schemaType: KUBERNETES
schemaVersion: 1

services:
- ob-proxy:
    kubernetes:
      replicas: 1
      time-zone: Europe/Zurich
- ob-auth:
    kubernetes:
      replicas: 1
      time-zone: Europe/Zurich
- ob-logrend:
    kubernetes:
      replicas: 1
      time-zone: Europe/Zurich
- ob-fido2:
    kubernetes:
      replicas: 1
      time-zone: Europe/Zurich


deployment-repository:
  url: ssh://git@gitea-ssh.adn-agov-gitea-01-uat:2222/nevis/adn-agov-work-ob-deployment.git
  branch: master
kubernetes-cluster:
  url: 'https://adn-aks-xrbpfvoy.hcp.switzerlandnorth.azmk8s.io'
  namespace: adn-agov-nevisidm-ob-01-uat
  token: 'secret://a22cb3ae670e6c4d76af2d30'

vars:
  agov-work-internal-trust-store-additional-trusted-certificates:
    - inv-res-secret://52ecb20860bbc0550b28d6af#adn-agov-nevisidm-01-uat-ca.pem

  nevisfido2-relying-party-name: AGOV-RelPartName
  nevisfido2-relying-party-id: adnovum.net
  nevisfido2-relying-party-origins:
    - https://me.agov-w.azure.adnovum.net
    - https://nevisidm.agov-w.azure.adnovum.net
    - https://auth.agov-w.azure.adnovum.net
    - https://ob.agov-w.azure.adnovum.net
    
  nevisfido2-client-id: cfa9c9b9-119f-4dff-9bb8-86d7c0cf2720

  # we use the same key as nevisauth (auth-sh4r3d-internal-idp-auth-signer in adn-agov-nevisidm-01-uat)
  ob-auth-signer-key-store:
    - inv-res-secret://9a19ca24e782d2e299557c12#cert.pem
    - inv-res-secret://cb70d7e89d9048e71c53c2e5#key.pem

  ob-auth-signer-private-key-passphrase: secret://1255b56b8219c2ac0c5b3db9