image:
  repository: mauriceboe/trek
  tag: latest
  pullPolicy: IfNotPresent

# Optional image pull secrets for private registries
imagePullSecrets: []
  # - name: my-registry-secret

service:
  type: ClusterIP
  port: 3000

env:
  NODE_ENV: production
  PORT: 3000
  # ALLOWED_ORIGINS: ""
  # NOTE: If using ingress, ensure env.ALLOWED_ORIGINS matches the domains in ingress.hosts for proper CORS configuration.
  # ALLOW_INTERNAL_NETWORK: "false"
  # Set to "true" if Immich or other integrated services are hosted on a private/RFC-1918 network address.
  # Loopback (127.x) and link-local/metadata addresses (169.254.x) are always blocked.


# Secret environment variables stored in a Kubernetes Secret.
# JWT_SECRET is managed entirely by the server (auto-generated into the data PVC,
# rotatable via the admin panel) — it is not configured here.
secretEnv:
  # At-rest encryption key for stored secrets (API keys, MFA, SMTP, OIDC, etc.).
  # Auto-generated and persisted to the data PVC if not set.
  # Upgrading from a version that used JWT_SECRET for encryption: set this to your
  # old JWT_SECRET value to keep existing encrypted data readable, then re-save
  # credentials via the admin panel and rotate to a fresh random key.
  ENCRYPTION_KEY: ""

# If true, a random ENCRYPTION_KEY is generated at install and preserved across upgrades
generateEncryptionKey: false

# If set, use an existing Kubernetes secret that contains ENCRYPTION_KEY
existingSecret: ""
existingSecretKey: ENCRYPTION_KEY

persistence:
  enabled: true
  data:
    size: 1Gi
  uploads:
    size: 1Gi

resources:
  requests:
    cpu: 100m
    memory: 256Mi
  limits:
    cpu: 500m
    memory: 512Mi

ingress:
  enabled: false
  annotations: {}
  hosts:
    - host: chart-example.local
      paths:
        - /
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local