# admin-platform-v3 — Tower platform default values.

backend:
  enabled: true
  image:
    # Tower images live alongside the Docker Hub mirror on
    # gitlab.odoosky.cloud — separate path, same registry. Pulled with
    # the docker-mirror-pull deploy token (read-only registry scope),
    # so every cluster that runs Tower needs the same imagePullSecret
    # provisioned out-of-band (until cluster-platform-v3 owns it).
    repository: registry.odoosky.cloud/odoosky/docker-mirror/tower
    tag: "0.76.49"
    pullPolicy: IfNotPresent
  imagePullSecrets:
    - name: docker-mirror-pull
  replicas: 1
  resources:
    requests:
      cpu: 50m
      memory: 128Mi
    limits:
      cpu: "1"
      memory: 4Gi
  persistence:
    enabled: true
    size: 1Gi

frontend:
  enabled: true
  image:
    repository: registry.odoosky.cloud/odoosky/docker-mirror/tower-ui
    tag: "0.76.33"
    pullPolicy: IfNotPresent
  imagePullSecrets:
    - name: docker-mirror-pull
  replicas: 1
  resources:
    requests:
      cpu: 10m
      memory: 16Mi
    limits:
      cpu: 250m
      memory: 128Mi

# Tower needs to talk to:
#   - Gitea (create tenant repos, commit values.yaml)
#   - ArgoCD (apply Application manifests)
#
# The credentials live in a K8s Secret in the same namespace, populated
# from the ExistingSecret pattern (so they aren't checked into Git).
# In Step 5+ we replace this with External Secrets sourcing from
# OpenBao at vault.odoosky.org.
config:
  giteaURL: https://git.odoosky.org
  giteaOrg: odoo-tower
  chartRepo: instance-template-v3
  argoCDURL: https://argocd.odoosky.org
  argoCDUsername: admin
  argoCDDestination: https://kubernetes.default.svc
  argoCDProject: default
  argoCDNamespace: argocd
  tenantNamespace: tenants
  # The Secret name (in the same namespace as Tower) that holds
  # GITEA_TOKEN and ARGOCD_PASSWORD keys. Created out-of-band before
  # this chart is applied.
  existingSecret: tower-credentials

ingress:
  domain: tower.odoosky.org
  certIssuer: letsencrypt-prod
  entryPoint: websecure