network:
  openunison_host: "k8sou.apps.ou.tremolo.dev"
  api_server_host: "k8sapi.apps.ou.tremolo.dev"
  session_inactivity_timeout_seconds: 900
  k8s_url: https://192.168.2.130:6443
  force_redirect_to_tls: false
  createIngressCertificate: true
  ingress_type: nginx
  ingress_annotations: {}

cert_template:
  ou: "Kubernetes"
  o: "MyOrg"
  l: "My Cluster"
  st: "State of Cluster"
  c: "MyCountry"



myvd_config_path: "WEB-INF/myvd.conf"
k8s_cluster_name: openunison-cp
enable_impersonation: false

impersonation:
  use_jetstack: true
  explicit_certificate_trust: true

headlamp:
  enabled: true

dashboard:
  enabled: false

certs:
  use_k8s_cm: false

trusted_certs: []

monitoring:
  prometheus_service_account: system:serviceaccount:monitoring:prometheus-k8s

# Uncomment one of the below options for authentication

#active_directory:
#  base: cn=users,dc=ent2k12,dc=domain,dc=com
#  host: "192.168.2.75"
#  port: "636"
#  bind_dn: "cn=Administrator,cn=users,dc=ent2k12,dc=domain,dc=com"
#  con_type: ldaps
#  srv_dns: "false"

#oidc:
#  client_id: xxxxxx
#  issuer: https://xxxxxx.okta.com/
#  user_in_idtoken: false
#  domain: ""
#  scopes: openid email profile groups
#  claims:
#    sub: sub
#    email: email
#    given_name: given_name
#    family_name: family_name
#    display_name: name
#    groups: groups

#github:
#  client_id: d85d77c55a08c9bcbb15
#  teams: TremoloSecurity/

#saml:
#  idp_url: "https://portal.apps.tremolo.io/idp-test/metadata/dfbe4040-cd32-470e-a9b6-809c8f857c40"


  

network_policies:
  enabled: false
  ingress:
    enabled: true
    labels:
      app.kubernetes.io/name: ingress-nginx
  monitoring:
    enabled: true
    labels:
      app.kubernetes.io/name: monitoring
  apiserver:
    enabled: false
    labels:
      app.kubernetes.io/name: kube-system

services:
  enable_tokenrequest: false
  token_request_audience: api
  token_request_expiration_seconds: 600
  node_selectors: []
  
openunison:
  replicas: 1
  non_secret_data:
    K8S_DB_SSO: oidc
    PROMETHEUS_SERVICE_ACCOUNT: system:serviceaccount:monitoring:prometheus-k8s
    SHOW_PORTAL_ORGS: "false"
  secrets: []
  enable_provisioning: false
  use_standard_jit_workflow: true
  # enable_activemq: true
  # activemq_use_pvc: true
  # role_attribute: portalGroups
  # groups:
  #   areJson: "true"
  #az_groups:
  #- CN=k8s-users,CN=Users,DC=ent2k12,DC=domain,DC=com

#myvd_configmap: myvdconfig

# For Namespace as a Service

# database:
#   hibernate_dialect: org.hibernate.dialect.MariaDBDialect
#   quartz_dialect: org.quartz.impl.jdbcjobstore.StdJDBCDelegate
#   driver: org.mariadb.jdbc.Driver
#   url: jdbc:mariadb://mariadb.mariadb.svc.cluster.local:3306/unison
#   user: unison
#   validation: SELECT 1
#   maxcons: 10
#   maxidlecons: 10

#smtp:
#  host: blackhole.blackhole.svc.cluster.local
#  port: 1025
#  user: "none"
#  from: donotreply@domain.com
#  tls: false