# coder -- Primary configuration for `coder server`.
coder:
  # coder.replicaCount -- The number of Kubernetes deployment replicas.
  # This should only be increased if High Availability is enabled.
  # This is an Enterprise feature. Contact sales@coder.com.
  replicaCount: 1

  # coder.image -- The image to use for Coder.
  image:
    # coder.image.repo -- The repository of the image.
    repo: "ghcr.io/coder/coder"
    # coder.image.tag -- The tag of the image, defaults to {{.Chart.AppVersion}}
    # if not set. If you're using the chart directly from git, the default
    # app version will not work and you'll need to set this value. The helm
    # chart helpfully fails quickly in this case.
    tag: ""
    # coder.image.pullPolicy -- The pull policy to use for the image. See:
    # https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
    pullPolicy: IfNotPresent
    # coder.image.pullSecrets -- The secrets used for pulling the Coder image from
    # a private registry.
    pullSecrets: []
    #  - name: "pull-secret"

  # coder.annotations -- The Deployment annotations. See:
  # https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  annotations: {}

  # coder.serviceAccount -- Configuration for the automatically created service
  # account. Creation of the service account cannot be disabled.
  serviceAccount:
    # coder.serviceAccount.workspacePerms -- Whether or not to grant the coder
    # service account permissions to manage workspaces. This includes
    # permission to manage pods and persistent volume claims in the deployment
    # namespace.
    #
    # It is recommended to keep this on if you are using Kubernetes templates
    # within Coder.
    workspacePerms: true
    # coder.serviceAccount.annotations -- The Coder service account annotations.
    annotations: {}

  # coder.env -- The environment variables to set for Coder. These can be used
  # to configure all aspects of `coder server`. Please see `coder server --help`
  # for information about what environment variables can be set.
  # Note: The following environment variables are set by default and cannot be
  # overridden:
  # - CODER_HTTP_ADDRESS: set to 0.0.0.0:8080 and cannot be changed.
  # - CODER_TLS_ADDRESS: set to 0.0.0.0:8443 if tls.secretName is not empty.
  # - CODER_TLS_ENABLE: set if tls.secretName is not empty.
  # - CODER_TLS_CERT_FILE: set if tls.secretName is not empty.
  # - CODER_TLS_KEY_FILE: set if tls.secretName is not empty.
  # - CODER_PROMETHEUS_ADDRESS: set to 0.0.0.0:6060 and cannot be changed.
  #   Prometheus must still be enabled by setting CODER_PROMETHEUS_ENABLE.
  env: []

  # coder.tls -- The TLS configuration for Coder.
  tls:
    # coder.tls.secretNames -- A list of TLS server certificate secrets to mount
    # into the Coder pod. The secrets should exist in the same namespace as the
    # Helm deployment and should be of type "kubernetes.io/tls". The secrets
    # will be automatically mounted into the pod if specified, and the correct
    # "CODER_TLS_*" environment variables will be set for you.
    secretNames: []

  # coder.resources -- The resources to request for Coder. These are optional
  # and are not set by default.
  resources:
    {}
    # limits:
    #   cpu: 100m
    #   memory: 128Mi
    # requests:
    #   cpu: 100m
    #   memory: 128Mi

  # coder.certs -- CA bundles to mount inside the Coder pod.
  certs:
    # coder.certs.secrets -- A list of CA bundle secrets to mount into the Coder
    # pod. The secrets should exist in the same namespace as the Helm
    # deployment.
    #
    # The given key in each secret is mounted at
    # `/etc/ssl/certs/{secret_name}.crt`.
    secrets:
      []
      # - name: "my-ca-bundle"
      #   key: "ca-bundle.crt"

  # coder.affinity -- Allows specifying an affinity rule for the `coder` deployment.
  # The default rule prefers to schedule coder pods on different
  # nodes, which is only applicable if coder.replicaCount is greater than 1.
  affinity:
    podAntiAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
        - podAffinityTerm:
            labelSelector:
              matchExpressions:
                - key: app.coder.com
                  operator: In
                  values:
                    - "true"
            topologyKey: kubernetes.io/hostname
          weight: 1

  # coder.tolerations -- Tolerations for tainted nodes.
  # See: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  tolerations:
    {}
    # - key: "key"
    #   operator: "Equal"
    #   value: "value"
    #   effect: "NoSchedule"

  # coder.nodeSelector -- Node labels for constraining coder pods to nodes.
  # See: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
  nodeSelector: {}
  #  kubernetes.io/os: linux

  # coder.service -- The Service object to expose for Coder.
  service:
    # coder.service.enable -- Whether to create the Service object.
    enable: true
    # coder.service.type -- The type of service to expose. See:
    # https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
    type: LoadBalancer
    # coder.service.sessionAffinity -- Must be set to ClientIP or None
    # AWS ELB does not support session stickiness based on ClientIP, so you must set this to None.
    # The error message you might see: "Unsupported load balancer affinity: ClientIP"
    # https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity
    sessionAffinity: ClientIP
    # coder.service.externalTrafficPolicy -- The external traffic policy to use.
    # You may need to change this to "Local" to preserve the source IP address
    # in some situations.
    # https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
    externalTrafficPolicy: Cluster
    # coder.service.loadBalancerIP -- The IP address of the LoadBalancer. If not
    # specified, a new IP will be generated each time the load balancer is
    # recreated. It is recommended to manually create a static IP address in
    # your cloud and specify it here in production to avoid accidental IP
    # address changes.
    loadBalancerIP: ""
    # coder.service.annotations -- The service annotations. See:
    # https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
    annotations: {}

  # coder.ingress -- The Ingress object to expose for Coder.
  ingress:
    # coder.ingress.enable -- Whether to create the Ingress object. If using an
    # Ingress, we recommend not specifying coder.tls.secretNames as the Ingress
    # will handle TLS termination.
    enable: false
    # coder.ingress.className -- The name of the Ingress class to use.
    className: ""
    # coder.ingress.host -- The hostname to match on.
    host: ""
    # coder.ingress.wildcardHost -- The wildcard hostname to match on. Should be
    # in the form "*.example.com" or "*-suffix.example.com". If you are using a
    # suffix after the wildcard, the suffix will be stripped from the created
    # ingress to ensure that it is a legal ingress host. Optional if not using
    # applications over subdomains.
    wildcardHost: ""
    # coder.ingress.annotations -- The ingress annotations.
    annotations: {}
    # coder.ingress.tls -- The TLS configuration to use for the Ingress.
    tls:
      # coder.ingress.tls.enable -- Whether to enable TLS on the Ingress.
      enable: false
      # coder.ingress.tls.secretName -- The name of the TLS secret to use.
      secretName: ""
      # coder.ingress.tls.wildcardSecretName -- The name of the TLS secret to
      # use for the wildcard host.
      wildcardSecretName: ""