# Default values for moh-app.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

replicaCount: 3

image:
  repository: qwen-hack-moh
  pullPolicy: IfNotPresent
  # Overrides the image tag whose default is the chart appVersion.
  tag: ""

imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""

serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""

podAnnotations: {}

podSecurityContext: {}
  # fsGroup: 2000

securityContext: {}
  # capabilities:
  #   drop:
  #   - ALL
  # readOnlyRootFilesystem: true
  # runAsNonRoot: true
  # runAsUser: 1000

service:
  type: ClusterIP
  port: 80

ingress:
  enabled: true
  className: ""
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    nginx.ingress.kubernetes.io/rate-limit: "100"
    nginx.ingress.kubernetes.io/rate-limit-window: "1m"
  hosts:
    - host: merchantsofhope.org
      paths:
        - path: /
          pathType: Prefix
    - host: api.merchantsofhope.org
      paths:
        - path: /
          pathType: Prefix
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local

resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi

autoscaling:
  enabled: false
  minReplicas: 1
  maxReplicas: 100
  targetCPUUtilizationPercentage: 80
  # targetMemoryUtilizationPercentage: 80

nodeSelector: {}

tolerations: []

affinity: {}

# Application-specific configuration
config:
  APP_NAME: "MerchantsOfHope"
  APP_VERSION: "0.1.0"
  APP_ENV: "production"
  DEBUG: "false"
  TIMEZONE: "UTC"
  DB_HOST: "moh-postgres.merchantsofhope.svc.cluster.local"
  DB_NAME: "moh"
  DB_PORT: "5432"
  JWT_SECRET: "changeme-in-production"
  TENANT_ISOLATION_ENABLED: "true"
  ACCESSIBILITY_ENABLED: "true"
  GDPR_COMPLIANCE_ENABLED: "true"
  PCI_DSS_COMPLIANCE_ENABLED: "true"
  FRONTEND_URL: "https://merchantsofhope.org"
  APP_URL: "https://api.merchantsofhope.org"

secrets:
  # These should be properly base64 encoded in production
  DB_USER: "bW9oX3VzZXI="
  DB_PASS: "bW9oX3Bhc3N3b3Jk"
  GOOGLE_CLIENT_ID: ""
  GOOGLE_CLIENT_SECRET: ""
  GITHUB_CLIENT_ID: ""
  GITHUB_CLIENT_SECRET: ""
  MAIL_USERNAME: ""
  MAIL_PASSWORD: ""
  JWT_SECRET: ""