soc/Shuffle/functions/kubernetes/charts/shuffle/values.yaml

---
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
##

## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
##
global:
  imageRegistry: ""
  ## e.g:
  ## imagePullSecrets:
  ##   - myRegistryKeySecretName
  ##
  imagePullSecrets: []
  defaultStorageClass: ""
  ## Compatibility adaptations for Kubernetes platforms
  ##
  compatibility:
    ## Compatibility adaptations for Openshift
    ##
    openshift:
      ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
      ##
      adaptSecurityContext: auto
    ## @param global.compatibility.omitEmptySeLinuxOptions If set to true, removes the seLinuxOptions from the securityContexts when it is set to an empty object
    ##
    omitEmptySeLinuxOptions: false

## @section Common parameters
##

## @param kubeVersion Override Kubernetes version
##
kubeVersion: ""
## @param nameOverride String to partially override common.names.name
##
nameOverride: ""
## @param fullnameOverride String to fully override common.names.fullname
##
fullnameOverride: ""
## @param namespaceOverride String to fully override common.names.namespace
##
namespaceOverride: ""
## @param commonLabels Labels to add to all deployed objects
##
commonLabels: {}
## @param commonAnnotations Annotations to add to all deployed objects
##
commonAnnotations: {}
## @param clusterDomain Kubernetes cluster domain name
##
clusterDomain: cluster.local
## @param extraDeploy Array of extra objects to deploy with the release
##
extraDeploy: []
## Diagnostic mode
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
## @param diagnosticMode.command Command to override all containers in the chart release
## @param diagnosticMode.args Args to override all containers in the chart release
##
diagnosticMode:
  enabled: false
  command:
    - sleep
  args:
    - infinity

## @section Shared Shuffle Parameters
##
shuffle:
  ## @param shuffle.baseUrl The external base URL under which Shuffle is reachable.
  ##
  baseUrl: ""

  ## ref: https://shuffler.io/docs/organizations
  ## This chart only supports single-tenant deployments at the moment
  ## @param shuffle.org Default shuffle organization
  ##
  org: Shuffle

  ## @param shuffle.appRegistry The registry from / to which shuffle apps are pulled / pushed
  ##
  appRegistry: "docker.io"

  ## @param shuffle.appBaseImageName The base image used for shuffle apps. The final image for an app is <appRegistr>/<appBaseImageName>/<appName>:<appVersion>
  ##
  appBaseImageName: "frikky"

  ## @param shuffle.timezone The timezone used by Shuffle
  ##
  timezone: Europe/Berlin

## @section backend Parameters
##
backend:
  ## backend image
  ## @param backend.image.registry backend image registry
  ## @param backend.image.repository backend image repository
  ## @param backend.image.tag backend image tag (immutable tags are recommended, defaults to appVersion)
  ## @param backend.image.digest backend image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)
  ## @param backend.image.pullPolicy backend image pull policy
  ## @param backend.image.pullSecrets backend image pull secrets
  ##
  image:
    registry: ghcr.io
    repository: shuffle/shuffle-backend
    tag: ""
    digest: ""
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
    ##
    pullPolicy: IfNotPresent
    ## Optionally specify an array of imagePullSecrets.
    ## Secrets must be manually created in the namespace.
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
    ## e.g:
    ## pullSecrets:
    ##   - myRegistryKeySecretName
    ##
    pullSecrets: []
  ## @param backend.replicaCount Number of backend replicas to deploy
  ##
  replicaCount: 1
  ## @param backend.containerPorts.http backend HTTP container port
  ##
  containerPorts:
    http: 5001
  ## @param backend.extraContainerPorts Optionally specify extra list of additional ports for backend containers
  ## e.g:
  ## extraContainerPorts:
  ##   - name: myservice
  ##     containerPort: 9090
  ##
  extraContainerPorts: []
  ## Configure extra options for backend containers' liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
  ## @param backend.livenessProbe.enabled Enable livenessProbe on backend containers
  ## @param backend.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
  ## @param backend.livenessProbe.periodSeconds Period seconds for livenessProbe
  ## @param backend.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
  ## @param backend.livenessProbe.failureThreshold Failure threshold for livenessProbe
  ## @param backend.livenessProbe.successThreshold Success threshold for livenessProbe
  ##
  livenessProbe:
    enabled: false
    initialDelaySeconds: 0
    periodSeconds: 15
    timeoutSeconds: 1
    failureThreshold: 4
    successThreshold: 1
  ## @param backend.readinessProbe.enabled Enable readinessProbe on backend containers
  ## @param backend.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
  ## @param backend.readinessProbe.periodSeconds Period seconds for readinessProbe
  ## @param backend.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
  ## @param backend.readinessProbe.failureThreshold Failure threshold for readinessProbe
  ## @param backend.readinessProbe.successThreshold Success threshold for readinessProbe
  ##
  readinessProbe:
    enabled: false
    initialDelaySeconds: 0
    periodSeconds: 5
    timeoutSeconds: 1
    failureThreshold: 3
    successThreshold: 1
  ## @param backend.startupProbe.enabled Enable startupProbe on backend containers
  ## @param backend.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
  ## @param backend.startupProbe.periodSeconds Period seconds for startupProbe
  ## @param backend.startupProbe.timeoutSeconds Timeout seconds for startupProbe
  ## @param backend.startupProbe.failureThreshold Failure threshold for startupProbe
  ## @param backend.startupProbe.successThreshold Success threshold for startupProbe
  ##
  startupProbe:
    enabled: false
    initialDelaySeconds: 0
    periodSeconds: 1
    timeoutSeconds: 1
    failureThreshold: 60
    successThreshold: 1
  ## @param backend.customLivenessProbe Custom livenessProbe that overrides the default one
  ##
  customLivenessProbe: {}
  ## @param backend.customReadinessProbe Custom readinessProbe that overrides the default one
  ##
  customReadinessProbe: {}
  ## @param backend.customStartupProbe Custom startupProbe that overrides the default one
  ##
  customStartupProbe: {}
  ## backend resource requests and limits
  ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
  ## @param backend.resourcesPreset Set backend container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if backend.resources is set (backend.resources is recommended for production).
  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
  ## Shuffle gets OOM killed with 256M memory during startup. Up to 360MiB of memory usage were observed during testing.
  ## The small preset grants 512M.
  ##
  resourcesPreset: "small"
  ## @param backend.resources Set backend container requests and limits for different resources like CPU or memory (essential for production workloads)
  ## Example:
  ## resources:
  ##   requests:
  ##     cpu: 2
  ##     memory: 512Mi
  ##   limits:
  ##     cpu: 3
  ##     memory: 1024Mi
  ##
  resources: {}
  ## Configure Pods Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
  ## @param backend.podSecurityContext.enabled Enable backend pods' Security Context
  ## @param backend.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for backend pods
  ## @param backend.podSecurityContext.sysctls Set kernel settings using the sysctl interface for backend pods
  ## @param backend.podSecurityContext.supplementalGroups Set filesystem extra groups for backend pods
  ## @param backend.podSecurityContext.fsGroup Set fsGroup in backend pods' Security Context
  ##
  podSecurityContext:
    enabled: true
    fsGroupChangePolicy: Always
    sysctls: []
    supplementalGroups: []
    fsGroup: 1001
  ## Configure Container Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
  ## @param backend.containerSecurityContext.enabled Enabled backend container' Security Context
  ## @param backend.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in backend container
  ## @param backend.containerSecurityContext.runAsUser Set runAsUser in backend container' Security Context
  ## @param backend.containerSecurityContext.runAsGroup Set runAsGroup in backend container' Security Context
  ## @param backend.containerSecurityContext.runAsNonRoot Set runAsNonRoot in backend container' Security Context
  ## @param backend.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in backend container' Security Context
  ## @param backend.containerSecurityContext.privileged Set privileged in backend container' Security Context
  ## @param backend.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in backend container' Security Context
  ## @param backend.containerSecurityContext.capabilities.drop List of capabilities to be dropped in backend container
  ## @param backend.containerSecurityContext.seccompProfile.type Set seccomp profile in backend container
  ##
  containerSecurityContext:
    enabled: true
    seLinuxOptions: {}
    runAsUser: 1001
    runAsGroup: 1001
    runAsNonRoot: true
    readOnlyRootFilesystem: true
    privileged: false
    allowPrivilegeEscalation: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: "RuntimeDefault"

