Sample values.yaml File

As a best practice, we recommend using the file values-custom.yaml for setting the relevant parameter values.

Additional parameters/configuration can be added from the following values.yaml to the values-custom.yaml as needed.

# Default values for plainid-paa.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

# Client settings
# These settings can be found under the tenant settings section on the management UI.
tenantId: "ENTER_TENANT_ID" # Tenant Id (can be found under the Hybrid Agent Keys tab)
agentSecretKey: "ENTER_AGENT_SECRET_KEY" # Agent Secret key (can be found under the Hybrid Agent Keys tab)
paaId: "ENTER_PAA_ID" #  Policy Authorization Agent Id (can be found under the Policy Authorization Agents tab)

# PlainID hybrid URL.
# Possible values (XXXXX): us1,eu1.ca1
# For example: remoteApi: "wss://remote.us1.plainid.io/wstunnel"
remoteApi: "wss://remote.XXXXX.plainid.io/wstunnel"

# For using https tunneling instead WebSockets, you could set this remoteApi:
# remoteApi: “https://remote.us1.plainid.io/httptunnel”

## Reference to one or more secrets to be used when pulling images
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
imagePullSecrets: []
# - name: "image-pull-secret"

#nameOverride: "plainid-paa"
#fullnameOverride: "plainid-paa"

# -- Override the Kubernetes version, which is used to evaluate certain manifests
kubeVersionOverride: ""

## @param clusterDomain Kubernetes cluster domain name
##
clusterDomain: cluster.local

serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""
  automountServiceAccountToken: "true"

podSecurityContext: {}
# fsGroup: 2000

securityContext: {}
  # capabilities:
  #   drop:
  #   - ALL
  # readOnlyRootFilesystem: true
  # runAsNonRoot: true
  # runAsUser: 1000

tolerations: []

global:
  # -- Additional labels to add to all resources
  additionalLabels: {}
  # app: plainid-paa

agent:
  fullnameOverride: agent-client
  enabled: true
  name: agent
  replicaCount: 1
  image:
    repository: plainid/agent
    pullPolicy: Always
    tag: "5.2410.3"
  # If serviceAccount.create is false, this value is used for existing external service account
  serviceAccountName: ""
  # runtime.resources -- Specify resources on the PlainID Runtime container.
  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
  resources: {}
  #  requests:
  #    memory: "1000Mi"
  #    cpu: "50m"
  #  limits:
  #    memory: "4000Mi"
  #    cpu: "2000m"
  # Override agent start command
  command: []
  #    - /bin/sh
  #    - -ec
  #    - |
  #      keytool -import -alias redis-cert -file /app/conf/cert.pem -storepass changeit -keystore /usr/lib/jvm/default-jvm/lib/security/cacerts -noprompt && \
  #      /app/launch.sh "${JVM_OPTS} -Djava.net.preferIPv4Stack=true" -jar "$JAR_NAME"
  # Allows you to add any config files to /app/conf
  # such as config.json
  plainIDConfig: {}
  #  config.json: |
  #    {}
  autoscaling:
    enabled: false
    minReplicas: 3
    maxReplicas: 6
    targetCPUUtilizationPercentage: 80
    targetMemoryUtilizationPercentage: 80
    annotations: { }
    behavior: { }
      # scaleDown:
      #   stabilizationWindowSeconds: 300
      #  policies:
      #   - type: Pods
      #     value: 1
      #     periodSeconds: 180
      # scaleUp:
    #   stabilizationWindowSeconds: 300
    #   policies:
    #   - type: Pods
    #     value: 2
    #     periodSeconds: 60
  autoscalingTemplate: []
    # Custom or additional autoscaling metrics
    # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics
    # - type: Pods
    #   pods:
    #     metric:
    #       name: nginx_ingress_controller_nginx_process_requests_total
    #     target:
    #       type: AverageValue
  #       averageValue: 10000m
  # Enable vertical pod autoscaler support
  # ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/FAQ.md
  verticalPodAutoscaler:
    enabled: false
    # Defaults to chart name
    containerName: ""
    # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
    controlledResources: []

    # Define the max allowed resources for the pod
    maxAllowed: {}
    # cpu: 200m
    # memory: 100Mi
    # Define the min allowed resources for the pod
    minAllowed: {}
    # cpu: 200m
    # memory: 100Mi

    # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
    # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto".
    updatePolicy: {}
    # updateMode: "Auto"
  strategy: # For deployment
    rollingUpdate:
      maxSurge: 30%
      maxUnavailable: 30%
  # -- Labels to add to the pod container metadata
  podLabels: {}
  #  key: value
  annotations: {}
  podAnnotations: {}
  ## Sensible environment variables that will be rendered as new secret object
  ## This can be useful for auth tokens, etc
  extraEnvSecrets: {}
  # When it's set, the secret environment variables is ignored
  existingEnvSecret: ""
  # -- Environment variables to pass to the agent
  extraEnv: {}
  #  KEY: "VALUE"
  # -- PlainID agent log format: Either `text` or `json`
  logFormat: text
  #    KEY: "VALUE"
  # -- Set the logging level. (One of: `debug`, `info`, `warn`, `error`)
  logLevel: info
  # -- Set the message level. (One of: `debug`, `info`, `warn`, `error`, `off`)
  # The messagesLevel parameter defines which message types, if any, are sent to the PlainID Platform for troubleshooting.
  # To disable messages, set to `off`
  messagesLevel: error
  terminationGracePeriodSeconds: 25
  debug:
    enabled: false
    port: 5005
  lifecycle:
    preStop:
      exec:
        command: [ "/bin/bash", "-c", "kill -SIGTERM `pgrep -f redisync` && sleep 20" ]
  ## Configure extra options for probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
  ##
  livenessProbe:
    enabled: true
    initialDelaySeconds: "300"
    periodSeconds: "15"
    timeoutSeconds: "8"
    failureThreshold: "12"
    successThreshold: "1"
  readinessProbe:
    enabled: true
    initialDelaySeconds: "30"
    periodSeconds: "4"
    timeoutSeconds: "3"
    failureThreshold: "5"
    successThreshold: "1"
  startupProbe:
    enabled: false
    initialDelaySeconds: "20"
    periodSeconds: "5"
    timeoutSeconds: "2"
    failureThreshold: "300"
    successThreshold: "1"
  service:
    type: ClusterIP
    port: 8080
    nodePort:
    name: http
    annotations: {}
    management:
      name: http-management
      port: 8081
  metrics:
    enabled: false
    port: 8081
    serviceMonitor:
      # When set true then use a ServiceMonitor to configure scraping
      enabled: false
      path: /actuator/prometheus
      # Set the namespace the ServiceMonitor should be deployed
      # namespace: monitoring
      # Set how frequently Prometheus should scrape
      # interval: 30s
      # Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
      # labels: {}
      # Set timeout for scrape
      # timeout: 10s
    annotations: {}
  #    prometheus.io/port: '9090'
  #    prometheus.io/scrape: 'true'
  #    prometheus.io/path: '/actuator/prometheus'
  # Init containers to add to deployment's pod spec. At least one plugin provider image is required.
  # If the value is a string then it is evaluated as a template.
  initContainers:
  #    - name: wait-for
  #      image: plainid/wait-for:0.0.9
  #      securityContext:
  #        runAsNonRoot: true
  #        runAsUser: 1000
  #        readOnlyRootFilesystem: true
  #      command:
  #        - /bin/sh
  #        - -c
  #        - |
  #          /wait-for plainid-paa-redis-master:6379 --timeout=600
  ## Configure PodDisruptionBudget
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
  #
  podDisruptionBudget:
    # -- Labels to be added
    labels: {}
    # -- Annotations to be added
    annotations: {}

    # -- Deploy a Poddisruptionbudget
    enabled: false
    # minAvailable: 1
    # maxUnavailable: 0
  forceRedeploy: false
  affinity: {}
  #    podAntiAffinity:
  #      requiredDuringSchedulingIgnoredDuringExecution:
  #        - labelSelector:
  #            matchExpressions:
  #              - key: app.kubernetes.io/component
  #                operator: In
  #                values:
  #                  - agent
  #          topologyKey: "kubernetes.io/hostname"
  nodeSelector: {}
  # JVM options are configuration parameters and settings that are used to control the behavior of the Java Virtual Machine (JVM). The JVM is the underlying engine that executes Java bytecode, and these options allow you to fine-tune various aspects of its performance, behavior, and debugging capabilities.
  jvmOpts: "-Xms2000m -Xmx2000m"
  # Example
  # -- `-XX:InitialRAMPercentage=70.0`: This option sets the initial size of the heap as a percentage of the total RAM available to the system. In this case, it is set to 50%, meaning that the heap will be initialized to occupy half of the system's available RAM.
  # -- `-XX:MaxRAMPercentage=70.0`: This option sets the maximum heap size as a percentage of the total RAM available to the system. Again, it is set to 50%, meaning that the maximum heap size will be limited to half of the available RAM. The JVM will not allocate more heap space than this, even if there is more free memory available on the system.
  # -- `-XX:+ExitOnOutOfMemoryError`: This option tells the JVM to exit immediately if it encounters an out-of-memory error (`OutOfMemoryError`). By default, the JVM may simply throw an `OutOfMemoryError` and continue to run, but with this option enabled, it will shut down. This can be useful in environments where automatic recovery is set up, and you want the system to restart the JVM if it runs out of memory.
  #jvmOpts: "-XX:InitialRAMPercentage=70.0 -XX:MaxRAMPercentage=70.0 -XX:+ExitOnOutOfMemoryError"
  numberOfConnections: "1"
  redisync:
    # JVM options are configuration parameters and settings that are used to control the behavior of the Java Virtual Machine (JVM). The JVM is the underlying engine that executes Java bytecode, and these options allow you to fine-tune various aspects of its performance, behavior, and debugging capabilities.
    jvmOpts: "-Xms1500m -Xmx1500m"
    # Example
    # -- `-XX:InitialRAMPercentage=70.0`: This option sets the initial size of the heap as a percentage of the total RAM available to the system. In this case, it is set to 50%, meaning that the heap will be initialized to occupy half of the system's available RAM.
    # -- `-XX:MaxRAMPercentage=70.0`: This option sets the maximum heap size as a percentage of the total RAM available to the system. Again, it is set to 50%, meaning that the maximum heap size will be limited to half of the available RAM. The JVM will not allocate more heap space than this, even if there is more free memory available on the system.
    # -- `-XX:+ExitOnOutOfMemoryError`: This option tells the JVM to exit immediately if it encounters an out-of-memory error (`OutOfMemoryError`). By default, the JVM may simply throw an `OutOfMemoryError` and continue to run, but with this option enabled, it will shut down. This can be useful in environments where automatic recovery is set up, and you want the system to restart the JVM if it runs out of memory.
    #jvmOpts: "-XX:InitialRAMPercentage=70.0 -XX:MaxRAMPercentage=70.0 -XX:+ExitOnOutOfMemoryError"
    enabled: true

