image:
  repository: gitea.scubbo.org/scubbo/edh-elo
  tag: "9b4e6c3b4d852883a372332461253ef9eae6d014"
  pullPolicy: IfNotPresent
extraEnv:
  - name: DATABASE_URL
    value: postgresql://db_user:pass@edh-elo-postgresql/postgres
  - name: SPREADSHEET_ID
    value: 1ITgXXfq7KaNP8JTQMvoZJSbu7zPpCcfNio_aooULRfc
  - name: PATH_TO_GOOGLE_SHEETS_CREDENTIALS
    value: /vault/secrets/google-credentials.json
postgresql:
  auth:
    existing-secret: edh-elo-postgresql
  primary:
    persistence:
      enabled: true
    initdb:
      # TODO - switch to using a secret (and update `extraEnv`, above)
      scripts:
        psql.sql: |
          CREATE USER db_user WITH PASSWORD 'pass';
          GRANT ALL PRIVILEGES ON DATABASE postgres TO db_user;
          GRANT ALL ON SCHEMA public TO db_user;
############
# Defaults #
############
replicaCount: 1
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""
podAnnotations:
  vault.hashicorp.com/agent-inject: "true"
  vault.hashicorp.com/agent-inject-status: update
  vault.hashicorp.com/role: "edh-elo"
  vault.hashicorp.com/agent-inject-secret-google-credentials.json: "edh-elo/data/google-credentials"
  vault.hashicorp.com/agent-inject-template-google-credentials.json: |
    {{- with secret "edh-elo/data/google-credentials" -}}
    {{- .Data.data | toJSON -}}
    {{- end -}}
podSecurityContext: {}
# fsGroup: 2000

securityContext: {}
# capabilities:
#   drop:
#   - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000

service:
  type: LoadBalancer
  port: 8000
ingress:
  enabled: false
  className: "traefik"
  annotations: {}
  # kubernetes.io/ingress.class: nginx
  # kubernetes.io/tls-acme: "true"
  # hosts:
  #   - host: edh-elo.avril
  #     paths:
  #       - path: /
  #         pathType: ImplementationSpecific
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
#   cpu: 100m
#   memory: 128Mi
# requests:
#   cpu: 100m
#   memory: 128Mi

autoscaling:
  enabled: false
  minReplicas: 1
  maxReplicas: 100
  targetCPUUtilizationPercentage: 80
  # targetMemoryUtilizationPercentage: 80
nodeSelector: {}
# architecture: x86

tolerations: {}
# - key: architecture
#   operator: Equal
#   value: x86

affinity: {}