  ## @param backend.command Override default backend container command (useful when using custom images)
  ##
  command: []
  ## @param backend.args Override default backend container args (useful when using custom images)
  ##
  args: []
  ## @param backend.automountServiceAccountToken Mount Service Account token in backend pods
  ## NOTE: backend requires the service account credentials to be mounted
  ##
  automountServiceAccountToken: true
  ## @param backend.hostAliases backend pods host aliases
  ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
  ##
  hostAliases: []
  ## @param backend.deploymentAnnotations Annotations for backend deployment
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  deploymentAnnotations: {}
  ## @param backend.podLabels Extra labels for backend pods
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
  ##
  podLabels: {}
  ## @param backend.podAnnotations Annotations for backend pods
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## @param backend.podAffinityPreset Pod affinity preset. Ignored if `backend.affinity` is set. Allowed values: `soft` or `hard`
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ##
  podAffinityPreset: ""
  ## @param backend.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `backend.affinity` is set. Allowed values: `soft` or `hard`
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ##
  podAntiAffinityPreset: soft
  ## Node backend.affinity preset
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
  ##
  nodeAffinityPreset:
    ## @param backend.nodeAffinityPreset.type Node affinity preset type. Ignored if `backend.affinity` is set. Allowed values: `soft` or `hard`
    ##
    type: ""
    ## @param backend.nodeAffinityPreset.key Node label key to match. Ignored if `backend.affinity` is set
    ##
    key: ""
    ## @param backend.nodeAffinityPreset.values Node label values to match. Ignored if `backend.affinity` is set
    ## E.g.
    ## values:
    ##   - e2e-az1
    ##   - e2e-az2
    ##
    values: []
  ## @param backend.affinity Affinity for backend pods assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ## NOTE: `backend.podAffinityPreset`, `backend.podAntiAffinityPreset`, and `backend.nodeAffinityPreset` will be ignored when it's set
  ##
  affinity: {}
  ## @param backend.nodeSelector Node labels for backend pods assignment
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
  ##
  nodeSelector: {}
  ## @param backend.tolerations Tolerations for backend pods assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## @param backend.updateStrategy.type backend deployment strategy type
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
  ##
  updateStrategy:
    ## Can be set to RollingUpdate or Recreate
    ## Backend uses ReadWriteOnce volumes by default, which is incompatible with RollingUpdate
    ##
    type: Recreate
  ## @param backend.priorityClassName backend pods' priorityClassName
  ##
  priorityClassName: ""
  ## @param backend.topologySpreadConstraints Topology Spread Constraints for backend pod assignment spread across your cluster among failure-domains
  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
  ##
  topologySpreadConstraints: []
  ## @param backend.schedulerName Name of the k8s scheduler (other than default) for backend pods
  ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
  ##
  schedulerName: ""
  ## @param backend.terminationGracePeriodSeconds Seconds backend pods need to terminate gracefully
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
  ##
  terminationGracePeriodSeconds: ""
  ## @param backend.lifecycleHooks for backend containers to automate configuration before or after startup
  ##
  lifecycleHooks: {}
  ## @param backend.extraEnvVars Array with extra environment variables to add to backend containers
  ## e.g:
  ## extraEnvVars:
  ##   - name: FOO
  ##     value: "bar"
  ##
  extraEnvVars: []
  ## @param backend.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for backend containers
  ##
  extraEnvVarsCM: ""
  ## @param backend.extraEnvVarsSecret Name of existing Secret containing extra env vars for backend containers
  ##
  extraEnvVarsSecret: ""
  ## @param backend.extraVolumes Optionally specify extra list of additional volumes for the backend pods
  ##
  extraVolumes: []
  ## @param backend.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the backend containers
  ##
  extraVolumeMounts: []
  ## @param backend.sidecars Add additional sidecar containers to the backend pods
  ## e.g:
  ## sidecars:
  ##   - name: your-image-name
  ##     image: your-image
  ##     imagePullPolicy: Always
  ##     ports:
  ##       - name: portname
  ##         containerPort: 1234
  ##
  sidecars: []
  ## @param backend.initContainers Add additional init containers to the backend pods
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
  ## e.g:
  ## initContainers:
  ##  - name: your-image-name
  ##    image: your-image
  ##    imagePullPolicy: Always
  ##    command: ['sh', '-c', 'echo "hello world"']
  ##
  initContainers: []
  ## Pod Disruption Budget configuration
  ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
  ## @param backend.pdb.create Enable/disable a Pod Disruption Budget creation
  ## @param backend.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
  ## @param backend.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `backend.pdb.minAvailable` and `backend.pdb.maxUnavailable` are empty.
  ##
  pdb:
    create: true
    minAvailable: ""
    maxUnavailable: ""
  ## Autoscaling configuration
  ## ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/
  ##
  autoscaling:
    ## @param backend.autoscaling.vpa.enabled Enable VPA for backend pods
    ## @param backend.autoscaling.vpa.annotations Annotations for VPA resource
    ## @param backend.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
    ## @param backend.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod
    ## @param backend.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod
    ##
    vpa:
      enabled: false
      annotations: {}
      controlledResources: []
      maxAllowed: {}
      minAllowed: {}
      ## @param backend.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy
      ## Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod
      ## Possible values are "Off", "Initial", "Recreate", and "Auto".
      ##
      updatePolicy:
        updateMode: Auto
    ## @param backend.autoscaling.hpa.enabled Enable HPA for backend pods
    ## @param backend.autoscaling.hpa.minReplicas Minimum number of replicas
    ## @param backend.autoscaling.hpa.maxReplicas Maximum number of replicas
    ## @param backend.autoscaling.hpa.targetCPU Target CPU utilization percentage
    ## @param backend.autoscaling.hpa.targetMemory Target Memory utilization percentage
    ##
    hpa:
      enabled: false
      minReplicas: ""
      maxReplicas: ""
      targetCPU: ""
      targetMemory: ""

  ## Service configuration
  ##
  service:
    ## @param backend.service.labels Extra labels for backend service
    ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
    ##
    labels: {}

  ## ServiceAccount configuration
  ##
  serviceAccount:
    ## @param backend.serviceAccount.create Specifies whether a ServiceAccount should be created
    ##
    create: true
    ## @param backend.serviceAccount.name The name of the ServiceAccount to use.
    ## If not set and create is true, a name is generated using the common.names.fullname template
    ##
    name: ""
    ## @param backend.serviceAccount.annotations Additional Service Account annotations (evaluated as a template)
    ##
    annotations: {}
    ## @param backend.serviceAccount.automountServiceAccountToken Automount service account token for the backend service account
    ##
    automountServiceAccountToken: true
    ## @param backend.serviceAccount.imagePullSecrets Add image pull secrets to the backend service account
    ##
    imagePullSecrets: []

  ## RBAC configuration
  ##
  rbac:
    ## @param backend.rbac.create Specifies whether RBAC resources should be created
    create: true

  ## Network Policies
  ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
  ##
  networkPolicy:
    ## @param backend.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
    ##
    enabled: true
    ## @param backend.networkPolicy.allowExternal Don't require server label for connections
    ## The Policy model to apply. When set to false, only pods with the correct
    ## server label will have network access to the ports server is listening
    ## on. When true, server will accept connections from any source
    ## (with the correct destination port).
    ##
    allowExternal: true
    ## @param backend.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
    ##
    allowExternalEgress: true
    ## @param backend.networkPolicy.extraIngress Add extra ingress rules to the NetworkPolicy
    ## NOTE: You likely want to allow access from your ingress, e.g.:
    ## extraIngress:
    ## - ports:
    ##     - protocol: TCP
    ##       port: 5001
    ##   from:
    ##     - namespaceSelector:
    ##         matchLabels:
    ##           kubernetes.io/metadata.name: istio-ingress
    ##       podSelector:
    ##         matchLabels:
    ##           istio: ingress
    ##
    extraIngress: []
    ## @param backend.networkPolicy.extraEgress Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
    ## NOTE: You likely want to allow access to OpenSearch and cluster-proxies, e.g:
    ## extraEgress:
    ## - to:
    ##     - namespaceSelector:
    ##         matchLabels:
    ##           kubernetes.io/metadata.name: istio-system
    ##       podSelector:
    ##         matchLabels:
    ##           istio: pilot
    ## - ports:
    ##     - protocol: TCP
    ##       port: 9200
    ##     - protocol: TCP
    ##       port: 9300
    ##   to:
    ##     - namespaceSelector:
    ##         matchLabels:
    ##           kubernetes.io/metadata.name: shuffle
    ##       podSelector:
    ##         matchLabels:
    ##           app.kubernetes.io/name: opensearch
    ##
    extraEgress: []

  ## @param backend.cleanupSchedule The interval in seconds at which the cleanup job runs
  ##
  cleanupSchedule: 300

  ## OpenSearch configuration
  ##
  openSearch:
    ## @param backend.openSearch.url The URL at which OpenSearch is available
    ##
    url: "http://{{ .Release.Name }}-opensearch:9200"
    ## @param backend.openSearch.username The username that is used for authenticating with OpenSearch
    ##
    username: admin
    ## @param backend.openSearch.certificateFile The path to a custom OpenSearch certificate file
    ##
    certificateFile: ""
    ## @param backend.openSearch.skipSSLVerify Skip SSL verification
    ##
    skipSSLVerify: false
    ## @param backend.openSearch.indexPrefix A prefix for OpenSearch indices
    ##
    indexPrefix: ""

  ## App configuration
  ##
  apps:
    ## @param backend.apps.downloadLocation The location to a git repository from which default appps are downloaded on startup.
    ##
    downloadLocation: https://github.com/shuffle/python-apps
    ## @param backend.apps.downloadBranch The branch from which apps should be downloaded on startup.
    ##
    downloadBranch: master
    ## @param backend.apps.forceUpdate Force an update of apps on startup.
    ##
    forceUpdate: false

## @section frontend Parameters
##
frontend:
  ## frontend image
  ## @param frontend.image.registry frontend image registry
  ## @param frontend.image.repository frontend image repository
  ## @param frontend.image.tag frontend image tag (immutable tags are recommended, defaults to appVersion)
  ## @param frontend.image.digest frontend image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)
  ## @param frontend.image.pullPolicy frontend image pull policy
  ## @param frontend.image.pullSecrets frontend image pull secrets
  ##
  image:
    registry: ghcr.io
    repository: shuffle/shuffle-frontend
    tag: ""
    digest: ""
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
    ##
    pullPolicy: IfNotPresent
    ## Optionally specify an array of imagePullSecrets.
    ## Secrets must be manually created in the namespace.
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
    ## e.g:
    ## pullSecrets:
    ##   - myRegistryKeySecretName
    ##
    pullSecrets: []
  ## @param frontend.replicaCount Number of frontend replicas to deploy
  ##
  replicaCount: 1
  ## @param frontend.containerPorts.http frontend HTTP container port
  ## @param frontend.containerPorts.https frontend HTTPS container port
  ##
  containerPorts:
    http: 80
    https: 443
  ## @param frontend.extraContainerPorts Optionally specify extra list of additional ports for frontend containers
  ## e.g:
  ## extraContainerPorts:
  ##   - name: myservice
  ##     containerPort: 9090
  ##
  extraContainerPorts: []
  ## Configure extra options for frontend containers' liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
  ## @param frontend.livenessProbe.enabled Enable livenessProbe on frontend containers
  ## @param frontend.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
  ## @param frontend.livenessProbe.periodSeconds Period seconds for livenessProbe
  ## @param frontend.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
  ## @param frontend.livenessProbe.failureThreshold Failure threshold for livenessProbe
  ## @param frontend.livenessProbe.successThreshold Success threshold for livenessProbe
  ##
  livenessProbe:
    enabled: false
    initialDelaySeconds: 0
    periodSeconds: 15
    timeoutSeconds: 1
    failureThreshold: 4
    successThreshold: 1
  ## @param frontend.readinessProbe.enabled Enable readinessProbe on frontend containers
  ## @param frontend.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
  ## @param frontend.readinessProbe.periodSeconds Period seconds for readinessProbe
  ## @param frontend.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
  ## @param frontend.readinessProbe.failureThreshold Failure threshold for readinessProbe
  ## @param frontend.readinessProbe.successThreshold Success threshold for readinessProbe
  ##
  readinessProbe:
    enabled: false
    initialDelaySeconds: 0
    periodSeconds: 5
    timeoutSeconds: 1
    failureThreshold: 3
    successThreshold: 1
  ## @param frontend.startupProbe.enabled Enable startupProbe on frontend containers
  ## @param frontend.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
  ## @param frontend.startupProbe.periodSeconds Period seconds for startupProbe
  ## @param frontend.startupProbe.timeoutSeconds Timeout seconds for startupProbe
  ## @param frontend.startupProbe.failureThreshold Failure threshold for startupProbe
  ## @param frontend.startupProbe.successThreshold Success threshold for startupProbe
  ##
  startupProbe:
    enabled: false
    initialDelaySeconds: 0
    periodSeconds: 1
    timeoutSeconds: 1
    failureThreshold: 60
    successThreshold: 1
  ## @param frontend.customLivenessProbe Custom livenessProbe that overrides the default one
  ##
  customLivenessProbe: {}
  ## @param frontend.customReadinessProbe Custom readinessProbe that overrides the default one
  ##
  customReadinessProbe: {}
  ## @param frontend.customStartupProbe Custom startupProbe that overrides the default one
  ##
  customStartupProbe: {}
  ## frontend resource requests and limits
  ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
  ## @param frontend.resourcesPreset Set frontend container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if frontend.resources is set (frontend.resources is recommended for production).
  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
  ##
  resourcesPreset: "nano"
  ## @param frontend.resources Set frontend container requests and limits for different resources like CPU or memory (essential for production workloads)
  ## Example:
  ## resources:
  ##   requests:
  ##     cpu: 2
  ##     memory: 512Mi
  ##   limits:
  ##     cpu: 3
  ##     memory: 1024Mi
  ##
  resources: {}
  ## Configure Pods Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
  ## @param frontend.podSecurityContext.enabled Enable frontend pods' Security Context
  ## @param frontend.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for frontend pods
  ## @param frontend.podSecurityContext.sysctls Set kernel settings using the sysctl interface for frontend pods
  ## @param frontend.podSecurityContext.supplementalGroups Set filesystem extra groups for frontend pods
  ## @param frontend.podSecurityContext.fsGroup Set fsGroup in frontend pods' Security Context
  ##
  podSecurityContext:
    enabled: false # The default shuffle frontend image does not support running as non-root, because /etc/nginx/nginx.conf is written on startup
    fsGroupChangePolicy: Always
    sysctls: []
    supplementalGroups: []
    fsGroup: 1001

