charts/netbox/values.yaml

# Default values for NetBox.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

## @section Global parameters
## Global container image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global container image parameters: imageRegistry, imagePullSecrets and storageClass

## @param global.imageRegistry Global container image registry
## @param global.imagePullSecrets Global container registry secret names as an array
## @param global.storageClass Global StorageClass for Persistent Volume(s)
##
global:
  imageRegistry: ""
  ## E.g.
  ## imagePullSecrets:
  ##   - myRegistryKeySecretName
  ##
  imagePullSecrets: []
  storageClass: ""

## @section Common parameters

## @param nameOverride String to partially override common.names.fullname
##
nameOverride: ""
## @param fullnameOverride String to fully override common.names.fullname
##
fullnameOverride: ""
## @param commonLabels Labels to add to all deployed objects
##
commonLabels: {}
## @param commonAnnotations Annotations to add to all deployed objects
##
commonAnnotations: {}
## @param clusterDomain Kubernetes cluster domain name
##
clusterDomain: cluster.local
## @param extraDeploy Array of extra objects to deploy with the release
## Example:
## extraDeploy:
##   - |
##     apiVersion: v1
##     kind: ConfigMap
##     metadata:
##       name: sso-pipeline-roles
##       namespace: netbox
##     data:
##       sso_pipeline_roles.py: |
##         from netbox.authentication import Group
##         ...
##
extraDeploy: []

## @section NetBox Image parameters
## @param image.registry Image registry
## @param image.repository Image repository
## @param image.tag Image tag
## @param image.digest Image digest in the way sha256:aa...
## @param image.pullPolicy MariaDB image pull policy
## @param image.pullSecrets Specify docker-registry secret names as an array
##
image:
  registry: ghcr.io
  repository: netbox-community/netbox
  pullPolicy: IfNotPresent
  ## Defaults to '{{ .Chart.AppVersion }}'
  ##
  tag: ""
  ## If set, override the tag
  ##
  digest: ""
  ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
  ## Example:
  ## pullSecrets:
  ##   - myRegistryKeySecretName
  ##
  pullSecrets: []

## @section NetBox Configuration parameters

# You can also use an existing secret for the superuser password and API token
# See `existingSecret` for details
superuser:
  name: admin
  email: admin@example.com
  password: ""
  apiToken: ""
  existingSecret: ""

# This is a list of valid fully-qualified domain names (FQDNs) for the NetBox
# server. NetBox will not permit write access to the server via any other
# hostnames. The first FQDN in the list will be treated as the preferred name.
allowedHosts:
  - "*"

# Include Pod IP in list of allowed hosts by providing it as the 'POD_IP' envvar
# at runtime, which is then used in the configuration.py.
allowedHostsIncludesPodIP: true

# Specify one or more name and email address tuples representing NetBox
# administrators. These people will be notified of application errors (assuming
# correct email settings are provided).
# admins:
#   - ['John Doe', 'jdoe@example.com']
admins: []

# Permit the retrieval of API tokens after their creation.
allowTokenRetrieval: false

# This parameter acts as a pass-through for configuring Django's built-in
# password validators for local user accounts. If configured, these will be
# applied whenever a user's password is updated to ensure that it meets minimum
# criteria such as length or complexity.
# https://netboxlabs.com/docs/netbox/en/stable/configuration/security/#auth_password_validators
authPasswordValidators: []

# URL schemes that are allowed within links in NetBox
allowedUrlSchemes:
  - file
  - ftp
  - ftps
  - http
  - https
  - irc
  - mailto
  - sftp
  - ssh
  - tel
  - telnet
  - tftp
  - vnc
  - xmpp

banner:
  # Optionally display a persistent banner at the top and/or bottom of every
  # page. HTML is allowed.
  top: ""
  bottom: ""

  # Text to include on the login page above the login form. HTML is allowed.
  login: ""

# Base URL path if accessing NetBox within a directory. For example, if
# installed at http://example.com/netbox/, set to 'netbox/'. If using
# Kubernetes Ingress, make sure you set ingress.hosts[].paths[] appropriately.
# This will also require customising the NGINX Unit application server
# configuration.
basePath: ""

# Maximum number of days to retain logged changes. Set to 0 to retain change
# logs indefinitely. (Default: 90)
changelogRetention: 90

# This is a mapping of models to custom validators that have been defined
# locally to enforce custom validation logic.
# https://netboxlabs.com/docs/netbox/en/stable/configuration/data-validation/#custom_validators
customValidators: {}

# This is a dictionary defining the default preferences to be set for newly-
# created user accounts.
# https://netboxlabs.com/docs/netbox/en/stable/configuration/default-values/#default_user_preferences
# defaultUserPreferences:
#   pagination:
#     per_page: 100
defaultUserPreferences: {}

# API Cross-Origin Resource Sharing (CORS) settings. If originAllowAll
# is set to true, all origins will be allowed. Otherwise, define a list of
# allowed origins using either originWhitelist or originRegexWhitelist. For
# more information, see https://github.com/ottoyiu/django-cors-headers
cors:
  originAllowAll: false
  originWhitelist: []
  originRegexWhitelist: []
  #  - '^(https?://)?(\w+\.)?example\.com$'

# CSRF settings.  Needed for netbox v3.2.0 and newer. For more information
# see https://netboxlabs.com/docs/netbox/en/stable/configuration/security/#csrf_trusted_origins
csrf:
  # The name of the cookie to use for the cross-site request forgery (CSRF)
  # authentication token.
  cookieName: csrftoken
  # Defines a list of trusted origins for unsafe (e.g. POST) requests. This is
  # a pass-through to Django's CSRF_TRUSTED_ORIGINS setting. Note that each
  # host listed must specify a scheme (e.g. http:// or `https://).
  trustedOrigins: []

# Note: this is where the CUSTOM_VALIDATORS setting naturally fits in relation
# to the upstream NetBox configuration, but the setting cannot be reflected in
# YAML/JSON as it depends on creating instances of Python classes.

