charts/ejabberd/values.yaml

# Default values for ejabberd.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

image:
  # -- ejabberd image host registry
  registry: ghcr.io
  # -- ejabberd image repository
  repository: sando38/ejabberd
  # -- defaults to appVersion
  tag: ""
  # -- ejabberd image pull policy
  pullPolicy: IfNotPresent

imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
namespaceOverride: ""

# -- Add additional label to all resources
commonLabels: {}

updateStrategy:
  # -- Customize updateStrategy: RollingUpdate or OnDelete
  type: RollingUpdate

#
# Configure the statefulSet
#
statefulSet:
  # -- Number of pods of the statefulSet
  replicas: 3
  # -- Number of old history to retain to allow rollback (If not set, default Kubernetes value is set to 10)
  # revisionHistoryLimit: 1
  # -- Amount of time (in seconds) before Kubernetes will send the SIGKILL signal if ejabberd does not shut down
  terminationGracePeriodSeconds: 60
  # -- The minimum number of seconds ejabberd needs to be up and running before the controller considers it available
  minReadySeconds: 0
  # -- Additional deployment annotations (e.g. for jaeger-operator sidecar injection)
  annotations: {}
  # -- Additional deployment labels (e.g. for filtering deployment by custom labels)
  labels: {}
  # -- Additional pod annotations (e.g. for mesh injection or prometheus scraping)
  podAnnotations: {}
  # -- Additional Pod labels (e.g. for filtering Pod by custom labels)
  podLabels: {}
  # -- Additional containers (e.g. for metric offloading sidecars)
  additionalContainers: []
  # -- Additional volumes available for use with initContainers and additionalContainers
  additionalVolumes: []
  # -- Additional initContainers (e.g. for setting file permission as shown below)
  initContainers: []
    # The "volume-permissions" init container may be required if you run into permission issues.\
    # - name: volume-permissions
    #   image: busybox:latest
    #   command: ["sh", "-c", chown -R 9000:9000 /opt/ejabberd/upload"]
    #   securityContext:
    #     runAsNonRoot: true
    #     runAsGroup: 9000
    #     runAsUser: 9000
    #   volumeMounts:
    #     - name: upload
    #       mountPath: /opt/ejabberd/upload
  # -- Use process namespace sharing
  shareProcessNamespace: false
  # -- Custom pod DNS policy. Apply if `hostNetwork: true`
  # dnsPolicy: ClusterFirstWithHostNet
  dnsConfig: {}
    # nameservers:
    #   - 192.0.2.1 # this is an example
    # searches:
    #   - ns1.svc.cluster-domain.example
    #   - my.dns.search.suffix
    # options:
    #   - name: ndots
    #     value: "2"
    #   - name: edns0
  # -- Additional imagePullSecrets
  imagePullSecrets: []
    # - name: myRegistryKeySecretName
  # -- Pod lifecycle actions
  lifecycle: {}
    # preStop:
    #   exec:
    #     command: ["/bin/sh", "-c", "sleep 40"]
    # postStart:
    #   tcpSocket:
    #     port: 5222
  startupProbe: {}
    # exec:
    #   command:
    #     - /bin/sh
    #     - -c
    #     - healthcheck.sh
    # failureThreshold: 10
    # periodSeconds: 3
  readinessProbe: {}
    # exec:
    #   command:
    #     - /bin/sh
    #     - -c
    #     - healthcheck.sh
    # periodSeconds: 15
  livenessProbe: {}
    # exec:
    #   command:
    #     - /bin/sh
    #     - -c
    #     - healthcheck.sh
    # periodSeconds: 15

serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""

podAnnotations: {}

podLabels: {}

podSecurityContext:
  fsGroup: 9000

securityContext:
  capabilities:
    drop:
    - ALL
  readOnlyRootFilesystem: true
  runAsNonRoot: true
  runAsUser: 9000
  seccompProfile:
    type: RuntimeDefault