  ## Configure Container Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
  ## @param frontend.containerSecurityContext.enabled Enabled frontend container' Security Context
  ## @param frontend.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in frontend container
  ## @param frontend.containerSecurityContext.runAsUser Set runAsUser in frontend container' Security Context
  ## @param frontend.containerSecurityContext.runAsGroup Set runAsGroup in frontend container' Security Context
  ## @param frontend.containerSecurityContext.runAsNonRoot Set runAsNonRoot in frontend container' Security Context
  ## @param frontend.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in frontend container' Security Context
  ## @param frontend.containerSecurityContext.privileged Set privileged in frontend container' Security Context
  ## @param frontend.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in frontend container' Security Context
  ## @param frontend.containerSecurityContext.capabilities.drop List of capabilities to be dropped in frontend container
  ## @param frontend.containerSecurityContext.seccompProfile.type Set seccomp profile in frontend container
  ##
  containerSecurityContext:
    enabled: false # The default shuffle frontend image does not support running as non-root, because /etc/nginx/nginx.conf is written on startup
    seLinuxOptions: {}
    runAsUser: 1001
    runAsGroup: 1001
    runAsNonRoot: true
    readOnlyRootFilesystem: true
    privileged: false
    allowPrivilegeEscalation: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: "RuntimeDefault"

  ## @param frontend.command Override default frontend container command (useful when using custom images)
  ##
  command: []
  ## @param frontend.args Override default frontend container args (useful when using custom images)
  ##
  args: []
  ## @param frontend.automountServiceAccountToken Mount Service Account token in frontend pods
  ##
  automountServiceAccountToken: false
  ## @param frontend.hostAliases frontend pods host aliases
  ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
  ##
  hostAliases: []
  ## @param frontend.deploymentAnnotations Annotations for frontend deployment
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  deploymentAnnotations: {}
  ## @param frontend.podLabels Extra labels for frontend pods
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
  ##
  podLabels: {}
  ## @param frontend.podAnnotations Annotations for frontend pods
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## @param frontend.podAffinityPreset Pod affinity preset. Ignored if `frontend.affinity` is set. Allowed values: `soft` or `hard`
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ##
  podAffinityPreset: ""
  ## @param frontend.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `frontend.affinity` is set. Allowed values: `soft` or `hard`
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ##
  podAntiAffinityPreset: soft
  ## Node frontend.affinity preset
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
  ##
  nodeAffinityPreset:
    ## @param frontend.nodeAffinityPreset.type Node affinity preset type. Ignored if `frontend.affinity` is set. Allowed values: `soft` or `hard`
    ##
    type: ""
    ## @param frontend.nodeAffinityPreset.key Node label key to match. Ignored if `frontend.affinity` is set
    ##
    key: ""
    ## @param frontend.nodeAffinityPreset.values Node label values to match. Ignored if `frontend.affinity` is set
    ## E.g.
    ## values:
    ##   - e2e-az1
    ##   - e2e-az2
    ##
    values: []
  ## @param frontend.affinity Affinity for frontend pods assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ## NOTE: `frontend.podAffinityPreset`, `frontend.podAntiAffinityPreset`, and `frontend.nodeAffinityPreset` will be ignored when it's set
  ##
  affinity: {}
  ## @param frontend.nodeSelector Node labels for frontend pods assignment
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
  ##
  nodeSelector: {}
  ## @param frontend.tolerations Tolerations for frontend pods assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## @param frontend.updateStrategy.type frontend deployment strategy type
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
  ##
  updateStrategy:
    ## Can be set to RollingUpdate or Recreate
    ##
    type: RollingUpdate
  ## @param frontend.priorityClassName frontend pods' priorityClassName
  ##
  priorityClassName: ""
  ## @param frontend.topologySpreadConstraints Topology Spread Constraints for frontend pod assignment spread across your cluster among failure-domains
  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
  ##
  topologySpreadConstraints: []
  ## @param frontend.schedulerName Name of the k8s scheduler (other than default) for frontend pods
  ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
  ##
  schedulerName: ""
  ## @param frontend.terminationGracePeriodSeconds Seconds frontend pods need to terminate gracefully
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
  ##
  terminationGracePeriodSeconds: ""
  ## @param frontend.lifecycleHooks for frontend containers to automate configuration before or after startup
  ##
  lifecycleHooks: {}
  ## @param frontend.extraEnvVars Array with extra environment variables to add to frontend containers
  ## e.g:
  ## extraEnvVars:
  ##   - name: FOO
  ##     value: "bar"
  ##
  extraEnvVars: []
  ## @param frontend.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for frontend containers
  ##
  extraEnvVarsCM: ""
  ## @param frontend.extraEnvVarsSecret Name of existing Secret containing extra env vars for frontend containers
  ##
  extraEnvVarsSecret: ""
  ## @param frontend.extraVolumes Optionally specify extra list of additional volumes for the frontend pods
  ##
  extraVolumes: []
  ## @param frontend.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the frontend containers
  ##
  extraVolumeMounts: []
  ## @param frontend.sidecars Add additional sidecar containers to the frontend pods
  ## e.g:
  ## sidecars:
  ##   - name: your-image-name
  ##     image: your-image
  ##     imagePullPolicy: Always
  ##     ports:
  ##       - name: portname
  ##         containerPort: 1234
  ##
  sidecars: []
  ## @param frontend.initContainers Add additional init containers to the frontend pods
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
  ## e.g:
  ## initContainers:
  ##  - name: your-image-name
  ##    image: your-image
  ##    imagePullPolicy: Always
  ##    command: ['sh', '-c', 'echo "hello world"']
  ##
  initContainers: []
  ## Pod Disruption Budget configuration
  ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
  ## @param frontend.pdb.create Enable/disable a Pod Disruption Budget creation
  ## @param frontend.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
  ## @param frontend.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `frontend.pdb.minAvailable` and `frontend.pdb.maxUnavailable` are empty.
  ##
  pdb:
    create: true
    minAvailable: ""
    maxUnavailable: ""
  ## Autoscaling configuration
  ## ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/
  ##
  autoscaling:
    ## @param frontend.autoscaling.vpa.enabled Enable VPA for frontend pods
    ## @param frontend.autoscaling.vpa.annotations Annotations for VPA resource
    ## @param frontend.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
    ## @param frontend.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod
    ## @param frontend.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod
    ##
    vpa:
      enabled: false
      annotations: {}
      controlledResources: []
      maxAllowed: {}
      minAllowed: {}
      ## @param frontend.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy
      ## Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod
      ## Possible values are "Off", "Initial", "Recreate", and "Auto".
      ##
      updatePolicy:
        updateMode: Auto
    ## @param frontend.autoscaling.hpa.enabled Enable HPA for frontend pods
    ## @param frontend.autoscaling.hpa.minReplicas Minimum number of replicas
    ## @param frontend.autoscaling.hpa.maxReplicas Maximum number of replicas
    ## @param frontend.autoscaling.hpa.targetCPU Target CPU utilization percentage
    ## @param frontend.autoscaling.hpa.targetMemory Target Memory utilization percentage
    ##
    hpa:
      enabled: false
      minReplicas: ""
      maxReplicas: ""
      targetCPU: ""
      targetMemory: ""

  ## Service configuration
  ##
  service:
    ## @param frontend.service.labels Extra labels for frontend service
    ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
    ##
    labels: {}

  ## ServiceAccount configuration
  ##
  serviceAccount:
    ## @param frontend.serviceAccount.create Specifies whether a ServiceAccount should be created
    ##
    create: true
    ## @param frontend.serviceAccount.name The name of the ServiceAccount to use.
    ## If not set and create is true, a name is generated using the common.names.fullname template
    ##
    name: ""
    ## @param frontend.serviceAccount.annotations Additional Service Account annotations (evaluated as a template)
    ##
    annotations: {}
    ## @param frontend.serviceAccount.automountServiceAccountToken Automount service account token for the frontend service account
    ##
    automountServiceAccountToken: true
    ## @param frontend.serviceAccount.imagePullSecrets Add image pull secrets to the frontend service account
    ##
    imagePullSecrets: []