# Set the default preferred language/locale
defaultLanguage: en-us

# The maximum size (in bytes) of an incoming HTTP request (i.e. GET or POST data).
# Requests which exceed this size will raise a RequestDataTooBig exception.
dataUploadMaxMemorySize: 2621440

# Set to True to enable server debugging. WARNING: Debugging introduces a
# substantial performance penalty and may reveal sensitive information about
# your installation. Only enable debugging while performing testing. Never
# enable debugging on a production system.
debug: false

# Display full traceback of errors that occur when applying database
# migrations.
dbWaitDebug: false

# Email settings
email:
  server: localhost
  port: 25
  username: ""
  password: ""
  useSSL: false
  useTLS: false
  sslCertFile: ""
  sslKeyFile: ""
  # Timeout in seconds
  timeout: 10
  from: ""
  existingSecretName: ""
  existingSecretKey: email-password

# Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce
# unique IP space within the global table (all prefixes and IP addresses not
# assigned to a VRF), set enforceGlobalUnique to True.
enforceGlobalUnique: false

# Exempt certain models from the enforcement of view permissions. Models listed
# here will be viewable by all users and by anonymous users. List models in the
# form `<app>.<model>`. Add '*' to this list to exempt all models.
exemptViewPermissions: []
#  - dcim.site
#  - dcim.region
#  - ipam.prefix

# Some static choice fields on models can be configured with custom values.
# Each choice in the list must have a database value and a human-friendly
# label, and may optionally specify a color.
# https://netboxlabs.com/docs/netbox/en/stable/configuration/data-validation/#field_choices
# fieldChoices:
#   'dcim.Site.status':
#     - [foo, Foo, red]
#     - [bar, Bar, green]
#     - [baz, Baz, blue]
#   'dcim.Site.status+':
#     ...
fieldChoices: {}

# The maximum amount (in bytes) of uploaded data that will be held in memory before being written to the filesystem.
# Changing this setting can be useful for example to be able to upload files bigger than 2.5MB to custom scripts
# for processing.
fileUploadMaxMemorySize: 2621440

# Enable the GraphQL API
graphQlEnabled: true

# HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for
# webhooks).
# httpProxies:
#   http: http://10.10.1.10:3128
#   https: http://10.10.1.10:1080
httpProxies: {}

# IP addresses recognized as internal to the system. The debugging toolbar will
# be available only to clients accessing NetBox from an internal IP.
internalIPs: ["127.0.0.1", "::1"]

# The number of days to retain job results (scripts and reports). Set this to 0
# to retain job results in the database indefinitely.
# https://netboxlabs.com/docs/netbox/en/stable/configuration/miscellaneous/#job_retention
jobRetention: 90

# Enable custom logging. Please see the Django documentation for detailed
# guidance on configuring custom logs:
# https://docs.djangoproject.com/en/1.11/topics/logging/
logging: {}

# Automatically reset the lifetime of a valid session upon each authenticated
# request. Enables users to remain authenticated to NetBox indefinitely.
loginPersistence: false

# Setting this to True will permit only authenticated users to access any part
# of NetBox. By default, anonymous users are permitted to access most data in
# NetBox but not make any changes.
loginRequired: false

# The length of time (in seconds) for which a user will remain logged into the
# web UI before being prompted to re-authenticate.
# Default value 1209600 is 14 days
loginTimeout: 1209600

# The view name or URL to which users are redirected after logging out.
logoutRedirectUrl: home

# Setting this to True will display a "maintenance mode" banner at the top of
# every page.
maintenanceMode: false

# The URL to use when mapping physical addresses or GPS coordinates
mapsUrl: "https://maps.google.com/?q="

# An API consumer can request an arbitrary number of objects by appending the
# "limit" parameter to the URL (e.g. "?limit=1000"). This setting defines the
# maximum limit. Setting it to 0 or None will allow an API consumer to request
# all objects by specifying "?limit=0".
maxPageSize: 1000

# By default uploaded media is stored in an attached volume. Using
# Django-storages is also supported. Provide the class path of the storage
# driver in storageBackend and any configuration options in storageConfig.
# storageBackend: storages.backends.s3boto3.S3Boto3Storage
storageBackend: ""
# storageConfig:
#   AWS_ACCESS_KEY_ID: 'Key ID'
#   AWS_SECRET_ACCESS_KEY: 'Secret'
#   AWS_STORAGE_BUCKET_NAME: 'netbox'
#   AWS_S3_ENDPOINT_URL: 'endpoint URL of S3 provider'
#   AWS_S3_REGION_NAME: 'eu-west-1'
storageConfig: {}

# Determine how many objects to display per page within a list. (Default: 50)
paginateCount: 50

# Enable installed plugins. Add the name of each plugin to the list.
plugins: []

# Plugins configuration settings. These settings are used by various plugins
# that the user may have installed. Each key in the dictionary is the name of
# an installed plugin and its value is a dictionary of settings.
pluginsConfig: {}

# The default value for the amperage field when creating new power feeds.
# https://netboxlabs.com/docs/netbox/en/stable/configuration/default-values/#powerfeed_default_amperage
powerFeedDefaultAmperage: 15

# The default value (percentage) for the max_utilization field when creating
# new power feeds.
# https://netboxlabs.com/docs/netbox/en/stable/configuration/default-values/#powerfeed_default_max_utilization
powerFeedMaxUtilisation: 80

# The default value for the voltage field when creating new power feeds.
# https://netboxlabs.com/docs/netbox/en/stable/configuration/default-values/#powerfeed_default_voltage
powerFeedDefaultVoltage: 120

# When determining the primary IP address for a device, IPv6 is preferred over
# IPv4 by default. Set this to True to prefer IPv4 instead.
preferIPv4: false

# Rack elevation size defaults, in pixels. For best results, the ratio of width
# to height should be roughly 10:1.
rackElevationDefaultUnitHeight: 22
rackElevationDefaultUnitWidth: 220

# Remote authentication support
remoteAuth:
  enabled: false
  backends:
    - netbox.authentication.RemoteUserBackend
  header: HTTP_REMOTE_USER
  userFirstName: HTTP_REMOTE_USER_FIRST_NAME
  userLastName: HTTP_REMOTE_USER_LAST_NAME
  userEmail: HTTP_REMOTE_USER_EMAIL
  autoCreateUser: false
  autoCreateGroups: false
  defaultGroups: []
  defaultPermissions: {}
  groupSyncEnabled: false
  groupHeader: HTTP_REMOTE_USER_GROUP
  superuserGroups: []
  superusers: []
  staffGroups: []
  staffUsers: []
  groupSeparator: "|"

