# Default values for stellaops-findings-ledger

image:
  repository: stellaops/findings-ledger
  tag: "2025.11.0"
  pullPolicy: IfNotPresent

replicaCount: 1

service:
  type: ClusterIP
  port: 8080
  metricsPort: 9090

# Database configuration
database:
  # External PostgreSQL connection (preferred for production)
  # Set connectionStringSecret to use existing secret
  connectionStringSecret: ""
  connectionStringKey: "LEDGER__DB__CONNECTIONSTRING"
  # Or provide connection details directly (not recommended for prod)
  host: "postgres"
  port: 5432
  database: "findings_ledger"
  username: "ledger"
  # password via secret only

# Built-in PostgreSQL (dev/testing only)
postgresql:
  enabled: false
  auth:
    username: ledger
    database: findings_ledger

# Secrets configuration
secrets:
  # Name of secret containing sensitive values
  name: "findings-ledger-secrets"
  # Expected keys in secret:
  #   LEDGER__DB__CONNECTIONSTRING
  #   LEDGER__ATTACHMENTS__ENCRYPTIONKEY
  #   LEDGER__MERKLE__SIGNINGKEY (optional)

# Observability
observability:
  enabled: true
  otlpEndpoint: "http://otel-collector:4317"
  metricsEnabled: true

# Merkle anchoring
merkle:
  anchorInterval: "00:05:00"
  externalize: false
  # externalAnchorEndpoint: ""

# Attachments
attachments:
  maxSizeBytes: 104857600  # 100MB
  allowEgress: true
  # encryptionKey via secret

# Air-gap configuration
airgap:
  advisoryStaleThreshold: 604800   # 7 days
  vexStaleThreshold: 604800        # 7 days
  policyStaleThreshold: 86400      # 1 day

# Authority integration
authority:
  baseUrl: "http://authority:8080"

# Feature flags
features:
  enableAttachments: true
  enableAuditLog: true

# Resource limits
resources:
  requests:
    cpu: "500m"
    memory: "1Gi"
  limits:
    cpu: "2"
    memory: "4Gi"

# Probes
probes:
  readiness:
    path: /health/ready
    initialDelaySeconds: 10
    periodSeconds: 10
  liveness:
    path: /health/live
    initialDelaySeconds: 15
    periodSeconds: 20

# Pod configuration
nodeSelector: {}
tolerations: []
affinity: {}

# Extra environment variables
extraEnv: []
# - name: CUSTOM_VAR
#   value: "value"

extraEnvFrom: []
# - secretRef:
#     name: additional-secrets

# Migration job
migrations:
  enabled: true
  image:
    repository: stellaops/findings-ledger-migrations
    tag: "2025.11.0"
  resources:
    requests:
      cpu: "100m"
      memory: "256Mi"
    limits:
      cpu: "500m"
      memory: "512Mi"

# Service account
serviceAccount:
  create: true
  name: ""
  annotations: {}

# Pod security context
podSecurityContext:
  runAsNonRoot: true
  runAsUser: 1000
  fsGroup: 1000

# Container security context
securityContext:
  allowPrivilegeEscalation: false
  readOnlyRootFilesystem: true
  capabilities:
    drop:
      - ALL

# Ingress (optional)
ingress:
  enabled: false
  className: ""
  annotations: {}
  hosts: []
  tls: []