---
# Default values for certificate management

# Certificate defaults
certificate_issuer: "letsencrypt-prod"
certificate_issuer_kind: "ClusterIssuer"
certificate_namespace: "default"
certificate_wait_retries: 60
certificate_wait_delay: 10
certificate_usages:
  - server auth
certificate_secret_name: "{{ certificate_name | default('tls-certificate') }}-tls"

# Router service account details
router_service_account: "router"
router_namespace: "openshift-ingress"

# TLS secret handling
create_route_role: true
role_name: "cert-reader-{{ certificate_name | default('tls-certificate') }}"
rolebinding_name: "cert-reader-binding-{{ certificate_name | default('tls-certificate') }}"

# API Server certificate settings
setup_api_server_cert: false  # Default to false, enable explicitly in playbook