  ## Network Policies
  ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
  ##
  networkPolicy:
    ## @param frontend.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
    ##
    enabled: true
    ## @param frontend.networkPolicy.allowExternal Don't require server label for connections
    ## The Policy model to apply. When set to false, only pods with the correct
    ## server label will have network access to the ports server is listening
    ## on. When true, server will accept connections from any source
    ## (with the correct destination port).
    ##
    allowExternal: true
    ## @param frontend.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
    ##
    allowExternalEgress: true
    ## @param frontend.networkPolicy.extraIngress Add extra ingress rules to the NetworkPolicy
    ## NOTE: You likely want to allow access from your ingress, e.g.:
    ## extraIngress:
    ## - ports:
    ##     - protocol: TCP
    ##       port: 5001
    ##   from:
    ##     - namespaceSelector:
    ##         matchLabels:
    ##           kubernetes.io/metadata.name: istio-ingress
    ##       podSelector:
    ##         matchLabels:
    ##           istio: ingress
    ##
    extraIngress: []
    ## @param frontend.networkPolicy.extraEgress Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
    ##
    extraEgress: []

## @section orborus Parameters
##
orborus:
  ## orborus image
  ## @param orborus.image.registry orborus image registry
  ## @param orborus.image.repository orborus image repository
  ## @param orborus.image.tag orborus image tag (immutable tags are recommended, defaults to appVersion)
  ## @param orborus.image.digest orborus image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)
  ## @param orborus.image.pullPolicy orborus image pull policy
  ## @param orborus.image.pullSecrets orborus image pull secrets
  ##
  image:
    registry: ghcr.io
    repository: shuffle/shuffle-orborus
    tag: ""
    digest: ""
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
    ##
    pullPolicy: IfNotPresent
    ## Optionally specify an array of imagePullSecrets.
    ## Secrets must be manually created in the namespace.
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
    ## e.g:
    ## pullSecrets:
    ##   - myRegistryKeySecretName
    ##
    pullSecrets: []
  ## @param orborus.replicaCount Number of orborus replicas to deploy
  ##
  replicaCount: 1
  ## @param orborus.extraContainerPorts Optionally specify extra list of additional ports for orborus containers
  ## e.g:
  ## extraContainerPorts:
  ##   - name: myservice
  ##     containerPort: 9090
  ##
  extraContainerPorts: []
  ## Configure extra options for orborus containers' liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
  ## @param orborus.livenessProbe.enabled Enable livenessProbe on orborus containers
  ## @param orborus.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
  ## @param orborus.livenessProbe.periodSeconds Period seconds for livenessProbe
  ## @param orborus.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
  ## @param orborus.livenessProbe.failureThreshold Failure threshold for livenessProbe
  ## @param orborus.livenessProbe.successThreshold Success threshold for livenessProbe
  ##
  livenessProbe:
    enabled: false
    initialDelaySeconds: 0
    periodSeconds: 15
    timeoutSeconds: 1
    failureThreshold: 4
    successThreshold: 1
  ## @param orborus.readinessProbe.enabled Enable readinessProbe on orborus containers
  ## @param orborus.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
  ## @param orborus.readinessProbe.periodSeconds Period seconds for readinessProbe
  ## @param orborus.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
  ## @param orborus.readinessProbe.failureThreshold Failure threshold for readinessProbe
  ## @param orborus.readinessProbe.successThreshold Success threshold for readinessProbe
  ##
  readinessProbe:
    enabled: false
    initialDelaySeconds: 0
    periodSeconds: 5
    timeoutSeconds: 1
    failureThreshold: 3
    successThreshold: 1
  ## @param orborus.startupProbe.enabled Enable startupProbe on orborus containers
  ## @param orborus.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
  ## @param orborus.startupProbe.periodSeconds Period seconds for startupProbe
  ## @param orborus.startupProbe.timeoutSeconds Timeout seconds for startupProbe
  ## @param orborus.startupProbe.failureThreshold Failure threshold for startupProbe
  ## @param orborus.startupProbe.successThreshold Success threshold for startupProbe
  ##
  startupProbe:
    enabled: false
    initialDelaySeconds: 0
    periodSeconds: 1
    timeoutSeconds: 1
    failureThreshold: 60
    successThreshold: 1
  ## @param orborus.customLivenessProbe Custom livenessProbe that overrides the default one
  ##
  customLivenessProbe: {}
  ## @param orborus.customReadinessProbe Custom readinessProbe that overrides the default one
  ##
  customReadinessProbe: {}
  ## @param orborus.customStartupProbe Custom startupProbe that overrides the default one
  ##
  customStartupProbe: {}
  ## orborus resource requests and limits
  ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
  ## @param orborus.resourcesPreset Set orborus container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if orborus.resources is set (orborus.resources is recommended for production).
  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
  ##
  resourcesPreset: "nano"
  ## @param orborus.resources Set orborus container requests and limits for different resources like CPU or memory (essential for production workloads)
  ## Example:
  ## resources:
  ##   requests:
  ##     cpu: 2
  ##     memory: 512Mi
  ##   limits:
  ##     cpu: 3
  ##     memory: 1024Mi
  ##
  resources: {}
  ## Configure Pods Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
  ## @param orborus.podSecurityContext.enabled Enable orborus pods' Security Context
  ## @param orborus.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for orborus pods
  ## @param orborus.podSecurityContext.sysctls Set kernel settings using the sysctl interface for orborus pods
  ## @param orborus.podSecurityContext.supplementalGroups Set filesystem extra groups for orborus pods
  ## @param orborus.podSecurityContext.fsGroup Set fsGroup in orborus pods' Security Context
  ##
  podSecurityContext:
    enabled: true
    fsGroupChangePolicy: Always
    sysctls: []
    supplementalGroups: []
    fsGroup: 1001
  ## Configure Container Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
  ## @param orborus.containerSecurityContext.enabled Enabled orborus container' Security Context
  ## @param orborus.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in orborus container
  ## @param orborus.containerSecurityContext.runAsUser Set runAsUser in orborus container' Security Context
  ## @param orborus.containerSecurityContext.runAsGroup Set runAsGroup in orborus container' Security Context
  ## @param orborus.containerSecurityContext.runAsNonRoot Set runAsNonRoot in orborus container' Security Context
  ## @param orborus.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in orborus container' Security Context
  ## @param orborus.containerSecurityContext.privileged Set privileged in orborus container' Security Context
  ## @param orborus.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in orborus container' Security Context
  ## @param orborus.containerSecurityContext.capabilities.drop List of capabilities to be dropped in orborus container
  ## @param orborus.containerSecurityContext.seccompProfile.type Set seccomp profile in orborus container
  ##
  containerSecurityContext:
    enabled: true
    seLinuxOptions: {}
    runAsUser: 1001
    runAsGroup: 1001
    runAsNonRoot: true
    readOnlyRootFilesystem: true
    privileged: false
    allowPrivilegeEscalation: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: "RuntimeDefault"

  ## @param orborus.command Override default orborus container command (useful when using custom images)
  ##
  command: []
  ## @param orborus.args Override default orborus container args (useful when using custom images)
  ##
  args: []
  ## @param orborus.automountServiceAccountToken Mount Service Account token in orborus pods
  ## NOTE: orborus requires the service account credentials to be mounted if manageWorkerDeployments is enabled.
  ##
  automountServiceAccountToken: true
  ## @param orborus.hostAliases orborus pods host aliases
  ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
  ##
  hostAliases: []
  ## @param orborus.deploymentAnnotations Annotations for orborus deployment
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  deploymentAnnotations: {}
  ## @param orborus.podLabels Extra labels for orborus pods
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
  ##
  podLabels: {}
  ## @param orborus.podAnnotations Annotations for orborus pods
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## @param orborus.podAffinityPreset Pod affinity preset. Ignored if `orborus.affinity` is set. Allowed values: `soft` or `hard`
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ##
  podAffinityPreset: ""
  ## @param orborus.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `orborus.affinity` is set. Allowed values: `soft` or `hard`
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ##
  podAntiAffinityPreset: soft
  ## Node orborus.affinity preset
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
  ##
  nodeAffinityPreset:
    ## @param orborus.nodeAffinityPreset.type Node affinity preset type. Ignored if `orborus.affinity` is set. Allowed values: `soft` or `hard`
    ##
    type: ""
    ## @param orborus.nodeAffinityPreset.key Node label key to match. Ignored if `orborus.affinity` is set
    ##
    key: ""
    ## @param orborus.nodeAffinityPreset.values Node label values to match. Ignored if `orborus.affinity` is set
    ## E.g.
    ## values:
    ##   - e2e-az1
    ##   - e2e-az2
    ##
    values: []
  ## @param orborus.affinity Affinity for orborus pods assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ## NOTE: `orborus.podAffinityPreset`, `orborus.podAntiAffinityPreset`, and `orborus.nodeAffinityPreset` will be ignored when it's set
  ##
  affinity: {}
  ## @param orborus.nodeSelector Node labels for orborus pods assignment
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
  ##
  nodeSelector: {}
  ## @param orborus.tolerations Tolerations for orborus pods assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## @param orborus.updateStrategy.type orborus deployment strategy type
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
  ##
  updateStrategy:
    ## Can be set to RollingUpdate or Recreate
    ##
    type: RollingUpdate
  ## @param orborus.priorityClassName orborus pods' priorityClassName
  ##
  priorityClassName: ""
  ## @param orborus.topologySpreadConstraints Topology Spread Constraints for orborus pod assignment spread across your cluster among failure-domains
  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
  ##
  topologySpreadConstraints: []
  ## @param orborus.schedulerName Name of the k8s scheduler (other than default) for orborus pods
  ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
  ##
  schedulerName: ""
  ## @param orborus.terminationGracePeriodSeconds Seconds orborus pods need to terminate gracefully
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
  ##
  terminationGracePeriodSeconds: ""
  ## @param orborus.lifecycleHooks for orborus containers to automate configuration before or after startup
  ##
  lifecycleHooks: {}
  ## @param orborus.extraEnvVars Array with extra environment variables to add to orborus containers
  ## e.g:
  ## extraEnvVars:
  ##   - name: FOO
  ##     value: "bar"
  ##
  extraEnvVars: []
  ## @param orborus.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for orborus containers
  ##
  extraEnvVarsCM: ""
  ## @param orborus.extraEnvVarsSecret Name of existing Secret containing extra env vars for orborus containers
  ##
  extraEnvVarsSecret: ""
  ## @param orborus.extraVolumes Optionally specify extra list of additional volumes for the orborus pods
  ##
  extraVolumes: []
  ## @param orborus.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the orborus containers
  ##
  extraVolumeMounts: []
  ## @param orborus.sidecars Add additional sidecar containers to the orborus pods
  ## e.g:
  ## sidecars:
  ##   - name: your-image-name
  ##     image: your-image
  ##     imagePullPolicy: Always
  ##     ports:
  ##       - name: portname
  ##         containerPort: 1234
  ##
  sidecars: []
  ## @param orborus.initContainers Add additional init containers to the orborus pods
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
  ## e.g:
  ## initContainers:
  ##  - name: your-image-name
  ##    image: your-image
  ##    imagePullPolicy: Always
  ##    command: ['sh', '-c', 'echo "hello world"']
  ##
  initContainers: []
  ## Pod Disruption Budget configuration
  ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
  ## @param orborus.pdb.create Enable/disable a Pod Disruption Budget creation
  ## @param orborus.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
  ## @param orborus.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `orborus.pdb.minAvailable` and `orborus.pdb.maxUnavailable` are empty.
  ##
  pdb:
    create: true
    minAvailable: ""
    maxUnavailable: ""
  ## Autoscaling configuration
  ## ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/
  ##
  autoscaling:
    ## @param orborus.autoscaling.vpa.enabled Enable VPA for orborus pods
    ## @param orborus.autoscaling.vpa.annotations Annotations for VPA resource
    ## @param orborus.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
    ## @param orborus.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod
    ## @param orborus.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod
    ##
    vpa:
      enabled: false
      annotations: {}
      controlledResources: []
      maxAllowed: {}
      minAllowed: {}
      ## @param orborus.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy
      ## Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod
      ## Possible values are "Off", "Initial", "Recreate", and "Auto".
      ##
      updatePolicy:
        updateMode: Auto
    ## @param orborus.autoscaling.hpa.enabled Enable HPA for orborus pods
    ## @param orborus.autoscaling.hpa.minReplicas Minimum number of replicas
    ## @param orborus.autoscaling.hpa.maxReplicas Maximum number of replicas
    ## @param orborus.autoscaling.hpa.targetCPU Target CPU utilization percentage
    ## @param orborus.autoscaling.hpa.targetMemory Target Memory utilization percentage
    ##
    hpa:
      enabled: false
      minReplicas: ""
      maxReplicas: ""
      targetCPU: ""
      targetMemory: ""

