values.yaml

## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets
##

## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
##
global:
  imageRegistry: ""
  ## E.g.
  ## imagePullSecrets:
  ##   - myRegistryKeySecretName
  ##
  imagePullSecrets: []

## @section Common parameters
##

## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
##
kubeVersion: ""
## @param nameOverride String to partially override horizon.fullname
##
nameOverride: ""
## @param fullnameOverride String to fully override horizon.fullname
##
fullnameOverride: ""
## @param imageRegistry String to override the image registry for all containers
##
imageRegistry: ""
## @param commonLabels Labels to add to all deployed objects
##
commonLabels: {}
## @param commonAnnotations Annotations to add to all deployed objects
##
commonAnnotations: {}

## @section Horizon deployment parameters

## By default, we fetch the Horizon image from the Evertrust registry.
## If the tag is null or unset, the default value will be set the to the chart appVersion.
## As the official Evertrust registry is not in open-access,
## you should specify an image pull secret that has
## access to Horizon images.
##
## ref https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## @param image.registry Horizon image registry
## @param image.repository Horizon image repository
## @param image.tag Horizon image tag (immutable tags are recommended)
## @param image.pullPolicy Horizon image pull policy
## @param image.pullSecrets Horizon image pull secrets
##
image:
  registry: registry.evertrust.io
  repository: horizon
  tag: 2.6.9
  pullPolicy: IfNotPresent
  pullSecrets: []

## @param updateStrategy.type Horizon deployment strategy type
## @param updateStrategy.rollingUpdate [object] Rolling update spec
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
## NOTE: Due to schema modifications, we do not support RollingUpdates.
## Use them at your own risk
## e.g:
## updateStrategy:
##  type: RollingUpdate
##  rollingUpdate:
##    maxSurge: 25%
##    maxUnavailable: 25%
##
updateStrategy:
  type: Recreate

## @param deploymentAnnotations Annotations to add to the deployment object
##
deploymentAnnotations: {}

## @param deploymentAnnotations Annotations to add to the deployment object
##
deploymentLabels: {}

## @param priorityClassName Horizon pod priority class name
##
priorityClassName: ""
## @param hostAliases Horizon pod host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param extraVolumes Optionally specify extra list of additional volumes for Horizon pods
## e.g:
## extraVolumes:
##   - name: extra-volume-name
##     configMap:
##       name: example-configmap
##
extraVolumes: []
## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for Horizon container(s)
## e.g:
## extraVolumeMounts:
##   - name: extra-volume-name
##     mountPath: /mnt/extra-volume
##
extraVolumeMounts: []
## @param sidecars Add additional sidecar containers to the Horizon pod
## e.g:
## sidecars:
##   - name: your-image-name
##     image: your-image
##     imagePullPolicy: Always
##     ports:
##       - name: portname
##         containerPort: 1234
##
sidecars: []
## @param lifecycleHooks Add lifecycle hooks to the Horizon deployment
##
lifecycleHooks: {}
## @param podLabels Extra labels for Horizon pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param podAnnotations Annotations for Horizon pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
  ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
  ##
  type: ""
  ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set
  ##
  key: ""
  ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set
  ## E.g.
  ## values:
  ##   - e2e-az1
  ##   - e2e-az2
  ##
  values: []
## @param affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## NOTE: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param nodeSelector Node labels for pod assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param tolerations Tolerations for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param topologySpreadConstraints Spread Constraints for pod assignment
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## E.g.
## topologySpreadConstraints:
##   - maxSkew: 1
##     topologyKey: node
##     whenUnsatisfiable: DoNotSchedule
##
topologySpreadConstraints: []
## Horizon containers' resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param resources.limits [object] The resources limits for the Horizon container
## @param resources.requests [object] The requested resources for the Horizon container
##
## **Notes** : The JVM will automatically adapt the memory allocation pool
## to the container allocated resources.
##
resources:
  limits: {}
  requests:
    memory: 512Mi
    cpu: 300m
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext.enabled Enabled Horizon pods' Security Context
## @param podSecurityContext.fsGroup Set Horizon pod's Security Context fsGroup
##
podSecurityContext:
  enabled: true
  fsGroup: 1001
## Configure Container Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled Horizon containers' Security Context
## @param containerSecurityContext.runAsUser Set Horizon container's Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Set Horizon container's Security Context runAsNonRoot
##
containerSecurityContext:
  enabled: true
  runAsUser: 1001
  runAsNonRoot: true
## Configure extra options for Horizon containers probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param livenessProbe.enabled Enable livenessProbe
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
  enabled: true
  initialDelaySeconds: 0
  periodSeconds: 10
  timeoutSeconds: 5
  successThreshold: 1
  failureThreshold: 3
## A startup probe allows us to define a shorter period to improve Horizon time-to-liveliness time while preserving the Horizon pod from a restart loop when it is slow to start.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes
## @param startupProbe.enabled Enable startupProbe. Since Horizon is slow to start, this is highly recommended.
## @param startupProbe.periodSeconds Period seconds for startupProbe
## @param startupProbe.failureThreshold Failure threshold for startupProbe
##
startupProbe:
  enabled: true
  failureThreshold: 60
  periodSeconds: 3
## @param readinessProbe.enabled Enable readinessProbe
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
  enabled: true
  initialDelaySeconds: 0
  periodSeconds: 5
  timeoutSeconds: 3
  successThreshold: 1
  failureThreshold: 3