service:
  enabled: true
  ## -- Single service is using `MixedProtocolLBService` feature gate.
  ## -- When set to false, it will create two Service, one for TCP and one for UDP.
  single: true
  type: LoadBalancer
  # -- Additional annotations applied to both TCP and UDP services (e.g. for cloud provider specific config)
  annotations: {}
  # -- Additional annotations for TCP service only
  annotationsTCP: {}
  # -- Additional annotations for UDP service only
  annotationsUDP: {}
  # -- Additional service labels (e.g. for filtering Service by custom labels)
  labels: {}
  # -- Additional entries here will be added to the service spec.
  # -- Cannot contain type, selector or ports entries.
  spec: {}
    # externalTrafficPolicy: Cluster
    # loadBalancerIP: "1.2.3.4"
    # clusterIP: "2.3.4.5"
  loadBalancerSourceRanges: []
    # - 192.168.0.1/32
    # - 172.16.0.0/16
  ## -- Class of the load balancer implementation
  # loadBalancerClass: service.k8s.aws/nlb
  externalIPs: []
    # - 1.2.3.4
  ## One of SingleStack, PreferDualStack, or RequireDualStack.
  # ipFamilyPolicy: SingleStack
  ## List of IP families (e.g. IPv4 and/or IPv6).
  ## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
  # ipFamilies:
  #   - IPv4
  #   - IPv6
  ##
  ## -- An additionnal internal Service for non-exposed container ports.
  ## Same parameters as external Service
  internal:
    type: ClusterIP
  #   # labels: {}
  #   # annotations: {}
  #   # spec: {}
  #   # loadBalancerSourceRanges: []
  #   # externalIPs: []
  #   # ipFamilies: [ "IPv4","IPv6" ]
  ##
  ## -- A headless service to enable clustering.
  headless:
    erlDistPort: 5210
  #   # labels: {}
  #   # annotations: {}
  #   # spec: {}

#
# Leader elector
#
elector:
  enabled: true
  createRbac: true
  name: "ejabberd"
  url: "127.0.0.1:4040"

#
# Define the erlang cookie to be used for clustering
#
erlangCookie: "YouR-3rl4n6-C00k!3"

#
# ejabberd configuration
# the following items represent the top-level options
# https://docs.ejabberd.im/admin/configuration/toplevel
#
# https://docs.ejabberd.im/admin/configuration/toplevel/#hosts
hosts:
  - localhost

#
# certificates for ejabberd hosts, must be .pem files
#
certFiles:
  # -- Please specify your kubernetes secret containing the tls certificates for
  # the domains specified in .Values.hosts, otherwise the service will not work
  secretName:
    - your-tls-cert-secret
    # - another-secret-for-another-domain
  sideCar:
    # Using a k8s sidecar for configmap and secret watching and reloading
    # ejabberd, if TLS certificates have been renewed.
    #
    # If enabled, the specified secrets MUST contain the following
    # metadata.labels AND metadata.annotations respectively:
    #
    #    apiVersion: v1
    #    kind: Secret
    #    metadata:
    #      name: secretname
    #      labels:
    #        helm-ejabberd/watcher: "true"
    #      annotations:
    #        k8s-sidecar-target-directory: "certs/secretName"
    #      ...
    #
    # IMPORTANT: Note the value for k8s-sidecar-target-directory set to
    #            "cert/secretName", where secretName is the name of the
    #            corresponding secret, as defined in .Values.certFiles.secretName
    #
    # If using cert-manager, use the secretTemplate for specifying them:
    # https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources
    #
    # HINT:
    #   - if you use non-default/custom ACLs/API permissions, loopback must be
    #     allowed to make API calls, as the sidecar makes HTTP calls to the API.
    #   - make sure `mod_http_api: {}` is part of your modules (this is default)
    enabled: false
    # Use k8s native sidecar
    # https://kubernetes.io/blog/2023/08/25/native-sidecar-containers/
    #
    nativeSidecar: false
    image: "kiwigrid/k8s-sidecar:latest"
    createRbac: true
    # The address/port of the API listener to trigger ejabberd reloads. The API
    # is exposed to 127.0.0.1 on default.
    #   - make sure it does not conflict with other listeners in .Values.listen
    #   - if you use IPv6, change this e.g. to "::1"
    apiAddress: "127.0.0.1"
    apiPort: 5281
    # Usually this part should not be changed, unless you know what you are
    # doing, see docu: https://docs.ejabberd.im/developer/ejabberd-api/admin-api/#reload-config
    apiCmd: "reload_config"
    apiMethod: "POST"
    apiPayload: "{}"
    apiRetry: 10

