Apicurio 0.1.0 Helm Readme

# Default values for apicurio-registry.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

global:
  # -- The domain of the Kubernetes cluster. The vast majority of Kubernetes clusters use the default value.
  clusterDomain: "cluster.local"

  # -- Globally override the registry to pull images from.
  imageRegistry: ""
  # -- Globally override the list of ImagePullSecrets provided.
  imagePullSecrets: []

# -- Override the app name generated by the chart.
nameOverride: ""
# -- Override the fully qualified app name generated by the chart.
fullnameOverride: ""

# -- Number of pods to deploy.
replicaCount: 1

# -- Annotations to add to the Deployment resource.
annotations: {}

image:
  # -- Registry to pull the image from.
  registry: "registry.axual.io"
  # -- Name of the image being deployed.
  repository: "axual/apicurio-registry"
  # -- Override the image tag whose default is the chart `appVersion`.
  # This tag is used for the registry backend container.
  tag: "3.3.0.Ax1"
  # -- One of `Always`, `IfNotPresent`, or `Never`.
  pullPolicy: "Always"

# -- UI container configuration (Apicurio 3.x has UI as separate container)
# Note: UI is always deployed with the registry (cannot be disabled separately)
ui:
  image:
    # -- Registry to pull the UI image from.
    registry: "registry.axual.io/docker.io"
    # -- Name of the UI image being deployed.
    repository: "apicurio/apicurio-registry-ui"
    # -- Override the UI image tag whose default is the `image.tag`.
    # This tag is used for the registry UI container.
    tag: "3.3.0"
    # -- One of `Always`, `IfNotPresent`, or `Never`.
    pullPolicy: "Always"
  # -- The [resource requirements](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the UI container.
  resources: {}
  # -- UI-specific configuration
  config:
    # -- Backend API location - REQUIRED: Must be set to the public HTTPS URL that browsers can access.
    # Example: "https://apicurio.example.com/apis/registry/v3"
    # Note: Do NOT use localhost - this URL is accessed by the user's browser, not the container.
    registryApiUrl: ""
    # -- Authentication type: "none" or "oidc"
    authType: "oidc"
    # -- Enable read-only mode
    readOnly: false
    # -- Show role management tab
    roleManagement: true
    # -- Show settings tab
    settings: true

keystoreProvider:
  image:
    # -- Registry to pull the image from.
    registry: "registry.axual.io"
    # -- Name of the image being deployed.
    repository: "axual/keystore-provider"
    tag: "0.3.1"
  # -- The [resource requirements](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for this container.
  resources: {}

tls:
  # -- Name of the Client KeyPair Secret (Optional).
  # type: kubernetes.io/tls
  clientKeypairSecretName: ""
  # -- Name of the Server KeyPair Secret.
  # type: kubernetes.io/tls
  serverKeypairSecretName: ""
  # -- Name of the Truststore Certificates Secret (Optional).
  # type: Opaque
  truststoreCaSecretName: ""
  # -- Name of the Client Truststore Certificates Secret (Optional).
  # If provided, takes precedence over the truststoreCaSecretName.
  # type: Opaque
  clientTruststoreCaSecretName: ""
  # -- Name of the Server Truststore Certificates Secret (Optional).
  # If provided, takes precedence over the truststoreCaSecretName.
  # type: Opaque
  serverTruststoreCaSecretName: ""

# -- Environment variables to define for the container.
# See the Kubernetes documentation on [Environment Variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/).
env: []

