---

k8s_prometheus_helm__name: "prometheus"
k8s_ingress_helm__release_namespace: "ingress"

k8s_ingress_helm__release_values:
  controller:
    replicaCount: 3
    config:
      compute-full-forwarded-for: "true"
      ssl-ciphers: "EECDH+AESGCM:EDH+AESGCM"
      ssl-protocols: "TLSv1.3"
      ssl-redirect: false
      use-forwarded-headers: "true"
      use-proxy-protocol: "true"
      whitelist-source-range: "{{ ( ip_whitelist + ip_whitelist_admins ) | join(',') }}"
    service:
      externalTrafficPolicy: Local
      healthCheckNodePort: &healthchecknodeport 31066
      nodePorts:
        http: &httpnodeport 30473
        https: 30474
      annotations:
        load-balancer.hetzner.cloud/type: "lb11"
        load-balancer.hetzner.cloud/location: nbg1
        load-balancer.hetzner.cloud/name: "{{ stage }}-ingress"
        load-balancer.hetzner.cloud/disable-public-network: false
        load-balancer.hetzner.cloud/disable-private-ingress: true
        load-balancer.hetzner.cloud/use-private-ip: true
        load-balancer.hetzner.cloud/uses-proxyprotocol: true
        load-balancer.hetzner.cloud/health-check-interval: "3s"
        load-balancer.hetzner.cloud/health-check-timeout: "1s"
        load-balancer.hetzner.cloud/health-check-retries: 3
        load-balancer.hetzner.cloud/health-check-protocol: "tcp"
        load-balancer.hetzner.cloud/health-check-port: *httpnodeport
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
        namespace: "{{ k8s_ingress_helm__release_namespace }}"
        additionalLabels:
          release: "{{ k8s_prometheus_helm__name }}"
  defaultBackend:
    enabled: true

# TODO automate installation of nginx ingress grafana dashboard 9614