  # The following options are specific for backend "netbox.authentication.LDAPBackend"
  # you can use an existing netbox secret with "ldap_bind_password" instead of "bindPassword"
  # see https://django-auth-ldap.readthedocs.io
  ldap:
    serverUri: ldap://example.com
    startTls: true
    ignoreCertErrors: false
    caCertData: ""
    bindDn: CN=Netbox,OU=EmbeddedDevices,OU=MyCompany,DC=example,dc=com
    bindPassword: ""
    userDnTemplate: ""
    userSearchBaseDn: OU=Users,OU=MyCompany,DC=example,dc=com
    userSearchAttr: sAMAccountName
    groupSearchBaseDn: OU=Groups,OU=MyCompany,DC=example,dc=com
    groupSearchClass: group
    groupType: GroupOfNamesType
    requireGroupDn:
      - CN=Network Configuration Operators,CN=Builtin,DC=example,dc=com
      - CN=Domain Admins,CN=Users,DC=example,dc=com
    isAdminDn:
      - CN=Domain Admins,CN=Users,DC=example,dc=com
    isSuperUserDn:
      - CN=Domain Admins,CN=Users,DC=example,dc=com
    findGroupPerms: true
    mirrorGroups: true
    mirrorGroupsExcept: ""
    cacheTimeout: 3600
    attrFirstName: givenName
    attrLastName: sn
    attrMail: mail

releaseCheck:
  # This repository is used to check whether there is a new release of NetBox
  # available. Set to null to disable the version check or use the URL below to
  # check for release in the official NetBox repository.
  # url: https://api.github.com/repos/netbox-community/netbox/releases
  url: ""

# Maximum execution time for background tasks, in seconds.
# Default value 300 is 5 minutes
rqDefaultTimeout: 300

# The name to use for the session cookie.
sessionCookieName: sessionid

# Localization
enableLocalization: false

# Time zone (default: UTC)
timeZone: UTC

# Date/time formatting. See the following link for supported formats:
# https://docs.djangoproject.com/en/dev/ref/templates/builtins/#date
dateFormat: "N j, Y"
shortDateFormat: "Y-m-d"
timeFormat: "g:i a"
shortTimeFormat: "H:i:s"
dateTimeFormat: "N j, Y g:i a"
shortDateTimeFormat: "Y-m-d H:i"

## Extra configuration settings
# You can pass additional YAML files to be loaded into NetBox's configuration.
# These can be passed as arbitrary configuration values set in the chart, or
# you can load arbitrary *.yaml keys from ConfigMaps and Secrets.
# extraConfig:
#   - values:
#       EXTRA_SETTING_ONE: example
#       ANOTHER_SETTING: foobar
#   - configMap: # pod.spec.volumes.configMap
#       name: netbox-extra
#       items: []
#       optional: false
#   - secret: # same as pod.spec.volumes.secret
#       secretName: netbox-extra
#       items: []
#       optional: false
extraConfig: []

# If provided, this should be a 50+ character string of random characters. It
# will be randomly generated if left blank.
# You can also use an existing secret with "secret_key" instead of "secretKey"
# See `existingSecret` for details
secretKey: ""

## Provide passwords using existing secret
# If set, this Secret must contain the following keys:
# - email_password: SMTP user password
# - ldap_bind_password: Password for LDAP bind DN
# - secret_key: session encryption token (50+ random characters)
existingSecret: ""

# Override the NGINX Unit configuration inside the container. When enabled, this
# overrides the default configuration loaded into Unit. The upstream config is:
# https://github.com/netbox-community/netbox-docker/blob/release/docker/nginx-unit.json
# Remember that JSON is valid YAML: you can safely copy-and-paste from the above
# into your values.yaml, or you can copy the YAML version from below as a
# starting point.
# overrideUnitConfig:
#   listeners:
#     "0.0.0.0:8080":
#       pass: routes/main
#     "[::]:8080":
#       pass: routes/main
#     "0.0.0.0:8081":
#       pass: routes/status
#     "[::]:8081":
#       pass: routes/status
#   routes:
#     main:
#       - match:
#           uri: "/static/*"
#         action:
#           share: "/opt/netbox/netbox${uri}"
#       - action:
#           pass: applications/netbox
#     status:
#       - match:
#           uri: "/status/*"
#         action:
#           proxy: "http://unix:/opt/unit/unit.sock"
#   applications:
#     netbox:
#       type: "python 3"
#       path: /opt/netbox/netbox/
#       module: netbox.wsgi
#       home: /opt/netbox/venv
#       processes:
#         max: 4
#         spare: 1
#         idle_timeout: 120
#   access_log: /dev/stdout
overrideUnitConfig: {}

## @section Deployment parameters

## @param command Override default container command (useful when using custom images)
##
command: []
## @param args Override default container args (useful when using custom images)
##
args: []

