# Default values for crowdsec-chart.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

# -- for raw logs format: json or cri (docker|containerd)
container_runtime: containerd

image:
  # -- docker image repository name
  repository: crowdsecurity/crowdsec
  # -- pullPolicy
  pullPolicy: IfNotPresent
  # -- docker image tag
  tag: ""

# If you want to specify secrets that will be used for all your crowdsec-agents
# secrets can be provided be env variables
secrets:
  # -- agent username (default is generated randomly)
  username: ""
  # -- agent password (default is generated randomly)
  password: ""

# lapi will deploy pod with crowdsec lapi and dashboard as deployment
lapi:
  # -- environment variables from crowdsecurity/crowdsec docker image
  env: []
    # by default disable the agent because it only the local API.
    #- name: DISABLE_AGENT
    #  value: "true"
  dashboard:
    # -- Enable Metabase Dashboard (by default disabled)
    enabled: true
    image:
      # -- docker image repository name
      repository: loancrate/metabase
      # -- pullPolicy
      pullPolicy: IfNotPresent
      # -- docker image tag
      tag: "latest"
    # -- Metabase SQLite static DB containing Dashboards
    assetURL: https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/metabase_sqlite.zip

    # -- Enable ingress object
    ingress:
      enabled: false
      annotations:
        # metabase only supports http so we need this annotation
        nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
      # labels: {}
      ingressClassName: "nginx"
      host: "" # metabase.example.com
      # tls: {}

  resources:
    limits:
      memory: 100Mi
    requests:
      cpu: 150m
      memory: 100Mi
  # -- Enable persistent volumes
  persistentVolume:
    # -- Persistent volume for data folder. Stores e.g. registered bouncer api keys
    data:
      enabled: true
      accessModes:
        - ReadWriteOnce
      storageClassName: ""
      size: 1Gi
    # -- Persistent volume for config folder. Stores e.g. online api credentials
    config:
      enabled: true
      accessModes:
        - ReadWriteOnce
      storageClassName: ""
      size: 100Mi

  # -- nodeSelector for lapi
  nodeSelector: {}
  # -- tolerations for lapi
  tolerations: {}

  # -- Enable service monitoring (exposes "metrics" port "6060" for Prometheus)
  metrics:
    enabled: false
    # -- Creates a ServiceMonitor so Prometheus will monitor this service
    # -- Prometheus needs to be configured to watch on all namespaces for ServiceMonitors
    # -- See the documentation: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack#prometheusioscrape
    # -- See also: https://github.com/prometheus-community/helm-charts/issues/106#issuecomment-700847774
    serviceMonitor:
      enabled: false

  strategy:
    type: RollingUpdate

# agent will deploy pod on every node as daemonSet to read wanted pods logs
agent:
  acquisition:
    # -- Specify each pod you want to process it logs (namespace, podName and program)
    - namespace: kube-system
      # -- to select pod logs to process
      podName: nginx-nginx-ingress-*
      # -- program name related to specific parser you will use (see https://hub.crowdsec.net/author/crowdsecurity/configurations/docker-logs)
      program: nginx
  resources:
    limits:
      memory: 100Mi
    requests:
      cpu: 150m
      memory: 100Mi
  # -- Enable persistent volumes
  persistentVolume:
    # -- Persistent volume for config folder. Stores local config (parsers, scenarios etc.)
    config:
      enabled: true
      accessModes:
        - ReadWriteOnce
      storageClassName: ""
      size: 100Mi
  # -- environment variables from crowdsecurity/crowdsec docker image
  env: []
    # by default we the docker-logs parser to be able to parse docker logs in k8s
    # by default we disable local API on the agent pod
    # - name: SCENARIOS
    #   value: "scenario/name otherScenario/name"
    # - name: PARSERS
    #   value: "parser/name otherParser/name"
    # - name: POSTOVERFLOWS
    #   value: "postoverflow/name otherPostoverflow/name"
    # - name: CONFIG_FILE
    #   value: "/etc/crowdsec/config.yaml"
    # - name: DSN
    #   value: "file:///var/log/toto.log"
    # - name: TYPE
    #   value: "Labels.type_for_time-machine_mode"
    # - name: TEST_MODE
    #   value: "false"
    # - name: TZ
    #   value: ""
    # - name: DISABLE_AGENT
    #   value: "false"
    # - name: DISABLE_ONLINE_API
    #   value: "false"
    # - name: LEVEL_TRACE
    #   value: "false"
    # - name: LEVEL_DEBUG
    #   value: "false"
    # - name: LEVEL_INFO
    #   value: "false"

  # -- nodeSelector for agent
  nodeSelector: {}
  # -- tolerations for agent
  tolerations: {}

  # -- Enable service monitoring (exposes "metrics" port "6060" for Prometheus)
  metrics:
    enabled: false
    # -- Creates a ServiceMonitor so Prometheus will monitor this service
    # -- Prometheus needs to be configured to watch on all namespaces for ServiceMonitors
    # -- See the documentation: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack#prometheusioscrape
    # -- See also: https://github.com/prometheus-community/helm-charts/issues/106#issuecomment-700847774
    serviceMonitor:
      enabled: false

  # -- wait-for-lapi init container
  wait_for_lapi:
    image:
      # -- docker image repository name
      repository: busybox
      # -- pullPolicy
      pullPolicy: IfNotPresent
      # -- docker image tag
      tag: "1.28"

#service: {}