# -- Configuration passed to the container.
# Contents get injected to a ConfigMap, which gets mounted as an `application.properties` file.
config:
  # ENABLE_CCOMPAT_CANONICAL_HASH_MODE
  apicurio.ccompat.use-canonical-hash: "true"
  # ENABLE_CCOMPAT_LEGACY_ID_MODE
  apicurio.ccompat.legacy-id-mode.enabled: "false"
  # REGISTRY_AUTH_ANONYMOUS_READ_ACCESS_ENABLED (enabled)
  apicurio.auth.anonymous-read-access.enabled: "true"
  # ROLE_BASED_AUTHZ_ENABLED
  # REGISTRY_AUTH_RBAC_ENABLED
  apicurio.auth.role-based-authorization: "true"
  # REGISTRY_AUTH_OBAC_ENABLED
  apicurio.auth.owner-only-authorization: "true"
  # REGISTRY_AUTH_ADMIN_OVERRIDE_ENABLED
  apicurio.auth.admin-override.enabled: "true"
  # Define the Global Validity
  apicurio.rules.global.validity: "FULL"
  # Define the Global Compatibility
  apicurio.rules.global.compatibility: "NONE"
  # Enable artifact deletion (disabled by default in v3)
  apicurio.rest.deletion.artifact.enabled: "true"
  # Enable artifact version deletion (disabled by default in v3)
  apicurio.rest.deletion.artifact-version.enabled: "true"
  # Configure JSON logging (quarkus-logging-json extension is bundled in the image)
  quarkus.log.console.enabled: "true"
  quarkus.log.console.json.enabled: "true"
  quarkus.log.console.json.pretty-print: "false"
  quarkus.log.console.json.date-format: "default"
  quarkus.log.console.json.exception-output-type: "formatted"

# -- Quarkus Management Interface configuration (enabled by default since Apicurio 3.2.0).
# Health probes and metrics are served on this separate port under the /q/ root path.
managementPort: 9000

# -- List of ImagePullSecrets to apply to the service account. If the service account is disabled, it will be applied to the pod instead.
imagePullSecrets: []

# -- Kafka Configuration passed to the Apicurio Registry
kafka:
  # -- Kafka bootstrap servers
  bootstrapServers: ""
  # -- Override group prefix to give access to (typically {tenant}.{instance}.apicurio) If you'd like a custom group prefix, you can specify an override here.
  groupPatternOverride: ""
  # -- Name of the KafkaSQL journal topic (default: _kafkasql-journal, typically _{tenant}-{instance}-journal)
  journalTopic: "_kafkasql-journal"
  # -- Name of the KafkaSQL snapshots topic (default: _kafkasql-snapshots, typically _{tenant}-{instance}-snapshots)
  snapshotsTopic: "_kafkasql-snapshots"
  # -- Name of the registry events topic (default: _registry-events, typically _{tenant}-{instance}-events)
  eventsTopic: "_registry-events"

# -- The configuration related to authentication and authorization of users to the registry
# Note: In order for any other authentication feature to work,
# security.authentication.enabled needs to be enabled
security:
  authentication:
    enabled: false
    basicAuthEnabled: false

    # -- Attributes that are required for Apicurio to access the keycloak instance
    # required only when security.authentication.enabled is true
    keycloak:
      # -- Keycloak Authentication URL
      authUrl: ""
      # -- Keycloak Realm used for Apicurio permissions and users
      realm: ""
      # -- Client ID for the Apicurio UI
      webClientId: ""
      # -- Apicurio UI URL
      webRedirectUrl: ""

# -- Log Level configuration passed as APICURIO_LOG_LEVEL
logLevel: INFO

# -- Debug Configuration passed to the container(s).
# Enable the `5005` port in the deployment.yaml
debug:
  enabled: false

serviceAccount:
  # -- Specifies whether a service account should be created
  create: true
  # -- Annotations to add to the service account
  annotations: {}
  # -- The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template.
  name: ""

# -- Extra annotations to add to the Pods.
podAnnotations: {}

# -- Pod-level security attributes and common container settings.
podSecurityContext: {}
#   fsGroup: 2000

startupProbe:
  # -- Minimum consecutive failures for the probe to be considered failed.
  # Allow up to 10 minutes for startup (Quarkus JVM boot + Kafka partition assignment + journal replay).
  # liveness/readiness probes only kick in after startupProbe succeeds.
  failureThreshold: 60
  # -- Number of seconds after the container has started before the startup probe is initiated.
  initialDelaySeconds: 20
  # -- How often (in seconds) to perform the probe.
  periodSeconds: 10
  # -- Minimum consecutive successes for the probe to be considered successful after having failed.
  successThreshold: 1
  # -- Number of seconds after which the probe times out.
  timeoutSeconds: 5

