#version: openmetadata, 1.12.1
airflow:
  workers:
    replicas: 2
    resources: {}
  scheduler:
    resources: {}
  webserver:
    resources: {}
  apiServer:
    resources: {}
  triggerer:
    resources: {}
  dags:
    persistence:
      enabled: true
      storageClassName: ""
      accessMode: ReadWriteMany
      size: 1Gi
  logs:
    persistence:
      enabled: true
      storageClassName: ""
      size: 1Gi
  data:
    metadataConnection:
      pass: "S9lRQ4qzAce1"       

opensearch:
  opensearchJavaOpts: "-Xmx1g -Xms1g"
  persistence:
    size: 30Gi
  resources:
    requests:
      cpu: "100m"
      memory: "256M"
    limits:
      cpu: "2000m"
      memory: "2048M"

mysql:
  enabled: true
  primary:
    resources:
      requests:
        cpu: "500m"
        memory: "512Mi"
      limits:
        cpu: "750m"
        memory: "768Mi"
    persistence:
      size: 50Gi
  initdbScripts:
    init_openmetadata_db_scripts.sql: |
      CREATE DATABASE openmetadata_db;
      CREATE USER 'openmetadata_user'@'%' IDENTIFIED BY 'ijbfzS5nJlUI';
      GRANT ALL PRIVILEGES ON openmetadata_db.* TO 'openmetadata_user'@'%' WITH GRANT OPTION;
      commit;
    init_airflow_db_scripts.sql: |
      CREATE DATABASE airflow_db CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
      CREATE USER 'airflow_user'@'%' IDENTIFIED BY 'S9lRQ4qzAce1';
      GRANT ALL PRIVILEGES ON airflow_db.* TO 'airflow_user'@'%' WITH GRANT OPTION;
      commit;

---

openmetadata:
  config:
    authorizer:
      className: "org.openmetadata.service.security.DefaultAuthorizer"
      containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
      initialAdmins:
      - "admin"
      - "dwshin"
      - "kkmbal"
      - "service-account-service-openmetadata"
      principalDomain: "gke.paasup.io"

    authentication:
      clientType: confidential
      provider: "custom-oidc"
      publicKeys:
      - "https://openmetadata.gke.paasup.io/api/v1/system/config/jwks"
      - "https://keycloak.gke.paasup.io/realms/paasup/protocol/openid-connect/certs"
      clientId: "open-metadata"
      callbackUrl: "https://openmetadata.gke.paasup.io/callback"
      jwtPrincipalClaims:
        - "email"
        - "preferred_username"
        - "sub"
      oidcConfiguration:
        enabled: true
        oidcType: "Keycloak"
        clientId:
          secretRef: oidc-secrets
          secretKey: openmetadata-oidc-client-id
        clientSecret:
          secretRef: oidc-secrets
          secretKey: openmetadata-oidc-client-secret
        discoveryUri: "https://keycloak.gke.paasup.io/realms/paasup/.well-known/openid-configuration"
        serverUrl: "https://openmetadata.gke.paasup.io"
        callbackUrl: "https://openmetadata.gke.paasup.io/callback"
        tokenValidity: "3600"
        sessionExpiry: "604800"
    pipelineServiceClientConfig:
      metadataApiEndpoint: "http://openmetadata:8585/api"
      airflow:
        apiEndpoint: "http://openmetadata-api-server:8080"

ingress:
  enabled: true
  className: "kong"
  annotations:
    cert-manager.io/cluster-issuer: root-ca-issuer
    cert-manager.io/duration: 8760h
    cert-manager.io/renew-before: 720h
    konghq.com/protocols: https
    konghq.com/https-redirect-status-code: "301"
  hosts:
    - host: "openmetadata.gke.paasup.io"
      paths:
        - path: /
          pathType: ImplementationSpecific
  tls:
    - secretName: openmetadata-tls
      hosts:
        - "openmetadata.gke.paasup.io"

extraVolumes:
  - name: java-truststore
    secret:
      secretName: java-truststore

extraVolumeMounts:
  - name: java-truststore
    mountPath: /etc/ssl/java
    readOnly: true

resources: {}

extraEnvs:
  - name: LOG_LEVEL
    value: "INFO"
  - name: "OPENMETADATA_PUBLIC_URL"
    value: "https://openmetadata.gke.paasup.io"