# yaml-language-server: $schema=values.schema.json
# -- provide the image to be used for this component
image:
  # -- if you use a private repo, feel free to set it here
  repo: cr.nplus.cloud/subscription
  # -- the name of the image to use
  name: toolbox2
  # -- the tag of the image to use
  tag: latest
  pullPolicy: IfNotPresent
  # -- you can provide your own pullSecrets, in case you use
  # a private repo.
  pullSecrets:
    - nscale-cr
    - nplus-cr
# -- the dav user
account: admin
# -- password of the dav user
password: admin
# -- Alternatively, define a secret
secret:
meta:
  # -- lists the ports this component exposes. This is important for zero trust mode and others.
  ports:
    # -- The http port this component uses (if any). In zero trust mode, this will be disabled.
    # @internal -- this is a constant value of the component and should not be changed.
    http: 8080
    # -- The tls / https port, this component uses (if any)
    # @internal -- this is a constant value of the component and should not be changed.
    https: 8443
    # -- A potential tcp port, this component uses (if any)
    # @internal -- this is a constant value of the component and should not be changed.
    tcp:
    # -- A potential tls / tcps port, this component uses (if any)
    # @internal -- this is a constant value of the component and should not be changed.
    tcps:
    # -- A potential rmi port, this component uses (if any)
    # @internal -- this is a constant value of the component and should not be changed.
    rmi:
  # -- the type of the component. You should not change this value, except if
  # you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner*
  # This type is used to create cluster communication for nappl and nstl and potentially
  # group multiple replicaSets into one service.
  type: envdav
  # -- sets tenant information to be able to invoice per use in a cloud environment
  tenant:
  # -- sets provider (partner, reseller) information to be able to invoice per use in a cloud environment
  provider:
  # -- Sets the wave in which this component should be deployed within an ArgoCD deployment
  # if unset, it uses the default wave thus all components are installed in one wave, then relying
  # on correct wait settings just like in a helm installation
  wave:
  # -- Sets the language of the main service (in the *service* container). This is used for instance
  # if you turn OpenTelemetry on, to know which Agent to inject into the container.
  language:
  # -- The container name of the main service for this component. This is used to define where to
  # inject the telemetry agents, if any
  serviceContainer:
  # -- A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment
  # runs in. This can be used in template functions to add the stage to for instance the service name of
  # telemetry services like open telemetry. (see telemetry example)
  stage:
  # -- This is the version of the component, used for display
  # @internal -- set by devOps pipeline, so do not modify
  componentVersion:
# -- Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)
ingress:
  # -- You can toggle the ingress on wether you'd like this component
  # to be reachable through an ingress or not.
  enabled: true
  # -- Overrides the default backend protocol. The default is http,
  # unless in zeroTrust Mode, then it is switched to https automatically.
  # @default -- `http` <br> `https` in zero trust mode
  backendProtocol:
  # -- defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason
  # Example: `/nscalealinst1(/\|$)(.*)`
  # @internal -- This is an alpha feature - do not use it.
  inputPath:
  # -- defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason
  # Example: `/nscalealinst1/$2`
  # @internal -- This is an alpha feature - do not use it.
  rewriteTarget:
  # -- deny is used to exclude specific paths from public access, such as
  # administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is
  # the burlap protocol. The configuration service is the endpoint used by
  # the Admin client.
  deny:
  # -- on component level, set cookie affinity for the ingress
  # example: `XtConLoadBalancerSession` for nscale Web
  cookie:
  # -- Sets the name of the tls secret to be used for this ingress, that contains
  # the private and public key. These secrets can optionally be provided by the instance
  # @default -- `{{ .this.ingress.domain }}-tls`
  secret:
  # -- Sets the domain to be used. This domain should be provided by the instance globally
  # for all components, but you are free to override it here
  domain:
  # -- The ingressclass to use for this ingress. Most likely, this is provided globally by the 
  # instance, but you are free to override it here if this component should use a different class
  # e.g. if you have separated ingress controllers, like a public and an internal one
  # @default -- `public`
  class:
  # -- optionally sets a whitelist of ip ranges (CIDR format, comma separated)
  # from which ingress is allowed. This is an annotation for nginx, so won't work with other
  # ingress controllers
  whitelist:
  # -- Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy
  # to allow traffic from this namespace to our pods. This may be a comma separated list
  # @default -- "ingress, kube-system, ingress-nginx"
  namespace:
  # -- The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the
  # most though this is only a constant used in the scripts.
  contextPath: "/dav"
  # -- Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.
  proxyReadTimeout:
  # -- Adds extra Annotations to the ingress
  annotations:
# -- Security Section defining default runtime environment for your container
security:
  podSecurityContext:
    # -- The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context
    # for security
    # @internal -- there is normally no need to change this
    runAsUser: 1001
    # -- The file system group as which new files are created
    # @internal -- there is normally no need to change this
    fsGroup: 1001
    # -- Under which condition should the fsGroup be changed
    # @internal -- there is normally no need to change this
    fsGroupChangePolicy: OnRootMismatch
  containerSecurityContext:
    # -- sets the container root file system to read only. This should be the case in production environment
    # @internal -- you should not change this
    readOnlyRootFilesystem: true
    # -- Some functionality may need the possibility to allow privilege escalation. This should be very restrictive
    # @internal -- you should not change this
    allowPrivilegeEscalation: false
    # -- Capabilities this container should have. Only allow the necessity, and drop as many as possible
    # @internal -- you should not change this
    capabilities:
      drop:
        - ALL
  # -- turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes
  # @default -- `false`
  zeroTrust:
# -- Assigns hardware resources to container
resources:
  # -- Requests are used to assign a minimum to a container. This is the guaranteed amount
  requests:
    # -- Set the share of guaranteed CPU to the container.
    cpu: "1m"
    # -- Set the share of guaranteed RAM to the container
    memory: "64Mi"
  # -- Limits the maximum resources
  limits:
    # -- The maximum allowed CPU for the container
    cpu: "1"
    # -- The maximum allowed RAM for the container
    memory: "512Mi"
# -- set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl)
# etc.
# @default -- `Europe/Berlin`
timezone:
# -- Set tolerations for this component
tolerations:
# -- select specific nodes for this component
nodeSelector:
# -- Sets the name of a secret, which holds additional environment variables for
# the configuration. It is added as envFrom secretRef to the container.
envSecret:
# -- Sets the name of a configMap, which holds additional environment variables for
# the configuration. It is added as envFrom configMap to the container.
envMap:
# -- Sets additional environment variables for
# the configuration.
env:
# -- This overrides the output of the internal name function
nameOverride:
# -- This overrides the output of the internal fullname function
fullnameOverride:
utils:
  # -- Turn debugging *on* will give you stack trace etc. 
  # Please check out the Chart Developer Guide
  # @default -- `false`
  debug:
  # -- You can turn Comment rendering *on* to get descriptive information inside the manifests. It
  # will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD
  # @default -- `true`
  renderComments:
  # -- By default, the namespace is rendered into the manifest. However, if you want to use
  # `helm template` and store manifests for later applying them to multiple namespaces, you might
  # want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later
  # @default -- `true`
  includeNamespace:
  # -- in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the
  # pods will start in idle, not starting the service at all. This will allow you to gain access to the container
  # to perform recovery and maintenance tasks while having the real container up.
  # @default -- `false`
  maintenance:
  # -- If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components
  # of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components
  # while previous waves are not finished yet.
  # @default -- `false`
  disableWave:
  # -- in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are
  # only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might
  # start components even if they are not intended to run yet.
  # @default -- `false`
  disableWait:
service:
  # -- enables the service to be consumed by group components and a potential ingress
  # Disabling the service also disables the ingress.
  enabled: true
  # -- The selector can be `component` or `type`
  # *component* selects only pods that are in the replicaset.
  # *type* selects any pod that has the given type
  selector: "component"
  # -- adds extra Annotations to the service
  annotations:
# -- if you set minReplicaCountType, a podDesruptionBudget will be created with this value as
# minAvailable, using the component type as selector. This is useful for components, that are spread
# across multiple replicaSets, like sharepoint or storage layer
minReplicaCountType:
# -- provide extra settings for pod templates
template:
  # -- set additional annotations for pods
  annotations:
  # -- set additional labels for pods
  labels:
# -- Settings for telemetry tools
telemetry:
  # -- turns Open Telemetry on
  openTelemetry:
  # -- Sets the service name for the telemetry service to more convenient
  # identify the displayed component
  # Example: "{{ .this.meta.type }}-{{ .instance.name }}"
  serviceName:
# -- Sets the terminationGracePeriodSeconds for the component
# If not set, it uses the Kubernetes defaults
terminationGracePeriodSeconds: