# Default values for openclaw.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

# Image configuration
image:
  registry: ghcr.io
  repository: openclaw/openclaw
  pullPolicy: IfNotPresent
  # Overrides the image tag whose default is the chart appVersion.
  tag: ""

imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""

# Replica count - MUST be 1 for single-user architecture
replicaCount: 1

# Service account
serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""

# Pod annotations
podAnnotations: {}

# Pod security context
podSecurityContext:
  runAsNonRoot: true
  runAsUser: 1000
  runAsGroup: 1000
  fsGroup: 1000

# Container security context
securityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - ALL
  readOnlyRootFilesystem: false  # Node needs write access to /tmp

# Gateway configuration
gateway:
  # Binding mode: loopback, lan, auto
  bind: lan
  # Gateway port
  port: 18789
  # Allow unconfigured startup (creates minimal config)
  allowUnconfigured: false
  # Additional CLI arguments
  extraArgs: []

# Environment variables (non-sensitive)
env:
  NODE_ENV: production
  CLAWDBOT_STATE_DIR: /home/node/.openclaw
  CLAWDBOT_WORKSPACE_DIR: /home/node/clawd
  NODE_OPTIONS: "--max-old-space-size=2048"

# Secrets configuration
secrets:
  # Create secret from values (dev/testing only - use existingSecret in production)
  create: true
  # Use existing secret (production)
  existingSecret: ""
  # Secret data (only used if create is true)
  data:
    anthropicApiKey: ""
    openaiApiKey: ""
    discordBotToken: ""
    telegramBotToken: ""
    gatewayToken: ""  # Auto-generated if empty

# Config file (openclaw.json)
config:
  # Create ConfigMap from inline config
  create: true
  # Use existing ConfigMap
  existingConfigMap: ""
  # Config data (JSON5 format)
  data:
    agents:
      defaults:
        model:
          primary: "anthropic/claude-opus-4-5"
          fallbacks:
            - "anthropic/claude-sonnet-4-5"
            - "openai/gpt-4o"
        maxConcurrent: 4
        sandbox:
          mode: "off"  # Disable Docker-in-Docker for Kubernetes
      list:
        - id: main
          default: true
    auth:
      profiles:
        "anthropic:default":
          mode: token
          provider: anthropic
        "openai:default":
          mode: token
          provider: openai
    gateway:
      mode: local
      bind: auto
      auth:
        mode: token
      controlUi:
        enabled: true
    channels: {}

# Persistence
persistence:
  enabled: true
  # Storage class (use cluster default if empty)
  storageClass: ""
  # Access mode
  accessMode: ReadWriteOnce
  # Volume size
  size: 10Gi
  # Annotations
  annotations: {}
  # Selector
  selector: {}

# Service configuration
service:
  type: ClusterIP
  port: 18789
  annotations: {}

# Ingress configuration
ingress:
  enabled: false
  className: nginx

  # Simplified domain configuration (recommended)
  # Set your domain here - TLS will be auto-configured if tls.enabled is true
  domain: ""  # e.g., "openclaw.yourdomain.com"

  # TLS configuration
  tls:
    enabled: false
    # Secret name for TLS certificate (auto-generated name if empty)
    secretName: ""
    # Use cert-manager for automatic certificate provisioning
    certManager:
      enabled: false
      issuer: "letsencrypt-prod"

  # Additional annotations
  annotations: {}
    # WebSocket support (recommended for real-time features):
    # nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
    # nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"

  # Advanced: Manual host configuration (overrides domain if set)
  hosts: []
  #  - host: openclaw.example.com
  #    paths:
  #      - path: /
  #        pathType: Prefix

# Resource limits/requests
resources:
  limits:
    memory: 2Gi
    cpu: 1000m
  requests:
    memory: 512Mi
    cpu: 250m

# Node selector
nodeSelector: {}

# Tolerations
tolerations: []

# Affinity rules
affinity: {}

# Init containers (for setup tasks)
initContainers: []

# Extra containers (sidecars)
extraContainers: []

# Lifecycle hooks
lifecycle:
  preStop:
    exec:
      command:
        - sh
        - -c
        - rm -f /home/node/.openclaw/gateway.*.lock; sleep 10

# Probes
# Use tcpSocket for startup/readiness (lightweight), exec for liveness (thorough)
livenessProbe:
  enabled: true
  exec:
    command:
      - node
      - dist/index.js
      - health
  initialDelaySeconds: 60
  periodSeconds: 60
  timeoutSeconds: 30
  failureThreshold: 3

readinessProbe:
  enabled: true
  tcpSocket:
    port: 18789
  initialDelaySeconds: 10
  periodSeconds: 5
  timeoutSeconds: 3
  failureThreshold: 3

startupProbe:
  enabled: true
  tcpSocket:
    port: 18789
  initialDelaySeconds: 10
  periodSeconds: 5
  timeoutSeconds: 3
  failureThreshold: 30  # 150 seconds max startup time