---
deployment_type: awx
kind: 'AWX'
api_version: '{{ deployment_type }}.ansible.com/v1beta1'

database_name: "{{ deployment_type }}"
database_username: "{{ deployment_type }}"

task_privileged: false
service_type: ClusterIP
ingress_type: none
ingress_class_name: ''
ingress_path: '/'
ingress_path_type: 'Prefix'
ingress_api_version: 'networking.k8s.io/v1'
api_urlpattern_prefix: ''
# Add annotations to the service account. Specify as literal block. E.g.:
# service_account_annotations: |
#   eks.amazonaws.com/role-arn: arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>
service_account_annotations: ''

# Custom labels for the tower service. Specify as literal block. E.g.:
# service_labels: |
#   environment: non-production
#   zone: internal
service_labels: ''

# Add annotations to the ingress. Specify as literal block. E.g.:
# ingress_annotations: |
#   kubernetes.io/ingress.class: nginx
#   nginx.ingress.kubernetes.io/proxy-connect-timeout: 60s
ingress_annotations: ''

# TLS secret for the ingress. The secret either has to exist before hand with
# the corresponding cert and key or just be an indicator for where an automated
# process like cert-manager (enabled via annotations) will store the TLS
# certificate and key.
ingress_tls_secret: ''

# Special configuration for specific Ingress Controllers. E.g.:
# ingress_controller: contour
ingress_controller: ''

# One or multiple FQDN with optional Secret that contains the TLS information.
# The TLS secret either has to exist before hand with
# the corresponding cert and key or just be an indicator for where an automated
# process like cert-manager (enabled via annotations) will store the TLS
# certificate and key.
# ingress_hosts:
#   - hostname: awx-demo.example.com
#     tls_secret: example-com-tls
ingress_hosts: ''

loadbalancer_protocol: 'http'
loadbalancer_port: '80'
loadbalancer_class: ''
service_annotations: ''

# Port to be used for NodePort configuration, default is to auto-assign a port between 30000-32768
# nodeport_port: '30080'

# The TLS termination mechanism to use to access
# the services. Supported mechanism are: edge, passthrough
#
route_tls_termination_mechanism: edge

# Secret to lookup that provide the TLS specific
# credentials to deploy
#
route_tls_secret: ''

# Route API Version to support older version
# of the kubernetes services
route_api_version: 'route.openshift.io/v1'

# Host to create the root with.
# If not specific will default to <instance-name>-<namespace>-<routerCanonicalHostname>
#
route_host: ''

hostname: ''

# Add a nodeSelector for the AWX pods. It must match a node's labels for the pod
# to be scheduled on that node. Specify as literal block. E.g.:
# node_selector: |
#   kubernetes.io/arch: amd64
#   kubernetes.io/os: linux
node_selector: ''

# Add a nodeSelector for the AWX pods. It must match a node's labels for the pod
# to be scheduled on that node. Specify as literal block. E.g.:
# node_selector: |
#   kubernetes.io/arch: amd64
#   kubernetes.io/os: linux
web_node_selector: ''

# Add a nodeSelector for the AWX pods. It must match a node's labels for the pod
# to be scheduled on that node. Specify as literal block. E.g.:
# node_selector: |
#   kubernetes.io/arch: amd64
#   kubernetes.io/os: linux
task_node_selector: ''

# Add a topologySpreadConstraints for the AWX pods.
# Specify as literal block. E.g.:
# topology_spread_constraints: |
#   - maxSkew: 100
#     topologyKey: "topology.kubernetes.io/zone"
#     whenUnsatisfiable: "ScheduleAnyway"
#     labelSelector:
#       matchLabels:
#         app.kubernetes.io/name: "<resourcename>"
topology_spread_constraints: ''

# Add a topologySpreadConstraints for the task pods.
# Specify as literal block. E.g.:
# task_topology_spread_constraints: |
#   - maxSkew: 100
#     topologyKey: "topology.kubernetes.io/zone"
#     whenUnsatisfiable: "ScheduleAnyway"
#     labelSelector:
#       matchLabels:
#         app.kubernetes.io/name: "<resourcename>"
task_topology_spread_constraints: ''

# Add a topologySpreadConstraints for the web pods.
# Specify as literal block. E.g.:
# web_topology_spread_constraints: |
#   - maxSkew: 100
#     topologyKey: "topology.kubernetes.io/zone"
#     whenUnsatisfiable: "ScheduleAnyway"
#     labelSelector:
#       matchLabels:
#         app.kubernetes.io/name: "<resourcename>"
web_topology_spread_constraints: ''

# Add node tolerations for the AWX pods. Specify as literal block. E.g.:
# tolerations: |
#   - key: "dedicated"
#     operator: "Equal"
#     value: "AWX"
#     effect: "NoSchedule"
tolerations: ''

# Add node tolerations for the task pods. Specify as literal block. E.g.:
# task_tolerations: |
#   - key: "dedicated"
#     operator: "Equal"
#     value: "AWXtask"
#     effect: "NoSchedule"
task_tolerations: ''

