values.yaml

## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets
##

##
global:
  ## Global Docker image registry
  imageRegistry: ""
  ## @example
  ## imagePullSecrets:
  ##   - myRegistryKeySecretName
  ##
  imagePullSecrets: []
##

## Force target Kubernetes version (using Helm capabilities if not set)
##
kubeVersion: ""
## String to partially override stream.fullname
##
nameOverride: ""
## String to fully override stream.fullname
##
fullnameOverride: ""
## String to override the image registry for all containers
##
imageRegistry: ""
## Labels to add to all deployed objects
##
commonLabels: {}
## Annotations to add to all deployed objects
##
commonAnnotations: {}
## By default, we fetch the Stream image from the Evertrust registry.
## If the tag is null or unset, the default value will be set the to the chart appVersion.
## As the official Evertrust registry is not in open-access,
## you should specify an image pull secret that has
## access to Stream images.
##
## @ref https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
image:
  ## Stream image registry
  registry: registry.evertrust.io
  ## Stream image repository
  repository: stream
  ## Stream image tag (immutable tags are recommended)
  tag: 2.1.8
  ## Stream image flavor (for HSM compatible images)
  flavor: ""
  ## Stream image pull policy
  pullPolicy: IfNotPresent
  ## Stream image pull secrets
  pullSecrets: []
## @ref https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
## NOTE: Set it to `Recreate` if you use a PV that cannot be mounted on multiple pods
## @example
## updateStrategy:
##  type: RollingUpdate
##  rollingUpdate:
##    maxSurge: 25%
##    maxUnavailable: 25%
##
updateStrategy:
  ## Stream deployment strategy type
  type: Recreate
## Annotations to add to the deployment object
##
deploymentAnnotations: {}
## Annotations to add to the deployment object
##
deploymentLabels: {}
## Stream pod priority class name
##
priorityClassName: ""
## Stream pod host aliases
## @ref https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## Optionally specify extra list of additional volumes for Stream pods
## @example
## extraVolumes:
##   - name: extra-volume-name
##     configMap:
##       name: example-configmap
##
extraVolumes: []
## Optionally specify extra list of additional volumeMounts for Stream container(s)
## @example
## extraVolumeMounts:
##   - name: extra-volume-name
##     mountPath: /mnt/extra-volume
##
extraVolumeMounts: []
## Add additional sidecar containers to the Stream pod
## @example
## sidecars:
##   - name: your-image-name
##     image: your-image
##     imagePullPolicy: Always
##     ports:
##       - name: portname
##         containerPort: 1234
##
sidecars: []
## Add additional init containers to the Stream pod
initContainers: []
## Add lifecycle hooks to the Stream deployment
##
lifecycleHooks: {}
## Extra labels for Stream pods
## @ref https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## Annotations for Stream pods
## @ref https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## @ref https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## @ref https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Node affinity preset
## @ref https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
  ## Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
  ##
  type: ""
  ## Node label key to match. Ignored if `affinity` is set
  ##
  key: ""
  ## Node label values to match. Ignored if `affinity` is set
  ## @example
  ## values:
  ##   - e2e-az1
  ##   - e2e-az2
  ##
  values: []
## Number of controller revisions to keep
revisionHistoryLimit: 3
## Replica count when no autoscaler is configured
replicas: 1
## @ref https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## NOTE: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## Node labels for pod assignment
## @ref https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment
## @ref https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Spread Constraints for pod assignment
## @ref https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## @example
## topologySpreadConstraints:
##   - maxSkew: 1
##     topologyKey: node
##     whenUnsatisfiable: DoNotSchedule
##
topologySpreadConstraints: []
