image:
  repository: mauriceboe/trek
  tag: latest
  pullPolicy: IfNotPresent

# Optional image pull secrets for private registries
imagePullSecrets: []
  # - name: my-registry-secret

service:
  type: ClusterIP
  port: 3000

env:
  NODE_ENV: production
  PORT: 3000
  # ALLOWED_ORIGINS: ""
# NOTE: If using ingress, ensure env.ALLOWED_ORIGINS matches the domains in ingress.hosts for proper CORS configuration.


# Secret environment variables stored in a Kubernetes Secret
secretEnv:
  # JWT signing secret. Auto-generated and persisted to the data PVC if not set.
  JWT_SECRET: ""
  # At-rest encryption key for stored secrets (API keys, MFA, SMTP, OIDC, etc.).
  # Auto-generated and persisted to the data PVC if not set.
  # Upgrading from a version that used JWT_SECRET for encryption: set this to your
  # old JWT_SECRET value to keep existing encrypted data readable, then re-save
  # credentials via the admin panel and rotate to a fresh random key.
  ENCRYPTION_KEY: ""

# If true, random values for JWT_SECRET and ENCRYPTION_KEY are generated at install
# and preserved across upgrades (overrides secretEnv values)
generateJwtSecret: false

# If set, use an existing Kubernetes secret for JWT_SECRET (and optionally ENCRYPTION_KEY)
existingSecret: ""
existingSecretKey: JWT_SECRET

persistence:
  enabled: true
  data:
    size: 1Gi
  uploads:
    size: 1Gi

resources:
  requests:
    cpu: 100m
    memory: 256Mi
  limits:
    cpu: 500m
    memory: 512Mi

ingress:
  enabled: false
  annotations: {}
  hosts:
    - host: chart-example.local
      paths:
        - /
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local