## Horizon Autoscaling configuration
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
## @param horizontalAutoscaler.enabled Enable Horizontal POD autoscaling for Horizon
## @param horizontalAutoscaler.minReplicas Minimum number of Horizon replicas
## @param horizontalAutoscaler.maxReplicas Maximum number of Horizon replicas
## @param horizontalAutoscaler.targetCPU Target CPU utilization percentage
## @param horizontalAutoscaler.targetMemory Target Memory utilization percentage
##
horizontalAutoscaler:
  enabled: false
  minReplicas: 1
  maxReplicas: 3
  targetCPU: 50
  targetMemory: 50

## Pod Disruption Budget configuration
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
##
disruptionBudget:
  ## @param disruptionBudget.enabled Created a PodDisruptionBudget
  ##
  enabled: false
  ## @param disruptionBudget.minAvailable Min number of pods that must still be available after the eviction
  ##
  minAvailable: 1
  ## @param disruptionBudget.maxUnavailable Max number of pods that can be unavailable after the eviction
  ##
  maxUnavailable: 0

## Configure environment variable injections into Horizon's pods.
## This is the way you should inject secrets into the app if you wish
## to use the Kubernetes secrets implementation.
##
## ref: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/
## @param environment Extra env vars passed to the Horizon pods
## eg.
##   environment:
##     - name: KEY
##       value: VALUE
environment: []

## Pod's DNS Configuration
## https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config
## This value is useful if you need to resolve your custom domain for ACME challenges
## Example:
##  nameservers:
##    - 1.2.3.4
##  searches:
##    - ns1.svc.cluster-domain.example
##    - my.dns.search.suffix
##  options:
##    - name: ndots
##      value: "2"
dnsConfig: {}

# Pod's DNS Policy
# https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
dnsPolicy: ""

## @section Horizon Service configuration
##
service:
  ## @param service.type Kubernetes service type
  ##
  type: ClusterIP
  ## @param service.clusterIP Horizon service clusterIP IP
  ## e.g:
  ## clusterIP: None
  ##
  clusterIP: ""
  ## @param service.loadBalancerIP for the Horizon Service (optional, cloud specific)
  ## ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer
  ##
  loadBalancerIP: ""
  ## @param service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer
  ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
  ## Example:
  ## loadBalancerSourceRanges:
  ##   - 10.10.10.0/24
  ##
  loadBalancerSourceRanges: []
  ## @param service.externalTrafficPolicy Enable client source IP preservation
  ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
  ##
  externalTrafficPolicy: Cluster
  ## @param service.extraPorts Extra port to expose on Horizon service
  ##
  extraPorts: []
  ## @param service.annotations Annotations for Horizon service
  ##
  annotations: {}

## @section Horizon Ingress configuration
##
## ref https://kubernetes.io/docs/concepts/services-networking/ingress/
ingress:
  ## @param ingress.enabled Set to true to enable ingress record generation
  ##
  enabled: false
  ## @param ingress.type Automatically configure your ingress for an ingress controller. Accepted values are nginx, traefik. This will override the clientCertificateHeader if set, and generate annotations, resources, and ingresses resources to ensure Horizon works correctly.
  ##
  type: ""
  ## @param ingress.clientCertificateAuth When ingress.type is set, determines whether the ingress controller should request client certificates.
  ##
  clientCertificateAuth: false
  ## @param ingress.clientCertificateCASecrets If set, the ingress controller will only request client certificates signed by these CAs. Each secret should contain a `ca.crt` key containing the PEM-encoded AC certificate.
  ##
  clientCertificateCASecrets: []
  ## @param ingress.scepCompatibilityMode Adds a secondary ingress for SCEP support over HTTP
  ##
  scepCompatibilityMode: false
  ## @param ingress.ingressClassName IngressClass that will be used to implement the Ingress (Kubernetes 1.18+)
  ##
  ingressClassName: ""
  ## @param ingress.hostname Default host for the ingress resource
  ## Eg. "horizon.local"
  ##
  hostname: ""
  ## @param ingress.path Default path for the ingress record
  ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
  ##
  path: /
  ## @param ingress.pathType Ingress path type
  ##
  pathType: Prefix
  ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
  ## e.g:
  ## annotations:
  ##   cert-manager.io/cluster-issuer: cluster-issuer-name
  ##
  annotations: {}
  ## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter
  ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}
  ## You can use the ingress.secrets parameter to create this TLS secret, relay on cert-manager to create it, or
  ## let the chart create self-signed certificates for you
  ##
  tls: false
  ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
  ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
  ## Example:
  ## extraHosts:
  ## - name: horizon.local
  ##   path: /
  ##
  extraHosts: []
  ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
  ## e.g:
  ## extraPaths:
  ## - path: /*
  ##   backend:
  ##     serviceName: ssl-redirect
  ##     servicePort: use-annotation
  ##
  extraPaths: []
  ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
  ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
  ## Example:
  ## extraTls:
  ## - hosts:
  ##     - horizon.local
  ##   secretName: horizon.local-tls
  ##
  extraTls: []
  ## @param ingress.extraRules Additional rules to be covered with this ingress record
  ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
  ## e.g:
  ## extraRules:
  ## - host: horizon.local
  ##     http:
  ##       path: /
  ##       backend:
  ##         service:
  ##           name: horizon
  ##           port:
  ##             name: http
  ##
  extraRules: []

## @section Prometheus monitor configuration
## @param monitoring.enabled Enable the creation of a ServiceMonitor object for Horizon if the cluster has the monitoring.coreos.com/v1 capability.
monitoring:
  enabled: true

## @section Horizon application parameters

## Configure the Play secret for the Horizon instance.
## As this is used for cryptographic purposes, it should be fetched
## from the environment.
##
## ref https://www.playframework.com/documentation/2.8.x/ApplicationSecret
## @param appSecret [object] Application secret used for encrypting session data and cookies
## E.g.
## appSecret:
##   valueFrom:
##     secretKeyRef:
##       name: horizon-secret
##       key: appSecret
##
appSecret: {}

## A valid Horizon license is required for the software to run.
## You should store it (base64-encoded) in a Kubernetes secret and specify
## the secret details here.
## ref: README.md
## @param license.secretName Existing secret name where the Horizon license is stored
## @param license.secretKey Existing secret key where the Horizon license is stored
license:
  secretName: ""
  secretKey: ""

## Set up initial admin user.
## @param initialAdminHashPassword.enabled Whether to enable the initial admin user
## @param initialAdminHashPassword.secretName Existing secret name where the initial admin password is stored
## @param initialAdminHashPassword.secretKey Existing secret key where the initial admin password is stored
initialAdminHashPassword:
  enabled: false
  secretName: ""
  secretKey: ""

## For backwards-compatibility reasons, this array should contain
## only one element.
## For more information, refer to the Horizon installation guide.
## @param vaults [array] Horizon vaults configuration
vaults:
  - name: default
    vault_type: ssv
    ## The master_password field can be a reference to a secret.
    ## E.g.
    ##   master_password:
    ##     valueFrom:
    ##       secretKeyRef:
    ##         name: horizon-secret
    ##         key: defaultMasterPassword
    ##
    master_password: {}

## Additional allowed hosts that are whitelisted to access the Horizon UI.
## Configured ingresses will automatically be added to the list, this should
## only be used when port forwarding or when an ingress is created manually.
## @param allowedHosts [array] Additional allowed hosts.
## E.g.
## allowedHosts:
##   - localhost:9000
##   - demo.example.org
##
allowedHosts:
  - localhost:9000

## Depending on your Kubernetes environment, Ingress IPs may be unpredictable. In that case, you should trust whitelist every IP in your local addressing space.
## @param trustedProxies [array] Trusted proxies.
## E.g.
## trustedProxies:
##   - 0.0.0.0/0
##   - ::/0
##
trustedProxies:
  - 0.0.0.0/0
  - ::/0

## Configuration for Horizon events
## @param events.chainsign Whether Horizon events should be signed and chained using the event seal secret.
## @param events.secret [object] Secret used to sign and chain events.
## @param events.ttl Duration during which events are kept in database.
## @param events.discoveryTtl Duration during which discovery events are kept in database.
events:
  chainsign: true
    ## The events.secret field can be a reference to a secret.
    ## E.g.
    ##   secret:
    ##     valueFrom:
    ##       secretKeyRef:
    ##         name: horizon-secret
    ##         key: eventSealSecret
    ##
  secret: {}
  ttl: ""
  discoveryTtl: ""

## @param logFormat Format in which logs will be outputted. Can be set either to "console" or "json" for structured logging.
logFormat: console

## @param tls.enabled Whether to use the HTTPS port by default on ingresses and other services
## @param tls.secretName Existing secret name where a PKCS12 certificate is stored
## @param tls.secretKey Existing secret key where the PKCS12 certificate is stored
tls:
  enabled: false
  secretName: ""
  secretKey: ""

## Configuration for the Horizon mailer.
## You should configure this if you want your Horizon instance to be able
## to send emails.
## You should fetch credentials from the environment if they are required.
## @param mailer.host SMTP host
## @param mailer.port SMTP host port
## @param mailer.tls Enable TLS for this SMTP host
## @param mailer.ssl Enable SSL for this SMTP host
## @param mailer.user Authentication username for this SMTP host
## @param mailer.password [object] Authentication password for this SMTP host
mailer:
  host: ""
  port: ""
  tls: ""
  ssl: ""
  user: ""
    ## The password field can be a reference to a secret.
    ## E.g.
    ##   password:
    ##     valueFrom:
    ##       secretKeyRef:
    ##         name: horizon-secret
    ##         key: mailerPassword
    ##
  password: {}

## Configure the logger for this Horizon instance.
## Sensible defaults are set, but you may need a more verbose logging
## experience when debugging the application.
##
## ref: https://www.playframework.com/documentation/2.8.x/ScalaLogging
## @param logback.level Global logging level for all loggers
## @param logback.pattern Log messages pattern
## @param logback.loggers [array] Logging level overrides for specific loggers
logback:
  level: info
  pattern: "%date{yyyy-MM-dd HH:mm:ss} - [%logger] - [%traceID] - [%level] - %message%n%xException{full}"
  loggers:
    # In Kubernetes, we usually don't care to log functional events to stdout.
    - name: events
      level: warn
    ## You might want to uncomment the following loggers to gather more info about your Horizon instance.
    ## E.g.
    ## - name: actors
    ##   level: debug
    ## - name: actions
    ##   level: debug
    ## - name: controllers
    ##   level: debug
    ## - name: filters
    ##   level: debug
    ## - name: models
    ##   level: debug
    ## - name: modules
    ##   level: debug
    ## - name: pki-connectors
    ##   level: debug
    ## - name: racs-connectors
    ##   level: debug

