# Argo CD Helm Chart Values
# Includes Redis HA, Ingress for Traefik/cert-manager, and global Kustomize Helm support.

global:
  # Default domain (can be overridden in ingress)
  domain: ag.hexor.cy
  logging:
    format: text
    level: info

crds:
  install: true
  keep: true # Recommended to keep true so CRDs are not deleted on uninstall

configs:
  # Settings for argocd-cm ConfigMap
  cm:
    create: true
    # --- GLOBAL KUSTOMIZE OPTION ---
    # Enables --enable-helm flag for all Kustomize builds managed by this Argo CD instance
    kustomize.buildOptions: --enable-helm
    # ----------------------------------
    # Standard/recommended values:
    application.instanceLabelKey: argocd.argoproj.io/instance
    admin.enabled: true
    timeout.reconciliation: 180s
    # Add other necessary keys for argocd-cm here

  # Settings for argocd-rbac-cm ConfigMap
  rbac:
    create: true
    policy.default: ""
    # policy.csv: |
    #   p, role:org-admin, applications, *, */*, allow
    #   g, your-github-group, role:org-admin

  # Settings for argocd-secret Secret
  secret:
    createSecret: true
    # IMPORTANT: Set admin password hash below or manage the secret externally.
    # How to generate hash: htpasswd -nbBC 10 "" PASSWORD | tr -d ':\n' | sed 's/$2y/$2a/'
    argocdServerAdminPassword: "" # <--- SET BCRYPT HASH HERE OR MANAGE EXTERNALLY
    # Add other secrets like webhook secrets, OIDC client secrets etc. if needed
    # githubSecret: ""
    # gitlabSecret: ""

# Application Controller
controller:
  replicas: 1
  # Add resources (requests/limits), PDB etc. if needed

# Dex OIDC provider
dex:
  enabled: true # Keep enabled unless using external OIDC/SAML directly
  # Add resources, PDB etc. if needed

# Standard Redis disabled because Redis HA is enabled
redis:
  enabled: false

# Redis HA (replaces standard Redis)
redis-ha:
  enabled: true
  # Default settings usually work, including auth via 'argocd-redis' secret.
  # Assumes 'redisSecretInit' job is enabled (default) to create the secret.
  haproxy:
    enabled: true
  redis:
    config:
      # Disable Redis disk persistence for cache performance (Argo CD uses it as a cache)
      save: '""'

# Argo CD Server (API and UI)
server:
  replicas: 1

  # Ingress settings
  ingress:
    enabled: true
    hostname: ag.hexor.cy
    ingressClassName: nginx
    annotations:
      cert-manager.io/cluster-issuer: letsencrypt
      nginx.ingress.kubernetes.io/ssl-redirect: "true"
    tls: true
    extraTls:
      - hosts:
          - ag.hexor.cy
        secretName: argocd-server-tls
  certificate:
    enabled: true
    domain: ag.hexor.cy
    issuer:
      kind: ClusterIssuer
      name: letsencrypt

# Repository Server
repoServer:
  replicas: 1
  # Add resources (requests/limits), PDB etc. if needed

# ApplicationSet Controller
applicationSet:
  enabled: true # Enabled by default
  replicas: 1
  # Add resources (requests/limits), PDB etc. if needed

# Notifications Controller
notifications:
  enabled: true # Enabled by default
  # Add notifiers, triggers, templates configurations if needed