#
# global macros for reuse in the configuration
# https://docs.ejabberd.im/admin/configuration/toplevel/#define-macro
defineMacro:
  TLS_CIPHERS: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
  TLS_OPTIONS:
    - no_sslv3
    - no_tlsv1
    - no_tlsv1_1
    - cipher_server_preference
    - no_compression

#
# Logging
# https://docs.ejabberd.im/admin/configuration/toplevel/#loglevel
logging:
  loglevel: info
  # log_rotate_size: 10485760
  # log_rotate_count: 1
  # hide_sensitive_log_data: true

#
# Configure ejabberd's service port definitions
#
listenGlobal:
  # -- c2s top-level listener options:
  #    https://docs.ejabberd.im/admin/configuration/toplevel/#c2s-cafile
  c2s_ciphers: TLS_CIPHERS
  c2s_protocol_options: TLS_OPTIONS
  # -- s2s top-level listener options:
  #    https://docs.ejabberd.im/admin/configuration/toplevel/#s2s-access
  s2s_ciphers: TLS_CIPHERS
  s2s_protocol_options: TLS_OPTIONS
  # s2s_use_starttls: required
  # -- HTTP(s) trusted proxies:
  #    https://docs.ejabberd.im/admin/configuration/toplevel/#trusted-proxies
  # trusted_proxies: all
# -- The ejabberd specifics except port, transport are defined in
# -- .Values.listen.NAME.options
# -- https://docs.ejabberd.im/admin/configuration/listen/#listen-option
#    NOTE:
#    At least one `listen`er must be defined, so uncomment one, e.g. c2s
listen:
  c2s:
    enabled: true
    port: 5222
    # hostPort: 5222
    # containerPort: 5222
    expose: true
    exposedPort: 5222
    ## -- Different target ejabberd port on the cluster, useful for IP type LB
    # targetPort: 80
    # The port protocol (TCP/UDP)
    protocol: TCP
    # -- Use nodeport if set. This is useful if you have configured ejabberd in a
    # LoadBalancer.
    # nodePort: 30222
    # -- ejabberd listener options w/o port, transport:
    #    https://docs.ejabberd.im/admin/configuration/listen-options/
    options:
      ip: "::"
      module: ejabberd_c2s
      # max_stanza_size: 262144
      # shaper: c2s_shaper
      # access: c2s
      # starttls_required: true
  s2s:
    enabled: true
    port: 5269
    # hostPort: 8000
    ## -- defaults to port, must correspond to ports defined in ejabberd.listen
    # containerPort: 8000
    expose: true
    exposedPort: 5269
    ## -- Different target ejabberd port on the cluster, useful for IP type LB
    # targetPort: 80
    # The port protocol (TCP/UDP)
    protocol: TCP
    # -- Use nodeport if set. This is useful if you have configured ejabberd in a
    # LoadBalancer.
    # nodePort: 30269
    # -- ejabberd listener options w/o port, transport:
    #    https://docs.ejabberd.im/admin/configuration/listen-options/
    options:
      ip: "::"
      module: ejabberd_s2s_in
      # max_stanza_size: 524288
  http:
    enabled: true
    port: 5280
    # hostPort: 8000
    ## -- defaults to port, must correspond to ports defined in ejabberd.listen
    # containerPort: 8000
    expose: false
    exposedPort: 5280
    ## -- Different target ejabberd port on the cluster, useful for IP type LB
    # targetPort: 80
    # The port protocol (TCP/UDP)
    protocol: TCP
    # -- Use nodeport if set. This is useful if you have configured ejabberd in a
    # LoadBalancer.
    # nodePort: 30269
    # -- ejabberd listener options w/o port, transport:
    #    https://docs.ejabberd.im/admin/configuration/listen-options/
    options:
      ip: "::"
      module: ejabberd_http
      request_handlers: {}
        # /admin: ejabberd_web_admin
  https:
    enabled: true
    port: 5443
    # hostPort: 8000
    ## -- defaults to port, must correspond to ports defined in ejabberd.listen
    # containerPort: 8000
    expose: true
    exposedPort: 5443
    ## -- Different target ejabberd port on the cluster, useful for IP type LB
    # targetPort: 80
    # The port protocol (TCP/UDP)
    protocol: TCP
    # -- Use nodeport if set. This is useful if you have configured ejabberd in a
    # LoadBalancer.
    # nodePort: 30269
    # -- ejabberd listener options w/o port, transport:
    #    https://docs.ejabberd.im/admin/configuration/listen-options/
    options:
      ip: "::"
      module: ejabberd_http
      tls: true
      request_handlers: {}
        # /admin: ejabberd_web_admin
        # /api: mod_http_api
        # /bosh: mod_bosh
        # /captcha: ejabberd_captcha
        # /upload: mod_http_upload
        # /ws: ejabberd_http_ws
  stun:
    enabled: true
    port: 3478
    # hostPort: 8000
    ## -- defaults to port, must correspond to ports defined in ejabberd.listen
    # containerPort: 8000
    expose: true
    exposedPort: 3478
    ## -- Different target ejabberd port on the cluster, useful for IP type LB
    # targetPort: 80
    # The port protocol (TCP/UDP)
    protocol: UDP
    # -- Use nodeport if set. This is useful if you have configured ejabberd in a
    # LoadBalancer.
    # nodePort: 30269
    # -- ejabberd listener options w/o port, transport:
    #    https://docs.ejabberd.im/admin/configuration/listen/#ejabberd-stun-1
    options:
      ip: "::"
      module: ejabberd_stun
      use_turn: false
      ## The server's public IPv4 address:
      # turn_ipv4_address: "203.0.113.3"
      ## The server's public IPv6 address:
      # turn_ipv6_address: "2001:db8::3"