## @param replicaCount Number of replicas to deploy
## NOTE: ReadWriteMany PVC(s) are required if replicaCount > 1
##
replicaCount: 1
## Enable persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
## @param persistence.enabled Enable persistence using PVC
## @param persistence.storageClass PVC Storage Class for volume
## @param persistence.accessMode PVC Access Mode for volume
## @param persistence.size PVC Storage Request for volume
## @param persistence.subPath Existing claim's subPath to use, e.g. "media" (optional)
## @param persistence.existingClaim Name of an existing PVC to be used
## @param persistence.annotations Annotations to add to the PVC
##
persistence:
  enabled: true
  ## Data Persistent Volume Storage Class
  ## If defined, storageClassName: <storageClass>
  ## If set to "-", storageClassName: "", which disables dynamic provisioning
  ## If undefined (the default) or set to null, no storageClassName spec is
  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
  ##   GKE, AWS & OpenStack)
  ##
  storageClass: ""
  subPath: ""
  accessMode: ReadWriteOnce
  size: 1Gi
  existingClaim: ""
  annotations: {}
## Enable reports persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
## @param reportsPersistence.enabled Enable reports persistence using PVC
## @param reportsPersistence.storageClass PVC Storage Class for volume
## @param reportsPersistence.accessMode PVC Access Mode for volume
## @param reportsPersistence.size PVC Storage Request for volume
## @param reportsPersistence.subPath Existing claim's subPath to use, e.g. "media" (optional)
## @param reportsPersistence.existingClaim Name of an existing PVC to be used
## @param reportsPersistence.annotations Annotations to add to the PVC
##
reportsPersistence:
  enabled: false
  existingClaim: ""
  subPath: ""
  ## Data Persistent Volume Storage Class
  ## If defined, storageClassName: <storageClass>
  ## If set to "-", storageClassName: "", which disables dynamic provisioning
  ## If undefined (the default) or set to null, no storageClassName spec is
  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
  ##   GKE, AWS & OpenStack)
  ##
  storageClass: ""
  accessMode: ReadWriteOnce
  size: 1Gi
  annotations: {}
## Enable scripts persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
## @param scriptsPersistence.enabled Enable reports persistence using PVC
## @param scriptsPersistence.storageClass PVC Storage Class for volume
## @param scriptsPersistence.accessMode PVC Access Mode for volume
## @param scriptsPersistence.size PVC Storage Request for volume
## @param scriptsPersistence.subPath Existing claim's subPath to use, e.g. "media" (optional)
## @param scriptsPersistence.existingClaim Name of an existing PVC to be used
## @param scriptsPersistence.annotations Annotations to add to the PVC
##
scriptsPersistence:
  enabled: false
  existingClaim: ""
  subPath: ""
  ## Data Persistent Volume Storage Class
  ## If defined, storageClassName: <storageClass>
  ## If set to "-", storageClassName: "", which disables dynamic provisioning
  ## If undefined (the default) or set to null, no storageClassName spec is
  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
  ##   GKE, AWS & OpenStack)
  ##
  storageClass: ""
  accessMode: ReadWriteOnce
  size: 1Gi
  annotations: {}
## @param updateStrategy.type Deployment strategy type
## @param updateStrategy.rollingUpdate Deployment rolling update configuration parameters
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
## NOTE: Set it to `Recreate` if you use a PV that cannot be mounted on multiple pods
## e.g:
## updateStrategy:
##  type: RollingUpdate
##  rollingUpdate:
##    maxSurge: 25%
##    maxUnavailable: 25%
##
updateStrategy:
  type: RollingUpdate
## Pods Service Account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
## @param master.serviceAccount.create Specifies whether a ServiceAccount should be created
## @param master.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
## @param master.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
## @param master.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
##
serviceAccount:
  create: true
  annotations: {}
  name: ""
  automountServiceAccountToken: false
## @param hostAliases [array] Add deployment host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts`
## e.g:
## extraVolumes:
##   - name: redis-ca
##     secret:
##       secretName: redis-ca
##
extraVolumes: []
## @param extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`.
## e.g:
## extraVolumeMounts:
##   - name: redis-ca
##     mountPath: /tmp/redis-ca
##     subPath: redis_ca
##     readOnly: true
##
extraVolumeMounts: []
## @param sidecars Add additional sidecar containers to the pod
## e.g:
## sidecars:
##   - name: your-image-name
##     image: your-image
##     imagePullPolicy: Always
##     ports:
##       - name: portname
##         containerPort: 1234
##
sidecars: []
## @param initContainers Add additional init containers to the pods
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## initContainers:
##  - name: your-image-name
##    image: your-image
##    imagePullPolicy: Always
##    command: ['sh', '-c', 'echo "init"']
##
initContainers: []
## @param podLabels Extra labels for pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param podAnnotations Annotations for pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param nodeSelector Node labels for pod assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param tolerations Tolerations for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param priorityClassName Pods' priorityClassName
##
priorityClassName: ""
## @param schedulerName Name of the k8s scheduler (other than default) for pods
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param terminationGracePeriodSeconds Seconds pods need to terminate gracefully
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
##
terminationGracePeriodSeconds:
## @param topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template.
## e.g:
## topologySpreadConstraints:
##   - maxSkew: 1
##     topologyKey: topology.kubernetes.io/zone
##     whenUnsatisfiable: DoNotSchedule
##     labelSelector:
##       matchLabels:
##         "app.kubernetes.io/component": netbox
##         "app.kubernetes.io/name": netbox
##
topologySpreadConstraints: []
## Container's resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge).
## This is ignored if resources is set (resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "medium"
## Containers' resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param resources.limits The resources limits for the container
## @param resources.requests [object] The requested resources for the container
## Example:
## resources:
##   requests:
##     cpu: 2
##     memory: 512Mi
##   limits:
##     cpu: 3
##     memory: 1024Mi
##
resources: {}
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext.enabled Enable pods' Security Context
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
## @param podSecurityContext.fsGroup Pods' group ID
##
podSecurityContext:
  enabled: true
  fsGroupChangePolicy: Always
  sysctls: []
  supplementalGroups: []
  fsGroup: 1000
## Configure Container Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param securityContext.enabled Enabled containers' Security Context
## @param securityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param securityContext.runAsUser Set containers' Security Context runAsUser
## @param securityContext.runAsGroup Set containers' Security Context runAsGroup
## @param securityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param securityContext.privileged Set container's Security Context privileged
## @param securityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param securityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param securityContext.capabilities.drop List of capabilities to be dropped
## @param securityContext.seccompProfile.type Set container's Security Context seccomp profile
##
securityContext:
  enabled: true
  seLinuxOptions: {}
  runAsUser: 1000
  runAsGroup: 1000
  runAsNonRoot: true
  privileged: false
  readOnlyRootFilesystem: true
  allowPrivilegeEscalation: false
  capabilities:
    drop: ["ALL"]
  seccompProfile:
    type: "RuntimeDefault"
## @param automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
## Configure extra options for liveness probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param livenessProbe.enabled Enable livenessProbe
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
  enabled: true
  initialDelaySeconds: 0
  periodSeconds: 10
  timeoutSeconds: 1
  failureThreshold: 3
  successThreshold: 1
## Configure extra options for readiness probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param readinessProbe.enabled Enable readinessProbe
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
  enabled: true
  initialDelaySeconds: 0
  periodSeconds: 10
  timeoutSeconds: 1
  failureThreshold: 3
  successThreshold: 1
## Configure extra options for startupProbe probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param startupProbe.enabled Enable startupProbe
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param startupProbe.periodSeconds Period seconds for startupProbe
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param startupProbe.failureThreshold Failure threshold for startupProbe
## @param startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
  enabled: true
  initialDelaySeconds: 5
  periodSeconds: 10
  timeoutSeconds: 1
  failureThreshold: 10
  successThreshold: 1
## @param customLivenessProbe Override default liveness probe for containers
##
customLivenessProbe: {}
## @param customReadinessProbe Override default readiness probe for containers
##
customReadinessProbe: {}
## @param customStartupProbe Override default startup probe for containers
##
customStartupProbe: {}
## @param lifecycleHooks for containers to automate configuration before or after startup
##
lifecycleHooks: {}
## @param extraEnvs Extra environment variables to be set on containers
## E.g:
## extraEnvs:
##   - name: FOO
##     valueFrom:
##       secretKeyRef:
##         key: FOO
##         name: secret-resource
extraEnvs: []
## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars for containers
##
extraEnvVarsCM: ""
## @param extraEnvVarsSecret Name of existing Secret containing extra env vars for containers
##
extraEnvVarsSecret: ""