## @param leases.enabled Whether leases should be used when launching multiple replicas of Horizon pods. This requires the leases.pekko.apache.org CRD to be installed.
leases:
  enabled: true

## @param clientCertificateHeader Indicates to Horizon in which header the client certificate will be passed. Will be automatically set by the ingress.clientCertificateAuth value if set.
clientCertificateHeader: ""

## @param podsDirectConnect Whether Horizon pods should connect to each other directly via IP, or through a DNS record generated by a Kubernetes DNS server.
## Useful if the kube-dns server is configured with "pods disabled" or if you use GKE Cloud DNS
## NOTE: This is not support by Istio
podsDirectConnect: false

## @param extraConfig Additional configuration for Horizon
## Injecting arbitrary config could result in unexpected behavior. Proceed with caution.
## ref: https://docs.evertrust.fr/horizon/admin-guide/-/parameters
##
## Eg.
## extraConfig: |
##   horizon {
##     notification.mail.attachment.extension.der = "der"
##   }
extraConfig: ""

## @section Database parameters

## Install a MongoDB instance
## ref: https://github.com/bitnami/charts/tree/master/bitnami/mongodb
mongodb:
  ## @param mongodb.enabled Whether to deploy a mongodb server to satisfy the application database requirements. To use an external database set this to false and configure the `externalDatabase.uri` parameter
  ##
  enabled: true
  ## @param mongodb.image.tag MongoDB image tag (immutable tags are recommended)
  ##
  image:
    tag: 5.0.17-debian-11-r2
  ## @param mongodb.architecture MongoDB architecture (`standalone` or `replicaset`)
  ##
  architecture: standalone
  ## MongoDB Authentication parameters
  ##
  auth:
    ## @param mongodb.auth.rootPassword MongoDB admin password
    ## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#setting-the-root-password-on-first-run
    ##
    rootPassword: ""
    ## @param mongodb.auth.username MongoDB custom user
    ## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#creating-a-user-and-database-on-first-run
    ##
    username: horizon
    ## @param mongodb.auth.database MongoDB custom database
    ##
    database: horizon
    ## @param mongodb.auth.password MongoDB custom password
    ##
    password: secret_password
## @section Upgrade parameters
upgrade:
  ## @param upgrade.enabled If true, an upgrade job will be run when upgrading the release, modifying your database schema. This works even if `mongodb.enabled` is set to false.
  ##
  enabled: true
  ## @param upgrade.enabled If true, an upgrade job will be run everytime the Chart is installed or upgraded.
  ##
  force: false
  ## @param upgrade.image.registry Horizon image registry
  ## @param upgrade.image.repository Horizon image repository
  ## @param upgrade.image.tag Horizon image tag (immutable tags are recommended)
  ## @param upgrade.image.pullPolicy Horizon image pull policy
  ## @param upgrade.image.pullSecrets Horizon image pull secrets
  ##
  image:
    registry: registry.evertrust.io
    repository: horizon-upgrade
    tag: 2.6.9
    pullPolicy: IfNotPresent
    pullSecrets: []
  ## horizon-upgrade container resource requests and limits
  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
  ## @param upgrade.resources.limits [object] The resources limits for the Horizon container
  ## @param upgrade.resources.requests [object] The requested resources for the Horizon container
  ##
  resources:
    limits:
      memory: 512Mi
      cpu: 500m
    requests:
      memory: 512Mi
      cpu: 500m
  ## @param upgrade.from Sets to the version you're upgrading from. If empty, the chart will try to infer the version from the database.
  ##
  from: ""
  ## @param upgrade.to Sets the version you're upgrading to. If empty, the chart will use Chart.AppVersion.
  ##
  to: ""

