &pg-password '{{ coalesce .Values.postgresPassword .Values.global.postgresPassword }}'
    pg-port: &pg-port '{{ coalesce .Values.postgresPort .Values.global.postgresPort }}'
    pg-user-name: &pg-user-name '{{ coalesce .Values.postgresUser .Values.global.postgresUser }}'

    mongodb-host: &mongodb-host '{{ coalesce .Values.mongodbHost .Values.global.mongodbHost }}'
    mongodb-password: &mongodb-password '{{ coalesce .Values.mongodbPassword .Values.global.mongodbPassword }}'
    mongodb-user: &mongodb-user '{{ coalesce .Values.mongodbUser .Values.global.mongodbUser }}'
    mongodb-protocol: &mongodb-protocol '{{ coalesce .Values.mongodbProtocol .Values.global.mongodbProtocol "mongodb" }}'
    mongodb-options: &mongodb-options '{{ coalesce .Values.mongodbOptions .Values.global.mongodbOptions }}'

    rabbitmq-protocol: &rabbitmq-protocol '{{ coalesce .Values.rabbitmqProtocol .Values.global.rabbitmqProtocol "amqp" }}'
    rabbitmq-host: &rabbitmq-host '{{ coalesce .Values.rabbitmqHostname .Values.global.rabbitmqHostname (printf "%s-%s" .Release.Name (coalesce .Values.global.rabbitService .Values.global.rabbitmqService) ) }}'
    rabbitmq-password: &rabbitmq-password  '{{ coalesce .Values.rabbitmqPassword .Values.global.rabbitmqPassword }}'
    rabbitmq-port: &rabbitmq-port '{{ coalesce .Values.rabbitmqPort .Values.global.rabbitmqPort "5672" }}'
    rabbitmq-user: &rabbitmq-user '{{ coalesce .Values.rabbitmqUsername .Values.global.rabbitmqUsername }}'

  # -- api-graphql
  # @default -- See below
  # All other services under `.Values.argo-platform` follows the same values structure.
  api-graphql:
    enabled: true
    # -- Controller kind. Currently, only `Deployment` is supported
    kind: Deployment
    # -- Image
    image:
      # -- Registry
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      # -- Repository
      repository: codefresh-io/argo-platform-api-graphql
    # -- Env vars
    # @default -- See below
    env:
      GRAPHQL_PLAYGROUND: true
      MONGODB_PROTOCOL: *mongodb-protocol
      MONGODB_OPTIONS: *mongodb-options
      RABBITMQ_PROTOCOL: *rabbitmq-protocol
      MONGODB_READMODELS_URI: '{{ include "argo-patform-libs.env-vars.mongodb-readmodels-uri-env-var-value" . }}'
      MONGODB_AUDIT_URI: '{{ include "argo-patform-libs.env-vars.mongodb-audit-uri-env-var-value" . }}'
      RABBITMQ_URLS: $(RABBITMQ_PROTOCOL)://$(RABBITMQ_USER):$(RABBITMQ_PASSWORD)@$(RABBITMQ_HOST)
    # -- Secrets
    # @default -- See below
    secrets:
      argo-hub-host: http://{{ .Release.Name }}-argo-hub-platform
      cache-host: *cache-host
      cache-password: *cache-password
      cache-port: *cache-port
      v1-host: http://{{ .Release.Name }}-{{ .Values.global.cfapiEndpointsService }}
      v1-internal-host: http://{{ .Release.Name }}-{{ .Values.global.cfapiService }}:{{ .Values.global.cfapiInternalPort }}
      mongodb-protocol: *mongodb-protocol
      mongodb-options: *mongodb-options
      mongodb-host: *mongodb-host
      mongodb-password: *mongodb-password
      mongodb-user: *mongodb-user
      mongodb-audit-uri: *mongodb-audit-uri
      mongodb-readmodels-uri: *mongodb-readmodels-uri
      rabbitmq-protocol: *rabbitmq-protocol
      rabbitmq-host: *rabbitmq-host
      rabbitmq-password: *rabbitmq-password
      rabbitmq-port: *rabbitmq-port
      rabbitmq-user: *rabbitmq-user
    # -- Resource limits and requests
    # @default -- See below
    resources:
      requests:
        cpu: 200m
        memory: 256Mi
      limits:
        memory: 1Gi
    # -- HPA
    hpa:
      # -- Enable autoscaler
      enabled: false
    # -- PDB
    pdb:
      # -- Enable pod disruption budget
      enabled: false
    # -- Set pod's affinity
    affinity: {}
    # -- Set pod's tolerations
    tolerations: []
    # -- Set pod's annotations
    podAnnotations:
      checksum/secret: '{{ include (print $.Template.BasePath "/api-graphql/secret.yaml") . | sha256sum }}'

