chartmuseum_enabled: true
chartmuseum_publish: false
chartmuseum_short_name: "charts"
chartmuseum_default_values:
  env:
    open:
      # storage backend, can be one of: local, alibaba, amazon, google, microsoft, oracle
      STORAGE: local
      # levels of nested repos for multitenancy. The default depth is 0 (singletenant server)
      DEPTH: 0
      # sets the base context path
      CONTEXT_PATH: /
      # show debug messages
      DEBUG: false
      # output structured logs as json
      LOG_JSON: true
      # disable use of index-cache.yaml
      DISABLE_STATEFILES: false
      # disable Prometheus metrics
      DISABLE_METRICS: true
      # disable all routes prefixed with /api
      DISABLE_API: false
      # allow chart versions to be re-uploaded
      ALLOW_OVERWRITE: true
      # allow anonymous GET operations when auth is used
      AUTH_ANONYMOUS_GET: true
    secret:
      # username for basic http authentication
      BASIC_AUTH_USER: "{{ chartmuseum_admin_login | default('admin') }}" 
      # password for basic http authentication
      BASIC_AUTH_PASS: "{{ chartmuseum_admin_pass | default(chartmuseum_admin_password) }}"
  
  persistence:
    enabled: true
    accessMode: "{{ chartmuseum_storage_mode | default('ReadWriteMany') }}"
    size: "{{ chartmuseum_size | default('10Gi') }}"
    labels: {}
    path: /storage
    storageClass: "{{ chartmuseum_storage | default('nfs-hdd') }}"
  
  ## Ingress for load balancer
  ingress:
    enabled: true
    annotations:
      cert-manager.io/cluster-issuer: "letsencrypt-prod"
      cert-manager.io/acme-dns01-provider: "rfc2136"
      cert-manager.io/acme-challenge-type: "dns01"
      kubernetes.io/ingress.class: "{{ external_ingress_class if chartmuseum_publish else internal_ingress_class }}"
      kubernetes.io/tls-acme: "true"
    hosts:
      - name: "{{ chartmuseum_short_name }}.{{ domain }}"
        path: /
        tls: true
        tlsSecret: "{{ chartmuseum_short_name }}.{{ domain }}-tls"

chartmuseum_readonly_ingress_definition: |
  apiVersion: extensions/v1beta1
  kind: Ingress
  metadata:
    annotations:
      cert-manager.io/acme-challenge-type: dns01
      cert-manager.io/acme-dns01-provider: rfc2136
      cert-manager.io/cluster-issuer: letsencrypt-prod
      kubernetes.io/ingress.class: "{{ external_ingress_class }}"
      nginx.ingress.kubernetes.io/proxy-body-size: "0"
      nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
      nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
      nginx.ingress.kubernetes.io/configuration-snippet: |-
        limit_except GET {
            deny all;
        }
    name: chartmuseum-public
    namespace: "{{ chartmuseum_namespace | default(namespace) }}"
  spec:
    rules:
    - host: "{{ chartmuseum_readonly_ingress }}"
      http:
        paths:
        - backend:
            serviceName: chartmuseum-chartmuseum
            servicePort: 8080
          path: /
    tls:
    - hosts:
      - "{{ chartmuseum_readonly_ingress }}"
      secretName: "{{ chartmuseum_readonly_ingress }}-tls"