pipOperator:
  enabled: true
  name: pip-operator
  replicaCount: "1"
  image:
    repository: plainid/pip-operator
    pullPolicy: Always
    tag: "5.2410.2"
  # If serviceAccount.create is false, this value is used for existing external service account
  serviceAccountName: ""
  # runtime.resources -- Specify resources on the PlainID Pip Operator container.
  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
  resources: {}
  #  requests:
  #    memory: "1000Mi"
  #    cpu: "50m"
  #  limits:
  #    memory: "4000Mi"
  #    cpu: "2000m"
  # Override PIP-Operator start command in case you need to use external DB drivers (e.g. MySQL, MS SQL, Oracle, etc.)
  # Uncomment the following section and add the curl commands to retrieve/download the relevant libraries
  # Please note - the folder for the libraries must be under /app/lib
  command: []
#    - /bin/sh
#    - -ec
#    - |
#      curl -o /app/lib/sample.jar https://www.example.com/sample.jar && \
#      keytool -import -alias redis-cert -file /app/conf/cert.pem -storepass changeit -keystore /usr/lib/jvm/default-jvm/lib/security/cacerts -noprompt && \
#      java ${JVM_OPTS} -cp $JAR_NAME -Djava.net.preferIPv4Stack=true -Dloader.path=/app/lib/ -Dloader.main=com.plainid.pipoperator.Starter org.springframework.boot.loader.PropertiesLauncher
  autoscaling:
    enabled: false
    minReplicas: 3
    maxReplicas: 6
    targetCPUUtilizationPercentage: 80
    targetMemoryUtilizationPercentage: 80
    annotations: { }
    behavior: { }
      # scaleDown:
      #   stabilizationWindowSeconds: 300
      #  policies:
      #   - type: Pods
      #     value: 1
      #     periodSeconds: 180
      # scaleUp:
      #   stabilizationWindowSeconds: 300
    #   policies:
    #   - type: Pods
    #     value: 2
    #     periodSeconds: 60
  autoscalingTemplate: []
    # Custom or additional autoscaling metrics
    # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics
    # - type: Pods
    #   pods:
    #     metric:
    #       name: nginx_ingress_controller_nginx_process_requests_total
    #     target:
    #       type: AverageValue
  #       averageValue: 10000m
  # Enable vertical pod autoscaler support
  # ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/FAQ.md
  verticalPodAutoscaler:
    enabled: false
    # Defaults to chart name
    containerName: ""
    # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
    controlledResources: [ ]

    # Define the max allowed resources for the pod
    maxAllowed: { }
    # cpu: 200m
    # memory: 100Mi
    # Define the min allowed resources for the pod
    minAllowed: { }
    # cpu: 200m
    # memory: 100Mi

    # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
    # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto".
    updatePolicy: { }
    # updateMode: "Auto"
  strategy:
    rollingUpdate:
      maxSurge: 30%
      maxUnavailable: 30%
  # -- Labels to add to the pod container metadata
  podLabels: { }
  #  key: value
  annotations: {}
  podAnnotations: {}
  # Allows you to add any config files to /app/conf
  # such as auth-config.xml that is required to configure OAuth connections to REST based data sources (e.g. Azure AD, SCIM, REST, etc.)
  plainIDConfig: {}
#    auth-config.xml: |
#      <?xml version='1.0'?>
#      <policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
#               xsi:schemaLocation="urn:jboss:security-config:5.0"
#               xmlns="urn:jboss:security-config:5.0"
#               xmlns:jbxb="urn:jboss:security-config:5.0">
#
#          <application-policy name = "teiid-security-file">
#             <authentication>
#                <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required">
#                    <!-- https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/5/html/security_guide/ch12#Using_JBoss_Login_Modules-Password_Hashing -->
#                    <module-option name="usersProperties">users.properties</module-option>
#                    <module-option name="rolesProperties">roles.properties</module-option>
#                    <module-option name="unauthenticatedIdentity">nobody</module-option>
#                    <module-option name="hashAlgorithm">MD5</module-option>
#                    <module-option name="hashEncoding">base64</module-option>
#                </login-module>
#             </authentication>
#          </application-policy>
#      </policy>
  # Allows you to add any secret files to /app/conf
  # such as key.json etc..
  secretFiles: {}
#    key.json: |
#      {}
  ## Sensible environment variables that will be rendered as new secret object
  ## This can be useful for auth tokens, etc
  extraEnvSecrets: { }
  # When it's set, the secret environment variables is ignored
  existingEnvSecret: ""
  # -- Environment variables to pass to the pip-operator
  extraEnv: {
   #           APP_VDB_LAZY_INVALIDATE:true     - If set to true (Default), cached data will be available during cache refresh,
   #                                               if set to false, data is not available during cache refresh.
  }
  #  KEY: "VALUE"
  # -- PlainID pip-operator log format: Either `text` or `json`
  logFormat: text
  # -- Set the logging level. (One of: `debug`, `info`, `warn`, `error`)
  logLevel: info
  terminationGracePeriodSeconds: 15
  # -- Set the message level. (One of: `debug`, `info`, `warn`, `error`, `off`)
  # The messagesLevel parameter defines which message types, if any, are sent to the PlainID Platform for troubleshooting.
  # To disable messages, set to `off`
  messagesLevel: error
  debug:
    enabled: false
    port: 5005
  lifecycle: { }
  #  preStop:
  #    exec:
  #      command: ["/bin/sh", "-c", "sleep 10"]
  ## Configure extra options for probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
  ##
  livenessProbe:
    enabled: true
    initialDelaySeconds: "300"
    periodSeconds: "15"
    timeoutSeconds: "8"
    failureThreshold: "12"
    successThreshold: "1"
  readinessProbe:
    enabled: true
    initialDelaySeconds: "30"
    periodSeconds: "4"
    timeoutSeconds: "3"
    failureThreshold: "5"
    successThreshold: "1"
  startupProbe:
    enabled: false
    initialDelaySeconds: "20"
    periodSeconds: "5"
    timeoutSeconds: "2"
    failureThreshold: "300"
    successThreshold: "1"
  service:
    type: ClusterIP
    name: http
    port: 8080
    annotations: {}
    management:
      name: http-management
      port: 8089
    jdbc:
      name: tcp-jdbc
      port: 31350
  metrics:
    enabled: false
    port: 8089
    serviceMonitor:
      # When set true then use a ServiceMonitor to configure scraping
      enabled: false
      path: /actuator/prometheus
      # Set the namespace the ServiceMonitor should be deployed
      # namespace: monitoring
      # Set how frequently Prometheus should scrape
      # interval: 30s
      # Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
      # labels: {}
      # Set timeout for scrape
      # timeout: 10s
    annotations: {}
  #    prometheus.io/port: '9090'
  #    prometheus.io/scrape: 'true'
  #    prometheus.io/path: '/actuator/prometheus'
  # Init containers to add to deployment's pod spec. At least one plugin provider image is required.
  # If the value is a string then it is evaluated as a template.
  initContainers:
  #    - name: wait-for
  #      image: plainid/wait-for:0.0.9
  #      securityContext:
  #        runAsNonRoot: true
  #        runAsUser: 1000
  #        readOnlyRootFilesystem: true
  #      command:
  #        - /bin/sh
  #        - -c
  #        - |
  #          /wait-for plainid-paa-redis-master:6379 --timeout=600
  ## Configure PodDisruptionBudget
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
  #
  podDisruptionBudget:
    # -- Labels to be added
    labels: {}
    # -- Annotations to be added
    annotations: {}

