# Default values for garage.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

# -- Additional labels to add to all resources created by this chart
commonLabels: {}
#   app.kubernetes.io/part-of: storage
#   team: platform

# Garage configuration. These values go to garage.toml
garage:
  # -- Can be changed for better performance on certain systems
  # https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#db_engine
  dbEngine: "lmdb"

  # -- Defaults is 1MB
  # An increase can result in better performance in certain scenarios
  # https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#block_size
  blockSize: "1048576"

  # -- Single-node cluster
  # https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#replication_factor
  replicationFactor: "1"

  # -- By default, enable read-after-write consistency guarantees, see the consistency_mode section at
  # https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#consistency_mode
  consistencyMode: "consistent"

  # -- zstd compression level of stored blocks
  # https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#compression_level
  compressionLevel: "1"

  # -- If this value is set, Garage will automatically take a snapshot of the metadata DB file at a regular interval and save it in the metadata directory.
  # https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#metadata_auto_snapshot_interval
  metadataAutoSnapshotInterval: ""

  rpcBindAddr: "[::]:3901"
  # -- If not given, a random secret will be generated and stored in a Secret object
  rpcSecret: ""
  # -- If you want to provide an rpcSecret within an existing k8s secret,
  # specify the secret name here, and store the value under the secret key `rpcSecret`
  # the default secret will not be created
  existingRpcSecret: ""
  # -- This is not required if you use the integrated kubernetes discovery
  bootstrapPeers: []
  # -- Set to true if you want to use k8s discovery but install the CRDs manually outside
  # of the helm chart, for example if you operate at namespace level without cluster resources
  kubernetesSkipCrd: false
  s3:
    api:
      region: "garage"
      rootDomain: ".s3.immich-ad.ovh"
    web:
      rootDomain: ".web.immich-ad.ovh"
      index: "index.html"

  # -- Additional configuration to append to garage.toml. Use a multi-line string for custom config.
  # Example:
  #  additionalTopLevelConfig: |-
  #    data_fsync = true
  additionalTopLevelConfig: ""

  # -- if not empty string, allow using an existing ConfigMap for the garage.toml,
  # if set, ignores garage.toml
  existingConfigMap: ""

  # -- String Template for the garage configuration
  # if set, ignores above values.
  # Values can be templated,
  # see https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/
  garageTomlString: ""

# Data persistence
persistence:
  enabled: true
  meta:
    storageClass: "local-storage"
    size: 1Gi
    # used only for daemon sets
    hostPath: /var/lib/garage/meta
  data:
    storageClass: "local-storage"
    size: 50Gi
    # used only for daemon sets
    hostPath: /var/lib/garage/data

# Deployment configuration
deployment:
  # -- Switchable to DaemonSet
  kind: StatefulSet
  # -- Single-node cluster
  replicaCount: 1
  # -- If using statefulset, allow Parallel or OrderedReady (default)
  podManagementPolicy: OrderedReady

image:
  # -- arm64 image for Raspberry Pi
  repository: dxflrs/arm64_garage
  # -- set the image tag, please prefer using the chart version and not this
  # to avoid compatibility issues
  tag: ""
  pullPolicy: IfNotPresent

initImage:
  repository: busybox
  tag: stable
  pullPolicy: IfNotPresent

# -- set if you need credentials to pull your custom image
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""

serviceAccount:
  # -- Specifies whether a service account should be created
  create: true
  # -- Annotations to add to the service account
  annotations: {}
  # -- The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""

# -- additional pod annotations
podAnnotations: {}

podSecurityContext:
  runAsUser: 1000
  runAsGroup: 1000
  fsGroup: 1000
  fsGroupChangePolicy: "OnRootMismatch"
  runAsNonRoot: true

securityContext:
  # -- The default security context is heavily restricted,
  # feel free to tune it to your requirements
  capabilities:
    drop:
      - ALL
  readOnlyRootFilesystem: true

service:
  # -- You can rely on any service to expose your cluster
  # - ClusterIP (+ Ingress)
  # - NodePort (+ Ingress)
  # - LoadBalancer
  type: ClusterIP
  # -- Annotations to add to the service
  annotations: {}
  s3:
    api:
      port: 3900
    web:
      port: 3902
    # NOTE: the admin API is excluded for now as it is not consistent across nodes

ingress:
  s3:
    api:
      enabled: true
      className: "traefik"
      annotations:
        cert-manager.io/cluster-issuer: "letsencrypt-prod"
        traefik.ingress.kubernetes.io/router.entrypoints: websecure
      labels: {}
      hosts:
        # -- garage S3 API endpoint, path-style access
        - host: "s3.immich-ad.ovh"
          paths:
            - path: /
              pathType: Prefix
        # Virtual-hosted-style (*.s3.immich-ad.ovh) requires DNS-01 — omitted
      tls:
        - secretName: garage-s3-tls
          hosts:
            - s3.immich-ad.ovh
    web:
      enabled: true
      className: "traefik"
      annotations:
        cert-manager.io/cluster-issuer: "letsencrypt-prod"
        traefik.ingress.kubernetes.io/router.entrypoints: websecure
      labels: {}
      hosts:
       - host: "*.web.immich-ad.ovh"
         paths:
           - path: /
             pathType: Prefix
      tls: []

resources:
  limits:
    cpu: 500m
    memory: 512Mi
  requests:
    cpu: 100m
    memory: 256Mi

# -- Specifies a livenessProbe
# NOTE: disabled — /health returns 503 until garage layout is initialized.
# Re-enable after running: garage layout assign + garage layout apply
livenessProbe: {}
  # httpGet:
  #   path: /health
  #   port: 3903
  # initialDelaySeconds: 10
  # periodSeconds: 30
# -- Specifies a readinessProbe
readinessProbe:  {}
  # httpGet:
  #   path: /health
  #   port: 3903
  # initialDelaySeconds: 5
  # periodSeconds: 30
  # failureThreshold: 3

nodeSelector: {}

tolerations: []

affinity: {}

# -- Optional priority class name to assign to the pods.
# See https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/
priorityClassName: ""

environment: {}

extraVolumes: {}

extraVolumeMounts: {}

monitoring:
  metrics:
    # -- If true, a service for monitoring is created with a prometheus.io/scrape annotation
    enabled: false
    serviceMonitor:
      # -- If true, a ServiceMonitor CRD is created for a prometheus operator
      # https://github.com/coreos/prometheus-operator
      enabled: false
      path: /metrics
      #  namespace: monitoring  (defaults to use the namespace this chart is deployed to)
      labels: {}
      interval: 15s
      scheme: http
      tlsConfig: {}
      scrapeTimeout: 10s
      relabelings: []
  tracing:
    # -- specify a sink endpoint for OpenTelemetry Traces, eg. `http://localhost:4317`
    sink: ""