## Stream containers' resource requests and limits
## @ref https://kubernetes.io/docs/user-guide/compute-resources/
##
## The JVM will automatically adapt the memory allocation pool
## to the container allocated resources.
##
resources:
  ## The resources limits for the Stream container
  limits: {}
  ## The requested resources for the Stream container
  requests:
    memory: 512Mi
    cpu: 300m
## Configure Pods Security Context
## @ref https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
##
podSecurityContext:
  ## Enabled Stream pods' Security Context
  enabled: true
  ## Set Stream pod's Security Context fsGroup
  fsGroup: 1001
## Configure Container Security Context (only main container)
## @ref https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
##
containerSecurityContext:
  ## Enabled Stream containers' Security Context
  enabled: true
  ## Set Stream container's Security Context runAsUser
  runAsUser: 1001
  ## Set Stream container's Security Context runAsNonRoot
  runAsNonRoot: true
## Configure extra options for Stream containers probes
## @ref https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
##
livenessProbe:
  ## Enable livenessProbe
  enabled: true
  ## Initial delay seconds for livenessProbe
  initialDelaySeconds: 0
  ## Period seconds for livenessProbe
  periodSeconds: 10
  ## Timeout seconds for livenessProbe
  timeoutSeconds: 5
  ## Success threshold for livenessProbe
  successThreshold: 1
  ## Failure threshold for livenessProbe
  failureThreshold: 3
## A startup probe allows us to define a shorter period to improve Stream time-to-liveliness time while preserving the Stream pod from a restart loop when it is slow to start.
## @ref https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes
##
startupProbe:
  ## Enable startupProbe. Since Stream is slow to start, this is highly recommended.
  enabled: true
  ## Failure threshold for startupProbe
  failureThreshold: 60
  ## Period seconds for startupProbe
  periodSeconds: 3
##
readinessProbe:
  ## Enable readinessProbe
  enabled: true
  ## Initial delay seconds for readinessProbe
  initialDelaySeconds: 0
  ## Period seconds for readinessProbe
  periodSeconds: 5
  ## Timeout seconds for readinessProbe
  timeoutSeconds: 3
  ## Success threshold for readinessProbe
  successThreshold: 1
  ## Failure threshold for readinessProbe
  failureThreshold: 3
## Stream Autoscaling configuration
## @ref https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
##
horizontalAutoscaler:
  ## Enable Horizontal POD autoscaling for Stream
  enabled: false
  ## Minimum number of Stream replicas
  minReplicas: 1
  ## Maximum number of Stream replicas
  maxReplicas: 3
  ## Target CPU utilization percentage
  targetCPU: 50
  ## Target Memory utilization percentage
  targetMemory: 50
## Pod Disruption Budget configuration
## @ref https://kubernetes.io/docs/tasks/run-application/configure-pdb/
##
disruptionBudget:
  ## Created a PodDisruptionBudget
  ##
  enabled: false
  ## Min number of pods that must still be available after the eviction
  ##
  minAvailable: 1
  ## Max number of pods that can be unavailable after the eviction
  ##
  maxUnavailable: 0
## Configure environment variable injections into Stream's pods.
## This is the way you should inject secrets into the app if you wish
## to use the Kubernetes secrets implementation.
##
## @ref https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/
environment: []
## Pod's DNS Configuration
## @ref https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config
## This value is useful if you need to resolve your custom domain for ACME challenges
## @example
##  nameservers:
##    - 1.2.3.4
##  searches:
##    - ns1.svc.cluster-domain.example
##    - my.dns.search.suffix
##  options:
##    - name: ndots
##      value: "2"
dnsConfig: {}
## Pod's DNS Policy
## @ref https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
dnsPolicy: ClusterFirst
## Service configuration
service:
  ## Kubernetes service type
  ##
  type: ClusterIP
  ## Stream service clusterIP IP
  ## @example
  ## clusterIP: None
  ##
  clusterIP: ""
  ## Load balancer IP for the Stream Service (optional, cloud specific)
  ## @ref https://kubernetes.io/docs/user-guide/services/#type-loadbalancer
  ##
  loadBalancerIP: ""
  ## Address that are allowed when service is LoadBalancer
  ## @ref https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
  ## @example
  ## loadBalancerSourceRanges:
  ##   - 10.10.10.0/24
  ##
  loadBalancerSourceRanges: []
  ## Enable client source IP preservation
  ## @ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
  ##
  externalTrafficPolicy: Cluster
  ## Extra port to expose on Stream service
  ##
  extraPorts: []
  ## Annotations for Stream service
  ##
  annotations: {}
## Ingress configuration
## @ref https://kubernetes.io/docs/concepts/services-networking/ingress/
ingress:
  ## Set to true to enable ingress record generation
  ##
  enabled: false
  ## IngressClass that will be used to implement the Ingress (Kubernetes 1.18+)
  ingressClassName: ""
  ## Default host for the ingress resource
  ##
  hostname: ""
  ## Default path for the ingress record
  ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
  ##
  path: /
  ## Ingress path type
  ##
  pathType: Prefix
  ## Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
  ## @example
  ## annotations:
  ##   cert-manager.io/cluster-issuer: cluster-issuer-name
  ##
  annotations: {}
  ## Enable TLS configuration for the hostname defined at ingress.hostname
  ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}
  ## You can use the ingress.secrets parameter to create this TLS secret, relay on cert-manager to create it, or
  ## let the chart create self-signed certificates for you
  ##
  tls: false
  ## Additional hostnames to be covered with this ingress record
  ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
  ## @example
  ## extraHosts:
  ## - name: stream.local
  ##   path: /
  ##
  extraHosts: []
  ## An array with additional arbitrary paths that may need to be added to the ingress under the main host
  ## @example
  ## extraPaths:
  ## - path: /*
  ##   backend:
  ##     serviceName: ssl-redirect
  ##     servicePort: use-annotation
  ##
  extraPaths: []