    # -- Deploy a Poddisruptionbudget
    enabled: false
    # minAvailable: 1
    # maxUnavailable: 0
  forceRedeploy: false
  affinity: {}
#    podAntiAffinity:
#      preferredDuringSchedulingIgnoredDuringExecution:
#        - weight: 1
#          podAffinityTerm:
#            labelSelector:
#              matchExpressions:
#                - key: app.kubernetes.io/component
#                  operator: In
#                  values:
#                    - pip-operator
#            topologyKey: kubernetes.io/hostname
  nodeSelector: {}
  # JVM options are configuration parameters and settings that are used to control the behavior of the Java Virtual Machine (JVM). The JVM is the underlying engine that executes Java bytecode, and these options allow you to fine-tune various aspects of its performance, behavior, and debugging capabilities.
  jvmOpts: "-Xms2g -Xmx2g"
  # Example
  # -- `-XX:InitialRAMPercentage=70.0`: This option sets the initial size of the heap as a percentage of the total RAM available to the system. In this case, it is set to 50%, meaning that the heap will be initialized to occupy half of the system's available RAM.
  # -- `-XX:MaxRAMPercentage=70.0`: This option sets the maximum heap size as a percentage of the total RAM available to the system. Again, it is set to 50%, meaning that the maximum heap size will be limited to half of the available RAM. The JVM will not allocate more heap space than this, even if there is more free memory available on the system.
  # -- `-XX:+ExitOnOutOfMemoryError`: This option tells the JVM to exit immediately if it encounters an out-of-memory error (`OutOfMemoryError`). By default, the JVM may simply throw an `OutOfMemoryError` and continue to run, but with this option enabled, it will shut down. This can be useful in environments where automatic recovery is set up, and you want the system to restart the JVM if it runs out of memory.
  #jvmOpts: "-XX:InitialRAMPercentage=70.0 -XX:MaxRAMPercentage=70.0 -XX:+ExitOnOutOfMemoryError"

runtime:
  name: runtime
  replicaCount: "1"
  # Allows you to add any config files to /app/conf
  # such as config-hybrid.json
  plainIDConfig: {}
  #  config-hybrid.json: |
  #    {}
  image:
    repository: plainid/theruntime
    pullPolicy: Always
    tag: "5.2410.14"
  # If serviceAccount.create is false, this value is used for existing external service account
  serviceAccountName: ""
  # runtime.resources -- Specify resources on the PlainID Runtime container.
  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
  resources: {}
  #  requests:
  #    memory: "50Mi"
  #    cpu: "50m"
  #  limits:
  #    memory: "200Mi"
  #    cpu: "200m"
  # Override runtime start command
  command: []
  #    - /bin/sh
  #    - -ec
  #    - |
  #      keytool -import -alias redis-cert -file /app/conf/cert.pem -storepass changeit -keystore /usr/lib/jvm/default-jvm/lib/security/cacerts -noprompt && \
  #      java ${JVM_OPTS} --add-exports java.base/sun.security.util=ALL-UNNAMED -Dconf.file=${RUNTIME_CONFIG_PATH} -Dconf.format=json -Dlog4j.configurationFile=${RUNTIME_LOG4J_PATH} -Djava.net.preferIPv4Stack=true -jar theruntime.jar
  autoscaling:
    enabled: false
    minReplicas: 3
    maxReplicas: 6
    targetCPUUtilizationPercentage: 80
    targetMemoryUtilizationPercentage: 80
    annotations: {}
    behavior: {}
      # scaleDown:
      #   stabilizationWindowSeconds: 300
      #  policies:
      #   - type: Pods
      #     value: 1
      #     periodSeconds: 180
      # scaleUp:
      #   stabilizationWindowSeconds: 300
      #   policies:
      #   - type: Pods
    #     value: 2
    #     periodSeconds: 60
  autoscalingTemplate: []
    # Custom or additional autoscaling metrics
    # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics
    # - type: Pods
    #   pods:
    #     metric:
    #       name: nginx_ingress_controller_nginx_process_requests_total
    #     target:
    #       type: AverageValue
  #       averageValue: 10000m
  # Enable vertical pod autoscaler support
  # ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/FAQ.md
  verticalPodAutoscaler:
    enabled: false
    # Defaults to chart name
    containerName: ""
    # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
    controlledResources: [ ]

    # Define the max allowed resources for the pod
    maxAllowed: { }
    # cpu: 200m
    # memory: 100Mi
    # Define the min allowed resources for the pod
    minAllowed: { }
    # cpu: 200m
    # memory: 100Mi

    # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
    # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto".
    updatePolicy: { }
    # updateMode: "Auto"
  strategy:
    rollingUpdate:
      maxSurge: 30%
      maxUnavailable: 30%
  # -- Labels to add to the pod container metadata
  podLabels: { }
  #  key: value
  annotations: {}
  podAnnotations: {}
  ## Sensible environment variables that will be rendered as new secret object
  ## This can be useful for auth tokens, etc
  extraEnvSecrets: { }
  # When it's set, the secret environment variables is ignored
  existingEnvSecret: ""
  # -- Environment variables to pass to the runtime
  extraEnv: {
    # Add support to UUID asset attribute. For hybrid user to change in production
    #RUNTIME_SUPPORT_UUID_ASSET_ATTRIBUTE : "true"

    # Add support to UUID identity attribute. For hybrid user to change in production
    #RUNTIME_SUPPORT_UUID_IDENTITY_ATTRIBUTE : "true"

    # Refresh JWKS time. For hybrid user to change in production
    # REFRESH_JWKS : "3600000"

    # to enable including ip from header in scope cache calculation
    #RUNTIME_INCLUDE_IP_HEADER_IN_SCOPE_CACHE_KEY: "true"

    # to enable including current time in scope cache calculation
    #RUNTIME_INCLUDE_REQUEST_TIME_IN_SCOPE_CACHE_KEY: "true"

    # to ignore nested queries in the entity template according to Template names
    #RUNTIME_OVERRIDE_ENTITY_NESTED_QUERIES: "[]"

    # to ignore nested queries in the asset template according to Template names
    #RUNTIME_OVERRIDE_ASSET_NESTED_QUERIES: "[]"
  }
  #  KEY: "VALUE"
  # -- PlainID runtime log format: support text only
  logFormat: text
  # -- Set the logging level. (One of: `debug`, `info`, `warn`, `error`)
  logLevel: info
  terminationGracePeriodSeconds: 15
  debug:
    enabled: false
    port: 5005
  lifecycle: {}
  #  preStop:
  #    exec:
  #      command: ["/bin/sh", "-c", "sleep 10"]
  ## Configure extra options for probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
  ##
  livenessProbe:
    enabled: true
    initialDelaySeconds: "300"
    periodSeconds: "15"
    timeoutSeconds: "8"
    failureThreshold: "12"
    successThreshold: "1"
  readinessProbe:
    enabled: true
    initialDelaySeconds: "30"
    periodSeconds: "4"
    timeoutSeconds: "3"
    failureThreshold: "5"
    successThreshold: "1"
  startupProbe:
    enabled: false
    initialDelaySeconds: "20"
    periodSeconds: "5"
    timeoutSeconds: "2"
    failureThreshold: "300"
    successThreshold: "1"
  service:
    type: ClusterIP
    port: 80
    nodePort:
    annotations: {}
  metrics:
    enabled: false
    port: 8081
    serviceMonitor:
      # When set true then use a ServiceMonitor to configure scraping
      enabled: false
      path: /prometheus/metrics
      # Set the namespace the ServiceMonitor should be deployed
      # namespace: monitoring
      # Set how frequently Prometheus should scrape
      # interval: 30s
      # Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
      # labels: {}
      # Set timeout for scrape
      # timeout: 10s
    annotations: { }
  #    prometheus.io/port: '8081'
  #    prometheus.io/scrape: 'true'
  #    prometheus.io/path: '/actuator/prometheus'
  # Init containers to add to deployment's pod spec. At least one plugin provider image is required.
  # If the value is a string then it is evaluated as a template.
  initContainers:
  #    - name: wait-for
  #      image: plainid/wait-for:0.0.9
  #      securityContext:
  #        runAsNonRoot: true
  #        runAsUser: 1000
  #        readOnlyRootFilesystem: true
  #      command:
  #        - /bin/sh
  #        - -c
  #        - |
  #          /wait-for plainid-paa-redis-master:6379 --timeout=600
  ingress:
    enabled: false
    #  ingressClassName: nginx
    annotations: { }
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
    hosts:
      - host: chart-example.local
        paths: ["/"]
    tls: [ ]
    #  - secretName: chart-example-tls
    #    hosts:
    #      - chart-example.local
  ## Configure PodDisruptionBudget
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
  #
  podDisruptionBudget:
    # -- Labels to be added
    labels: {}
    # -- Annotations to be added
    annotations: {}

    # -- Deploy a Poddisruptionbudget
    enabled: false
    # minAvailable: 1
    # maxUnavailable: 0
  forceRedeploy: false
  affinity: {}
  nodeSelector: {}
  # JVM options are configuration parameters and settings that are used to control the behavior of the Java Virtual Machine (JVM). The JVM is the underlying engine that executes Java bytecode, and these options allow you to fine-tune various aspects of its performance, behavior, and debugging capabilities.
  jvmOpts: "-Xms2g -Xmx2g"
  # Example
  # -- `-XX:InitialRAMPercentage=70.0`: This option sets the initial size of the heap as a percentage of the total RAM available to the system. In this case, it is set to 50%, meaning that the heap will be initialized to occupy half of the system's available RAM.
  # -- `-XX:MaxRAMPercentage=70.0`: This option sets the maximum heap size as a percentage of the total RAM available to the system. Again, it is set to 50%, meaning that the maximum heap size will be limited to half of the available RAM. The JVM will not allocate more heap space than this, even if there is more free memory available on the system.
  # -- `-XX:+ExitOnOutOfMemoryError`: This option tells the JVM to exit immediately if it encounters an out-of-memory error (`OutOfMemoryError`). By default, the JVM may simply throw an `OutOfMemoryError` and continue to run, but with this option enabled, it will shut down. This can be useful in environments where automatic recovery is set up, and you want the system to restart the JVM if it runs out of memory.
  #jvmOpts: "-XX:InitialRAMPercentage=70.0 -XX:MaxRAMPercentage=70.0 -XX:+ExitOnOutOfMemoryError"
  # Audit runtime calls to syslog
  # ref: https://en.wikipedia.org/wiki/Syslog
  # ref: https://docs.plainid.io/articles/#!authorization-platform-documentation/authorization-audit-data-paa
  syslog:
    enabled: false
    host: ""
    port: ""
    # Supported protocols: UDP
    protocol: "UDP"