## Configure revision history limit for deployments
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy
revisionHistoryLimit: 10

## @section Traffic Exposure Parameters

## Service parameters
## @param service.type Kubernetes Service type
## @param service.loadBalancerSourceRanges Restricts access for LoadBalancer (only with `service.type: LoadBalancer`)
## @param service.loadBalancerIP loadBalancerIP for the service (optional, cloud specific)
## @param service.loadBalancerClass Load Balancer class (optional, cloud specific)
## @param service.nodePort Kubernetes node port
## @param service.externalTrafficPolicy Enable client source IP preservation
## @param service.clusterIP Service Cluster IP
## @param service.annotations Additional custom annotations for Matomo service
##
service:
  annotations: {}
  type: ClusterIP
  port: 80
  ## nodePort: <to set explicitly, choose port between 30000-32767>
  ##
  nodePort: ""
  clusterIP: ""
  externalTrafficPolicy: Cluster
  loadBalancerIP: ""
  ## e.g:
  ## loadBalancerSourceRanges:
  ##   - 0.0.0.0/0
  ##
  loadBalancerSourceRanges: []
  loadBalancerClass: ""
  externalIPs: []
  clusterIPs: []
  ipFamilyPolicy: ""
  ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin
  ## Values: ClientIP or None
  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
  ##
  sessionAffinity: None
  ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
  ## sessionAffinityConfig:
  ##   clientIP:
  ##     timeoutSeconds: 300
  ##
  sessionAffinityConfig: {}

## Configure the ingress resource that allows you to access the app
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
##
ingress:
  ## @param ingress.enabled Enable ingress record generation
  ##
  enabled: false
  ## @param ingress.pathType Ingress Path type
  ##
  pathType: ImplementationSpecific
  ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
  ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
  ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
  ##
  className: ""
  ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
  ## For a full list of possible ingress annotations, please see
  ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
  ## Use this parameter to set the required annotations for cert-manager, see
  ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
  ##
  ## e.g:
  ## annotations:
  ##   kubernetes.io/ingress.class: nginx
  ##   cert-manager.io/cluster-issuer: cluster-issuer-name
  ##
  annotations: {}
  hosts:
    - host: chart-example.local
      paths:
        # You can manually specify the service name and service port if
        # required. This could be useful if for exemple you are using the AWS
        # ALB Ingress Controller and want to set up automatic SSL redirect.
        # https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/tasks/ssl_redirect/#redirect-traffic-from-http-to-https
        # - path: /*
        #   backend:
        #     serviceName: ssl-redirect
        #     servicePort: use-annotation
        #
        # Or you can let the template set it for you.
        # Both types of rule can be combined.
        # NB: You may also want to set the basePath above
        - /

  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local

## @section Metrics parameters

## Prometheus Exporter / Metrics
##
metrics:
  ## @param metrics.enabled Enable the export of Prometheus metrics
  ##
  enabled: false
  ## Prometheus Operator ServiceMonitor configuration
  ##
  serviceMonitor:
    ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)
    ##
    enabled: false
    ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
    ##
    honorLabels: false
    ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped.
    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
    ## e.g:
    ## interval: 10s
    ##
    interval: ""
    ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
    ## e.g:
    ## scrapeTimeout: 10s
    ##
    scrapeTimeout: ""
    ## @param metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
    ##
    metricRelabelings: []
    ## @param metrics.serviceMonitor.relabelings Specify general relabeling
    ##
    relabelings: []
    ## @param metrics.serviceMonitor.selector Prometheus instance selector labels
    ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration
    ## selector:
    ##   prometheus: my-prometheus
    ##
    selector: {}
    additionalLabels: {}

## @section Databases parameters

## PostgreSQL chart configuration
## https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml
##
postgresql:
  ## @param postgresql.enabled Whether to deploy a PostgreSQL server to satisfy the applications database requirements
  ## To use an external database set this to false and configure the externalDatabase parameters
  ##
  enabled: true
  auth:
    username: netbox
    database: netbox

## External database configuration
## @param externalDatabase.host Host of the existing database
## @param externalDatabase.port Port of the existing database
## @param externalDatabase.username Existing username in the external db
## @param externalDatabase.password Password for the above username
## @param externalDatabase.database Name of the existing database
## @param externalDatabase.existingSecretName Name of a secret containing the database credentials
## @param externalDatabase.existingSecretKey Key of a secret containing the database credentials
##
externalDatabase:
  host: localhost
  port: 5432
  database: netbox
  username: netbox
  password: ""
  existingSecretName: ""
  existingSecretKey: postgresql-password

  # The following settings also apply when using the bundled PostgreSQL chart:
  sslMode: prefer
  connMaxAge: 300
  disableServerSideCursors: false
  targetSessionAttrs: read-write

## Redis chart configuration
## https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml
## @param redis.enabled Deploy Redis using bundled Bitnami Redis chart
##
redis:
  enabled: true

tasksRedis:
  database: 0
  ssl: false
  insecureSkipTlsVerify: false
  # When defining caCertPath, make sure you mount the secret containing the CA certificate on all the necessary containers
  caCertPath: ""