  ## ServiceAccount configuration
  ##
  serviceAccount:
    ## @param orborus.serviceAccount.create Specifies whether a ServiceAccount should be created
    ##
    create: true
    ## @param orborus.serviceAccount.name The name of the ServiceAccount to use.
    ## If not set and create is true, a name is generated using the common.names.fullname template
    ##
    name: ""
    ## @param orborus.serviceAccount.annotations Additional Service Account annotations (evaluated as a template)
    ##
    annotations: {}
    ## @param orborus.serviceAccount.automountServiceAccountToken Automount service account token for the orborus service account
    ##
    automountServiceAccountToken: true
    ## @param orborus.serviceAccount.imagePullSecrets Add image pull secrets to the orborus service account
    ##
    imagePullSecrets: []

  ## RBAC configuration
  ##
  rbac:
    ## @param orborus.rbac.create Specifies whether RBAC resources should be created
    create: true

  ## Network Policies
  ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
  ##
  networkPolicy:
    ## @param orborus.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
    ##
    enabled: true
    ## @param orborus.networkPolicy.allowExternal Don't require server label for connections
    ## The Policy model to apply. When set to false, only pods with the correct
    ## server label will have network access to the ports server is listening
    ## on. When true, server will accept connections from any source
    ## (with the correct destination port).
    ##
    allowExternal: true
    ## @param orborus.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
    ##
    allowExternalEgress: true
    ## @param orborus.networkPolicy.extraIngress Add extra ingress rules to the NetworkPolicy
    ##
    extraIngress: []
    ## @param orborus.networkPolicy.extraEgress Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
    ## NOTE: You likely want to allow access to cluster-proxies, e.g:
    ## extraEgress:
    ## - to:
    ##     - namespaceSelector:
    ##         matchLabels:
    ##           kubernetes.io/metadata.name: istio-system
    ##       podSelector:
    ##         matchLabels:
    ##           istio: pilot
    ##
    extraEgress: []

  ## @param orborus.executionConcurrency The maximum amount of concurrent workflow executions per worker
  ##
  executionConcurrency: 25

  ## @param orborus.manageWorkerDeployments Whether workers are deployed and managed by orborus. When disabled, every worker is expected to be already deployed (see worker.enableHelmDeployment).
  ## This effectively removes required RBAC permissions from the shuffle-orborus service account to create deployments and services.
  ## Orborus might still attempt to create kubernetes objects, resulting in an error. There is currently no way to tell orborus, that it should not manage k8s resources.
  ## You likely want to disable worker.enableHelmDeployment when enabling this.
  manageWorkerDeployments: true

## @section worker Parameters
##
worker:
  ## @param worker.enableHelmDeployment Deploy worker via helm. By default, workers are deployed by Orborus.
  ## You might want to disable orborus.manageWorkerDeployments when enabling this.
  enableHelmDeployment: false

  ## worker image
  ## @param worker.image.registry worker image registry
  ## @param worker.image.repository worker image repository
  ## @param worker.image.tag worker image tag (immutable tags are recommended, defaults to appVersion)
  ## @param worker.image.digest worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)
  ## @param worker.image.pullPolicy worker image pull policy. Only effective with worker.enableHelmDeployment.
  ## @param worker.image.pullSecrets worker image pull secrets. Only effective with worker.enableHelmDeployment.
  ##
  image:
    registry: ghcr.io
    repository: shuffle/shuffle-worker
    tag: ""
    digest: ""
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
    ##
    pullPolicy: IfNotPresent
    ## Optionally specify an array of imagePullSecrets.
    ## Secrets must be manually created in the namespace.
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
    ## e.g:
    ## pullSecrets:
    ##   - myRegistryKeySecretName
    ##
    pullSecrets: []
  ## @param worker.replicaCount Number of worker replicas to deploy. Only effective with worker.enableHelmDeployment.
  ##
  replicaCount: 1
  ## @param worker.containerPorts.http backend HTTP container port
  ##
  containerPorts:
    http: 33333
  ## @param worker.extraContainerPorts Optionally specify extra list of additional ports for worker containers. Only effective with worker.enableHelmDeployment.
  ## e.g:
  ## extraContainerPorts:
  ##   - name: myservice
  ##     containerPort: 9090
  ##
  extraContainerPorts: []
  ## Configure extra options for worker containers' liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
  ## @param worker.livenessProbe.enabled Enable livenessProbe on worker containers. Only effective with worker.enableHelmDeployment.
  ## @param worker.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
  ## @param worker.livenessProbe.periodSeconds Period seconds for livenessProbe
  ## @param worker.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
  ## @param worker.livenessProbe.failureThreshold Failure threshold for livenessProbe
  ## @param worker.livenessProbe.successThreshold Success threshold for livenessProbe
  ##
  livenessProbe:
    enabled: false
    initialDelaySeconds: 0
    periodSeconds: 15
    timeoutSeconds: 1
    failureThreshold: 4
    successThreshold: 1
  ## @param worker.readinessProbe.enabled Enable readinessProbe on worker containers. Only effective with worker.enableHelmDeployment.
  ## @param worker.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
  ## @param worker.readinessProbe.periodSeconds Period seconds for readinessProbe
  ## @param worker.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
  ## @param worker.readinessProbe.failureThreshold Failure threshold for readinessProbe
  ## @param worker.readinessProbe.successThreshold Success threshold for readinessProbe
  ##
  readinessProbe:
    enabled: false
    initialDelaySeconds: 0
    periodSeconds: 5
    timeoutSeconds: 1
    failureThreshold: 3
    successThreshold: 1
  ## @param worker.startupProbe.enabled Enable startupProbe on worker containers. Only effective with worker.enableHelmDeployment.
  ## @param worker.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
  ## @param worker.startupProbe.periodSeconds Period seconds for startupProbe
  ## @param worker.startupProbe.timeoutSeconds Timeout seconds for startupProbe
  ## @param worker.startupProbe.failureThreshold Failure threshold for startupProbe
  ## @param worker.startupProbe.successThreshold Success threshold for startupProbe
  ##
  startupProbe:
    enabled: false
    initialDelaySeconds: 0
    periodSeconds: 1
    timeoutSeconds: 1
    failureThreshold: 60
    successThreshold: 1
  ## @param worker.customLivenessProbe Custom livenessProbe that overrides the default one. Only effective with worker.enableHelmDeployment.
  ##
  customLivenessProbe: {}
  ## @param worker.customReadinessProbe Custom readinessProbe that overrides the default one. Only effective with worker.enableHelmDeployment.
  ##
  customReadinessProbe: {}
  ## @param worker.customStartupProbe Custom startupProbe that overrides the default one. Only effective with worker.enableHelmDeployment.
  ##
  customStartupProbe: {}
  ## worker resource requests and limits
  ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
  ## @param worker.resourcesPreset Set worker container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if worker.resources is set (worker.resources is recommended for production).
  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
  ##
  resourcesPreset: "nano"
  ## @param worker.resources Set worker container requests and limits for different resources like CPU or memory (essential for production workloads)
  ## Example:
  ## resources:
  ##   requests:
  ##     cpu: 2
  ##     memory: 512Mi
  ##   limits:
  ##     cpu: 3
  ##     memory: 1024Mi
  ##
  resources: {}

  ## Configure Pods Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
  ## @param worker.podSecurityContext.enabled Enable worker pods' Security Context
  ## @param worker.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for worker pods
  ## @param worker.podSecurityContext.sysctls Set kernel settings using the sysctl interface for worker pods
  ## @param worker.podSecurityContext.supplementalGroups Set filesystem extra groups for worker pods
  ## @param worker.podSecurityContext.fsGroup Set fsGroup in worker pods' Security Context
  ##
  podSecurityContext:
    enabled: true
    fsGroupChangePolicy: Always
    sysctls: []
    supplementalGroups: []
    fsGroup: 1001