# Redis parameters
externalRedis:
  # -- External Redis server host
  host: ""
  # -- External Redis password
  password: ""
  # -- External Redis server port
  port: 6379
  # -- The name of an existing secret with Redis credentials (must contain key `redis-password`).
  # When it's set, the `externalRedis.password` parameter is ignored
  existingSecret: ""
  tls: false

# This key configures Redis-HA subchart and when enabled (redis-ha.enabled=true)
# the custom redis deployment is omitted
# Check the redis-ha chart for more properties
redis-ha:
  # -- Enables the Redis HA subchart
  enabled: false
  auth: true
  image:
    repository: docker.io/redis
    tag: 7.2.4-alpine
  redisPassword: "abcd1234"
  replicas: 3
  persistentVolume:
    # -- Configures persistency on Redis nodes
    enabled: false
  hardAntiAffinity: false
  haproxy:
    # -- Enabled HAProxy LoadBalancing/Proxy
    enabled: true
    replicas: 2
    hardAntiAffinity: false
    image:
      tag: 2.6.15-alpine
    # Prevent sockets closing
    # Ref: https://www.papertrail.com/solution/tips/haproxy-logging-how-to-tune-timeouts-for-performance/
    timeout:
      server: 0
      client: 0
  configmapTest:
    image:
      repository: koalaman/shellcheck
      tag: v0.9.0
  exporter:
    image: oliver006/redis_exporter
    tag: v1.52.0
  sysctlImage:
    tag: 1-musl
  redis:
    disableCommands: []
  #    - FLUSHDB
  #    - FLUSHALL

redis:
  # -- Enables the Redis subchart
  enabled: true
  architecture: standalone
  auth:
    password: "abcd1234"
  # Below configurations are for using official docker of redis
  # If you want to use the bitnami flavour of redis, you can comment out below configurations
  image:
    repository: redis
    tag: 7.2.4-alpine
  master:
    customLivenessProbe:
      initialDelaySeconds: 20
      periodSeconds: 4
      timeoutSeconds: 3
      successThreshold: 1
      failureThreshold: 5
      exec:
        command:
          - redis-cli
          - ping
    customReadinessProbe:
      initialDelaySeconds: 10
      periodSeconds: 4
      timeoutSeconds: 3
      successThreshold: 1
      failureThreshold: 3
      exec:
        command:
          - redis-cli
          - ping
    command:
      - redis-server
    args:
      - "--maxmemory-policy volatile-lru"
      - "--maxmemory 2000mb"
      - "--save 60 1"
      - "--loglevel warning"
      - "--port 6379"
      - "--notify-keyspace-events KA"
      - "--requirepass abcd1234"
      - "--masterauth abcd1234"
    disableCommands: []
  #    - FLUSHDB
  #    - FLUSHALL

secretsMgmt:
  enabled: false
  image:
    repository: plainid/secrets-mgmt
    pullPolicy: Always
    tag: "5.2410.0"
  name: secrets-mgmt
  forceRedeploy: false
  terminationGracePeriodSeconds: 15
  replicaCount: 1
  # If serviceAccount.create is false, this value is used for existing external service account
  serviceAccountName: ""
  # -- Labels to add to the pod container metadata
  podLabels: {}
  #  key: value
  annotations: {}
  podAnnotations: {}
  autoscaling:
    enabled: false
    minReplicas: 3
    maxReplicas: 6
    targetCPUUtilizationPercentage: 2000
    targetMemoryUtilizationPercentage: 160
    annotations: {}
    behavior: {}
      # scaleDown:
      #   stabilizationWindowSeconds: 300
      #  policies:
      #   - type: Pods
      #     value: 1
      #     periodSeconds: 180
      # scaleUp:
      #   stabilizationWindowSeconds: 300
      #   policies:
    #   - type: Pods
    #     value: 2
    #     periodSeconds: 60
  autoscalingTemplate: []
  # Custom or additional autoscaling metrics
  # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics
  # - type: Pods
  #   pods:
  #     metric:
  #       name: nginx_ingress_controller_nginx_process_requests_total
  #     target:
  #       type: AverageValue
  #       averageValue: 10000m
  ## Configure PodDisruptionBudget
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
  #
  # Enable vertical pod autoscaler support
  # ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/FAQ.md
  verticalPodAutoscaler:
    enabled: false
    # Defaults to chart name
    containerName: ""
    # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
    controlledResources: [ ]

    # Define the max allowed resources for the pod
    maxAllowed: { }
    # cpu: 200m
    # memory: 100Mi
    # Define the min allowed resources for the pod
    minAllowed: { }
    # cpu: 200m
    # memory: 100Mi

    # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
    # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto".
    updatePolicy: { }
    # updateMode: "Auto"
  strategy: # For deployment
    rollingUpdate:
      maxSurge: 30%
      maxUnavailable: 30%
  podDisruptionBudget:
    # -- Labels to be added
    labels: { }
    # -- Annotations to be added
    annotations: { }