  # Used only when redis.enabled is false. host and port are not used if
  # sentinels are given.
  host: netbox-redis
  port: 6379
  sentinels: []
  #  - mysentinel:26379
  sentinelService: netbox-redis
  sentinelTimeout: 300
  username: ""
  password: ""
  existingSecretName: ""
  existingSecretKey: redis-password

cachingRedis:
  database: 1
  ssl: false
  insecureSkipTlsVerify: false
  # When defining caCertPath, make sure you mount the secret containing the CA certificate on all the necessary containers
  caCertPath: ""

  # Used only when redis.enabled is false. host and port are not used if
  # sentinels are given.
  host: netbox-redis
  port: 6379
  sentinels: []
  #  - mysentinel:26379
  sentinelService: netbox-redis
  sentinelTimeout: 300
  username: ""
  password: ""
  existingSecretName: ""
  existingSecretKey: redis-password

## @section Autoscaling parameters

## Autoscaling configuration
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
## @param autoscaling.enabled Enable Horizontal POD autoscaling
## @param autoscaling.minReplicas Minimum number of replicas
## @param autoscaling.maxReplicas Maximum number of replicas
## @param autoscaling.targetCPUUtilizationPercentage Target CPU utilization percentage
## @param autoscaling.targetMemoryUtilizationPercentage Target Memory utilization percentage
##
autoscaling:
  enabled: false
  minReplicas: 1
  maxReplicas: 100
  targetCPUUtilizationPercentage: 80
  # targetMemoryUtilizationPercentage: 80

## @section Volume permissions parameters

## Init Container parameters
## Change the owner and group of the persistent volume mountpoint to 'runAsUser:fsGroup'
## values from the securityContext section.
##
init:
  ## @param init.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
  ## @param init.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image name
  ## @param init.image.tag Init container volume-permissions image tag
  ## @param init.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
  ## @param init.image.pullPolicy Init container volume-permissions image pull policy
  ## @param init.image.pullSecrets Specify docker-registry secret names as an array
  ##
  image:
    registry: docker.io
    repository: busybox
    tag: 1.37.0
    digest: ""
    ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
    ##
    pullPolicy: IfNotPresent
    ## Optionally specify an array of imagePullSecrets.
    ## Secrets must be manually created in the namespace.
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
    ## e.g:
    ## pullSecrets:
    ##   - myRegistryKeySecretName
    ##
    pullSecrets: []
  ## Init container resource requests and limits
  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
  ## @param init.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if init.resources is set (init.resources is recommended for production).
  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
  ##
  resourcesPreset: "nano"
  ## @param init.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
  ## Example:
  ## resources:
  ##   requests:
  ##     cpu: 2
  ##     memory: 512Mi
  ##   limits:
  ##     cpu: 3
  ##     memory: 1024Mi
  ##
  resources: {}
  ## Init container' Security Context
  ## Note: the chown of the data folder is done to securityContext.runAsUser
  ## and not the below init.securityContext.runAsUser
  ## @param init.securityContext.enabled Enabled containers' Security Context
  ## @param init.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container
  ## @param init.securityContext.runAsUser User ID for the init container
  ## @param init.securityContext.runAsGroup Group ID for the init container
  ## @param init.securityContext.runAsNonRoot runAsNonRoot for the init container
  ## @param init.securityContext.seccompProfile.type seccompProfile.type for the init container
  ##
  securityContext:
    enabled: true
    seLinuxOptions: {}
    seccompProfile:
      type: RuntimeDefault
    capabilities:
      drop:
        - ALL
    readOnlyRootFilesystem: true
    allowPrivilegeEscalation: false
    runAsNonRoot: true
    runAsUser: 1000
    runAsGroup: 1000

## @section Test parameters

test:
  ## @param test.image.registry [default: REGISTRY_NAME] test container volume-permissions image registry
  ## @param test.image.repository [default: REPOSITORY_NAME/os-shell] test container volume-permissions image name
  ## @param test.image.tag test container volume-permissions image tag
  ## @param test.image.digest test container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
  ## @param test.image.pullPolicy test container volume-permissions image pull policy
  ## @param test.image.pullSecrets Specify docker-registry secret names as an array
  ##
  image:
    registry: docker.io
    repository: busybox
    tag: 1.37.0
    digest: ""
    ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
    ##
    pullPolicy: IfNotPresent
    ## Optionally specify an array of imagePullSecrets.
    ## Secrets must be manually created in the namespace.
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
    ## e.g:
    ## pullSecrets:
    ##   - myRegistryKeySecretName
    ##
    pullSecrets: []
  ## test container resource requests and limits
  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
  ## @param test.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if test.resources is set (test.resources is recommended for production).
  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
  ##
  resourcesPreset: "nano"
  ## @param test.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
  ## Example:
  ## resources:
  ##   requests:
  ##     cpu: 2
  ##     memory: 512Mi
  ##   limits:
  ##     cpu: 3
  ##     memory: 1024Mi
  ##
  resources: {}
  ## test container' Security Context
  ## Note: the chown of the data folder is done to securityContext.runAsUser
  ## and not the below test.securityContext.runAsUser
  ## @param test.securityContext.enabled Enabled containers' Security Context
  ## @param test.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container
  ## @param test.securityContext.runAsUser User ID for the test container
  ## @param test.securityContext.runAsGroup Group ID for the test container
  ## @param test.securityContext.runAsNonRoot runAsNonRoot for the test container
  ## @param test.securityContext.seccompProfile.type seccompProfile.type for the test container
  ##
  securityContext:
    enabled: false
    seLinuxOptions: {}
    seccompProfile:
      type: RuntimeDefault
    capabilities:
      drop:
        - ALL
    readOnlyRootFilesystem: true
    allowPrivilegeEscalation: false
    runAsNonRoot: true
    runAsUser: 1000
    runAsGroup: 1000

