# Default values for cert-manager-stack wrapper chart
# This chart bundles cert-manager with custom ClusterIssuer and Cloudflare DNS solver
#
# IMPORTANT: Edit manifests/cert-manager-stack/values.yaml instead of this file

# =============================================================================
# cert-manager Upstream Chart Values
# All values under this key are passed to the cert-manager dependency
# =============================================================================
certManager:
  # Enable cert-manager installation
  enabled: true
  
  # Install CRDs as part of the chart
  crds:
    enabled: true
    keep: true
  
  # Prometheus monitoring
  prometheus:
    enabled: false
  
  # Additional cert-manager values can be added here
  # See: https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/values.yaml

# =============================================================================
# Cloudflare DNS Provider Configuration
# =============================================================================
cloudflare:
  # Enable/disable Cloudflare API token secret creation
  enabled: true
  
  # Cloudflare API token for DNS-01 challenge
  # WARNING: Override this in manifests/cert-manager-stack/values.yaml
  # Consider migrating to External Secrets or Vault for production
  apiToken: ""
  
  # Secret name that will be created
  secretName: cloudflare-api-token
  
  # Secret key name
  secretKey: api-token
  
  # Namespace for the secret (should match cert-manager namespace)
  namespace: cert-manager

# =============================================================================
# ClusterIssuer Configuration (Let's Encrypt)
# =============================================================================
clusterIssuer:
  # Enable/disable ClusterIssuer creation
  enabled: true
  
  # ClusterIssuer name
  name: letsencrypt
  
  # Email for Let's Encrypt registration and notifications
  email: dvirlabs@gmail.com
  
  # ACME server URL
  # Production: https://acme-v02.api.letsencrypt.org/directory
  # Staging (for testing): https://acme-staging-v02.api.letsencrypt.org/directory
  server: https://acme-v02.api.letsencrypt.org/directory
  
  # Secret name for ACME account private key
  privateKeySecretRef:
    name: letsencrypt-account-key
  
  # DNS-01 solver configuration using Cloudflare
  dns01:
    cloudflare:
      # Reference to Cloudflare API token secret
      apiTokenSecretRef:
        name: cloudflare-api-token
        key: api-token