# Helm values for the Sema4.ai Deployment
#
# Only chart-default overrides and the name-derived/shared-infra fields are
# listed below. The image (registry/repository/tag) comes from the chart — tag
# is supplied via --set on helm install. The Replicated SDK injects the proxy
# pull secret from its license, so no imagePullSecrets entry is needed.

# The Terraform-created service account for this namespace.
serviceAccount:
  create: false
  name: REPLACE_ME

# ClusterIP — the shared ALB (target-type ip) routes straight to the pods, so no
# NodePort/LoadBalancer Service is needed (chart default is NodePort). The
# built-in Caddy TLS sidecar is off by default; the ALB terminates TLS with the
# wildcard ACM cert.
service:
  type: ClusterIP

# Ingress onto the shared ALB. The ALB-level annotations (group.name, scheme,
# listen-ports) MUST match the other IngressGroup members — leave them as-is.
ingress:
  enabled: true
  className: alb
  annotations:
    alb.ingress.kubernetes.io/group.name: REPLACE_ME
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/backend-protocol: HTTP
    alb.ingress.kubernetes.io/healthcheck-path: /health/live
    alb.ingress.kubernetes.io/healthcheck-port: traffic-port
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
  hosts:
    - host: "REPLACE_ME"
      paths:
        - path: /
          pathType: Prefix
          port: http
  tls: []

config:
  infrastructurePlatform: "aws"

  aws:
    region: "REPLACE_ME" # your AWS region, e.g. us-east-2 — must match the bucket and KMS key
    s3BucketName: "REPLACE_ME"
    kmsKeyArn: "REPLACE_ME"
    s3KeyPrefix: "REPLACE_ME"

  postgres:
    host: "REPLACE_ME"
    port: "5432"
    user: "REPLACE_ME"
    password: "REPLACE_ME"
    database: "REPLACE_ME"

  # Public base URL (drives OAuth callback + MCP public-API base URLs).
  externalUrl: "REPLACE_ME"

  # authMode defaults to 'oidc' in the chart.
  workroom:
    # Register redirect URI <externalUrl>/oidc/login/callback with your IdP.
    oidcClientId: "REPLACE_ME"
    oidcClientSecret: "REPLACE_ME"
    oidcServer: "REPLACE_ME"

# Installs the Sema4.ai MCP Gallery container
mcpGallery:
  enabled: true