  ## Configure Container Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
  ## @param worker.containerSecurityContext.enabled Enabled worker container' Security Context
  ## @param worker.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in worker container
  ## @param worker.containerSecurityContext.runAsUser Set runAsUser in worker container' Security Context
  ## @param worker.containerSecurityContext.runAsGroup Set runAsGroup in worker container' Security Context
  ## @param worker.containerSecurityContext.runAsNonRoot Set runAsNonRoot in worker container' Security Context
  ## @param worker.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in worker container' Security Context
  ## @param worker.containerSecurityContext.privileged Set privileged in worker container' Security Context
  ## @param worker.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in worker container' Security Context
  ## @param worker.containerSecurityContext.capabilities.drop List of capabilities to be dropped in worker container
  ## @param worker.containerSecurityContext.seccompProfile.type Set seccomp profile in worker container
  ##
  containerSecurityContext:
    enabled: true
    seLinuxOptions: {}
    runAsUser: 1001
    runAsGroup: 1001
    runAsNonRoot: true
    readOnlyRootFilesystem: true
    privileged: false
    allowPrivilegeEscalation: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: "RuntimeDefault"
  ## @param worker.command Override default worker container command (useful when using custom images). Only effective with worker.enableHelmDeployment.
  ##
  command: []
  ## @param worker.args Override default worker container args (useful when using custom images). Only effective with worker.enableHelmDeployment.
  ##
  args: []
  ## @param worker.automountServiceAccountToken Mount Service Account token in worker pods. Only effective with worker.enableHelmDeployment.
  ## NOTE: worker requires the service account credentials to be mounted if manageAppDeployments is enabled.
  ##
  automountServiceAccountToken: true
  ## @param worker.hostAliases worker pods host aliases. Only effective with worker.enableHelmDeployment.
  ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
  ##
  hostAliases: []
  ## @param worker.deploymentAnnotations Annotations for worker deployment. Only effective with worker.enableHelmDeployment.
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  deploymentAnnotations: {}
  ## @param worker.podLabels Extra labels for worker pods. Only effective with worker.enableHelmDeployment.
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
  ##
  podLabels: {}
  ## @param worker.podAnnotations Annotations for worker pods. Only effective with worker.enableHelmDeployment.
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## @param worker.podAffinityPreset Pod affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`. Only effective with worker.enableHelmDeployment.
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ##
  podAffinityPreset: ""
  ## @param worker.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`. Only effective with worker.enableHelmDeployment.
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ##
  podAntiAffinityPreset: soft
  ## Node worker.affinity preset
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
  ##
  nodeAffinityPreset:
    ## @param worker.nodeAffinityPreset.type Node affinity preset type. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`. Only effective with worker.enableHelmDeployment.
    ##
    type: ""
    ## @param worker.nodeAffinityPreset.key Node label key to match. Ignored if `worker.affinity` is set
    ##
    key: ""
    ## @param worker.nodeAffinityPreset.values Node label values to match. Ignored if `worker.affinity` is set
    ## E.g.
    ## values:
    ##   - e2e-az1
    ##   - e2e-az2
    ##
    values: []
  ## @param worker.affinity Affinity for worker pods assignment. Only effective with worker.enableHelmDeployment.
  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ## NOTE: `worker.podAffinityPreset`, `worker.podAntiAffinityPreset`, and `worker.nodeAffinityPreset` will be ignored when it's set
  ##
  affinity: {}
  ## @param worker.nodeSelector Node labels for worker pods assignment. Only effective with worker.enableHelmDeployment.
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
  ##
  nodeSelector: {}
  ## @param worker.tolerations Tolerations for worker pods assignment. Only effective with worker.enableHelmDeployment.
  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## @param worker.updateStrategy.type worker deployment strategy type. Only effective with worker.enableHelmDeployment.
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
  ##
  updateStrategy:
    ## Can be set to RollingUpdate or Recreate
    ##
    type: RollingUpdate
  ## @param worker.priorityClassName worker pods' priorityClassName. Only effective with worker.enableHelmDeployment.
  ##
  priorityClassName: ""
  ## @param worker.topologySpreadConstraints Topology Spread Constraints for worker pod assignment spread across your cluster among failure-domains. Only effective with worker.enableHelmDeployment.
  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
  ##
  topologySpreadConstraints: []
  ## @param worker.schedulerName Name of the k8s scheduler (other than default) for worker pods. Only effective with worker.enableHelmDeployment.
  ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
  ##
  schedulerName: ""
  ## @param worker.terminationGracePeriodSeconds Seconds worker pods need to terminate gracefully. Only effective with worker.enableHelmDeployment.
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
  ##
  terminationGracePeriodSeconds: ""
  ## @param worker.lifecycleHooks for worker containers to automate configuration before or after startup. Only effective with worker.enableHelmDeployment.
  ##
  lifecycleHooks: {}
  ## @param worker.extraEnvVars Array with extra environment variables to add to worker containers. Only effective with worker.enableHelmDeployment.
  ## e.g:
  ## extraEnvVars:
  ##   - name: FOO
  ##     value: "bar"
  ##
  extraEnvVars: []
  ## @param worker.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for worker containers. Only effective with worker.enableHelmDeployment.
  ##
  extraEnvVarsCM: ""
  ## @param worker.extraEnvVarsSecret Name of existing Secret containing extra env vars for worker containers. Only effective with worker.enableHelmDeployment.
  ##
  extraEnvVarsSecret: ""
  ## @param worker.extraVolumes Optionally specify extra list of additional volumes for the worker pods. Only effective with worker.enableHelmDeployment.
  ##
  extraVolumes: []
  ## @param worker.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the worker containers. Only effective with worker.enableHelmDeployment.
  ##
  extraVolumeMounts: []
  ## @param worker.sidecars Add additional sidecar containers to the worker pods. Only effective with worker.enableHelmDeployment.
  ## e.g:
  ## sidecars:
  ##   - name: your-image-name
  ##     image: your-image
  ##     imagePullPolicy: Always
  ##     ports:
  ##       - name: portname
  ##         containerPort: 1234
  ##
  sidecars: []
  ## @param worker.initContainers Add additional init containers to the worker pods. Only effective with worker.enableHelmDeployment.
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
  ## e.g:
  ## initContainers:
  ##  - name: your-image-name
  ##    image: your-image
  ##    imagePullPolicy: Always
  ##    command: ['sh', '-c', 'echo "hello world"']
  ##
  initContainers: []
  ## Pod Disruption Budget configuration
  ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
  ## @param worker.pdb.create Enable/disable a Pod Disruption Budget creation. Only effective with worker.enableHelmDeployment.
  ## @param worker.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
  ## @param worker.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `worker.pdb.minAvailable` and `worker.pdb.maxUnavailable` are empty.
  ##
  pdb:
    create: true
    minAvailable: ""
    maxUnavailable: ""
  ## Autoscaling configuration
  ## ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/
  ##
  autoscaling:
    ## @param worker.autoscaling.vpa.enabled Enable VPA for worker pods. Only effective with worker.enableHelmDeployment.
    ## @param worker.autoscaling.vpa.annotations Annotations for VPA resource
    ## @param worker.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
    ## @param worker.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod
    ## @param worker.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod
    ##
    vpa:
      enabled: false
      annotations: {}
      controlledResources: []
      maxAllowed: {}
      minAllowed: {}
      ## @param worker.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy
      ## Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod
      ## Possible values are "Off", "Initial", "Recreate", and "Auto".
      ##
      updatePolicy:
        updateMode: Auto
    ## @param worker.autoscaling.hpa.enabled Enable HPA for worker pods. Only effective with worker.enableHelmDeployment.
    ## @param worker.autoscaling.hpa.minReplicas Minimum number of replicas
    ## @param worker.autoscaling.hpa.maxReplicas Maximum number of replicas
    ## @param worker.autoscaling.hpa.targetCPU Target CPU utilization percentage
    ## @param worker.autoscaling.hpa.targetMemory Target Memory utilization percentage
    ##
    hpa:
      enabled: false
      minReplicas: ""
      maxReplicas: ""
      targetCPU: ""
      targetMemory: ""

  ## Service configuration
  ##
  service:
    ## @param worker.service.labels Extra labels for worker service. Only effective with worker.enableHelmDeployment.
    ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
    ##
    labels: {}

  ## ServiceAccount configuration
  ##
  serviceAccount:
    ## @param worker.serviceAccount.create Specifies whether a ServiceAccount should be created
    ##
    create: true
    ## @param worker.serviceAccount.name The name of the ServiceAccount to use.
    ## If not set and create is true, a name is generated using the common.names.fullname template
    ##
    name: ""
    ## @param worker.serviceAccount.annotations Additional Service Account annotations (evaluated as a template)
    ##
    annotations: {}
    ## @param worker.serviceAccount.automountServiceAccountToken Automount service account token for the worker service account
    ##
    automountServiceAccountToken: true
    ## @param worker.serviceAccount.imagePullSecrets Add image pull secrets to the worker service account
    ##
    imagePullSecrets: []

  ## RBAC configuration
  ##
  rbac:
    ## @param worker.rbac.create Specifies whether RBAC resources should be created
    create: true

  ## Network Policies
  ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
  ##
  networkPolicy:
    ## @param worker.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
    ##
    enabled: true
    ## @param worker.networkPolicy.allowExternal Don't require server label for connections
    ## The Policy model to apply. When set to false, only pods with the correct
    ## server label will have network access to the ports server is listening
    ## on. When true, server will accept connections from any source
    ## (with the correct destination port).
    ##
    allowExternal: true
    ## @param worker.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
    ##
    allowExternalEgress: true
    ## @param worker.networkPolicy.extraIngress Add extra ingress rules to the NetworkPolicy
    ##
    extraIngress: []
    ## @param worker.networkPolicy.extraEgress Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
    ## NOTE: You likely want to allow access to cluster-proxies, e.g:
    ## extraEgress:
    ## - to:
    ##     - namespaceSelector:
    ##         matchLabels:
    ##           kubernetes.io/metadata.name: istio-system
    ##       podSelector:
    ##         matchLabels:
    ##           istio: pilot
    ##
    extraEgress: []

  ## @param worker.manageAppDeployments Whether apps are deployed and managed by worker. When disabled, every used app is expected to to be already deployed (see apps.enabled).
  ## This effectively removes required RBAC permissions from the shuffle-worker service account to create deployments and services.
  ## The worker might still attempt to create kubernetes objects, resulting in an error. There is currently no way to tell the worker, that it should not manage k8s resources.
  manageAppDeployments: true