  ## The tls configuration for additional hostnames to be covered with this ingress record.
  ## @ref https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
  ## @example
  ## extraTls:
  ## - hosts:
  ##     - stream.local
  ##   secretName: stream.local-tls
  ##
  extraTls: []
  ## Additional rules to be covered with this ingress record
  ## @ref https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
  ## @example
  ## extraRules:
  ## - host: stream.local
  ##     http:
  ##       path: /
  ##       backend:
  ##         service:
  ##           name: stream
  ##           port:
  ##             name: http
  ##
  extraRules: []
## Configure the Play secret for the Stream instance.
## As this is used for cryptographic purposes, it should be fetched
## from the environment.
##
## @ref https://www.playframework.com/documentation/2.8.x/ApplicationSecret
## @example
## appSecret:
##   valueFrom:
##     secretKeyRef:
##       name: stream-secret
##       key: appSecret
##
appSecret:
  secretName: ""
  secretKey: ""
## A valid Stream license is required for the software to run.
## You should store it (base64-encoded) in a Kubernetes secret and specify
## the secret details here.
## @ref README.md
license:
  ## Existing secret name where the Stream license is stored
  secretName: ""
  ## Existing secret key where the Stream license is stored
  secretKey: ""
## Set up initial admin user.
initialAdminHashPassword:
  ## Whether to enable the initial admin user
  enabled: false
  ## Existing secret name where the initial admin password is stored
  secretName: ""
  ## Existing secret key where the initial admin password is stored
  secretKey: ""
## Additional allowed hosts that are whitelisted to access the Stream UI.
## Configured ingresses will automatically be added to the list, this should
## only be used when port forwarding or when an ingress is created manually.
## @example
## allowedHosts:
##   - localhost:9000
##   - demo.example.org
##
allowedHosts:
  - localhost:9000
  - localhost:9443
## Depending on your Kubernetes environment, Ingress IPs may be unpredictable. In that case, you should trust whitelist every IP in your local addressing space.
## @example
## trustedProxies:
##   - 0.0.0.0/0
##   - ::/0
##
trustedProxies:
  - 0.0.0.0/0
  - ::/0
## Configuration for Stream events
events:
  ## Whether Stream events should be signed and chained using the event seal secret.
  chainsign: true
  ## Duration during which events are kept in database.
  ttl: 90 days
  secretName: ""
  secretKey: ""
keyset:
  ## Existing secret name where the Tink keyset is stored
  secretName: ""
  ## Existing secret key where the Tink keyset is stored
  secretKey: ""
## Format in which logs will be outputted. Can be set either to "console" or "json" for structured logging.
logFormat: console
tls:
  ## Whether to use the HTTPS port by default on ingresses and other services
  enabled: false
  ## Existing secret name where a PKCS12 certificate is stored
  secretName: ""
  ## Existing secret key where the PKCS12 certificate is stored
  secretKey: ""
rbac:
  ## Whether to create RBAC resources
  create: true
## Stream pods ServiceAccount
## @ref https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
##
serviceAccount:
  ## Enable the creation of a ServiceAccount for Stream pods
  ##
  create: true
  ## Name of the created ServiceAccount
  ##
  ## If not set and create is true, a name is generated using the stream.fullname template
  ##
  name: ""
  ## Annotations for Stream Service Account
  ##
  annotations: {}
  ## Automount service account token for the server service account
  ##
  automountServiceAccountToken: true
leases:
  ## Whether leases should be used when launching multiple replicas of Stream pods. This requires the leases.akka.io CRD to be installed.
  enabled: true
## Indicates to Stream in which header the client certificate will be passed by the Ingress controller.
clientCertificateHeader: ""
## Whether Stream pods should connect to each other directly via IP, or through a DNS record generated by a Kubernetes DNS server.