  # -- abac
  # @default -- See below
  abac:
    enabled: true
    kind: Deployment
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh-io/argo-platform-abac
    env:
      MONGODB_PROTOCOL: *mongodb-protocol
      MONGODB_OPTIONS: *mongodb-options
      MONGODB_READMODELS_URI: '{{ include "argo-patform-libs.env-vars.mongodb-readmodels-uri-env-var-value" . }}'
      MONGODB_AUDIT_URI: '{{ include "argo-patform-libs.env-vars.mongodb-audit-uri-env-var-value" . }}'
    secrets:
      mongodb-protocol: *mongodb-protocol
      mongodb-options: *mongodb-options
      mongodb-host: *mongodb-host
      mongodb-password: *mongodb-password
      mongodb-user: *mongodb-user
      mongodb-audit-uri: *mongodb-audit-uri
      mongodb-readmodels-uri: *mongodb-readmodels-uri
    resources:
      requests:
        cpu: 100m
        memory: 128Mi
      limits:
        memory: 1Gi
    hpa:
      enabled: false
    pdb:
      enabled: false
    affinity: {}
    tolerations: []
    podAnnotations:
      checksum/secret: '{{ include (print $.Template.BasePath "/abac/secret.yaml") . | sha256sum }}'

  # -- analytics-reporter
  # @default -- See below
  analytics-reporter:
    enabled: true
    kind: Deployment
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh-io/argo-platform-analytics-reporter
    env:
      ENABLED_DATABASE_TYPES: POSTGRES
      MONGODB_PROTOCOL: *mongodb-protocol
      MONGODB_OPTIONS: *mongodb-options
      RABBITMQ_PROTOCOL: *rabbitmq-protocol
      MONGODB_READMODELS_URI: '{{ include "argo-patform-libs.env-vars.mongodb-readmodels-uri-env-var-value" . }}'
      RABBITMQ_URLS: $(RABBITMQ_PROTOCOL)://$(RABBITMQ_USER):$(RABBITMQ_PASSWORD)@$(RABBITMQ_HOST)
    secrets:
      mongodb-protocol: *mongodb-protocol
      mongodb-options: *mongodb-options
      mongodb-host: *mongodb-host
      mongodb-password: *mongodb-password
      mongodb-user: *mongodb-user
      mongodb-readmodels-uri: *mongodb-readmodels-uri
      pg-db-name: *pg-db-name
      pg-host-name: *pg-host-name
      pg-password: *pg-password
      pg-port: *pg-port
      pg-user-name: *pg-user-name
      rabbitmq-protocol: *rabbitmq-protocol
      rabbitmq-host: *rabbitmq-host
      rabbitmq-password: *rabbitmq-password
      rabbitmq-port: *rabbitmq-port
      rabbitmq-user: *rabbitmq-user
    resources:
      requests:
        cpu: 100m
        memory: 128Mi
      limits:
        memory: 1Gi
    hpa:
      enabled: false
    pdb:
      enabled: false
    tolerations: []
    affinity: {}
    volumes: []
    volumeMounts: []
    podAnnotations:
      checksum/secret: '{{ include (print $.Template.BasePath "/analytics-reporter/secret.yaml") . | sha256sum }}'

  # -- api-events
  # @default -- See below
  api-events:
    enabled: true
    kind: Deployment
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh-io/argo-platform-api-events
    env:
      RABBITMQ_PROTOCOL: *rabbitmq-protocol
      RABBITMQ_URLS: $(RABBITMQ_PROTOCOL)://$(RABBITMQ_USER):$(RABBITMQ_PASSWORD)@$(RABBITMQ_HOST)
    secrets:
      rabbitmq-protocol: *rabbitmq-protocol
      rabbitmq-host: *rabbitmq-host
      rabbitmq-password: *rabbitmq-password
      rabbitmq-port: *rabbitmq-port
      rabbitmq-user: *rabbitmq-user
    resources:
      requests:
        cpu: 100m
        memory: 128Mi
      limits:
        memory: 1Gi
    hpa:
      enabled: false
    pdb:
      enabled: false
    affinity: {}
    tolerations: []
    podAnnotations:
      checksum/secret: '{{ include (print $.Template.BasePath "/api-events/secret.yaml") . | sha256sum }}'