livenessProbe:
  # -- Minimum consecutive failures for the probe to be considered failed after having succeeded.
  # A failed livenessProbe will cause the container to be restarted.
  failureThreshold: 3
  # -- initialDelaySeconds is effectively 0 here since startupProbe gates liveness.
  initialDelaySeconds: 0
  # -- How often (in seconds) to perform the probe.
  periodSeconds: 10
  # -- Minimum consecutive successes for the probe to be considered successful after having failed.
  successThreshold: 1
  # -- Number of seconds after which the probe times out.
  timeoutSeconds: 5

readinessProbe:
  # -- Minimum consecutive failures for the probe to be considered failed after having succeeded.
  # A failed readinessProbe will cause the container to move to the `NotReady` state.
  failureThreshold: 3
  # -- Number of seconds after the container has started before readiness probes are initiated.
  initialDelaySeconds: 0
  # -- How often (in seconds) to perform the probe.
  periodSeconds: 10
  # -- Minimum consecutive successes for the probe to be considered successful after having failed.
  successThreshold: 1
  # -- Number of seconds after which the probe times out.
  timeoutSeconds: 5

# -- Defines the security options the container should be run with.
# If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
# @default -- See `values.yaml` file.
securityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - ALL
  privileged: false
  readOnlyRootFilesystem: false
  runAsNonRoot: true
  runAsUser: 1000

# -- Additional init containers, e.g. for configuring java-security
extraInitContainers: ""

# -- Add additional volumes, e.g. for java-security
extraVolumes: ""

# -- Add additional volumes mounts, e.g. for java-security
extraVolumeMounts: ""

# -- Additional sidecar containers, e.g. for a database proxy, such as Google's cloudsql-proxy
extraContainers: ""


service:
  # -- Annotations to add to the Service resource.
  annotations: { }
  # -- Determines how the Service is exposed.
  type: ClusterIP
  # -- The port that will be exposed by the service.
  # Note: this is independent of the ports opened on the container.
  httpsPort: 21500
  httpPort: 20500
  uiPort: 20501

ingress:
  backend:
    # -- Enable creation of the backend Ingress resource (serves /apis)
    enabled: false
    # -- The name of the IngressClass cluster resource.
    className: ""
    # -- Annotations to add to the backend Ingress resource.
    annotations: {}
    # -- Hostname for the backend Ingress.
    host: "chart-example.local"
    # -- TLS configuration for the backend Ingress.
    tls: []
    #  - secretName: chart-example-tls
    #    hosts:
    #      - chart-example.local
  ui:
    # -- Enable creation of the UI Ingress resource (serves /). In case of AuthProxy enabled, this ingress requires the presence of the `backend` ingress. AuthProxy does not validate JWT tokens against Apicurio keycloak, making it impossible to validate the JWT received after looging into the UI.
    enabled: false
    # -- The name of the IngressClass cluster resource.
    className: ""
    # -- Annotations to add to the UI Ingress resource.
    annotations: {}
    # -- Hostname for the UI Ingress.
    host: "chart-example.local"
    # -- TLS configuration for the UI Ingress.
    tls: []
    #  - secretName: chart-example-tls
    #    hosts:
    #      - chart-example.local


route:
  # -- Enable creation of an OpenShift Route resource to expose this service.
  enabled: false
  # -- Annotations to add to the Route.
  annotations: {}
  # -- Labels to add to the route.
  labels: {}
  # -- An alias/DNS that points to the service. Optional. If not specified, a route name will typically be automatically chosen.
  host: ""
  # -- Subdomain is a DNS subdomain requested within the ingress controller’s domain (as a subdomain). If host is set this field is ignored.
  subdomain: ""
  # -- Path that the router watches for, to route traffic for to the service.
  path: "/"
  # -- Target pod port used by the Router
  targetPort: https
  tls:
    # -- The Certificate Authority certificate contents.
    caCertificate: ""
    # -- Certificate contents. This should be a single serving certificate, not a certificate chain. Do not include a CA certificate.
    certificate: ""
    # -- Key file contents.
    key: ""
    # -- Indicates a termination type. One of: `edge`, `passthrough`, or `reencrypt`.
    termination: "passthrough"
    # -- The CA certificate of the final destination.
    # When using reencrypt termination, this file should be provided
    #  to have routers use it for health checks on the secure connection.
    destinationCACertificate: ""