    # -- Deploy a Poddisruptionbudget
    enabled: false
    # minAvailable: 1
    # maxUnavailable: 0
  livenessProbe:
    enabled: true
    initialDelaySeconds: 60
    periodSeconds: 7
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 6
    httpGet:
      path: /health/liveness
      port: 8081
  readinessProbe:
    enabled: true
    initialDelaySeconds: 20
    periodSeconds: 3
    timeoutSeconds: 2
    successThreshold: 1
    failureThreshold: 3
    httpGet:
      path: /health/readiness
      port: 8081
  startupProbe:
    enabled: true
    initialDelaySeconds: 20
    periodSeconds: 5
    timeoutSeconds: 3
    successThreshold: 1
    failureThreshold: 180
    httpGet:
      path: /health/liveness
      port: 8081
  service:
    enabled: true
    type: ClusterIP
    name: http
    port: 8080
    nodePort:
    annotations: {}
    management:
      name: http-management
      port: 8081
  debug:
    enabled: false
    port: 5005
  ## Sensible environment variables that will be rendered as new secret object
  ## This can be useful for auth tokens, etc
  extraEnvSecrets: {}
  # Allows you to add any secret files to /app/conf
  # such as key.json etc..
  # -- Environment variables to pass to the agent
  extraEnv: {}
  # When it's set, the secret environment variables is ignored
  existingEnvSecret: ""
  resources: {}
#    requests:
#      memory: "100Mi"
#      cpu: "10m"
#    limits:
#      memory: "2000Mi"
#      cpu: "2000m"
  command: []
  plainIDConfigFileBasePath: "/app/config"
  # Allows you to add any config files to /app/config
  plainIDConfig:
    config.yaml:
      server:
        port: 8080
        # Which IP is allowed to make requests to secrets-mgmt
        bindIp: 0.0.0.0
        name: secrets-mgmt
      management:
        port: ${MANAGEMENT_PORT}
      log:
        level: "info" #debug,trace
        format: "json"
        logTo: "console" # rolling, file
      rabbitmq:
        enabled: false
      gin:
        mode: release  # debug, release
      infra:
        registry:
          warpUrl: ${AGENT_URL:} #"http://plainid-paa-agent:8080"
          k8service: ${SECRETS_MGMT_ADDRESS:} #"http://secrets-mgmt:"${server.port}
          updateInterval: 60
          firstTimeInterval: 3
        management:
          port: ${MANAGEMENT_PORT}
      # Secret Store configuration
      secretStore:
        - id: fileSecret
          type: File
          isDefault: true
          decoder: Base64
          details:
            path: /app/config/filename.txt
#        # Examples below for HashiCorp Vault and Environment Variables based Secret Stores
#        - id: vault
#          type: Vault
#          isDefault: true
#          decoder: None # Base64, None
#          details:
#            PathPrefix: prefix
#            defaultPath: vault_
#            skipVerify: true
#            url: vault
#            timeout: 3s
#            enginePath: custom
#          # Authentication method should use either a Token or Kubernetes authentication method with vault
#          auth:
#            method: Token # Token, Kubernetes
#            tokenValue: token
#            tokenFileName: ${VAULT_TOKEN} # instead of token value
#          auth:
#            method: Kubernetes
#            path: /var/run/secrets/kubernetes.io/serviceaccount/token
#            role: secrets-mgmt
#        - id: ENV_VAR_SECRET
#          type: Environment
#          isDefault: false
#          decoder: Base64
#          details:
#            name: ENV_VAR_SECRET
  metrics:
    enabled: false
    port: 8081
    serviceMonitor:
      # When set true then use a ServiceMonitor to configure scraping
      enabled: false
      path: /health/metrics
      # Set the namespace the ServiceMonitor should be deployed
      # namespace: monitoring
      # Set how frequently Prometheus should scrape
      # interval: 30s
      # Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
      # labels: {}
      # Set timeout for scrape
      # timeout: 10s
    annotations: {}
  #    prometheus.io/port: '9090'
  #    prometheus.io/scrape: 'true'
  #    prometheus.io/path: '/actuator/prometheus'
  # Init containers to add to deployment's pod spec. At least one plugin provider image is required.
  # If the value is a string then it is evaluated as a template.
  initContainers:
  #    - name: wait-for
  #      image: plainid/wait-for:0.0.9
  #      securityContext:
  #        runAsNonRoot: true
  #        runAsUser: 1000
  #        readOnlyRootFilesystem: true
  #      command:
  #        - /bin/sh
  #        - -c
  #        - |
  #          /wait-for plainid-paa-redis-master:6379 --timeout=600
  nodeSelector: {}
  affinity: {}
  #    podAntiAffinity:
  #      requiredDuringSchedulingIgnoredDuringExecution:
  #        - labelSelector:
  #            matchExpressions:
  #              - key: app.kubernetes.io/component
  #                operator: In
  #                values:
  #                  - secrets-mgmt
  #          topologyKey: "kubernetes.io/hostname"
  lifecycle: {}
  #  preStop:
  #    exec:
  #      command: ["/bin/sh", "-c", "sleep 10"]

idpWebhook:
  enabled: false
  image:
    repository: plainid/idp-webhook
    pullPolicy: Always
    tag: "5.2410.0"
  name: idp-webhook
  forceRedeploy: false
  terminationGracePeriodSeconds: 15
  replicaCount: 1
  # If serviceAccount.create is false, this value is used for existing external service account
  serviceAccountName: ""
  # -- Labels to add to the pod container metadata
  podLabels: {}
  #  key: value
  annotations: {}
  podAnnotations: {}
  autoscaling:
    enabled: false
    minReplicas: 3
    maxReplicas: 6
    targetCPUUtilizationPercentage: 2000
    targetMemoryUtilizationPercentage: 160
    annotations: {}
    behavior: {}
      # scaleDown:
      #   stabilizationWindowSeconds: 300
      #  policies:
      #   - type: Pods
      #     value: 1
      #     periodSeconds: 180
      # scaleUp:
      #   stabilizationWindowSeconds: 300
    #   policies:
    #   - type: Pods
    #     value: 2
    #     periodSeconds: 60
  autoscalingTemplate: []
  # Custom or additional autoscaling metrics
  # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics
  # - type: Pods
  #   pods:
  #     metric:
  #       name: nginx_ingress_controller_nginx_process_requests_total
  #     target:
  #       type: AverageValue
  #       averageValue: 10000m
  ## Configure PodDisruptionBudget
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
  #
  # Enable vertical pod autoscaler support
  # ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/FAQ.md
  verticalPodAutoscaler:
    enabled: false
    # Defaults to chart name
    containerName: ""
    # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
    controlledResources: [ ]