## @section Cron housekeeping job parameters

## Configuration of Cron settings
##
housekeeping:
  ## @param housekeeping.enabled Enable housekeeping job
  ##
  enabled: true
  ## @param housekeeping.schedule Schedule in Cron format to save snapshots
  ## See https://en.wikipedia.org/wiki/Cron
  ##
  schedule: "0 0 * * *"
  ## @param housekeeping.historyLimit Number of successful finished jobs to retain
  ##
  successfulJobsHistoryLimit: 5
  ## @param housekeeping.failedHistoryLimit Number of failed finished jobs to retain
  ##
  failedJobsHistoryLimit: 5
  ## @param housekeeping.command The command to execute in the housekeeping job
  ## To append another command, e.g. in order to shut down a DB sidecar container, use something like
  ##   - /bin/bash
  ##   - -c
  ##   - >
  ##     /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py housekeeping
  ##     && curl -X POST http://localhost:9190/quitquitquit"
  ##
  command:
    - /opt/netbox/venv/bin/python
    - /opt/netbox/netbox/manage.py
    - housekeeping
  ## @param housekeeping.args Override default housekeeping args
  ##
  args: []
  ## @param housekeeping.podAnnotations Pod annotations
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## K8s Security Context for Housekeeping Cronjob pods
  ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ## @param housekeeping.podSecurityContext.enabled Enable security context for InfluxDB&trade; housekeeping pods
  ## @param housekeeping.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
  ## @param housekeeping.podSecurityContext.sysctls Set kernel settings using the sysctl interface
  ## @param housekeeping.podSecurityContext.supplementalGroups Set filesystem extra groups
  ## @param housekeeping.podSecurityContext.fsGroup Group ID for the InfluxDB&trade; filesystem
  ##
  podSecurityContext:
    enabled: true
    fsGroup: 1000
    fsGroupChangePolicy: Always
    sysctls: []
    supplementalGroups: []
  ## K8s Security Context for Housekeeping Cronjob containers
  ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ## @param housekeeping.securityContext.enabled Enabled containers' Security Context
  ## @param housekeeping.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container
  ## @param housekeeping.securityContext.runAsUser Set containers' Security Context runAsUser
  ## @param housekeeping.securityContext.runAsGroup Set containers' Security Context runAsGroup
  ## @param housekeeping.securityContext.runAsNonRoot Set container's Security Context runAsNonRoot
  ## @param housekeeping.securityContext.privileged Set container's Security Context privileged
  ## @param housekeeping.securityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
  ## @param housekeeping.securityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
  ## @param housekeeping.securityContext.capabilities.drop List of capabilities to be dropped
  ## @param housekeeping.securityContext.seccompProfile.type Set container's Security Context seccomp profile
  securityContext:
    enabled: true
    seLinuxOptions: {}
    seccompProfile:
      type: "RuntimeDefault"
    capabilities:
      drop:
        - ALL
    privileged: false
    readOnlyRootFilesystem: true
    allowPrivilegeEscalation: false
    runAsNonRoot: true
    runAsUser: 1000
    runAsGroup: 1000
  ## @param housekeeping.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if influxdb.resources is set (influxdb.resources is recommended for production).
  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
  ##
  resourcesPreset: "none"
  ## @param housekeeping.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
  ## Example:
  ## resources:
  ##   requests:
  ##     cpu: 2
  ##     memory: 512Mi
  ##   limits:
  ##     cpu: 3
  ##     memory: 1024Mi
  ##
  resources: {}
  ## @param housekeeping.readOnlyPersistence Whether to mount media, script, and report directories as read-only
  ##
  readOnlyPersistence: false
  ## @param housekeeping.extraEnvs Extra environment variables to be set on containers
  ## E.g:
  ## extraEnvs:
  ##   - name: FOO
  ##     valueFrom:
  ##       secretKeyRef:
  ##         key: FOO
  ##         name: secret-resource
  extraEnvs: []
  ## @param housekeeping.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for housekeeping containers
  ##
  extraEnvVarsCM: ""
  ## @param housekeeping.extraEnvVarsSecret Name of existing Secret containing extra env vars for housekeeping containers
  ##
  extraEnvVarsSecret: ""
  ## @param housekeeping.extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts`
  ## e.g:
  ## extraVolumes:
  ##   - name: redis-ca
  ##     secret:
  ##       secretName: redis-ca
  ##
  extraVolumes: []
  ## @param housekeeping.extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`.
  ## e.g:
  ## extraVolumeMounts:
  ##   - name: redis-ca
  ##     mountPath: /tmp/redis-ca
  ##     subPath: redis_ca
  ##     readOnly: true
  ##
  extraVolumeMounts: []
  ## @param housekeeping.sidecars Add additional sidecar containers to the pod
  ## e.g:
  ## sidecars:
  ##   - name: your-image-name
  ##     image: your-image
  ##     imagePullPolicy: Always
  ##     ports:
  ##       - name: portname
  ##         containerPort: 1234
  ##
  sidecars: []
  ## @param housekeeping.initContainers Add additional init containers to the pods
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
  ## e.g:
  ## initContainers:
  ##  - name: your-image-name
  ##    image: your-image
  ##    imagePullPolicy: Always
  ##    command: ['sh', '-c', 'echo "init"']
  ##
  initContainers: []
  ## @param housekeeping.affinity Housekeeping&trade; Affinity for housekeeping pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ## Note: podAffinityPreset, podAntiAffinityPreset, and  nodeAffinityPreset will be ignored when it's set
  ##
  affinity: {}
  ## @param housekeeping.nodeSelector Housekeeping&trade; Node labels for housekeeping pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
  ##
  nodeSelector: {}
  ## @param housekeeping.tolerations Housekeeping&trade; Tolerations for housekeeping pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## @param housekeeping.podLabels Extra labels for pods
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
  ##
  podLabels: {}
  ## @param housekeeping.automountServiceAccountToken Mount Service Account token in pod
  ##
  automountServiceAccountToken: false
  concurrencyPolicy: Forbid
  restartPolicy: OnFailure
  suspend: false