## @section app Parameters
##
app:
  ## @param app.image.registry app image registry (defaults to shuffle.appRegistry)
  ## @param app.image.repository app image repository (defaults to shuffle.appBaseImageName)
  ## @param app.image.tag app image tag (defaults to the apps version)
  ## @param app.image.pullPolicy default image pull policy for app deployments. Only effective for helm-deployed apps (see apps.enabled).
  ## @param app.image.pullSecrets default image pull secrets for app deployments. Only effective for helm-deployed apps (see apps.enabled).
  ##
  image:
    registry: ""
    repository: ""
    tag: ""
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
    ##
    pullPolicy: IfNotPresent
    ## Optionally specify an array of imagePullSecrets.
    ## Secrets must be manually created in the namespace.
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
    ## e.g:
    ## pullSecrets:
    ##   - myRegistryKeySecretName
    ##
    pullSecrets: []
  ## @param app.replicaCount Default number of replicas to deploy for each app. Only effective for helm-deployed apps (see apps.enabled).
  ##
  replicaCount: 1
  ## @param app.extraContainerPorts Optionally specify extra list of additional ports for app containers. Only effective for helm-deployed apps (see apps.enabled).
  ## e.g:
  ## extraContainerPorts:
  ##   - name: myservice
  ##     containerPort: 9090
  ##
  extraContainerPorts: []
  ## Configure extra options for app containers' liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
  ## @param app.livenessProbe.enabled Enable livenessProbe on app containers. Only effective for helm-deployed apps (see apps.enabled).
  ## @param app.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
  ## @param app.livenessProbe.periodSeconds Period seconds for livenessProbe
  ## @param app.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
  ## @param app.livenessProbe.failureThreshold Failure threshold for livenessProbe
  ## @param app.livenessProbe.successThreshold Success threshold for livenessProbe
  ##
  livenessProbe:
    enabled: false
    initialDelaySeconds: 0
    periodSeconds: 15
    timeoutSeconds: 1
    failureThreshold: 4
    successThreshold: 1
  ## @param app.readinessProbe.enabled Enable readinessProbe on app containers. Only effective for helm-deployed apps (see apps.enabled).
  ## @param app.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
  ## @param app.readinessProbe.periodSeconds Period seconds for readinessProbe
  ## @param app.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
  ## @param app.readinessProbe.failureThreshold Failure threshold for readinessProbe
  ## @param app.readinessProbe.successThreshold Success threshold for readinessProbe
  ##
  readinessProbe:
    enabled: false
    initialDelaySeconds: 0
    periodSeconds: 5
    timeoutSeconds: 1
    failureThreshold: 3
    successThreshold: 1
  ## @param app.startupProbe.enabled Enable startupProbe on app containers. Only effective for helm-deployed apps (see apps.enabled).
  ## @param app.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
  ## @param app.startupProbe.periodSeconds Period seconds for startupProbe
  ## @param app.startupProbe.timeoutSeconds Timeout seconds for startupProbe
  ## @param app.startupProbe.failureThreshold Failure threshold for startupProbe
  ## @param app.startupProbe.successThreshold Success threshold for startupProbe
  ##
  startupProbe:
    enabled: false
    initialDelaySeconds: 0
    periodSeconds: 1
    timeoutSeconds: 1
    failureThreshold: 60
    successThreshold: 1
  ## @param app.customLivenessProbe Custom livenessProbe that overrides the default one. Only effective for helm-deployed apps (see apps.enabled).
  ##
  customLivenessProbe: {}
  ## @param app.customReadinessProbe Custom readinessProbe that overrides the default one. Only effective for helm-deployed apps (see apps.enabled).
  ##
  customReadinessProbe: {}
  ## @param app.customStartupProbe Custom startupProbe that overrides the default one. Only effective for helm-deployed apps (see apps.enabled).
  ##
  customStartupProbe: {}
  ## app resource requests and limits
  ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
  ## @param app.resourcesPreset Set app container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if app.resources is set (app.resources is recommended for production).
  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
  ##
  resourcesPreset: "nano"
  ## @param app.resources Set app container requests and limits for different resources like CPU or memory (essential for production workloads)
  ## Example:
  ## resources:
  ##   requests:
  ##     cpu: 2
  ##     memory: 512Mi
  ##   limits:
  ##     cpu: 3
  ##     memory: 1024Mi
  ##
  resources: {}

  ## Configure Pods Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
  ## @param app.podSecurityContext.enabled Enable app pods' Security Context
  ## @param app.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for app pods
  ## @param app.podSecurityContext.sysctls Set kernel settings using the sysctl interface for app pods
  ## @param app.podSecurityContext.supplementalGroups Set filesystem extra groups for app pods
  ## @param app.podSecurityContext.fsGroup Set fsGroup in app pods' Security Context
  ##
  podSecurityContext:
    enabled: true
    fsGroupChangePolicy: Always
    sysctls: []
    supplementalGroups: []
    fsGroup: 1001

  ## Configure Container Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
  ## @param app.containerSecurityContext.enabled Enabled app container' Security Context
  ## @param app.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in app container
  ## @param app.containerSecurityContext.runAsUser Set runAsUser in app container' Security Context
  ## @param app.containerSecurityContext.runAsGroup Set runAsGroup in app container' Security Context
  ## @param app.containerSecurityContext.runAsNonRoot Set runAsNonRoot in app container' Security Context
  ## @param app.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in app container' Security Context
  ## @param app.containerSecurityContext.privileged Set privileged in app container' Security Context
  ## @param app.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in app container' Security Context
  ## @param app.containerSecurityContext.capabilities.drop List of capabilities to be dropped in app container
  ## @param app.containerSecurityContext.seccompProfile.type Set seccomp profile in app container
  ##
  containerSecurityContext:
    enabled: true
    seLinuxOptions: {}
    runAsUser: 1001
    runAsGroup: 1001
    runAsNonRoot: true
    readOnlyRootFilesystem: true
    privileged: false
    allowPrivilegeEscalation: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: "RuntimeDefault"
  ## @param app.command Override default app container command (useful when using custom images)
  ##
  command: []
  ## @param app.args Override default app container args (useful when using custom images)
  ##
  args: []
  ## @param app.automountServiceAccountToken Mount Service Account token in app pods. Only effective for helm-deployed apps (see apps.enabled).
  ##
  automountServiceAccountToken: false

  ## @param app.hostAliases app pods host aliases. Only effective for helm-deployed apps (see apps.enabled).
  ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
  ##
  hostAliases: []
  ## @param app.deploymentAnnotations Annotations for app deployment. Only effective for helm-deployed apps (see apps.enabled).
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  deploymentAnnotations: {}
  ## @param app.podLabels Extra labels for app pods. Only effective for helm-deployed apps (see apps.enabled).
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
  ##
  podLabels: {}
  ## @param app.podAnnotations Annotations for app pods. Only effective for helm-deployed apps (see apps.enabled).
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## @param app.podAffinityPreset Pod affinity preset. Ignored if `app.affinity` is set. Allowed values: `soft` or `hard`. Only effective for helm-deployed apps (see apps.enabled).
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ##
  podAffinityPreset: ""
  ## @param app.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `app.affinity` is set. Allowed values: `soft` or `hard`. Only effective for helm-deployed apps (see apps.enabled).
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ##
  podAntiAffinityPreset: soft
  ## Node app.affinity preset
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
  ##
  nodeAffinityPreset:
    ## @param app.nodeAffinityPreset.type Node affinity preset type. Ignored if `app.affinity` is set. Allowed values: `soft` or `hard`. Only effective for helm-deployed apps (see apps.enabled).
    ##
    type: ""
    ## @param app.nodeAffinityPreset.key Node label key to match. Ignored if `app.affinity` is set
    ##
    key: ""
    ## @param app.nodeAffinityPreset.values Node label values to match. Ignored if `app.affinity` is set
    ## E.g.
    ## values:
    ##   - e2e-az1
    ##   - e2e-az2
    ##
    values: []
  ## @param app.affinity Affinity for app pods assignment. Only effective for helm-deployed apps (see apps.enabled).
  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ## NOTE: `app.podAffinityPreset`, `app.podAntiAffinityPreset`, and `app.nodeAffinityPreset` will be ignored when it's set
  ##
  affinity: {}
  ## @param app.nodeSelector Node labels for app pods assignment. Only effective for helm-deployed apps (see apps.enabled).
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
  ##
  nodeSelector: {}
  ## @param app.tolerations Tolerations for app pods assignment. Only effective for helm-deployed apps (see apps.enabled).
  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## @param app.updateStrategy.type app deployment strategy type. Only effective for helm-deployed apps (see apps.enabled).
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
  ##
  updateStrategy:
    ## Can be set to RollingUpdate or Recreate
    ##
    type: RollingUpdate
  ## @param app.priorityClassName app pods' priorityClassName. Only effective for helm-deployed apps (see apps.enabled).
  ##
  priorityClassName: ""
  ## @param app.topologySpreadConstraints Topology Spread Constraints for app pod assignment spread across your cluster among failure-domains. Only effective for helm-deployed apps (see apps.enabled).
  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
  ##
  topologySpreadConstraints: []
  ## @param app.schedulerName Name of the k8s scheduler (other than default) for app pods. Only effective for helm-deployed apps (see apps.enabled).
  ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
  ##
  schedulerName: ""
  ## @param app.terminationGracePeriodSeconds Seconds app pods need to terminate gracefully. Only effective for helm-deployed apps (see apps.enabled).
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
  ##
  terminationGracePeriodSeconds: ""
  ## @param app.lifecycleHooks for app containers to automate configuration before or after startup. Only effective for helm-deployed apps (see apps.enabled).
  ##
  lifecycleHooks: {}
  ## @param app.extraEnvVars Array with extra environment variables to add to app containers. Only effective for helm-deployed apps (see apps.enabled).
  ## e.g:
  ## extraEnvVars:
  ##   - name: FOO
  ##     value: "bar"
  ##
  extraEnvVars: []
  ## @param app.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for app containers. Only effective for helm-deployed apps (see apps.enabled).
  ##
  extraEnvVarsCM: ""
  ## @param app.extraEnvVarsSecret Name of existing Secret containing extra env vars for app containers. Only effective for helm-deployed apps (see apps.enabled).
  ##
  extraEnvVarsSecret: ""
  ## @param app.extraVolumes Optionally specify extra list of additional volumes for the app pods. Only effective for helm-deployed apps (see apps.enabled).
  ##
  extraVolumes: []
  ## @param app.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the app containers. Only effective for helm-deployed apps (see apps.enabled).
  ##
  extraVolumeMounts: []
  ## @param app.sidecars Add additional sidecar containers to the app pods. Only effective for helm-deployed apps (see apps.enabled).
  ## e.g:
  ## sidecars:
  ##   - name: your-image-name
  ##     image: your-image
  ##     imagePullPolicy: Always
  ##     ports:
  ##       - name: portname
  ##         containerPort: 1234
  ##
  sidecars: []
  ## @param app.initContainers Add additional init containers to the app pods. Only effective for helm-deployed apps (see apps.enabled).
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
  ## e.g:
  ## initContainers:
  ##  - name: your-image-name
  ##    image: your-image
  ##    imagePullPolicy: Always
  ##    command: ['sh', '-c', 'echo "hello world"']
  ##
  initContainers: []
  ## Pod Disruption Budget configuration
  ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
  ## @param app.pdb.create Enable/disable a Pod Disruption Budget creation. Only effective for helm-deployed apps (see apps.enabled).
  ## @param app.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
  ## @param app.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `app.pdb.minAvailable` and `app.pdb.maxUnavailable` are empty.
  ##
  pdb:
    create: true
    minAvailable: ""
    maxUnavailable: ""
  ## Autoscaling configuration
  ## ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/
  ##
  autoscaling:
    ## @param app.autoscaling.vpa.enabled Enable VPA for app pods. Only effective for helm-deployed apps (see apps.enabled).
    ## @param app.autoscaling.vpa.annotations Annotations for VPA resource
    ## @param app.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
    ## @param app.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod
    ## @param app.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod
    ##
    vpa:
      enabled: false
      annotations: {}
      controlledResources: []
      maxAllowed: {}
      minAllowed: {}
      ## @param app.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy
      ## Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod
      ## Possible values are "Off", "Initial", "Recreate", and "Auto".
      ##
      updatePolicy:
        updateMode: Auto
    ## @param app.autoscaling.hpa.enabled Enable HPA for app pods. Only effective for helm-deployed apps (see apps.enabled).
    ## @param app.autoscaling.hpa.minReplicas Minimum number of replicas
    ## @param app.autoscaling.hpa.maxReplicas Maximum number of replicas
    ## @param app.autoscaling.hpa.targetCPU Target CPU utilization percentage
    ## @param app.autoscaling.hpa.targetMemory Target Memory utilization percentage
    ##
    hpa:
      enabled: false
      minReplicas: ""
      maxReplicas: ""
      targetCPU: ""
      targetMemory: ""