    # Define the max allowed resources for the pod
    maxAllowed: { }
    # cpu: 200m
    # memory: 100Mi
    # Define the min allowed resources for the pod
    minAllowed: { }
    # cpu: 200m
    # memory: 100Mi

    # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
    # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto".
    updatePolicy: { }
    # updateMode: "Auto"
  strategy: # For deployment
    rollingUpdate:
      maxSurge: 30%
      maxUnavailable: 30%
  podDisruptionBudget:
    # -- Labels to be added
    labels: { }
    # -- Annotations to be added
    annotations: { }

    # -- Deploy a Poddisruptionbudget
    enabled: false
    # minAvailable: 1
    # maxUnavailable: 0
  livenessProbe:
    enabled: true
    initialDelaySeconds: 60
    periodSeconds: 7
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 6
    httpGet:
      path: /healtz
      port: 8080
  readinessProbe:
    enabled: true
    initialDelaySeconds: 20
    periodSeconds: 3
    timeoutSeconds: 2
    successThreshold: 1
    failureThreshold: 3
    httpGet:
      path: /healtz
      port: 8080
  startupProbe:
    enabled: true
    initialDelaySeconds: 20
    periodSeconds: 5
    timeoutSeconds: 3
    successThreshold: 1
    failureThreshold: 180
    httpGet:
      path: /healtz
      port: 8080
  service:
    enabled: true
    type: ClusterIP
    name: http
    port: 8080
    nodePort:
    annotations: {}
    management:
      name: http-management
      port: 9090
  debug:
    enabled: false
    port: 5005
  ## Sensible environment variables that will be rendered as new secret object
  ## This can be useful for auth tokens, etc
  extraEnvSecrets: {}
  # Allows you to add any secret files to /app/conf
  # such as key.json etc..
  # -- Environment variables to pass to the agent
  extraEnv: {}
  # When it's set, the secret environment variables is ignored
  existingEnvSecret: ""
  resources: {}
  #    requests:
  #      memory: "100Mi"
  #      cpu: "10m"
  #    limits:
  #      memory: "2000Mi"
  #      cpu: "2000m"
  command: []
  plainIDConfigFileBasePath: "/app/config"
  # Allows you to add any config files to /app/config
  plainIDConfig: {}
  # Uncomment the following config.yaml section to enable and configure the IDP Web-Hook (Token Enrichment) functionality
#  config.yaml:
#    log:
#      format: json
#      level: trace
#    http:
#      port: 8080
#      jwt:
#        jwtBearerActive: false
#        jwtIgnoreVerification: true
#    management:
#      port: ${MANAGEMENT_PORT:8081}
#    server:
#      name: idp-webhook
#      auth:
#        secret:
#    apps:
#      - TestIntegration:
#          clientid: XXXXXXXXXXXXXXXX
#          clientsecret: XXXXXXXXXXXXXXXX
#          entitytype: jwt
#          tokentype: identity # possible values: identity, access
#          userid: $.context.user.profile.login
#          claims:
#            plainid: $.response[*].access[?(@.resourceType == "Entitlements")].attributes.responseValue[*]
#            kuku: $.response[*].access[?(@.resourceType == "Entitlements")].attributes.responseKey[*]
#      - PlainID-Wiz:
#          clientid: "XXXXXXXXXXXXXXXX"
#          clientsecret: "XXXXXXXXXXXXXXXX"
#          entitytype: G-User
#          tokentype: identity # possible values: identity, access
#          claims:
#            plainid: $.response[*].access[?(@.resourceType == "test_columns")].path
#
#    runtime:
#      host: https://demo.plainid.cloud
#      uri: /api/runtime/token/v3
#      tenantPattern: "http://xxx-runtime.runtime"
#      listenport: "8010"
#      timeout: 3s
  metrics:
    enabled: false
    port: 9090
    serviceMonitor:
      # When set true then use a ServiceMonitor to configure scraping
      enabled: false
      path: /metrics
      # Set the namespace the ServiceMonitor should be deployed
      # namespace: monitoring
      # Set how frequently Prometheus should scrape
      # interval: 30s
      # Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
      # labels: {}
      # Set timeout for scrape
      # timeout: 10s
    annotations: {}
  #    prometheus.io/port: '9090'
  #    prometheus.io/scrape: 'true'
  #    prometheus.io/path: '/actuator/prometheus'
  # Init containers to add to deployment's pod spec. At least one plugin provider image is required.
  # If the value is a string then it is evaluated as a template.
  initContainers:
  #    - name: wait-for
  #      image: plainid/wait-for:0.0.9
  #      securityContext:
  #        runAsNonRoot: true
  #        runAsUser: 1000
  #        readOnlyRootFilesystem: true
  #      command:
  #        - /bin/sh
  #        - -c
  #        - |
  #          /wait-for plainid-paa-redis-master:6379 --timeout=600
  nodeSelector: {}
  affinity: {}
  #    podAntiAffinity:
  #      requiredDuringSchedulingIgnoredDuringExecution:
  #        - labelSelector:
  #            matchExpressions:
  #              - key: app.kubernetes.io/component
  #                operator: In
  #                values:
  #                  - idp-webhook
  #          topologyKey: "kubernetes.io/hostname"
  lifecycle: {}
  #  preStop:
  #    exec:
  #      command: ["/bin/sh", "-c", "sleep 10"]
  ingress:
    enabled: false
    #  ingressClassName: nginx
    annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
    hosts:
      - host: chart-example.local
        paths: ["/"]
    tls: [ ]
    #  - secretName: chart-example-tls
    #    hosts:
    #      - chart-example.local

## extraManifests Array of extra objects to deploy with the release (evaluated as a template)
extraManifests: []

skipChartValidations: false