# Add node tolerations for the web pods. Specify as literal block. E.g.:
# web_tolerations: |
#   - key: "dedicated"
#     operator: "Equal"
#     value: "AWXweb"
#     effect: "NoSchedule"
web_tolerations: ''

# Add affinities for all pods
#  affinity:
#    nodeAffinity:
#      requiredDuringSchedulingIgnoredDuringExecution:
#        nodeSelectorTerms:
#        - matchExpressions:
#          - key: app.kubernetes.io/component
#            operator: In
#            values:
#            - awx
affinity: {}

# Add affinities for all task pods
#  affinity:
#    nodeAffinity:
#      requiredDuringSchedulingIgnoredDuringExecution:
#        nodeSelectorTerms:
#        - matchExpressions:
#          - key: app.kubernetes.io/name
#            operator: In
#            values:
#            - awx-task
task_affinity: {}

# Add affinities for all web pods
#  affinity:
#    nodeAffinity:
#      requiredDuringSchedulingIgnoredDuringExecution:
#        nodeSelectorTerms:
#        - matchExpressions:
#          - key: app.kubernetes.io/name
#            operator: In
#            values:
#            - awx-web
web_affinity: {}

# Add annotations to awx pods. Specify as literal block. E.g.:
# annotations: |
#   my.annotation/1: value
#   my.annotation/2: value2
annotations: ''

# Override annotations to awx task pods. Specify as literal block. E.g.:
# task_annotations: |
#   my.task-annotation/1: value
#   my.task-annotation/2: value2
task_annotations: ''

# Override annotations to awx web pods. Specify as literal block. E.g.:
# web_annotations: |
#   my.web-annotation/1: value
#   my.web-annotation/2: value2
web_annotations: ''

# Add annotations to postgres pod. Specify as literal block. E.g.:
# postgres_annotations: |
#   my.annotation/1: value
#   my.annotation/2: value2
postgres_annotations: ''

admin_user: admin
admin_email: test@example.com

# Secret to lookup that provide the admin password
#
admin_password_secret: ''

# Secret to lookup that provide the broadcast websocket key
#
broadcast_websocket_secret: ''

# Secret to lookup that provide the secret key
#
secret_key_secret: ''

# Secret to lookup that provide the PostgreSQL configuration
#
postgres_configuration_secret: ''

# Secret to lookup that provides old database credentials (for migration)

old_postgres_configuration_secret: ''

# Allow additional parameters to be added to the pg_dump backup command during AAP VMs to OCP migration
pg_dump_suffix: ''

# Secret to lookup that provides default execution environment pull credentials
#
ee_pull_credentials_secret: ''

# Add extra volumes to the AWX pod. Specify as literal block. E.g.:
# extra_volumes: |
#   - name: my-volume
#     emptyDir: {}
extra_volumes: ''

# Add extra volumes to the Postgres pod. Specify as literal block. E.g.:
# postgres_extra_volumes: |
#   - name: my-volume
#     emptyDir: {}
postgres_extra_volumes: ''

# Use these image versions for Ansible AWX.

_image: quay.io/ansible/awx
_image_version: "{{ lookup('env', 'DEFAULT_AWX_VERSION') or 'latest' }}"
_redis_image: docker.io/redis
_redis_image_version: 7
_postgres_image: quay.io/sclorg/postgresql-15-c9s
_postgres_image_version: latest
image_pull_policy: IfNotPresent
image_pull_secrets: []

# Extra commands which will be appended to the initContainer
# Make sure that each command entered return an exit code 0
# otherwise the initContainer will fail
# init_container_extra_commands: |
#   date >> /var/lib/awx/projects/timestamp
#   chgrp 1000 /shared
#   chmod 775 /shared
init_container_extra_commands: ''

# Mount extra volumes on the initContainer.
# The volume used must be defined as an `extra_volumes` resource
# init_container_extra_volume_mounts: |
#   - name: shared-vol
#     mountPath: /shared
init_container_extra_volume_mounts: ''

ee_images:
  - name: "AWX EE (latest)"
    image: "quay.io/ansible/awx-ee:latest"
  - name: "AWX EE ({{ _image_version }})"
    image: "quay.io/ansible/awx-ee:{{ _image_version }}"

_control_plane_ee_image: "quay.io/ansible/awx-ee:{{ _image_version }}"

_init_container_image: "{{ _control_plane_ee_image.split(':')[0] }}"
_init_container_image_version: "{{ _control_plane_ee_image.split(':')[1] }}"