## Useful if the kube-dns server is configured with "pods disabled" or if you use GKE Cloud DNS
## NOTE: This is not support by Istio
podsDirectConnect: false
## Additional configuration for Stream.
## Injecting arbitrary config could result in unexpected behavior. Proceed with caution.
## @ref https://docs.evertrust.fr/stream/admin-guide/-/parameters
##
## @example
## extraConfig: |
##   stream {
##     notification.mail.attachment.extension.der = "der"
##   }
extraConfig: ""
temporaryDatabase:
  ## Whether to enable the deployment of a temporary MongoDB instance
  enabled: true
  ## MongoDB image
  image:
    ## MongoDB image registry
    registry: ~
    ## MongoDB image repository
    repository: mongo
    ## MongoDB image tag (immutable tags are recommended)
    tag: 7
    ## MongoDB image pull policy
    pullPolicy: IfNotPresent
    ## MongoDB image pull secrets
    pullSecrets: []

  persistence:
    ## Whether to enable persistence on the temporary MongoDB
    enabled: true
    ## Extra annotations to add to the PVC
    annotations: {}
    ## Storage class of backing PVC
    storageClass: ""
    ## Access modes of the PVC
    accessModes:
      - ReadWriteOnce
    ## Size of data volume for MongoDB
    size: "1Gi"
  ## MongoDB container resource requests and limits
  ## @ref https://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    ## The resources limits for the MongoDB container
    limits:
      memory: 512Mi
      cpu: 500m
    ## The requested resources for the MongoDB container
    requests:
      memory: 512Mi
      cpu: 500m
  ## Configure Pods Security Context
  ## @ref https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
  ##
  podSecurityContext:
    ## Enabled MongoDB pods' Security Context
    enabled: true
    ## Set MongoDB pod's Security Context fsGroup
    fsGroup: 1001
  ## Configure Container Security Context (only main container)
  ## @ref https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
  ##
  containerSecurityContext:
    ## Enabled MongoDB containers' Security Context
    enabled: true
    ## Set MongoDB container's Security Context runAsUser
    runAsUser: 1001
    ## Set MongoDB container's Security Context runAsNonRoot
    runAsNonRoot: true
upgrade:
  ## If true, an upgrade job will be run when upgrading the release, modifying your database schema. This works even if `mongodb.enabled` is set to false.
  ##
  enabled: true
  ## If true, an upgrade job will be run every time the Chart is installed or upgraded.
  ##
  force: false
  ## Upgrade image
  image:
    ## Stream image registry
    registry: registry.evertrust.io
    ## Stream image repository
    repository: stream-upgrade
    ## Stream image tag (immutable tags are recommended)
    tag: 2.1.8
    ## Stream image pull policy
    pullPolicy: IfNotPresent
    ## Stream image pull secrets
    pullSecrets: []
  ## stream-upgrade container resource requests and limits
  ## @ref https://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    ## The resources limits for the Stream container
    limits:
      memory: 512Mi
      cpu: 500m
    ## The requested resources for the Stream container
    requests:
      memory: 512Mi
      cpu: 500m
  ## Configure Pods Security Context
  ## @ref https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
  ##
  podSecurityContext:
    ## Enabled Stream pods' Security Context
    enabled: true
    ## Set Stream pod's Security Context fsGroup
    fsGroup: 1001
  ## Configure Container Security Context (only main container)
  ## @ref https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
  ##
  containerSecurityContext:
    ## Enabled Stream containers' Security Context
    enabled: true
    ## Set Stream container's Security Context runAsUser
    runAsUser: 1001
    ## Set Stream container's Security Context runAsNonRoot
    runAsNonRoot: true
  ## Sets to the version you're upgrading from. If empty, the chart will try to infer the version from the database.
  ##
  from: ""
