# This is a YAML_formatted file.
# Declare variables to be passed into your templates.
######################################################

# Namespace vars
namespace:
  name: seleniumgridpoc
  labels:
    environment: sbx
    contactName: MSM
    adGroup: AZ_Cld3_LOB_SANDBOX_seleniumgridpoc_SBX
    type: application
    dri: msm
    #istioInjection: disabled
    istio-injection: disabled

# Calico template vars
# calico:
#   flags:
#     allInNamespaceEnabled: false
#     allowCalicoToNonCalico: false
#     allowCalicoExternalIngressEgress: false
#     allowCalicoExternalHttpsEgress: false
#     allowRoleIngress: false
#   allowInNamespace:
#     namespace: seleniumgridpoc
#     ingress:
#       - projectcalico.org/name in {'seleniumgridpoc'}
#     egress:
#       - projectcalico.org/name in {'seleniumgridpoc'}

# Istio template vars
istio:
  # enable flags can be used to turn on or off specific istio features
  flags:
    authorizationPolicyEnabled: truecompany
    gatewayEnabled: true
    peerAuthenticationEnabled: true # <- jetstack recommended this be a global policy
    authorizationPolicyAllowNothingEnabled: true
    firstIndexPortDomainName: seleniumgrid-sbx.company.com
    authorizationPolicyAllowIsolationIngressGatewayServiceAcct: true
    authorizationPolicyAllowNamespaceScoped: false


  # istioAuthorizationPolicy vars
  authPolicy:
    namespace: seleniumgridpoc
    # DO NOT REMOVE "istio-system" until policies have been updated
    allNameSpaces:
      - "istio-system"
      - "argocd"
      - "seleniumgridpoc"
    principals: 
      - "cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account"
      - "cluster.local/ns/istio-system/sa/istio-eastwestgateway-service-account"
      - "cluster.local/ns/seleniumgridpoc/sa/seleniumgridpoc-svc-account"
  # istioGateway vars
  gateway:
    namespace: seleniumgridpoc
    serverPorts:
      - number: 443
        name: https
        protocol: https
        tlsEnabled: true
        appTopLevelDomains: 
          - seleniumgrid-sbx.company.com
      - number: 80
        name: http
        protocol: http
        tlsEnabled: false
        appTopLevelDomains: 
          - seleniumgrid-sbx.company.com
      - number: 4444
        name: http_4444
        protocol: http
        tlsEnabled: false
        appTopLevelDomains: 
          - seleniumgrid-sbx.company.com
  istioIpBlocks:
    - <{istio_ip_blocks}>
  peerAuthentication:
    namespace: seleniumgridpoc

# Rolebinding vars
rolebinding:
  namespace: seleniumgridpoc
  techAdminAadObj: 75670ebd-xxx-4ed6-9b17-xxx
  contributorAadObj: 75670ebd-xxx-4ed6-9b17-xxx

# Vault/cert-manager vars
certManager:
  namespace: seleniumgridpoc
  certManagerEnabled: false
  vault:
    kubernetesRole: seleniumgridpoc.appsvc047068-kubernetes-role
    clusterName: sandbox-general-eastus2-sbx
    token: vault-auth-token-7tcg9
    endpoint: https://pry-sbx-azure3-eastus2.vault.company.com
    mountPath: /v1/nssandbox/auth/kubernetes/sandbox-general-eastus2-sbx
    path: /nssandbox/pki/company-internal/sign/seleniumgridpoc.appsvc047068
    publicPem: XYZ

# Certificate vars
certificate:
  certificateEnabled: false
  certCommonName: seleniumgrid-sbx.company.com
  namespace: seleniumgridpoc
  dnsNames:
    - seleniumgrid-sbx.company.com

# Docker config vars
imgPullSecret:
  namespace: seleniumgridpoc
  dockerconfigjson: XYZ

# Service Account vars
serviceAccount:
  namespace: seleniumgridpoc

# Service Account Secret vars
serviceAccountSecret:
  namespace: seleniumgridpoc