## @section Backup parameters
backup:
  ## @param backup.enabled Whether to enable backup
  enabled: false
  ## @param backup.annotations Extra annotations to add to the backup job
  annotations: {}
  ## @param backup.labels Extra labels to add to the backup job
  labels: {}
  ## @param backup.suspended Whether to suspend backup scheduling
  suspended: false
  ## @param backup.schedule Cron expression for the backup job
  schedule: "0 * * * *"
  ## @param backup.schedule Cron expression for the backup job
  successfulJobsHistoryLimit: 1
  ##@ param backup.failedJobsHistoryLimit Cron expression for the backup job
  failedJobsHistoryLimit: 3
  ## @param backup.backoffLimit Cron expression for the backup job
  backoffLimit: 3
  ## @param backup.image.repository toolbox image repository
  ## @param backup.image.tag toolbox image tag (immutable tags are recommended)
  ## @param backup.image.pullPolicy toolbox image pull policy
  ## @param backup.image.pullSecrets toolbox image pull secrets
  image:
    registry: quay.io/evertrust
    repository: toolbox
    tag: v0.3.0
    pullPolicy: IfNotPresent
    pullSecrets: []
  ## Configure Pods Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
  ## @param backup.podSecurityContext.enabled Enabled Horizon pods' Security Context
  ## @param backup.podSecurityContext.fsGroup Set Horizon pod's Security Context fsGroup
  ##
  podSecurityContext:
    enabled: true
    fsGroup: 1001
  ## Configure Container Security Context (only main container)
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
  ## @param backup.containerSecurityContext.enabled Enabled Horizon containers' Security Context
  ## @param backup.containerSecurityContext.runAsUser Set Horizon container's Security Context runAsUser
  ## @param backup.containerSecurityContext.runAsNonRoot Set Horizon container's Security Context runAsNonRoot
  ##
  containerSecurityContext:
    enabled: true
    runAsUser: 1001
    runAsNonRoot: true
  ## backup container resource requests and limits
  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
  ## @param backup.resources.limits [object] The resources limits for the backup container
  ## @param backup.resources.requests [object] The requested resources for the backup container
  resources:
    limits:
      cpu: 500m
      memory: 512Mi
    requests:
      cpu: 500m
      memory: 512Mi
  ## Configure environment variable injections into the backup pods.
  ## This is the way you should inject secrets into the app if you wish
  ## to use the Kubernetes secrets implementation.
  ##
  ## ref: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/
  ## @param environment [array] Extra env vars passed to the backup pods
  environment: []
  ## @param envFrom [array] Extra env vars passed to the backup pods
  envFrom: []

## Configuration for an Horizon external database
## Refer to the Horizon installation guide to configure the installation correctly
##
## @param externalDatabase.uri [object] External MongoDB URI. For an external database to be used, `mongodb.enabled` must be set to `false`.
externalDatabase:
  ## The uri field can be a reference to a secret.
  ## E.g.
  ##   uri:
  ##     valueFrom:
  ##       secretKeyRef:
  ##         name: horizon-secret
  ##         key: mongoDBUri
  ##
  uri: {}

## @param extraObjects [array] Create a dynamic manifests via values:
extraObjects: []
  ## - apiVersion: "kubernetes-client.io/v1"
  ##   kind: ExternalSecret
  ##   metadata:
  ##     name: horizon-secrets
  ##   spec:
  ##     backendType: gcpSecretsManager
  ##     data:
  ##       - key: horizon-secret-key
  ##         name: horizon-secret-name

## Enable Prometheus metrics
metrics:
  ## @param metrics.enabled Whether to enable Prometheus metrics
  enabled: false
  ## @param metrics.port Prometheus metrics port
  port: 9095