policy-ui/ops/chart/values.yaml

controllers:
  main:
    enabled: true
    type: deployment
    replicas: 1
    containers:
      main:
        image:
          repository: gitea.corredorconect.com/software-engineering/policy-ui
          tag: "{{ $.Chart.AppVersion }}"
        env:
          - name: NODE_ENV
            value: "production"
          - name: PORT
            value: "3000"
          - name: HOST
            value: "0.0.0.0"
          - name: NUXT_TELEMETRY_DISABLED
            value: "1"
          - name: NUXT_PUBLIC_CUSTOMER_API_BASE
            value: "https://dev.api.corredorconect.com/customer/api/v1"
          - name: NUXT_PUBLIC_POLICY_API_BASE
            value: "https://dev.api.corredorconect.com/policy/api/v1"
          - name: NUXT_PUBLIC_PROVIDERS_API_BASE
            value: "https://dev.api.corredorconect.com/provider/api/v1"
          - name: NUXT_PUBLIC_WORKLOAD_API_BASE
            value: "https://dev.api.corredorconect.com/workload/api/v1"
          - name: NUXT_PUBLIC_DOCUMENT_API_BASE
            value: "https://dev.api.corredorconect.com/document/api/v1"
          - name: AUTH_ORIGIN
            value: https://dev.corredorconect.com/api/auth
          - name: NUXT_ZITADEL_DOMAIN
            value: https://id.corredorconect.com
          - name: NUXT_ZITADEL_CLIENT_ID
            valueFrom:
              secretKeyRef:
                name: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}-oidcapp-client-secret'
                key: clientId
          - name: NUXT_ZITADEL_PROJECT_ID
            valueFrom:
              secretKeyRef:
                name: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}-oidcapp-client-secret'
                key: projectId
          - name: NUXT_AUTH_SECRET
            valueFrom:
              secretKeyRef:
                name: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}-secrets'
                key: auth-secret
        ports:
          - name: http
            containerPort: 3000
        probes:
          liveness:
            enabled: true
            custom: true
            spec:
              httpGet:
                path: /
                port: 3000
              initialDelaySeconds: 30
              periodSeconds: 10
          readiness:
            enabled: true
            custom: true
            spec:
              httpGet:
                path: /
                port: 3000
              initialDelaySeconds: 5
              periodSeconds: 5

service:
  main:
    controller: main
    type: ClusterIP
    ports:
      http:
        port: 3000
        protocol: HTTP
        targetPort: http

ingress:
  main:
    enabled: false

rawResources:
  password-generator:
    enabled: true
    apiVersion: generators.external-secrets.io/v1alpha1
    kind: Password
    suffix: password-generator 
    spec:
      spec:
        length: 32
        noUpper: false
        allowRepeat: true
        secretKeys:
          - auth-secret

  external-secret:
    enabled: true
    apiVersion: external-secrets.io/v1
    kind: ExternalSecret
    suffix: secrets
    spec:
      spec:
        refreshInterval: 0s
        secretStoreRef:
          name: cluster-secrets-store
          kind: ClusterSecretStore
        target:
          name: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}-secrets'
          creationPolicy: Owner
        dataFrom:
          - sourceRef:
              generatorRef:
                apiVersion: generators.external-secrets.io/v1alpha1
                kind: Password
                name: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}-password-generator'
  oidcapp: 
    apiVersion: zitadel.github.com/v1alpha1
    kind: OIDCApp
    suffix: oidcapp
    spec:
      spec:
        oidcAppName: policy-ui
        projectRef:
          name: seguros-dev
          namespace: zitadel-resources-operator
        appType: OIDC_APP_TYPE_WEB
        authMethodType: OIDC_AUTH_METHOD_TYPE_NONE
        redirectUris:
          - https://dev.corredorconect.com/api/auth/callback/zitadel
        postLogoutRedirectUris:
          - https://dev.corredorconect.com/
        responseTypes:
          - OIDC_RESPONSE_TYPE_CODE
        grantTypes:
          - OIDC_GRANT_TYPE_AUTHORIZATION_CODE
        accessTokenRoleAssertion: true
        accessTokenType: OIDC_TOKEN_TYPE_JWT
        idTokenRoleAssertion: true
        idTokenUserinfoAssertion: true
        clockSkew: 5s
        devMode: false
        skipNativeAppSuccessPage: false