# Default values for citrix-cpx-with-ingress-controller.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

# Citrix ADC CPX config details
imageRegistry: quay.io
imageRepository: citrix/citrix-k8s-cpx-ingress
imageTag: 13.1-49.13
image: "{{ .Values.imageRegistry }}/{{ .Values.imageRepository }}:{{ .Values.imageTag }}"
pullPolicy: IfNotPresent
imagePullSecrets: []
daemonSet: False
nameOverride: ""
replicaCount: 1
fullnameOverride: ""
mgmtHttpPort: 9080
mgmtHttpsPort: 9443
openshift: false
nsHTTP2ServerSide: "OFF"
nsCookieVersion: "0"
nsConfigDnsRec:
nsSvcLbDnsRec:
nsDnsNameserver:
optimizeEndpointBinding:
routeLabels:
namespaceLabels:

# Service Type LoadBalancer and ingress support  with CPX through BGP advertisement
# If you enable this, CPX is run as DaemonSet. Please edit the bgpSettings for configuring
# BGP neighbors for propgation of external IPs.
cpxBgpRouter: false

# If cpxBgpRouter is true, then this is the NSIP used by CPX for internal communication
nsIP: 192.168.1.2

# If cpxBgpRouter is true, then this is the Gateway used by CPX for internal communication
nsGateway: 192.168.1.1

# Protocol used for communication between Citrix Ingress Controller sidecar and Citrix CPX
nsProtocol: http

# External IP for ingress resource when bgpRouter is set to True
ingressIP:

# If IPAM controller is used for auto allocation of the external IP for service of type LoadBalancer, set this option to true
ipam: False

# Enable RBAC role (so called local role), by default CIC deployed with ClusterRole.
# below variable to deploy CIC with RBAC role, only ingress service supported with this config
rbacRole: False

# API server Cert verification can be disabled, while communicating with API Server, if disableAPIServerCertVerify set to True
disableAPIServerCertVerify: False

cpxLicenseAggregator: 

sslCertManagedByAWS: False

nodeSelector:
  key:
  value:
tolerations: []

serviceType:
  loadBalancer:
    enabled: False
  nodePort:
    enabled: False
    httpPort:
    httpsPort:

serviceAnnotations: {}

serviceSpec:
  externalTrafficPolicy: "Cluster"
  loadBalancerIP:
  loadBalancerSourceRanges: []

servicePorts: []

# Citrix Ingress Controller config details
cic:
  imageRegistry: quay.io
  imageRepository: citrix/citrix-k8s-ingress-controller
  imageTag: 1.35.6
  image: "{{ .Values.cic.imageRegistry }}/{{ .Values.cic.imageRepository }}:{{ .Values.cic.imageTag }}"
  pullPolicy: IfNotPresent
  required: true
  resources:
    requests:
      cpu: 32m
      memory: 128Mi
    # Following values depends on no of ingresses configured by Ingress Controllers, so it is
    # advised to test with maximum no of ingresses to set these values.
    # limits:
    #   cpu: 1000m
    #   memory: 1000Mi
    limits: {}
    # Following values depends on no of ingresses configured by Ingress Controllers, so it is
    # advised to test with maximum no of ingresses to set these values.
    # limits:
    #   cpu: 1000m
    #   memory: 1000Mi

entityPrefix:
license:
  accept: no
ingressClass:
setAsDefaultIngressClass: False
# nitroReadTimeout is timeout value in seconds for nitro api read timeout(default is 20)
nitroReadTimeout:
logLevel: INFO
jsonLog: false 
defaultSSLCertSecret:
updateIngressStatus: False
logProxy:
kubernetesURL:
disableOpenshiftRoutes:
profileSslFrontend: {}
  # preconfigured: my_ssl_profile
  #  OR
  # config:
  #   tls13: 'ENABLED'
  #   hsts: 'ENABLED'
profileHttpFrontend: {}
  # preconfigured: my_http_profile
  #  OR
  # config:
  #   dropinvalreqs: 'ENABLED'
  #   websocket: 'ENABLED'
profileTcpFrontend: {}
  # preconfigured: my_tcp_profile
  #  OR
  # config:
  #   sack: 'ENABLED'
  #   nagle: 'ENABLED'


# Citrix ADM/License Server config details
ADMSettings:
  licenseServerIP:
  licenseServerPort: 27000
  ADMIP:
  loginSecret:
  bandWidthLicense: false
  bandWidth: 1000 #bandwidth value shoule be in Mbps
  vCPULicense: false
  cpxCores:
  licenseEdition: PLATINUM

# Exporter config details
exporter:
  required: false
  imageRegistry: quay.io
  imageRepository: citrix/citrix-adc-metrics-exporter
  imageTag: 1.4.9
  image: "{{ .Values.exporter.imageRegistry }}/{{ .Values.exporter.imageRepository }}:{{ .Values.exporter.imageTag }}"
  pullPolicy: IfNotPresent
  ports:
    containerPort: 8888
  resources: {}
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #   cpu: 100m
    #   memory: 128Mi
    # requests:
    #   cpu: 100m
    #   memory: 128Mi
  serviceMonitorExtraLabels: {}

# For CRDs supported by Citrix Ingress Controller
crds:
  install: false
  retainOnDelete: false

# Config required to be done by Citrix Ingress Controller for sending metrics to Citrix Observability Exporter
analyticsConfig:
  required: false
  distributedTracing:
    enable: false
    samplingrate: 100
  endpoint:
    server:
    service:
  timeseries:
    port: 5563
    metrics:
      enable: false
      mode: 'avro'
    auditlogs:
      enable: false
    events:
      enable: false
  transactions:
    enable: false
    port: 5557

# BGP configurations: local AS, remote AS and remote address is mandatory to provide. Please do the approrpiate changes with respect to your environment
bgpSettings:
  # When bgpConfig is configured correctly, set the required to true for the configuration to be applied.
  required: false
  bgpConfig:
  - bgpRouter:
      # Local AS number for BGP advertisement
      localAS: 100
      neighbor:
        # Address of the nighbor router for BGP advertisement
      - address:
        # Remote AS number
        remoteAS: 100
        advertisementInterval: 10
        ASOriginationInterval: 10

bgpPort: 

nsLbHashAlgo:
  required: false
  hashFingers: 256
  hashAlgorithm: 'DEFAULT'

# Specifies whether a ServiceAccount should be created
serviceAccount:
  create: true
  # The name of the ServiceAccount to use.
  # If not set and `create` is true, a name is generated using the fullname template
  # name:

podAnnotations: {}
# This is the resource for CPX container.
resources:
  requests:
     cpu: 128m
     memory: 500Mi
  limits: {}
  # limits:
  #   cpu: 500m
  #   memory: 512Mi

affinity: {}

# cpxCommands: to provide global config to be applied in CPX. The commands will be executed in order. For e.g.
# add rewrite action rw_act_x_forwarded_proto insert_http_header X-Forwarded-Proto "\"https\""
# add rewrite policy rw_pol_x_forwarded_proto CLIENT.SSL.IS_SSL rw_act_x_forwarded_proto
# bind rewrite global rw_pol_x_forwarded_proto 10 -type REQ_OVERRIDE
cpxCommands: |
  

# cpxShellCommands: to provide commands that need to be executed in shell of CPX. For e.g.
# touch /etc/a.txt
# echo "this is a" > /etc/a.txt
# echo "this is the file" >> /etc/a.txt
# ls >> /etc/a.txt
cpxShellCommands: |