---
global:
  image:
    # -- if set it will overwrite all registry entries
    registry:
    # -- if set it will overwrite all pullPolicy
    pullPolicy:

image:
  registry: ghcr.io
  repository: matrix-org/matrix-authentication-service
  pullPolicy: IfNotPresent
  # -- Overrides the image tag whose default is the chart appVersion.
  tag:

replicaCount: 1

config:
  clients: []
  http:
    listeners:
      - name: http
        resources:
          - name: discovery
          - name: human
          - name: oauth
          - name: compat
          - name: graphql
            playground: true
          - name: assets
            path: /usr/local/share/mas-cli/assets/
        binds:
          - address: '[::]:8080'
        proxy_protocol: false
      - name: internal
        resources:
          - name: health
        binds:
          - host: localhost
            port: 8081
        proxy_protocol: false
      - name: metrics
        resources:
          - name: metrics
        binds:
          - address: '[::]:9100'
    trusted_proxies:
      - 192.128.0.0/16
      - 172.16.0.0/12
      - 10.0.0.0/10
      - 127.0.0.1/8
      - fd00::/8
      - ::1/128
    public_base: http://[::]:8080/
    issuer: http://[::]:8080/
  database:
    host: localhost
    port: 5432
    username: sliding_sync
    password: secret
    database: sliding_sync
    max_connections: 10
    min_connections: 0
    connect_timeout: 30
    idle_timeout: 600
    max_lifetime: 1800
  telemetry:
    tracing:
      exporter: none
      propagators: []
    metrics:
      exporter: prometheus
    sentry:
      dsn: null
  templates:
    path: /usr/local/share/mas-cli/templates/
    assets_manifest: /usr/local/share/mas-cli/manifest.json
    translations_path: /usr/local/share/mas-cli/translations/
  email:
    from: '"Authentication Service" <root@localhost>'
    reply_to: '"Authentication Service" <root@localhost>'
    transport: blackhole
  secrets:
    encryption: 5d3e33fa3c297d77b4c587cfc12b9adc03afe57ff36783fceceef2c0c1ba757d
    keys: []
  passwords:
    enabled: true
    schemes:
      - version: 1
        algorithm: argon2id
  matrix:
    homeserver: localhost:8008
    secret: kPnqGbK9hmSRK41DZTgVJxfKVAiLrY6G
    endpoint: http://localhost:8008/
  policy:
    wasm_module: /usr/local/share/mas-cli/policy.wasm
    client_registration_entrypoint: client_registration/violation
    register_entrypoint: register/violation
    authorization_grant_entrypoint: authorization_grant/violation
    password_entrypoint: password/violation
    email_entrypoint: email/violation
    data: null
  upstream_oauth2:
    providers: []
  branding:
    service_name: null
    policy_uri: null
    tos_uri: null
    imprint: null
    logo_uri: null
  experimental:
    access_token_ttl: 300
    compat_token_ttl: 300

imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""

serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Automatically mount a ServiceAccount's API credentials?
  automount: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""

prometheus:
  servicemonitor:
    enabled: false
    labels: {}

podAnnotations: {}
podLabels: {}

podSecurityContext:
  fsGroup: 1000

securityContext:
  capabilities:
    drop:
    - ALL
  readOnlyRootFilesystem: true
  runAsNonRoot: true
  runAsUser: 1000

service:
  type: ClusterIP
  port: 80

ingress:
  enabled: false
  className: ""
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  hosts:
    - host: chart-example.local
      paths:
        - path: /_matrix/client/v3/login
          pathType: Exact
        - path: /_matrix/client/v3/logout
          pathType: Exact
        - path: /_matrix/client/v3/refresh
          pathType: Exact
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local

resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi

livenessProbe:
  httpGet:
    port: internal
    path: /health
readinessProbe:
  httpGet:
    port: internal
    path: /health

autoscaling:
  enabled: false
  minReplicas: 1
  maxReplicas: 100
  targetCPUUtilizationPercentage: 80
  # targetMemoryUtilizationPercentage: 80

# Additional volumes on the output Deployment definition.
volumes: []
# - name: foo
#   secret:
#     secretName: mysecret
#     optional: false

# Additional volumeMounts on the output Deployment definition.
volumeMounts: []
# - name: foo
#   mountPath: "/etc/foo"
#   readOnly: true

nodeSelector: {}

tolerations: []

affinity: {}