---
common:
  nameOverride: ""
  fullnameOverride: ""
  image:
    registry: docker.io
    pullSecrets: []
  secretKey:
    # -- Whether the chart should generate a secret key upon deployment.
    createSecret: false
    # -- Use the secret key defined in an existing secret.
    existingSecretName: ""
  serviceAccount:
    # -- Whether the chart should generate a serviceAccount
    create: true
    annotations: {}
    # -- Use the name of the name of the release by default, or specify a custom name.
    name: ""
    # -- Whether the serviceAccount should mount the token.
    automount: false
  # -- Whether service links should be added to the Pods
  enableServiceLinks: true

apiServer:
  # -- The type of deployment. Can be either Deployment or StatefulSet.
  deploymentType: StatefulSet
  annotations: {}
  metrics:
    # -- Enable Prometheus scraping annotations on pods
    enabled: true
  image:
    # -- Override common.image.registry for the API server.
    registry: ""
    repository: dependencytrack/apiserver
    # -- Can be a tag name such as "latest", or an image digest
    # prefixed with "sha256:". Defaults to AppVersion of the chart.
    tag: ""
    pullPolicy: IfNotPresent
  command: []
  args: []
  resources:
    requests:
      cpu: "2"
      memory: 5Gi
    limits:
      memory: 5Gi
  # -- Security context of the Pod.
  # Aids in preventing permission issues with persistent volumes.
  # For OpenShift, explicitly set this to null.
  podSecurityContext:
    fsGroup: 1000
  # -- Security context of the Container.
  securityContext:
    allowPrivilegeEscalation: false
    capabilities:
      drop:
        - ALL
    runAsNonRoot: true
    readOnlyRootFilesystem: true
    seccompProfile:
      type: RuntimeDefault
  persistentVolume:
    enabled: false
    className: ""
    size: 5Gi
  extraEnv:
    []
    # - name: "ALPINE_DATABASE_PASSWORD"
    #   valueFrom:
    #     secretKeyRef:
    #       key: db-password
    #       name: dependencytrack-secrets
    # - name: ALPINE_DATABASE_MODE
    #   value: "external"
  extraEnvFrom: []
  # -- Additional containers to deploy. Supports templating.
  extraContainers: []
  extraPodLabels: {}
  tolerations: []
  probes:
    startup:
      path: "/health/started"
      failureThreshold: 30
      initialDelaySeconds: 10
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 5
    liveness:
      path: "/health/live"
      failureThreshold: 3
      initialDelaySeconds: 10
      periodSeconds: 15
      successThreshold: 1
      timeoutSeconds: 5
    readiness:
      path: "/health/ready"
      failureThreshold: 3
      initialDelaySeconds: 10
      periodSeconds: 15
      successThreshold: 1
      timeoutSeconds: 5
  additionalVolumeMounts: []
  #   - name: foo
  #     mountPath: /bar
  additionalVolumes:
    []
    # - name: foo
    #   emptyDir: {}
  service:
    type: ClusterIP
    nodePort: ~
    annotations: {}
  serviceMonitor:
    enabled: false
    namespace: monitoring
    scrapeInterval: 60s
    scrapeTimeout: 30s
    labels: {}
  # -- Additional init containers to deploy. Supports templating.
  initContainers: []
  # Use the following to fix permissions on the /data volume,
  # IF USING podSecurityContext IS NOT POSSIBLE (i.e. for OpenShift).
  #
  # initContainers:
  # - name: fix-permissions
  #   image: docker.io/library/busybox
  #   command:
  #   - sh
  #   - -c
  #   - |
  #     chown -R 1000:1000 /data
  #   volumeMounts:
  #   - name: data
  #     mountPath: /data
  #   securityContext:
  #     capabilities:
  #       add:
  #       - CHOWN
  #     runAsNonRoot: false
  #     runAsUser: 0
  #     seccompProfile:
  #       type: RuntimeDefault
  nodeSelector: {}

frontend:
  replicaCount: 1
  annotations: {}
  image:
    # -- Override common.image.registry for the frontend.
    registry: ""
    repository: dependencytrack/frontend
    # -- Can be a tag name such as "latest", or an image digest
    # prefixed with "sha256:". Defaults to AppVersion of the chart.
    tag: ""
    pullPolicy: IfNotPresent
  command: []
  args: []
  resources:
    requests:
      cpu: 150m
      memory: 64Mi
    limits:
      memory: 128Mi
  # -- Security context of the Pod.
  # Aids in preventing permission issues with persistent volumes.
  # For OpenShift, explicitly set this to null.
  podSecurityContext:
    fsGroup: 1000
  # -- Security context of the Container.
  securityContext:
    allowPrivilegeEscalation: false
    capabilities:
      drop:
        - ALL
    runAsNonRoot: true
    # RO filesystems are not supported by the frontend
    readOnlyRootFilesystem: false
    seccompProfile:
      type: RuntimeDefault
  extraEnv: []
  extraEnvFrom: []
  # -- Additional containers to deploy. Supports templating.
  extraContainers: []
  extraPodLabels: {}
  tolerations: []
  probes:
    liveness:
      failureThreshold: 3
      initialDelaySeconds: 5
      periodSeconds: 15
      successThreshold: 1
      timeoutSeconds: 5
    readiness:
      failureThreshold: 3
      initialDelaySeconds: 5
      periodSeconds: 15
      successThreshold: 1
      timeoutSeconds: 5
  additionalVolumeMounts:
    []
    # - name: foo
    #   mountPath: /bar
  additionalVolumes:
    []
    # - name: foo
    #   emptyDir: {}
  service:
    type: ClusterIP
    nodePort: ~
    annotations: {}
  apiBaseUrl: ""
  # -- Additional init containers to deploy. Supports templating.
  initContainers: []
  nodeSelector: {}

ingress:
  enabled: false
  annotations: {}
  labels: {}
  hostname: "example.com"
  ingressClassName: ""
  tls: []
  #  - secretName: dt-tls
  #    hosts:
  #      - example.com

httpRoute:
  enabled: false
  annotations: {}
  labels: {}
  hostnames:
    - "example.com"
  parentRefs: []
  #  - name: my-gateway
  #    namespace: default
  #    sectionName: https

# -- Create extra manifests via values.
extraObjects:
  []
  # - apiVersion: "kubernetes-client.io/v1"
  #   kind: ExternalSecret
  #   metadata:
  #     name: tempo-secrets
  #   spec:
  #     backendType: aws
  #     data:
  #       - key: secret-access-key
  #         name: awssm-secret