# Default values for motm-app
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

# Application Configuration
app:
  name: motm-app
  version: "1.0.0"
  description: "MOTM Hockey Voting Application"

# Image Configuration
image:
  repository: harbor.ervine.dev/pubblic/hockey/motm-app
  tag: "0.1.1"
  pullPolicy: IfNotPresent
  # Overrides the image tag whose default is the chart appVersion.
  # tag: ""

# Image pull secrets
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""

# Service Account
serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""

# Pod Security Context
podSecurityContext:
  fsGroup: 1000
  runAsNonRoot: true
  runAsUser: 1000

# Container Security Context
securityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL
  readOnlyRootFilesystem: false
  runAsNonRoot: true
  runAsUser: 1000

# Service Configuration
service:
  type: ClusterIP
  port: 80
  targetPort: 5000
  annotations: {}

# Ingress Configuration
ingress:
  enabled: true
  className: ""
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
  hosts:
    - host: motm.yourdomain.com
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: motm-app-tls
      hosts:
        - motm.yourdomain.com

# Resource Limits and Requests
resources:
  limits:
    cpu: 500m
    memory: 512Mi
  requests:
    cpu: 100m
    memory: 256Mi

# Autoscaling
autoscaling:
  enabled: false
  minReplicas: 1
  maxReplicas: 10
  targetCPUUtilizationPercentage: 80
  targetMemoryUtilizationPercentage: 80

# Node Selector
nodeSelector: {}

# Tolerations
tolerations: []

# Affinity
affinity: {}

# Pod Disruption Budget
podDisruptionBudget:
  enabled: false
  minAvailable: 1

# Database Configuration
database:
  type: "postgresql"  # postgresql, mysql, sqlite
  host: "postgresql-service"
  port: 5432
  name: "motm"
  username: "motm_user"
  # Password should be set via secret
  # password: ""

# S3/MinIO Configuration
s3:
  # Enable S3 storage (if false, uses local static files)
  enabled: true
  
  # Storage provider: "aws" or "minio"
  storageProvider: "minio"
  
  # S3/MinIO endpoint
  # For AWS: "https://s3.amazonaws.com" or leave empty to use default
  # For MinIO: "https://minio.example.com" or "http://minio.default.svc.cluster.local:9000"
  endpoint: "http://minio.default.svc.cluster.local:9000"
  
  # AWS region (used for AWS S3, required for boto3 even with MinIO)
  region: "us-east-1"
  
  # S3 bucket name
  bucket: "hockey-apps"
  
  # Bucket prefix/folder for assets (e.g., "assets/", "motm/", etc.)
  bucketPrefix: "assets/"
  
  # Use signed URLs for asset access (recommended for private buckets)
  useSignedUrls: false
  
  # Signed URL expiry time in seconds (default: 1 hour)
  signedUrlExpiry: 3600
  
  # Fallback to local static files if S3 access fails
  fallbackToStatic: true
  
  # SSL/TLS configuration
  useSSL: false
  
  # Credentials (should be set via secrets in production)
  # These are ignored if secrets.useExternalSecret is true
  accessKeyId: ""
  secretAccessKey: ""

# Environment Variables
env:
  FLASK_ENV: "production"
  FLASK_APP: "main.py"
  FLASK_RUN_HOST: "0.0.0.0"
  FLASK_RUN_PORT: "5000"
  PYTHONUNBUFFERED: "1"
  PYTHONDONTWRITEBYTECODE: "1"

# ConfigMap for application configuration
configMap:
  databaseConfig: |
    [DATABASE]
    type = {{ .Values.database.type }}
    
    [MYSQL]
    host = {{ .Values.database.host }}
    port = {{ .Values.database.port }}
    database = {{ .Values.database.name }}
    username = {{ .Values.database.username }}
    
    [POSTGRESQL]
    host = {{ .Values.database.host }}
    port = {{ .Values.database.port }}
    database = {{ .Values.database.name }}
    username = {{ .Values.database.username }}

# Secrets Configuration
secrets:
  # Use an existing external secret instead of creating one
  # If useExternalSecret is true, the chart will reference the external secret
  # If false, the chart will create a secret with the provided values
  useExternalSecret: false
  externalSecretName: ""  # Name of the existing secret to reference
  
  # Secret key names (used for both external and managed secrets)
  dbPasswordKey: "db-password"
  s3AccessKeyKey: "s3-access-key"
  s3SecretKeyKey: "s3-secret-key"
  
  # Values for managed secret (only used when useExternalSecret is false)
  # Database password
  dbPassword: ""
  # S3 credentials
  s3AccessKey: ""
  s3SecretKey: ""

# Health Checks
healthCheck:
  enabled: true
  path: "/"
  initialDelaySeconds: 30
  periodSeconds: 10
  timeoutSeconds: 5
  failureThreshold: 3

# Persistence
persistence:
  enabled: false
  # storageClass: ""
  accessMode: ReadWriteOnce
  size: 1Gi

# Monitoring
monitoring:
  enabled: false
  serviceMonitor:
    enabled: false
    interval: 30s
    scrapeTimeout: 10s

# Logging
logging:
  level: "INFO"
  format: "json"

# Labels and Annotations
labels: {}
annotations: {}
podLabels: {}
podAnnotations: {}