commonEnvVars: &commonEnvVars
  - name: REDIS_USERNAME
    value: ""
  - name: REDIS_PASSWORD
    value: ${ redis_password }

commonArgs: &commonRedisArgs
  - --redis=${ redis_service_uri }:6379
  - --redisdb=${ redis_index }

redis:
  enabled: false

redisWait:
  enabled: false

externalRedis:
  host: ${ redis_service_uri }
  password: ${ redis_password }
  database: ${ redis_index }

dex:
  enabled: true

controller:
  extraArgs: *commonRedisArgs
  extraEnvVars: *commonEnvVars

repoServer:
  extraArgs: *commonRedisArgs
  extraEnvVars: *commonEnvVars

server:
  extraArgs: *commonRedisArgs
  extraEnvVars: *commonEnvVars

  url: https://${ service_uri }
  insecure: true
  ingress:
    enabled: true
    ingressClassName: traefik
    hostname: ${ service_uri }
    annotations:
      kubernetes.io/ingress.class: traefik
      traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
      traefik.ingress.kubernetes.io/router.middlewares: default-redirect-to-https@kubernetescrd,default-preserve-host-headers@kubernetescrd
    extraTls:
      - hosts:
          - ${ service_uri }
        secretName: argocd-tls

  config:
    %{ if oauth_uri != null }
    dex.config: |
      connectors:
        - type: oidc
          id: oidc
          name: OIDC
          config:
            issuer: ${ oauth_issuer }
            clientID: ${ oauth_client_id }
            clientSecret: ${ oauth_client_secret }
            insecureSkipEmailVerified: true
            insecureEnableGroups: true
            scopes:
              - profile
              - email
              - openid
              - groups
            claimMapping:
              name: fullName    # ArgoCD expects 'name', FusionAuth provides 'fullName'
              preferred_username: email
    %{ endif }