# -- The [resource requirements](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for this container.
resources: {}

autoscaling:
  # -- Enables the creation of a HorizontalPodAutoscaler.
  enabled: false
  # -- Lower limit for the number of replicas to which the autoscaler can scale down.
  minReplicas: 1
  # -- Upper limit for the number of replicas to which the autoscaler can scale up. Cannot be less that minReplicas.
  maxReplicas: 10
  # -- Percentage of CPU utilization that the autoscaler will try to meet.
  targetCPUUtilizationPercentage: 80
  # -- (int) Percentage of memory utilization that the autoscaler will try to meet.
  targetMemoryUtilizationPercentage: 80

podDisruptionBudget:
  # -- Enables creation of the PodDisruptionBudget. Ignored if replicaCount is 1.
  enabled: true
  # -- (int) An eviction is allowed if at most "maxUnavailable" pods are unavailable after eviction. Mutually exclusive with minAvailable.
  maxUnavailable: 1
  # -- (int) An eviction is allowed if at least "minAvailable" pods will still be available after the eviction. Mutually exclusive with maxUnavailable.
  minAvailable:

# -- Assigns a PriorityClass to the Pod. See Kubernetes documentation on [Pod Priority and Preemption](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/).
priorityClass: ""

# -- Optional list of hosts and IPs that will be injected into the pod's hosts file.
hostAliases: []

# -- Selector that must match a node's labels for the pod to be scheduled on that node.
nodeSelector: {}

# -- The tolerations on this pod. See the Kubernetes documentation on [Taints and Tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/).
tolerations: []

# -- The pod's scheduling constraints. See the Kubernetes documentation on [Affinity and Anti-affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity).
affinity: {}

# -- Describes how a group of pods ought to spread across topology domains. See the Kubernetes documentation on [Pod Topology Spread Constraints](https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/).
topologySpreadConstraints: []

serviceMonitor:
  # -- Enables creation of Prometheus Operator [ServiceMonitor](https://prometheus-operator.dev/docs/operator/api/#monitoring.coreos.com/v1.ServiceMonitor).
  enabled: true
  # -- Interval at which metrics should be scraped.
  interval: 30s
  # -- Timeout after which the scrape is ended.
  scrapeTimeout: 10s
  # -- Additional labels for the ServiceMonitor
  labels: { }

prometheusRule:
  # -- Enables creation of Prometheus Operator [PrometheusRule](https://prometheus-operator.dev/docs/operator/api/#monitoring.coreos.com/v1.PrometheusRule).
  enabled: true
  # -- Determines how often rules in the group are evaluated.
  interval: ""
  # -- Additional labels for the PrometheusRule
  labels: { }
  defaultRule:
    # -- Customize the labels to the default prometheusRule
    labels:
      severity: medium
      target: business
  # -- A list alerting or recording rules to include on top of the defaults. These fields are templated.
  extraRules:
    []
#    # - alert: MyAlertName
#    #   annotations:
#    #     summary: Summary of my alert
#    #     description: Longer description of my alert that goes into a bit more detail
#    #   expr: up{service="{{ include "apicurio-registry.fullname" . }}"} == 0
#    #   for: 5m
#    #   labels:
#    #     severity: medium
#    #     target: business

kafkaInitContainer:
  # -- Registry to pull the image from
  imageRegistry: "registry.axual.io"
  # -- Name of the image being deployed
  repository: "axual/streaming/strimzi/kafka"
  # -- Tag of the image being deployed
  tag: "0.51.0-kafka-4.2.0"
  # -- The principal common name used to produce and consume from Kafka topics (should match the one on APICURIO_KAFKASQL_SSL_KEYSTORE_LOCATION)
  # If Kafka is configured to validate ACLs over the full principal chain, please provide the principal chain as this example: [0] CN=Root CA, [1] CN=Intermediate CA, [3] CN=schema-registry
  # Otherwise, just provide the common name prefixed with `CN:`
  apicurioPrincipal: ""
  # -- Replication factor for Kafka topics (recommended: 3 for HA)
  replicationFactor: "3"
  # -- min.isr for journal, snapshots, events topics
  minIsr: "2"
  # -- Number of partitions for journal topic (1 is sufficient, all messages use a global partition key)
  journalPartitions: "1"
  # -- Number of partitions for snapshots topic (1 is sufficient, all messages use a global partition key)
  snapshotsPartitions: "1"
  # -- Number of partitions for events topic
  eventsPartitions: "1"
  tls:
    # -- Existing Keypair secret name
    keypairSecretName: ""
    # -- Existing Keypair key name
    keypairSecretKeyName: ""
    # -- Existing Keypair certificate name
    keypairSecretCertName: ""
    # -- Existing Truststore secret name
    truststoreCaSecretName: ""
    # -- Existing Truststore certificate name
    truststoreCaSecretCertName: ""
  # -- The [resource requirements](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for this container.
  resources: {}

