# values.yaml

# Number of replicas
replicaCount: 1

# Extra annotations for pods
podAnnotations: {}

# Extra annotations
annotations: {}

# Extra tolerations for pods
tolerations: []

# Chart name override
nameOverride: ""

# Full name of the deployment to override the default one
fullnameOverride: ""

# Image settings
image:
  repository: libretranslate/libretranslate
  pullPolicy: Always
  tag: "latest"
# Using a Private Registry
# If you want to use a custom image from a private registry, you'll need to create an image pull secret with the registry's credentials:
# kubectl create secret docker-registry my-registry-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
# imagePullSecrets:
#   - name: my-registry-secret
imagePullSecrets: []

# Service settings
service:
  type: ClusterIP
  port: 5000

# Ingress settings
ingress:
  enabled: false
  className: ""  # set this to the name of the ingress controller class to use like nginx
  annotations:
    # cert-manager.io/cluster-issuer: "letsencrypt-prod"
    nginx.ingress.kubernetes.io/proxy-body-size: 10m
    # Check for the adminUser key below.
    # This will enable basic auth for the whole site.
    # nginx.ingress.kubernetes.io/auth-type: basic
    # nginx.ingress.kubernetes.io/auth-secret: libretranslate-auth
    # nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
  hosts:
    - host: translate.example.com
      paths:
      - path: /
        pathType: Prefix
  # tls:
  #   - secretName: libretranslate-secret-tls
  #     hosts:
  #       - translate.example.com

# Security Context
securityContext:
  fsGroup: 1032

# Security Context for init container
initContainerSecurityContext:
  runAsUser: 0
  runAsGroup: 0

# Pod Security Context
podSecurityContext:
  runAsUser: 1032
  runAsGroup: 1032

# Persistent settings
# if you don't want to download a copy of the models per pod, you can use a shared storage like an nfs storage class
# and set it to ReadWriteMany. this way if you scale the pods later on, they will all use the same models and won't
# duplicate the space and download requests.
persistence:
  enabled: false
  db:
    storageClass: ""
    accessMode: "ReadWriteOnce"
    size: "1Gi"
  models:
    storageClass: ""
    accessMode: "ReadWriteOnce"
    size: "10Gi"  # as of August 2023, the models are about 6.6GB in size for all languages


# Resource limits
resources:
  limits:
    cpu: 1
    memory: 2Gi
  requests:
    cpu: 500m
    memory: 1Gi

# Readiness probe for kubernetes
readinessProbe:
  exec:
    command:
    - /app/venv/bin/python
    - /app/scripts/healthcheck.py
  initialDelaySeconds: 10
  periodSeconds: 5

# Liveness probe for kubernetes
livenessProbe:
  exec:
    command:
    - /app/venv/bin/python
    - scripts/healthcheck.py
  initialDelaySeconds: 10
  periodSeconds: 5

# Auth secret for basic authentication
# generate base64-user-password-pair with:
#   htpasswd -nb <username> <password> | base64
#
# e.g.:
#
#     htpasswd -nb admin mySecretPassword | base64
# This is used by the nginx ingress controller to enable basic auth for the whole site.
# It will create a secret with the name libretranslate-auth.
adminUser:
  name: "YWRtaW4K"  # copy the username in base64 as a reference
  auth: "YWRtaW46JGFwcjEkYlpydmYvUFYkSHBHSlhqZU1EN0ZON2kyYndsMVRNMQoK"  # copy the output from the htpasswd command here as a reference
  password: "bXlTZWNyZXRQYXNzd29yZAo="  # copy the password as base64 for the admin user here as a reference

# Settings / Flags
appSettings:
  debug:                 "false"    # Enable debug environment (Default: Disabled)
  ssl:                   "false"    # Enable SSL (Default: Disabled)
  apiKeys:               "false"    # Enable API keys database for per-client rate limits when --req-limit is reached (Default: Don't use API keys)
  requireApiKeyOrigin:   ""         # Require use of an API key for programmatic access to the API, unless the request origin matches this domain (Default: No restrictions on domain origin)
  requireApiKeySecret:   ""         # Require use of an API key for programmatic access to the API, unless the client also sends a secret match (Default: No secrets required)
  suggestions:           "false"    # Allow user suggestions (Default: Disabled)
  disableFilesTranslation: "false"  # Disable files translation (Default: File translation allowed)
  disableWebUi:          "false"    # Disable web ui (Default: Web Ui enabled)
  updateModels:          "false"    # Update language models at startup (Default: Only on if no models found)
  metrics:               "false"    # Enable the /metrics endpoint for exporting Prometheus usage metrics (Default: Disabled)

# Configuration Parameters
appConfig:
  host:                  "0.0.0.0"              # Set host to bind the server to (Default: 127.0.0.1)
  port:                  "5000"                 # Set port to bind the server to (Default: 5000)
  charLimit:             "null"                 # Set character limit (Default: No limit)
  reqLimit:              "null"                 # Set maximum number of requests per minute per client (outside of limits set by api keys) (Default: No limit)
  reqLimitStorage:       "memory://"            # Storage URI to use for request limit data storage. See Flask Limiter (Default: memory://)
  batchLimit:            "null"                 # Set maximum number of texts to translate in a batch request (Default: No limit)
  gaId:                  ""                     # Enable Google Analytics on the API client page by providing an ID (Default: Empty (no tracking))
  frontendLanguageSource: "auto"                # Set frontend default language - source (Default: auto)
  frontendLanguageTarget: "locale"              # Set frontend default language - target (Default: locale (match site's locale))
  frontendTimeout:       "500"                  # Set frontend translation timeout (Default: 500)
  apiKeysDbPath:         "/app/db/api_keys.db"  # Use a specific path inside the container for the local database. Can be absolute or relative (Default: /app/db/api_keys.db)
  apiKeysDbPathMount:    "/app/db"              # Use a specific path inside the container for the local database. Must be the same as apiKeysDbPath (Default: /app/db)
  apiKeysRemote:         ""                     # Use this remote endpoint to query for valid API keys instead of using the local database (Default: Empty (use local db instead))
  getApiKeyLink:         ""                     # Show a link in the UI where to direct users to get an API key (Default: Empty (no link shown on web ui))
  sharedStorage:         "memory://"            # Shared storage URI to use for multi-process data sharing (e.g. when using gunicorn) (Default: memory://)
  loadOnly:              ""                     # Set available languages (Default: Empty (use all from argostranslate))
  threads:               "4"                    # Set number of threads (Default: 4)
  metricsAuthToken:      ""                     # Protect the /metrics endpoint by allowing only clients that have a valid Authorization Bearer token (Default: Empty (no auth required))
  urlPrefix:             ""                    # Add prefix to URL: example.com:5000/url-prefix/ (Default: /)