  # -- argocd-hooks
  # @default -- See below
  # Don't enable! Not used in onprem!
  argocd-hooks:
    enabled: false

  # -- audit
  # @default -- See below
  audit:
    enabled: true
    kind: Deployment
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh-io/argo-platform-audit
    env:
      MONGODB_PROTOCOL: *mongodb-protocol
      MONGODB_OPTIONS: *mongodb-options
      RABBITMQ_PROTOCOL: *rabbitmq-protocol
      MONGODB_AUDIT_URI: '{{ include "argo-patform-libs.env-vars.mongodb-audit-uri-env-var-value" . }}'
      MONGODB_READMODELS_URI: '{{ include "argo-patform-libs.env-vars.mongodb-readmodels-uri-env-var-value" . }}'
      RABBITMQ_URLS: $(RABBITMQ_PROTOCOL)://$(RABBITMQ_USER):$(RABBITMQ_PASSWORD)@$(RABBITMQ_HOST)
    secrets:
      mongodb-protocol: *mongodb-protocol
      mongodb-options: *mongodb-options
      mongodb-host: *mongodb-host
      mongodb-password: *mongodb-password
      mongodb-user: *mongodb-user
      mongodb-audit-uri: *mongodb-audit-uri
      mongodb-readmodels-uri: *mongodb-readmodels-uri
      rabbitmq-protocol: *rabbitmq-protocol
      rabbitmq-host: *rabbitmq-host
      rabbitmq-password: *rabbitmq-password
      rabbitmq-port: *rabbitmq-port
      rabbitmq-user: *rabbitmq-user
    resources:
      requests:
        cpu: 100m
        memory: 128Mi
      limits:
        memory: 1Gi
    hpa:
      enabled: false
    pdb:
      enabled: false
    affinity: {}
    tolerations: []
    podAnnotations:
      checksum/secret: '{{ include (print $.Template.BasePath "/audit/secret.yaml") . | sha256sum }}'

  # -- cron-executor
  # @default -- See below
  cron-executor:
    enabled: true
    kind: Deployment
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh-io/argo-platform-cron-executor
    env:
      MONGODB_PROTOCOL: *mongodb-protocol
      MONGODB_OPTIONS: *mongodb-options
      RABBITMQ_PROTOCOL: *rabbitmq-protocol
      MONGODB_READMODELS_URI: '{{ include "argo-patform-libs.env-vars.mongodb-readmodels-uri-env-var-value" . }}'
      MONGODB_AUDIT_URI: '{{ include "argo-patform-libs.env-vars.mongodb-audit-uri-env-var-value" . }}'
      RABBITMQ_URLS: $(RABBITMQ_PROTOCOL)://$(RABBITMQ_USER):$(RABBITMQ_PASSWORD)@$(RABBITMQ_HOST)
    secrets:
      mongodb-protocol: *mongodb-protocol
      mongodb-options: *mongodb-options
      mongodb-host: *mongodb-host
      mongodb-password: *mongodb-password
      mongodb-user: *mongodb-user
      mongodb-audit-uri: *mongodb-audit-uri
      mongodb-readmodels-uri: *mongodb-readmodels-uri
      rabbitmq-protocol: *rabbitmq-protocol
      rabbitmq-host: *rabbitmq-host
      rabbitmq-password: *rabbitmq-password
      rabbitmq-port: *rabbitmq-port
      rabbitmq-user: *rabbitmq-user
    resources:
      requests:
        cpu: 100m
        memory: 128Mi
      limits:
        memory: 1Gi
    hpa:
      enabled: false
    pdb:
      enabled: false
    affinity: {}
    tolerations: []
    podAnnotations:
      checksum/secret: '{{ include (print $.Template.BasePath "/cron-executor/secret.yaml") . | sha256sum }}'