# -- Apicurio Keycloak MySQL Components toggles
apicurioKeycloakMysql:
  enabled: false
  image:
    registry: docker.io
    repository: bitnamilegacy/mysql

# -- Apicurio Keycloak Instance
apicurioKeycloak:
  # -- Keycloak Components toggles
  enabled: false
  # -- Apicurio realm name
  realm: ""
  # -- Keycloak Proxy configuration
  proxy:
    # Needed since Keycloak 25.0.1
    mode: xforwarded
    http:
      enabled: true


# ============================================================================
# Auth Proxy Configuration
# ============================================================================
# Auth Proxy provides JWT validation and Basic Auth conversion for Apicurio Registry.
# When enabled, it runs as a sidecar container and handles authentication/authorization.
# ============================================================================
authProxy:
  # -- Enable Auth Proxy sidecar container
  enabled: false
  image:
    # -- Registry to pull the image from.
    registry: "registry.axual.io"
    # -- Name of the image being deployed.
    repository: "axual/auth-proxy"
    # -- Image tag for the Auth Proxy.
    tag: "0.1.1"
    # -- One of `Always`, `IfNotPresent`, or `Never`.
    pullPolicy: "Always"
  # -- Port on which the Auth Proxy listens for incoming requests
  # NOTE: Must be different from Apicurio backend (8081) and UI (8080) ports
  port: 8082
  # -- Auth Proxy application.yml configuration
  # Full YAML structure that will be mounted as /config/application.yml
  # Minimal configuration - only override essential values that differ from Auth Proxy defaults
  config:
    server:
      # -- Port override (must differ from Apicurio's 8081 and UI's 8080)
      port: 8082
    auth-proxy:
      # -- JWT issuer URI for validation (e.g., https://axual.cloud/auth/realms/tenant1). REQUIRED.
      valid-issuer-uri: ""
      # -- JWKS endpoint URI for fetching public keys. REQUIRED.
      jwks-endpoint-uri: ""
      # -- Expected client ID / audience value for JWT validation
      client-id: ""
      # -- Backend service URL to proxy requests to (routes to Apicurio backend in the same pod)
      backend-service: "http://localhost:8081"
    # Uncomment to enable OpenTelemetry distributed tracing
    # management:
    #   otlp:
    #     tracing:
    #       endpoint: "http://jaeger-collector:4318/v1/traces"
    # spring:
    #   application:
    #     name: "my-auth-proxy"
    # deployment:
    #   environment: "production"
  # -- Secrets configuration for Auth Proxy
  # Full YAML structure that will be mounted as /config/secrets/secrets.yml
  secrets: {}
    # Example:
    # auth-proxy:
  #   client-secret-salt: "your-secure-random-salt"
  # -- Secret management
    # -- The name of an existing Kubernetes Secret. The key in the Secret must be `secrets.yml`.
    # The contents get mounted into the container.
  existingSecretName: ""

  # -- Liveness probe configuration for Auth Proxy.
  # Probes /actuator/health/liveness on the management port.
  livenessProbe:
    # -- Minimum consecutive failures for the probe to be considered failed after having succeeded.
    # A failed livenessProbe will cause the container to be restarted.
    failureThreshold: 3
    # -- Number of seconds after the container has started before liveness probes are initiated.
    initialDelaySeconds: 10
    # -- How often (in seconds) to perform the probe.
    periodSeconds: 10
    # -- Minimum consecutive successes for the probe to be considered successful after having failed.
    successThreshold: 1
    # -- Number of seconds after which the probe times out.
    timeoutSeconds: 1
  # -- Readiness probe configuration for Auth Proxy.
  # Probes /actuator/health/readiness on the management port.
  readinessProbe:
    # -- Minimum consecutive failures for the probe to be considered failed after having succeeded.
    # A failed readinessProbe will cause the container to move to the `NotReady` state.
    failureThreshold: 3
    # -- Number of seconds after the container has started before readiness probes are initiated.
    initialDelaySeconds: 5
    # -- How often (in seconds) to perform the probe.
    periodSeconds: 10
    # -- Minimum consecutive successes for the probe to be considered successful after having failed.
    successThreshold: 1
    # -- Number of seconds after which the probe times out.
    timeoutSeconds: 1

