# Default values for vault-unseal.

deployment:
  # -- Deployment annotations
  annotations: {}
  # -- Deployment labels
  labels: {}
  # -- Deployment replica count
  replicaCount: 1
  # -- Deployment revision history limit
  revisionHistoryLimit: 1
  strategy:
    # -- Deployment strategy type
    type: RollingUpdate

image:
  # -- Image registry
  registry: ghcr.io
  # -- Image repository
  repository: lrstanley/vault-unseal
  # -- Image pull policy
  pullPolicy: IfNotPresent
  # -- Overrides the image tag whose default is the chart appVersion.
  tag: ""

# -- Image pull secrets
imagePullSecrets: []
# -- Name override
nameOverride: ""
# -- Full name override
fullnameOverride: ""

configSecret:
  # -- If you want to manage the configuration out of the helm chart, set it to false
  enabled: true
  # -- Config secret annotations
  annotations: {}
  # -- Config secret stringData
  stringData: |
    environment: dev
    check_interval: 15s
    max_check_interval: 30m
    vault_nodes:
      - https://1.2.3.4:8200
    unseal_tokens:
      - your-token
      - your-second-token
    tls_skip_verify: false
    email:
      enabled: false
      hostname: smtp.hostname.com
      port: 25
      username: your-username
      password: your-password
      # address to send from.
      from_addr: your-alerts@hostname.com
      # addresses to send to. the first will be the TO, the second and on will be CC'd
      # onto the message.
      send_addrs:
        - your-alert-group@hostname.com
        - example-user@hostname.com
      # Skip TLS certificate validation.
      tls_skip_verify: false
      # Require TLS for SMTP connections.
      # The default is opportunistic.
      mandatory_tls: false
    notify_max_elapsed: 10m
    notify_queue_delay: 60s

containers:
  # -- Containers environement
  env: []

serviceAccount:
  # -- Specifies whether a service account should be created
  create: false
  # -- Annotations to add to the service account
  annotations: {}
  # -- The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""
  # -- Creates the token object
  token: false

# -- Pod annotations
podAnnotations: {}

# -- Pod security context
podSecurityContext: {}
  # fsGroup: 2000

securityContext:
  # -- Security context capabilities
  capabilities:
    drop:
    - ALL
  # -- Security context run as non root
  runAsNonRoot: false
  # readOnlyRootFilesystem: true
  # runAsUser: 1000

# -- Resources
resources:
  limits:
    cpu: 100m
    memory: 32Mi
  requests:
    cpu: 10m
    memory: 8Mi

# -- Node selector labels
nodeSelector: {}

# -- Tolerations
tolerations: []

# -- Affinity
affinity: {}

# -- Extra volume mounts
extraVolumeMounts: []

# -- Extra volumes
extraVolumes: []