  ## Sets the version you're upgrading to. If empty, the chart will use Chart.AppVersion.
  ##
  to: ""
  ## Optionally specify extra list of additional volumes for upgrade pods
  ## @example
  ## extraVolumes:
  ##   - name: certificates
  ##     secret:
  ##       secretName: mongodb-x509
  ##
  extraVolumes: []
  ## Optionally specify extra list of additional volumeMounts for upgrade containers
  ## @example
  ## extraVolumeMounts:
  ##   - name: certificates
  ##     mountPath: /certs
  ##     readOnly: true
  ##
  extraVolumeMounts: []
  ## Node labels for upgrade pod assignment
  ## @ref https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
  ##
  nodeSelector: {}
  ## Tolerations for upgrade pod assignment
  ## @ref https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
## Configuration for a Stream external database
## Refer to the Stream installation guide to configure the installation correctly
##
externalDatabase:
  ## Existing secret name where the external MongoDB URI is stored
  secretName: ""
  ## Existing secret key where the external MongoDB URI is stored
  secretKey: ""
## Configuration for the Stream mailer.
## You should configure this if you want your Stream instance to be able
## to send emails.
## You should fetch credentials from the environment if they are required.
mailer:
  ## SMTP host
  host: ""
  ## SMTP host port
  port: ""
  ## Enable TLS for this SMTP host
  tls: ""
  ## Enable SSL for this SMTP host
  ssl: ""
  ## Authentication username for this SMTP host
  user: ""
  ## The password field can be a reference to a secret.
  ## @example
  ##   password:
  ##     valueFrom:
  ##       secretKeyRef:
  ##         name: stream-secret
  ##         key: mailerPassword
  ##
  password: {}
backup:
  ## Whether to enable backup
  enabled: false
  ## Extra annotations to add to the backup job
  annotations: {}
  ## Extra labels to add to the backup job
  labels: {}
  ## Whether to suspend backup scheduling
  suspended: false
  ## Cron expression for the backup job
  schedule: "0 * * * *"
  ## Successful jobs history limit
  successfulJobsHistoryLimit: 1
  ## Failed jobs history limit
  failedJobsHistoryLimit: 3
  ## Backoff limit for the backup job
  backoffLimit: 3
  ## Toolbox image
  image:
    registry: quay.io/evertrust
    ## Toolbox image repository
    repository: toolbox
    ## Toolbox image tag (immutable tags are recommended)
    tag: v0.6.1
    ## Toolbox image pull policy
    pullPolicy: IfNotPresent
    ## Toolbox image pull secrets
    pullSecrets: []
  ## Configure Pods Security Context
  ## @ref https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
  ##
  podSecurityContext:
    ## Enabled Stream pods' Security Context
    enabled: true
    ## Set Stream pod's Security Context fsGroup
    fsGroup: 1001
  ## Configure Container Security Context (only main container)
  ## @ref https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
  ##
  containerSecurityContext:
    ## Enabled Stream containers' Security Context
    enabled: true
    ## Set Stream container's Security Context runAsUser
    runAsUser: 1001
    ## Set Stream container's Security Context runAsNonRoot
    runAsNonRoot: true
  ## backup container resource requests and limits
  ## @ref https://kubernetes.io/docs/user-guide/compute-resources/
  resources:
    ## The resources limits for the backup container
    limits:
      cpu: 500m
      memory: 512Mi
    ## The requested resources for the backup container
    requests:
      cpu: 500m
      memory: 512Mi
  ## Configure environment variable injections into the backup pods.
  ## This is the way you should inject secrets into the app if you wish
  ## to use the Kubernetes secrets implementation.
  ##
  ## @ref https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/
  environment: []
  ## Extra env vars passed to the backup pods
  envFrom: []
  ## Optionally specify extra list of additional volumes for backup pods
  ## @example
  ## extraVolumes:
  ##   - name: certificates
  ##     secret:
  ##       secretName: mongodb-x509
  ##
  extraVolumes: []
  ## Optionally specify extra list of additional volumeMounts for backup containers
  ## @example
  ## extraVolumeMounts:
  ##   - name: certificates
  ##     mountPath: /certs
  ##     readOnly: true
  ##
  extraVolumeMounts: []
  ## Node labels for backup pod assignment
  ## @ref https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
  ##
  nodeSelector: {}
  ## Tolerations for backup pod assignment
  ## @ref https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## Affinity for the backup job (e.g., nodeAffinity, podAffinity, podAntiAffinity)
  ## @ref https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
## Create dynamic manifests via values
##
## @example
## - apiVersion: "kubernetes-client.io/v1"
##   kind: ExternalSecret
##   metadata:
##     name: stream-secrets
##   spec:
##     backendType: gcpSecretsManager
##     data:
##       - key: stream-secret-key
##         name: stream-secret-name
extraObjects: []

## Enable Prometheus metrics
metrics:
  ## Whether to enable Prometheus metrics
  enabled: false
  ## Prometheus metrics port
  port: 9095