kubezero:
  {{- if .Values.global }}
  global:
    {{- toYaml .Values.global | nindent 4 }}
  {{- end }}
  calico:
    enabled: {{ .Values.calico.enabled  }}
    type: {{ default "kustomize" .Values.calico.type  }}
    values:
      migration: {{ default false .Values.calico.migration }}
      prometheus: false
      # prometheus: {{ .Values.prometheus.enabled }}
      network: {{ default "vxlan" .Values.calico.network }}
      mtu: {{ default "8941" .Values.calico.mtu }}
  cert-manager:
    enabled: {{ index .Values "cert-manager" "enabled" }}
{{- if not .Values.bootstrap }}
    values:
      {{- if eq .Values.platform "aws" }}
      cert-manager:
        podAnnotations:
          iam.amazonaws.com/role: "{{ index .Values "cert-manager" "IamArn" }}"
      {{- end }}
      clusterIssuer:
        name: letsencrypt-dns-prod
        server: https://acme-v02.api.letsencrypt.org/directory
        email: {{ index .Values "cert-manager" "email" }}
        solvers:
          - selector:
              dnsZones:
              {{- with index .Values "cert-manager" "dnsZones" }}
              {{- . | toYaml | nindent 14 }}
              {{- end }}
            dns01:
              {{- if eq .Values.platform "aws" }}
              route53:
                region: {{ .Values.region }}
              {{- else }}
              {{- with index .Values "cert-manager" "solvers" }}
              {{- . | toYaml | nindent 14 }}
              {{- end }}
              {{- end }}

  # AWS only components
  {{- if eq .Values.platform "aws" }}
  aws-ebs-csi-driver:
    enabled: {{ index .Values "aws-ebs-csi-driver" "enabled" }}
    values:
      aws-ebs-csi-driver:
        replicaCount: {{ ternary 2 1 .Values.HighAvailableControlplane }}
        podAnnotations:
          iam.amazonaws.com/role: "{{ index .Values "aws-ebs-csi-driver" "IamArn" }}"
        extraVolumeTags:
          Name: {{ .Values.ClusterName }}
  kiam:
    enabled: {{ .Values.kiam.enabled }}
    values:
      kiam:
        server:
          assumeRoleArn: "{{ .Values.kiam.IamArn }}"
          deployment:
            replicas: {{ ternary 2 1 .Values.HighAvailableControlplane }}
          prometheus:
            servicemonitor:
              enabled: {{ .Values.prometheus.enabled }}
  {{- end }}

  istio:
    enabled: {{ .Values.istio.enabled }}
    values:
      istiod:
        replicaCount: {{ ternary 2 1 .Values.HighAvailableControlplane }}
      ingress:
        private: {{ .Values.istio.ingress.private }}
        type: {{ .Values.istio.ingress.type }}
        replicaCount: {{ default 2 .Values.istio.ingress.replicaCount }}
        dnsNames:
        {{- with .Values.istio.ingress.dnsNames }}
        {{- . | toYaml | nindent 8 }}
        {{- end }}

{{- end }}

argo-cd:
  {{- with index .Values "argo-cd" "server" }}
  server:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  {{- with index .Values "argo-cd" "configs" }}
  configs:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  {{- if and ( not .Values.bootstrap ) .Values.istio.enabled }}
  istio:
    {{- with index .Values "argo-cd" "istio" }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  {{- end }}