#! Copyright 2020 the Pinniped contributors. All Rights Reserved.
#! SPDX-License-Identifier: Apache-2.0

#@data/values
---

app_name: pinniped-supervisor
namespace: pinniped-supervisor

#! Specify how many replicas of the Pinniped server to run.
replicas: 2

#! Specify either an image_digest or an image_tag. If both are given, only image_digest will be used.
image_repo: docker.io/getpinniped/pinniped-server
image_digest: #! e.g. sha256:f3c4fdfd3ef865d4b97a1fd295d94acc3f0c654c46b6f27ffad5cf80216903c8
image_tag: latest

#! Specifies a secret to be used when pulling the above container image.
#! Can be used when the above image_repo is a private registry.
#! Typically the value would be the output of: kubectl create secret docker-registry x --docker-server=https://example.io --docker-username="USERNAME" --docker-password="PASSWORD" --dry-run=client -o json | jq -r '.data[".dockerconfigjson"]'
#! Optional.
image_pull_dockerconfigjson: #! e.g. {"auths":{"https://registry.example.com":{"username":"USERNAME","password":"PASSWORD","auth":"BASE64_ENCODED_USERNAME_COLON_PASSWORD"}}}

#! Specifies the base URL used in the endpoint fields (e.g., authorization_endpoint, jwks_url, etc.)
#! of the OpenID Provider Metadata, as well as the value of the iss JWT claim that will be used by
#! this OIDC provider. Per the OIDC Discovery spec, this URL must use the HTTPS scheme. See
#! https://openid.net/specs/openid-connect-discovery-1_0.html#rfc.section.3.
issuer_url: #! e.g., https://auth.my-org.com