_init_projects_container_image: quay.io/centos/centos:stream9

create_preload_data: true

replicas: 1
web_replicas: ''
task_replicas: ''

web_liveness_period: 0
web_readiness_period: 0
task_liveness_period: 0
task_readiness_period: 0

task_args:
  - /usr/bin/launch_awx_task.sh
task_command: []
web_args:
  - /usr/bin/launch_awx_web.sh
web_command: []
rsyslog_args:
  - /usr/bin/launch_awx_rsyslog.sh
rsyslog_command: []

task_resource_requirements:
  requests:
    cpu: 100m
    memory: 128Mi

web_resource_requirements:
  requests:
    cpu: 100m
    memory: 128Mi

ee_resource_requirements:
  requests:
    cpu: 100m
    memory: 64Mi

# TODO: validate default resource requirements

# Customize CSRF options
csrf_cookie_secure: False
session_cookie_secure: False

# Assign a preexisting priority class to the control plane pods
control_plane_priority_class: ''

redis_resource_requirements:
  requests:
    cpu: 50m
    memory: 64Mi

rsyslog_resource_requirements:
  requests:
    cpu: 100m
    memory: 128Mi

init_container_resource_requirements:
  requests:
    cpu: 100m
    memory: 128Mi

# Add extra environment variables to the AWX task/web containers. Specify as
# literal block. E.g.:
# task_extra_env: |
#   - name: FOO
#     value: bar
#   - name: BAZ
#     value: bing
task_extra_env: ''
web_extra_env: ''
rsyslog_extra_env: ''
ee_extra_env: ''

# Mount extra volumes on the AWX task/web containers. Specify as literal block.
# E.g.:
# task_extra_volume_mounts: |
#   - name: my-volume
#     mountPath: /some/path
task_extra_volume_mounts: ''
web_extra_volume_mounts: ''
rsyslog_extra_volume_mounts: ''
ee_extra_volume_mounts: ''
postgres_extra_volume_mounts: ''

# Add a nodeSelector for the Postgres pods.
# It must match a node's labels for the pod to be scheduled on that node.
# Specify as literal block. E.g.:
# postgres_selector: |
#   disktype: ssd
#   kubernetes.io/arch: amd64
#   kubernetes.io/os: linux
postgres_selector: ''

# Specify whether or not to keep the old PVC after PostgreSQL upgrades
postgres_keep_pvc_after_upgrade: True

# Add node tolerations for the Postgres pods.
# Specify as literal block. E.g.:
# postgres_tolerations: |
#   - key: "dedicated"
#     operator: "Equal"
#     value: "AWX"
#     effect: "NoSchedule"
postgres_tolerations: ''
postgres_storage_requirements:
  requests:
    storage: 8Gi
postgres_resource_requirements:
  requests:
    cpu: 10m
    memory: 64Mi

# Assign a preexisting priority class to the postgres pod
postgres_priority_class: ''

# Persistence to the AWX project data folder
# Whether or not the /var/lib/projects directory will be persistent
projects_persistence: false
#
# Define an existing PersistentVolumeClaim to use
projects_existing_claim: ''
#
# Define postgres configuration arguments to use
postgres_extra_args: ''

postgres_data_volume_init: false
postgres_init_container_commands: |
  chown 26:0 /var/lib/pgsql/data
  chmod 700 /var/lib/pgsql/data

# Configure postgres connection keepalive
postgres_keepalives: true
postgres_keepalives_idle: 5
postgres_keepalives_interval: 5
postgres_keepalives_count: 5

# Define the storage_class, size and access_mode
# when not using an existing claim
projects_storage_size: 8Gi
projects_storage_access_mode: ReadWriteMany

ca_trust_bundle: "/etc/pki/tls/certs/ca-bundle.crt"

# Secret to lookup that provides the LDAP CACert trusted bundle (Deprecated)
#
ldap_cacert_secret: ''

# Secret to lookup that provides the LDAP bind password (Deprecated)
ldap_password_secret: ''

# Secret to lookup that provides the custom CA trusted bundle
bundle_cacert_secret: ''

# Set false for basic install without operator
update_status: true

# Whether secrets should be garbage collected
# on teardown
#
garbage_collect_secrets: false

development_mode: false

security_context_settings: {}
postgres_security_context_settings: {}

# Set no_log settings on certain tasks
no_log: true

# Should AWX instances be automatically upgraded when operator gets upgraded
#
auto_upgrade: true

# Labels defined on the resource, which should be propagated to child resources
additional_labels: []

# Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
set_self_labels: true

# Disable web container's nginx ipv6 listener
ipv6_disabled: false

# Set hostAliases on deployments
#       hostAliases:
#       - ip: 10.10.0.10
#         hostnames:
#         - hostname
host_aliases: ''

receptor_log_level: info

# UWSGI default values
uwsgi_processes: 5
# NOTE: to increase this value, net.core.somaxconn must also be increased
# see https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#setting-sysctls-for-a-pod
# Also see https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#enabling-unsafe-sysctls for how
# to allow setting this sysctl, which requires kubelet configuration to add to allowlist
uwsgi_listen_queue_size: 128
uwsgi_timeout: 30

# NGINX default values
nginx_worker_processes: 1
nginx_worker_connections: "{{ uwsgi_listen_queue_size }}"
nginx_worker_cpu_affinity: 'auto'
nginx_listen_queue_size: "{{ uwsgi_listen_queue_size }}"

extra_settings_files: {}

# idle_deployment - Scale down deployments to put AWX into an idle state
idle_deployment: false