#
# https://docs.ejabberd.im/admin/configuration/toplevel/#acl
#
acl: {}
  # local:
  #   user_regexp: ""
  # loopback:
  #   ip:
  #     - 127.0.0.0/8
  #     - ::1/128

#
# https://docs.ejabberd.im/admin/configuration/toplevel/#access-rules
#
accessRules: {}
  # local:
  #   allow: local
  # c2s:
  #   deny: blocked
  #   allow: all
  # announce:
  #   allow: admin
  # configure:
  #   allow: admin
  # muc_create:
  #   allow: local
  # pubsub_createnode:
  #   allow: local
  # trusted_network:
  #   allow: loopback

#
# https://docs.ejabberd.im/admin/configuration/toplevel/#api-permissions
#
apiPermissions: {}
  # "console commands":
  #   from:
  #     - ejabberd_ctl
  #     - mod_http_api
  #   who: all
  #   what: "*"
  # "admin access":
  #   who:
  #     access:
  #       allow:
  #         - acl: loopback
  #         - acl: admin
  #     oauth:
  #       scope: "ejabberd:admin"
  #       access:
  #         allow:
  #           - acl: loopback
  #           - acl: admin
  #   what:
  #     - "*"
  #     - "!stop"
  #     - "!start"
  # "public commands":
  #   who:
  #     ip: 127.0.0.1/8
  #   what:
  #     - status
  #     - connected_users_number

#
# https://docs.ejabberd.im/admin/configuration/toplevel/#shaper
#
shaper: {}
  # normal:
  #   rate: 3000
  #   burst_size: 20000
  # fast: 100000

#
# https://docs.ejabberd.im/admin/configuration/toplevel/#shaper-rules
#
shaperRules: {}
  # max_user_sessions: 10
  # max_user_offline_messages:
  #   5000: admin
  #   100: all
  # c2s_shaper:
  #   none: admin
  #   normal: all
  # s2s_shaper: fast

#
# install contribution modules
# https://docs.ejabberd.im/admin/configuration/toplevel/#allow-contrib-modules
#
# List of modules can be found here:
# https://github.com/processone/ejabberd-contrib
#
# Hint:
# -- The image ghcr.io/sando38/ejabberd:xx.xx-k8s includes the modules
#    ejabberd_auth_http, mod_captcha_rust, mod_ecaptcha & mod_s3_upload already.
#
installContribModules: {}
  # allow_contrib_modules: true
  # install_contrib_modules:
  #   - mod_default_rooms
  #   - mod_statsdx
  #   - mod_shcommands
  #   - mod_webadmin_config
  #   - mod_webpresence