## @section Worker for Netbox parameters

## Worker for Netbox
## Only required for Netbox Jobs, e.g. Webhooks
##
worker:
  ## @param worker.enabled Enable worker job
  ##
  enabled: true
  ## @param worker.command The command to execute in the worker container
  ##
  command:
    - /opt/netbox/venv/bin/python
    - /opt/netbox/netbox/manage.py
    - rqworker
  ## @param worker.args Override worker container args
  ##
  args: []
  ## @param worker.replicaCount Number of replicas to deploy
  ## NOTE: ReadWriteMany PVC(s) are required if replicaCount > 1
  ##
  replicaCount: 1
  ## @param worker.podLabels Extra labels for pods
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
  ##
  podLabels: {}
  ## @param worker.podAnnotations Pod annotations
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## K8s Security Context for worker pods
  ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ## @param worker.podSecurityContext.enabled Enable security context for InfluxDB&trade; housekeeping pods
  ## @param worker.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
  ## @param worker.podSecurityContext.sysctls Set kernel settings using the sysctl interface
  ## @param worker.podSecurityContext.supplementalGroups Set filesystem extra groups
  ## @param worker.podSecurityContext.fsGroup Group ID for the InfluxDB&trade; filesystem
  ##
  podSecurityContext:
    enabled: true
    fsGroup: 1000
    fsGroupChangePolicy: Always
    sysctls: []
    supplementalGroups: []
  ## K8s Security Context for worker containers
  ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ## @param worker.securityContext.enabled Enabled containers' Security Context
  ## @param worker.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container
  ## @param worker.securityContext.runAsUser Set containers' Security Context runAsUser
  ## @param worker.securityContext.runAsGroup Set containers' Security Context runAsGroup
  ## @param worker.securityContext.runAsNonRoot Set container's Security Context runAsNonRoot
  ## @param worker.securityContext.privileged Set container's Security Context privileged
  ## @param worker.securityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
  ## @param worker.securityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
  ## @param worker.securityContext.capabilities.drop List of capabilities to be dropped
  ## @param worker.securityContext.seccompProfile.type Set container's Security Context seccomp profile
  securityContext:
    enabled: true
    seLinuxOptions: {}
    seccompProfile:
      type: "RuntimeDefault"
    capabilities:
      drop:
        - ALL
    privileged: false
    readOnlyRootFilesystem: true
    allowPrivilegeEscalation: false
    runAsNonRoot: true
    runAsUser: 1000
    runAsGroup: 1000
  ## @param worker.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if influxdb.resources is set (influxdb.resources is recommended for production).
  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
  ##
  resourcesPreset: "none"
  ## @param worker.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
  ## Example:
  ## resources:
  ##   requests:
  ##     cpu: 2
  ##     memory: 512Mi
  ##   limits:
  ##     cpu: 3
  ##     memory: 1024Mi
  ##
  resources: {}
  ## @param worker.readOnlyPersistence Whether to mount media, script, and report directories as read-only
  ##
  readOnlyPersistence: false
  ## @param worker.automountServiceAccountToken Mount Service Account token in pod
  ##
  automountServiceAccountToken: false
  ## @param worker.affinity Affinity for worker pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
  ##
  affinity: {}
  ## @param worker.nodeSelector Node labels for worker pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
  ##
  nodeSelector: {}
  ## @param worker.tolerations Tolerations for worker pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## @param worker.priorityClassName Pods' priorityClassName
  ##
  priorityClassName: ""
  ## @param worker.schedulerName Name of the k8s scheduler (other than default) for pods
  ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
  ##
  schedulerName: ""
  ## @param worker.terminationGracePeriodSeconds Seconds pods need to terminate gracefully
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
  ##
  terminationGracePeriodSeconds:
  ## @param worker.topologySpreadConstraints Topology Spread Constraints for pod assignment
  ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
  ## The value is evaluated as a template.
  ## e.g:
  ## topologySpreadConstraints:
  ##   - maxSkew: 1
  ##     topologyKey: topology.kubernetes.io/zone
  ##     whenUnsatisfiable: DoNotSchedule
  ##     labelSelector:
  ##       matchLabels:
  ##         "app.kubernetes.io/component": netbox
  ##         "app.kubernetes.io/name": netbox
  ##
  topologySpreadConstraints: []
  ## @param worker.hostAliases [array] Add deployment host aliases
  ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
  ##
  hostAliases: []
  ## @param worker.updateStrategy.type Deployment strategy type
  ## @param worker.updateStrategy.rollingUpdate Deployment rolling update configuration parameters
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
  ## NOTE: Set it to `Recreate` if you use a PV that cannot be mounted on multiple pods
  ## e.g:
  ## updateStrategy:
  ##  type: RollingUpdate
  ##  rollingUpdate:
  ##    maxSurge: 25%
  ##    maxUnavailable: 25%
  ##
  updateStrategy:
    type: RollingUpdate
  ## Autoscaling configuration
  ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
  ## @param worker.autoscaling.enabled Enable Horizontal POD autoscaling
  ## @param worker.autoscaling.minReplicas Minimum number of replicas
  ## @param worker.autoscaling.maxReplicas Maximum number of replicas
  ## @param worker.autoscaling.targetCPUUtilizationPercentage Target CPU utilization percentage
  ## @param worker.autoscaling.targetMemoryUtilizationPercentage Target Memory utilization percentage
  ##
  autoscaling:
    enabled: false
    minReplicas: 1
    maxReplicas: 100
    targetCPUUtilizationPercentage: 80
    # targetMemoryUtilizationPercentage: 80
  ## @param worker.extraEnvs Extra environment variables to be set on containers
  ## E.g:
  ## extraEnvs:
  ##   - name: FOO
  ##     valueFrom:
  ##       secretKeyRef:
  ##         key: FOO
  ##         name: secret-resource
  extraEnvs: []
  ## @param worker.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for worker containers
  ##
  extraEnvVarsCM: ""
  ## @param worker.extraEnvVarsSecret Name of existing Secret containing extra env vars for worker containers
  ##
  extraEnvVarsSecret: ""
  ## @param worker.extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts`
  ## e.g:
  ## extraVolumes:
  ##   - name: redis-ca
  ##     secret:
  ##       secretName: redis-ca
  ##
  extraVolumes: []
  ## @param worker.extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`.
  ## e.g:
  ## extraVolumeMounts:
  ##   - name: redis-ca
  ##     mountPath: /tmp/redis-ca
  ##     subPath: redis_ca
  ##     readOnly: true
  ##
  extraVolumeMounts: []
  ## @param worker.sidecars Add additional sidecar containers to the pod
  ## e.g:
  ## sidecars:
  ##   - name: your-image-name
  ##     image: your-image
  ##     imagePullPolicy: Always
  ##     ports:
  ##       - name: portname
  ##         containerPort: 1234
  ##
  sidecars: []
  ## @param worker.initContainers Add additional init containers to the pods
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
  ## e.g:
  ## initContainers:
  ##  - name: your-image-name
  ##    image: your-image
  ##    imagePullPolicy: Always
  ##    command: ['sh', '-c', 'echo "init"']
  ##
  initContainers: []