  # -- event-handler
  # @default -- See below
  event-handler:
    enabled: true
    kind: Deployment
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh-io/argo-platform-event-handler
    env:
      MONGODB_PROTOCOL: *mongodb-protocol
      MONGODB_OPTIONS: *mongodb-options
      RABBITMQ_PROTOCOL: *rabbitmq-protocol
      MONGODB_READMODELS_URI: '{{ include "argo-patform-libs.env-vars.mongodb-readmodels-uri-env-var-value" . }}'
      RABBITMQ_URLS: $(RABBITMQ_PROTOCOL)://$(RABBITMQ_USER):$(RABBITMQ_PASSWORD)@$(RABBITMQ_HOST)
    secrets:
      mongodb-protocol: *mongodb-protocol
      mongodb-options: *mongodb-options
      mongodb-host: *mongodb-host
      mongodb-password: *mongodb-password
      mongodb-user: *mongodb-user
      mongodb-readmodels-uri: *mongodb-readmodels-uri
      rabbitmq-protocol: *rabbitmq-protocol
      rabbitmq-host: *rabbitmq-host
      rabbitmq-password: *rabbitmq-password
      rabbitmq-port: *rabbitmq-port
      rabbitmq-user: *rabbitmq-user
    resources:
      requests:
        cpu: 100m
        memory: 128Mi
      limits:
        memory: 1Gi
    hpa:
      enabled: false
    pdb:
      enabled: false
    affinity: {}
    tolerations: []
    podAnnotations:
      checksum/secret: '{{ include (print $.Template.BasePath "/event-handler/secret.yaml") . | sha256sum }}'

  # -- runtime-manager
  # @default -- See below
  # Don't enable! Not used in onprem!
  runtime-manager:
    enabled: false

  # -- runtime-monitor
  # @default -- See below
  # Don't enable! Not used in onprem!
  runtime-monitor:
    enabled: false

  # -- ui
  # @default -- See below
  ui:
    enabled: true
    kind: Deployment
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh-io/argo-platform-ui
    resources:
      requests:
        cpu: 100m
        memory: 128Mi
      limits:
        memory: 512Mi
    hpa:
      enabled: false
    pdb:
      enabled: false
    affinity: {}
    tolerations: []

  # -- broadcaster
  # @default -- See below
  broadcaster:
    enabled: true
    kind: Deployment
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh-io/argo-platform-broadcaster
    env:
      MONGODB_PROTOCOL: *mongodb-protocol
      MONGODB_OPTIONS: *mongodb-options
      RABBITMQ_PROTOCOL: *rabbitmq-protocol
      MONGODB_READMODELS_URI: '{{ include "argo-patform-libs.env-vars.mongodb-readmodels-uri-env-var-value" . }}'
      RABBITMQ_URLS: $(RABBITMQ_PROTOCOL)://$(RABBITMQ_USER):$(RABBITMQ_PASSWORD)@$(RABBITMQ_HOST)
    secrets:
      mongodb-protocol: *mongodb-protocol
      mongodb-options: *mongodb-options
      mongodb-host: *mongodb-host
      mongodb-password: *mongodb-password
      mongodb-user: *mongodb-user
      mongodb-readmodels-uri: *mongodb-readmodels-uri
      rabbitmq-protocol: *rabbitmq-protocol
      rabbitmq-host: *rabbitmq-host
      rabbitmq-password: *rabbitmq-password
      rabbitmq-port: *rabbitmq-port
      rabbitmq-user: *rabbitmq-user
    resources:
      requests:
        cpu: 100m
        memory: 128Mi
      limits:
        memory: 1Gi
    hpa:
      enabled: false
    pdb:
      enabled: false
    affinity: {}
    tolerations: []
    podAnnotations:
      checksum/secret: '{{ include (print $.Template.BasePath "/broadcaster/secret.yaml") . | sha256sum }}'