#
# ejabberd modules
#
# -- Enable or disable modules below. Some modules depend on each other.
#    To add additional modules, just append them to the modules list in the same
#    format as the other modules below as well.
#    Module options: https://docs.ejabberd.im/admin/configuration/modules
#                    https://github.com/processone/ejabberd-contrib
modules:
  mod_adhoc:
    enabled: true
    options: {}
  mod_admin_extra:
    enabled: true
    options: {}
  mod_announce:
    enabled: true
    options:
      access: announce
  mod_avatar:
    enabled: true
    options: {}
  mod_blocking:
    enabled: true
    options: {}
  mod_bosh:
    enabled: true
    options: {}
  mod_caps:
    enabled: true
    options: {}
  mod_carboncopy:
    enabled: true
    options: {}
  mod_client_state:
    enabled: true
    options: {}
  mod_configure:
    enabled: true
    options: {}
  mod_disco:
    enabled: true
    options: {}
  mod_fail2ban:
    enabled: true
    options: {}
  mod_http_api:
    enabled: true
    options: {}
  mod_http_upload:
    enabled: true
    options:
      ## Should match the configs you specified in e.g. '.Values.listen.https'
      put_url: https://@HOST@:5443/upload
      custom_headers:
        "Access-Control-Allow-Origin": "https://@HOST@"
        "Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS"
        "Access-Control-Allow-Headers": "Content-Type"
  mod_last:
    enabled: true
    options: {}
  mod_mam:
    enabled: true
    options:
      ## Mnesia is limited to 2GB, better to use an SQL backend
      ## For small servers SQLite is a good fit and is very easy
      ## to configure. Uncomment this when you have SQL configured:
      ## db_type: sql
      assume_mam_usage: true
      default: always
  mod_mqtt:
    enabled: false
    options: {}
  mod_muc:
    enabled: true
    options:
      access:
        - allow
      access_admin:
        - allow: admin
      access_create: muc_create
      access_persistent: muc_create
      access_mam:
        - allow
      default_room_options:
        mam: true
  mod_muc_admin:
    enabled: true
    options: {}
  mod_offline:
    enabled: true
    options:
      access_max_user_messages: max_user_offline_messages
  mod_ping:
    enabled: true
    options: {}
  mod_privacy:
    enabled: true
    options: {}
  mod_private:
    enabled: true
    options: {}
  mod_proxy65:
    enabled: true
    options:
      access: local
      max_connections: 5
  mod_pubsub:
    enabled: true
    options:
      access_createnode: pubsub_createnode
      plugins:
        - flat
        - pep
      force_node_config:
        ## Avoid buggy clients to make their bookmarks public
        storage:bookmarks:
          access_model: whitelist
  mod_push:
    enabled: true
    options: {}
  mod_push_keepalive:
    enabled: true
    options: {}
  mod_register:
    enabled: true
    options:
      ip_access: trusted_network
  mod_roster:
    enabled: true
    options:
      versioning: true
  mod_s2s_dialback:
    enabled: true
    options: {}
  mod_shared_roster:
    enabled: true
    options: {}
  mod_stream_mgmt:
    enabled: true
    options:
      resend_on_timeout: if_offline
  mod_stun_disco:
    enabled: true
    options: {}
  mod_vcard:
    enabled: true
    options: {}
  mod_vcard_xupdate:
    enabled: true
    options: {}
  mod_version:
    enabled: true
    options:
      show_os: false
  ## -- add further modules like the example below.
  # mod_cron:
  #   enabled: true
  #   options:
  #     tasks:
  #       - time: 10
  #         units: seconds
  #         command: connected_users
  # mod_s3_upload:
  #   enabled: true
  #   options:
  #     ## Required, characteristic values shown
  #     access_key_id: ABCDEF1234567890
  #     access_key_secret: s3UnsecureP4ss
  #     region: us-east-2
  #     bucket_url: https://my-bucket.whatever-service.com

