# Global defaults (Optional - can be overridden per application)
# global:
#   istio:
#     gatewaySelector:
#       istio: ingressgateway # Default selector for Istio ingress pods
#   certManager:
#     issuerName: "letsencrypt-prod"
#     issuerKind: ClusterIssuer
#     createSecretInNamespace: "" # Default: empty means create in app namespace

# List of applications to configure ingress for
applications:
  # --- Example for Grafana ---
  - name: grafana
    # Set to true to create resources for this application
    enabled: true
    # Namespace where the Grafana SERVICE lives (and where Gateway/VS will be created)
    namespace: monitoring
    # Name of the Grafana Kubernetes Service
    serviceName: kube-prometheus-stack-grafana # Adjust if different
    # Port the Grafana Service listens on
    servicePort: 80 # The K8s service port, often 80, targets Grafana's internal port (3000)
    # Hostname(s) for accessing Grafana
    hosts:
      - grafana.james-mellors.com
    # Path configuration for routing
    paths:
      - path: /
        pathType: Prefix # Prefix or Exact

    # TLS specific configuration
    tls:
      # Set to true if this application uses TLS (required for certificate)
      enabled: true
      # Name of the Kubernetes Secret to store/read the TLS certificate
      secretName: grafana-tls
      # List of hosts the certificate should cover (usually matches 'hosts' above)
      hosts:
        - grafana.james-mellors.com

    # Istio specific overrides for this application (Optional)
    istio:
      # Override the global gateway selector if needed
      # gatewaySelector:
      #   istio: my-custom-gateway
      # Enable HTTP->HTTPS redirect for this app's Gateway
      httpRedirect: true

    # Cert-Manager specific overrides for this application (Optional)
    certManager:
      # Override global issuer if needed
      issuerName: "letsencrypt-cloudflare"
      issuerKind: ClusterIssuer
      # Override where the Secret is created (e.g., "istio-system" or keep empty for app namespace)
      createSecretInNamespace: "istio-system" # Default: uses 'namespace' field above

  # --- Example for NTFY ---
  # - name: ntfy
  #   enabled: true
  #   namespace: default # Or wherever your NTFY service lives
  #   serviceName: ntfy-server # Adjust if different
  #   servicePort: 80 # The port the K8s service listens on
  #   hosts:
  #     - ntfy.yourdomain.com
  #   paths:
  #     - path: /
  #       pathType: Prefix
  #   tls:
  #     enabled: true
  #     secretName: ntfy-tls
  #     hosts:
  #       - ntfy.yourdomain.com
  #   istio:
  #     httpRedirect: true
  #   certManager:
  #     # Using global defaults defined above (if any) or specify here
  #     # issuerName: "letsencrypt-prod"
  #     # issuerKind: ClusterIssuer
  #     createSecretInNamespace: "" # Default: uses 'namespace' field above

  # --- Add more applications here ---
  # - name: my-other-app
  #   enabled: false # Disabled example
  #   namespace: apps
  #   serviceName: my-other-app-svc
  #   ... etc ...