  # -- promotion-orchestrator
  # @default -- See below
  promotion-orchestrator:
    enabled: true
    kind: Deployment
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh-io/argo-platform-promotion-orchestrator
    env:
      MONGODB_PROTOCOL: *mongodb-protocol
      MONGODB_OPTIONS: *mongodb-options
      RABBITMQ_PROTOCOL: *rabbitmq-protocol
      MONGODB_READMODELS_URI: '{{ include "argo-patform-libs.env-vars.mongodb-readmodels-uri-env-var-value" . }}'
      RABBITMQ_URLS: $(RABBITMQ_PROTOCOL)://$(RABBITMQ_USER):$(RABBITMQ_PASSWORD)@$(RABBITMQ_HOST)
    secrets:
      cache-host: *cache-host
      cache-password: *cache-password
      cache-port: *cache-port
      mongodb-protocol: *mongodb-protocol
      mongodb-options: *mongodb-options
      mongodb-host: *mongodb-host
      mongodb-password: *mongodb-password
      mongodb-user: *mongodb-user
      mongodb-readmodels-uri: *mongodb-readmodels-uri
      rabbitmq-protocol: *rabbitmq-protocol
      rabbitmq-host: *rabbitmq-host
      rabbitmq-password: *rabbitmq-password
      rabbitmq-port: *rabbitmq-port
      rabbitmq-user: *rabbitmq-user
    resources:
      requests:
        cpu: 100m
        memory: 128Mi
      limits:
        memory: 1Gi
    hpa:
      enabled: false
    pdb:
      enabled: false
    affinity: {}
    tolerations: []
    podAnnotations:
      checksum/secret: '{{ include (print $.Template.BasePath "/promotion-orchestrator/secret.yaml") . | sha256sum }}'

  classic-event-bridge:
    enabled: false

# -- cf-oidc-provider
# @default -- See below
cf-oidc-provider:
  enabled: false
  container:
    image:
      registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
      repository: codefresh/cf-oidc-provider
    env:
      NODE_ENV: production
      CF_PLATFORM_API_BASE_URL: '{{ printf "https://%s/api" .Values.global.appUrl }}'
      OIDC_ISSUER: '{{ printf "https://%s" .Values.global.oidcProviderService }}'
      OIDC_AUDIENCE: '{{ printf "https://%s" .Values.global.appUrl }}'
      OIDC_JWKS_PRIVATE_KEYS_PATH: /secrets/jwks/cf-oidc-provider-jwks.json
    resources:
      requests:
        cpu: 100m
        memory: 512Mi

    volumeMounts:
      jwks-file:
        path:
        - mountPath: /secrets/jwks

  secrets:
    secret:
      enabled: true
      type: Opaque
      stringData:
        OIDC_CF_PLATFORM_CLIENT_ID: '{{ .Values.global.oidcProviderClientId }}'
        OIDC_CF_PLATFORM_CLIENT_SECRET: '{{ .Values.global.oidcProviderClientSecret }}'

  volumes:
    jwks-file:
      enabled: true
      type: secret
      nameOverride: "cf-oidc-provider-jwks"
      optional: false

  service:
    main:
      ports:
        http:
          targetPort: 8080

  ingress:
    main:
      enabled: true
      labels: {}
      annotations: {}
      ingressClassName: ""
      hosts:
      - host: '{{ .Values.global.oidcProviderService }}'
        paths:
        - path: /
      tls: []

# -- DEPRECATED - Use `.imageCredentials` instead
# dockerconfig (for `kcfi` tool backward compatibility) for Image Pull Secret. Obtain GCR Service Account JSON (sa.json) at support@codefresh.io
# ```shell
# GCR_SA_KEY_B64=$(cat sa.json | base64)
# DOCKER_CFG_VAR=$(echo -n "_json_key:$(echo ${GCR_SA_KEY_B64} | base64 -d)" | base64 | tr -d '\n')
# ```
# E.g.:
# dockerconfigjson:
#   auths:
#     gcr.io:
#       auth: <DOCKER_CFG_VAR>
dockerconfigjson: {}

# -- DEPRECATED - Use `.Values.ingress.tls` instead
# TLS secret for Ingress
webTLS:
  enabled: false
  secretName: star.codefresh.io
  cert: ""
  key: ""

# -- CI
seed-e2e:
  enabled: false
  image:
    registry: docker.io
    repository: mongo
    tag: latest
  ttlSecondsAfterFinished: 300
  backoffLimit: 10
  affinity: {}
  nodeSelector: {}
  podSecurityContext: {}
  resources: {}
  tolerations: []

ci:
  enabled: false

developmentChart: false

mailer:
  enabled: false

payments:
  enabled: false

segment-reporter:
  enabled: false

salesforce-reporter:
  enabled: false

onboarding-status:
  enabled: false