#
# Authentification method
#
authentification: {}
  # https://docs.ejabberd.im/admin/configuration/authentication/
  # more options here:
  # https://docs.ejabberd.im/admin/configuration/toplevel/#auth-cache-life-time
  # -- if you want to use LDAP, etc. you also need to enable the respective
  #    modules below, e.g. .Values.ldap.enabled or .Values.sqlDatabase.enabled
  # auth_method:
  #  - mnesia
  # auth_password_format: scram
  # auth_scram_hash: sha256
  # disable_sasl_mechanisms:
  #   - "digest-md5"
  #   - "x-oauth2"

#
# CAPTCHA configuration
# https://docs.ejabberd.im/admin/configuration/basic/#captcha
#
captcha: {}
  # captcha_cmd: mod_ecaptcha
  # captcha_url: auto

#
# LDAP configuration:
# https://docs.ejabberd.im/admin/configuration/ldap/
ldap: {}
  # Variables can be found here:
  # https://docs.ejabberd.im/admin/configuration/toplevel/#ldap-backups
  #  -- DNS name of our LDAP server
  # ldap_servers: [ldap.example.com]
  # -- Bind to LDAP server as "cn=Manager,dc=example,dc=com" with password "secret"
  # ldap_rootdn: "cn=Manager,dc=example,dc=com"
  # ldap_password: secret
  # ldap_encrypt: tls
  # ldap_port: 6123
  # -- Define the user's base
  # ldap_base: "ou=Users,dc=example,dc=com"
  # -- We want to authorize users from 'shadowAccount' object class only
  # ldap_filter: "(objectClass=shadowAccount)"

#
# Database configuration
# https://docs.ejabberd.im/admin/configuration/database/
sqlDatabase:
  enabled: false
  # https://docs.ejabberd.im/admin/configuration/database/#default-database
  defaultDb: sql
  # https://docs.ejabberd.im/admin/configuration/database/#relational-databases
  newSqlSchema: false
  # Variables can be found here:
  # https://docs.ejabberd.im/admin/configuration/toplevel/#sql-connect-timeout
  config: {}
    # sql_type: pgsql
    # sql_server: localhost
    # sql_port: 5432
    # sql_ssl: false
    # sql_database: ejabberd
    # sql_username: ejabberd
    # sql_password: ejabberd
  ## NEW: since version 23.10, ejabberd has a beta function to automatically
  ##      perform SQL schema migrations:
  ##      https://www.process-one.net/blog/automatic-schema-update-in-ejabberd/
  ##
  ## This works for pgsql, mysql and sqlite. The feature is enabled by default.
  ##
  updateSqlSchema: true
  ##
  ## Alternative you can use flyway as a tool to migrate SQL schema
  ##
  flyway:
    ## - database connection details are mapped from .Values.sqlDatabase.config
    enabled: false
    ## - key/value pairs to parse to the connection, e.g. "?sslmode=disable" or
    ##   for mysql: "?allowPublicKeyRetrieval=true&useSSL=false"
    ##   see https://stackoverflow.com/a/50438872
    ##   or for mssql: ";integratedSecurity=false;encrypt=false;trustServerCertificate=true;"
    ##   ... depending on your use case.
    keyValue: ""
    ## - Only applies if in .Values.sqlDatabase.config sql_type=mysql either:
    ##   mysql (default) or mariadb.
    # mysqlFlavor: "mysql"
    ## - Sometimes a database may be restored, here we want to use a baseline:
    ##   https://documentation.red-gate.com/fd/baseline-184127456.html
    ## HINT: baselineVersion is the ejabberd version of the respective schema,
    ##       e.g. "23.04" or newer.
    ##       The schema must be identical to the official sql schemas from the
    ##       respective release, e.g. for ejabberd 23.04 w/ pgsql w/ new schema:
    ##       https://github.com/processone/ejabberd/blob/23.04/sql/pg.new.sql
    # baselineVersion: "23.04"
    ## - Additional flags to be parsed into flyway's config file:
    ##   https://documentation.red-gate.com/fd/configuration-files-184127472.html
    additionalConfigs: []
      # - flyway.defaultSchema=
      # - flyway.schemas=
      # - flyway.encoding=