  debug: {}
  # -- The [resource requirements](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for Auth Proxy container.
  resources: {}
  # -- Management/actuator endpoints configuration
  # Auth Proxy uses built-in defaults for most management settings (port 8086, health/metrics endpoints, etc.)
  management:
    # -- Port for Spring Boot Actuator management endpoints (Auth Proxy default: 8086)
    # Used for health probe references and service port definition
    port: 8086
    # -- Enable Prometheus metrics scraping via ServiceMonitor
    metricsEnabled: true
  # -- Ingress configuration for Auth Proxy (separate from Apicurio ingress)
  ingress:
    # -- Enable creation of the Ingress resource for Auth Proxy
    enabled: false
    # -- The name of the IngressClass cluster resource
    className: ""
    # -- Annotations to add to the Auth Proxy Ingress resource
    annotations: {}
    hosts:
      - # -- The fully qualified domain name for Auth Proxy
        host: "chart-example.local"
        paths:
          - # -- Matched against the path of an incoming request
            path: "/"
            # -- Determines the interpretation of the Path matching
            pathType: "ImplementationSpecific"
    # -- TLS configuration for Auth Proxy Ingress
    tls: []
    #  - secretName: auth-proxy-tls
    #    hosts:
    #      - chart-example.local
  # -- OpenShift Route configuration for Auth Proxy (separate from Apicurio route)
  route:
    # -- Enable creation of an OpenShift Route for Auth Proxy
    enabled: false
    # -- Annotations to add to the Auth Proxy Route
    annotations: {}
    # -- Labels to add to the Auth Proxy Route
    labels: {}
    # -- An alias/DNS that points to the service
    host: ""
    # -- Subdomain is a DNS subdomain requested within the ingress controller's domain
    subdomain: ""
    # -- Path that the router watches for
    path: "/"
    # -- Target pod port used by the Router
    targetPort: auth-proxy
    tls:
      # -- The Certificate Authority certificate contents
      caCertificate: ""
      # -- Certificate contents
      certificate: ""
      # -- Key file contents
      key: ""
      # -- Indicates a termination type. One of: edge, passthrough, or reencrypt
      termination: "edge"
      # -- The CA certificate of the final destination
      destinationCACertificate: ""
  # -- (multi-line) String that is put into a configmap, mounted in the pod and used as the logback config for Auth Proxy. If present, configuration under `logging` is ignored.
  logbackConfig: ""
  # -- Logging configuration object used when the logbackConfig is not set. Allows for configuring pattern and per package log levels.
  logging:
    # -- Log pattern (when logbackConfig is not defined)
    pattern: "%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX, UTC} ${LOG_LEVEL_PATTERN:-%5p} ${PID:- } --- [%15.15t] [traceid=%X{traceid}, spanid=%X{spanid}] %-40.40logger{39} : %m%n}"
    # -- Root log level used (when logbackConfig is not defined)
    rootLoglevel: INFO
    # -- Log level per package (when logbackConfig is not defined)
    loggers:
      # -- Log level for Auth Proxy (when logbackConfig is not defined)
      io.axual.auth.proxy: INFO
      # -- Log level for Spring Cloud Gateway (when logbackConfig is not defined)
      org.springframework.cloud.gateway: INFO
  # -- Additional environment variables for Auth Proxy container
  # These will be added to the env section of the Auth Proxy container
  env: []
    # Example:
    # - name: CUSTOM_VAR
    #   value: "custom-value"
    # - name: SECRET_VAR
    #   valueFrom:
    #     secretKeyRef:
    #       name: my-secret
  #       key: secret-key