apiVersion: proxmox.sankofa.nexus/v1alpha1
kind: ProviderConfig
metadata:
  name: proxmox-provider-config
  namespace: crossplane-system
spec:
  credentials:
    source: Secret
    secretRef:
      namespace: crossplane-system
      name: proxmox-credentials
      # Note: The 'key' field is optional and ignored by the controller.
      # The controller reads 'username' and 'password' keys from the secret.
      # For token-based auth, use 'token' and 'tokenid' keys instead.
  sites:
    # Site names must match the 'site' field in VM specifications
    # VM specs use 'site-1' and 'site-2', so these names must match exactly
    - name: site-1
      endpoint: "https://192.168.11.10:8006"
      # Alternative: "https://ml110-01.sankofa.nexus:8006" (if DNS configured)
      node: "ml110-01"
      insecureSkipTLSVerify: true
    - name: site-2
      endpoint: "https://192.168.11.11:8006"
      # Alternative: "https://r630-01.sankofa.nexus:8006" (if DNS configured)
      node: "r630-01"
      insecureSkipTLSVerify: true
---
# Secret template - DO NOT COMMIT WITH REAL CREDENTIALS
apiVersion: v1
kind: Secret
metadata:
  name: proxmox-credentials
  namespace: crossplane-system
type: Opaque
stringData:
  # Option 1: Username/Password authentication
  username: "root@pam"
  password: "CHANGE_ME"
  
  # Option 2: Token-based authentication (recommended for production)
  # tokenid: "root@pam!api-token-name"
  # token: "your-api-token-secret"
  
  # WARNING: Replace with your actual credentials!
  # Do not commit real passwords or tokens to version control.