#
# redis configuration:
# https://docs.ejabberd.im/admin/configuration/database/#redis
redis:
  enabled: false
  # https://docs.ejabberd.im/admin/configuration/toplevel/#default-ram-db
  defaultRamDb: redis
  # Variables can be found here:
  # https://docs.ejabberd.im/admin/configuration/toplevel/#redis-connect-timeout
  config: {}
    # redis_server: localhost
    # redis_port: 6379
    # redis_db: 1
    # redis_password: redis
    # redis_pool_size:
    # redis_queue_type:

#
# Top-Level host_config:
# https://docs.ejabberd.im/admin/configuration/toplevel/#host-config
#
hostConfig: {}
  # example.com:
  #   language: "de"
  #   auth_method: sql

#
# Top-Level append-host-config:
# https://docs.ejabberd.im/admin/configuration/toplevel/#append-host-config
#
appendHostConfig: {}
  # example.com:
  #   modules:
  #     mod_mam:
  #       assume_mam_usage: true
  #       default: always

#
# Additional ejabberd.yml configurations:
# Be careful to indent correctly.
#
# See here for any missing items, ACME is disabled hardcoded:
# https://docs.ejabberd.im/admin/configuration/toplevel/
#
additonalConfigurationItems: {}
  # language: "en"
  # max_fsm_queue: 10000

# -- Environment variables to be passed to ejabberd
env: []
# - name: CTL_ON_CREATE
#   value: "register admin localhost asd"
# - name: CTL_ON_START
#   value: "stats registeredusers ; status"
# - name: SOME_VAR_FROM_CONFIG_MAP
#   valueFrom:
#     configMapRef:
#       name: configmap-name
#       key: config-key
# - name: SOME_SECRET
#   valueFrom:
#     secretKeyRef:
#       name: secret-name
#       key: secret-key

# -- Environment variables to be passed to ejabberd from configMaps or secrets
envFrom: []
# - configMapRef:
#     name: config-map-name
# - secretRef:
#     name: secret-name


#
# -- Create a persistent volume for mnesia database.
#  NOTE:
#  It is strongly recommended to use a sql database, see: .Values.sqlDatabase
#
persistence:
  enabled: false
  ## database data Persistent Volume Storage Class
  ## If defined, storageClassName: <storageClass>
  ## If set to "-", storageClassName: "", which disables dynamic provisioning
  ## If undefined (the default) or set to null, no storageClassName spec is
  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
  ##   GKE, AWS & OpenStack)
  ##
  # storageClass: "standard-singlewriter"
  accessModes:
    - ReadWriteOnce
  size: 2Gi
  storageClass: ""
  annotations: {}

#
# -- Add volumes to the ejabberd pod. The volume name will be passed to tpl.
# This can be used to mount a cert pair or a configmap that holds a config.toml file.
volumes: []
# - name: run-ejabberd
#   configMap:
#     name: run-ejabberd
#     defaultMode: 0755
#     items:
#     - key: run.sh
#       path: run.sh
#     - key: ejabberdctl
#       path: ejabberdctl
# - name: upload
#   mountPath: "/opt/ejabberd/upload"
# - name: '{{ printf "%s-configs" .Release.Name }}'
#   mountPath: "/config"

# -- Additional volumeMounts to add to the ejabberd container
additionalVolumeMounts: []
# - name: run-ejabberd
#   mountPath: /usr/local/bin

ingress:
  enabled: false
  className: ""
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  hosts:
    - host: ejabberd-internal
      paths:
        - path: /upload
          pathType: ImplementationSpecific
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local


# -- If hostNetwork is true, runs ejabberd in the host network namespace
# To prevent unschedulabel pods due to port collisions, if hostNetwork=true
# and replicas>1, a pod anti-affinity is recommended and will be set if the
# affinity is left as default.
hostNetwork: false


resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 4000m
  #   memory: 4096Mi
  # requests:
  #   cpu: 1000m
  #   memory: 1024Mi

autoscaling:
  enabled: false
  minReplicas: 3
  maxReplicas: 5
  # targetCPUUtilizationPercentage: 80
  targetMemoryUtilizationPercentage: 80

nodeSelector: {}

tolerations: []

affinity: {}