  ## Service configuration
  ##
  service:
    ## @param app.service.labels Extra labels for app service. Only effective for helm-deployed apps (see apps.enabled).
    ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
    ##
    labels: {}

  ## ServiceAccount configuration
  ##
  serviceAccount:
    ## @param app.serviceAccount.create Specifies whether a ServiceAccount should be created
    ##
    create: true
    ## @param app.serviceAccount.name The name of the ServiceAccount to use.
    ## If not set and create is true, a name is generated using the common.names.fullname template
    ##
    name: ""
    ## @param app.serviceAccount.annotations Additional Service Account annotations (evaluated as a template)
    ##
    annotations: {}
    ## @param app.serviceAccount.automountServiceAccountToken Automount service account token for the app service account
    ##
    automountServiceAccountToken: true
    ## @param app.serviceAccount.imagePullSecrets Add image pull secrets to the app service account
    ##
    imagePullSecrets: []

  ## RBAC configuration
  ##
  rbac:
    ## @param app.rbac.create Specifies whether RBAC resources should be created
    create: true

  ## Network Policies
  ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
  ##
  networkPolicy:
    ## @param app.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
    ##
    enabled: true
    ## @param app.networkPolicy.allowExternal Don't require server label for connections
    ## The Policy model to apply. When set to false, only pods with the correct
    ## server label will have network access to the ports server is listening
    ## on. When true, server will accept connections from any source
    ## (with the correct destination port).
    ##
    allowExternal: true
    ## @param app.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
    ##
    allowExternalEgress: true
    ## @param app.networkPolicy.extraIngress Add extra ingress rules to the NetworkPolicy
    ##
    extraIngress: []
    ## @param app.networkPolicy.extraEgress Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
    ##
    extraEgress: []

  ## @param app.mountTmpVolume Whether a writable /tmp emptyDir volume should be mounted to the app.
  ##
  mountTmpVolume: true
  ## @param app.exposedContainerPort The port that shuffle app containers will listen on for new requests.
  ##
  exposedContainerPort: 80
  ## @param app.sdkTimeout The timeout in seconds for app actions.
  ##
  sdkTimeout: 300
  ## @param app.disableLogs Do not capture app logs. By default, app logs are captured, so that they are visible in the frontend.
  ##
  disableLogs: false

## @section Parameters to deploy apps using helm
##
apps:
  ## @param apps.enabled Whether apps should be deployed using helm.
  ## By default, workers create deployments and services for apps when they are first needed (or during startup for some selected apps).
  ## Deploying apps via workers has some drawbacks, such as:
  ## - A workflow fails when the app is not deployed when the workflow gets executed (see https://github.com/Shuffle/Shuffle/issues/1739)
  ## - There is no way to set different service accounts, security contexts, resources, env variables, volume mounts, or replicas for different apps
  ## - Worker needs elevated permissions in Kubernetes
  ## Note that you can deploy some apps via helm, while keeping the flexibility of letting workers deploy apps if they are not already deployed.
  ## If you deploy all needed apps via helm and dont want workers to create additional deployments, set worker.manageAppDeployments to false.
  ##
  enabled: false

  shuffleTools:
    ## @param apps.shuffleTools.enabled Whether the shuffle-tools app is enabled
    ##
    enabled: true
    ## @skip apps.shuffleTools.name
    ##
    name: shuffle-tools
    ## @param apps.shuffleTools.version The version of the shuffle-tools app to deploy.
    ##
    version: 1.2.0
    # You can override .app.* values here, e.g. replicaCount, resources or image.

  shuffleSubflow:
    ## @param apps.shuffleSubflow.enabled Whether the shuffle-subflow app is enabled
    ##
    enabled: true
    ## @skip apps.shuffleSubflow.name
    ##
    name: shuffle-subflow
    ## @param apps.shuffleSubflow.version The version of the shuffle-subflow app to deploy.
    ##
    version: 1.1.0
    # You can override .app.* values here, e.g. replicaCount, resources or image.

  http:
    ## @param apps.http.enabled Whether the http app is enabled
    ##
    enabled: true
    ## @skip apps.http.name
    ##
    name: http
    ## @param apps.http.version The version of the http app to deploy.
    ##
    version: 1.4.0
    # You can override .app.* values here, e.g. replicaCount, resources or image.

  ## @extra apps.MY_APP.app [string] The name of the app (required, e.g. shuffle-tools)
  ## @extra apps.MY_APP.version [string] The version of the app (required, e.g. 1.2.0)
  ## Add your own apps here. The key of the app does not matter, as long as it is unique.
  ## myApp:
  ##   enabled: true
  ##   name: my-app
  ##   version: 1.0.0
  ##   ... Overwrite .app.* values here, e.g.:
  ##   replicaCount: 3
  ##   resources: {}

## @section Traffic Exposure Parameters
##

## ingress parameters
## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/
##
ingress:
  ## @param ingress.enabled Enable ingress record generation for frontend and backend
  ##
  enabled: false
  ## @param ingress.pathType Ingress path type for the frontend path
  ##
  pathType: Prefix
  ## @param ingress.backendPathType Ingress path type for the backend path
  ##
  backendPathType: Prefix
  ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
  ##
  apiVersion: ""
  ## @param ingress.hostname Default host for the ingress record
  ##
  hostname: shuffle.local
  ## @param ingress.ingressClassName [default: nginx] IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
  ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
  ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
  ##
  ingressClassName: ""
  ## @param ingress.path [default: "/"] Ingress path for Shuffle frontend
  ## NOTE: The shuffle frontend currently does not support using base paths
  ##
  path: /
  ## @param ingress.backendPath [default: "/api/"] Ingress path for Shuffle backend
  ## NOTE: The shuffle backend is currently required to be reachable at shuffle-frontend.example.com/api/
  ##
  backendPath: /api/
  ## @param ingress.annotations Additional annotations for the Ingress resource.
  ##
  annotations: {}
  ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
  ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
  ## You can:
  ##   - Use the `ingress.secrets` parameter to create this TLS secret
  ##   - Rely on cert-manager to create it by setting the corresponding annotations
  ##   - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
  ##
  tls: false
  ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
  ##
  selfSigned: false
  ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
  ## e.g:
  ## extraHosts:
  ##   - name: example.local
  ##     path: /
  ##
  extraHosts: []
  ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
  ## e.g:
  ## extraPaths:
  ## - path: /*
  ##   backend:
  ##     serviceName: ssl-redirect
  ##     servicePort: use-annotation
  ##
  extraPaths: []
  ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
  ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
  ## e.g:
  ## extraTls:
  ## - hosts:
  ##     - example.local
  ##   secretName: example.local-tls
  ##
  extraTls: []
  ## @param ingress.secrets Custom TLS certificates as secrets
  ## NOTE: 'key' and 'certificate' are expected in PEM format
  ## NOTE: 'name' should line up with a 'secretName' set further up
  ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
  ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
  ## It is also possible to create and manage the certificates outside of this helm chart
  ## Please see README.md for more information
  ## e.g:
  ## secrets:
  ##   - name: example.local-tls
  ##     key: |-
  ##       -----BEGIN RSA PRIVATE KEY-----
  ##       ...
  ##       -----END RSA PRIVATE KEY-----
  ##     certificate: |-
  ##       -----BEGIN CERTIFICATE-----
  ##       ...
  ##       -----END CERTIFICATE-----
  ##
  secrets: []
  ## @param ingress.extraRules Additional rules to be covered with this ingress record
  ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
  ## e.g:
  ## extraRules:
  ## - host: example.local
  ##     http:
  ##       path: /
  ##       backend:
  ##         service:
  ##           name: example-svc
  ##           port:
  ##             name: http
  ##
  extraRules: []

## @section Istio Parameters
##
istio:
  ## @param istio.enabled Enable creation of an Istio Gateway and VirtualService for frontend and backend
  ##
  enabled: false

  ## @param istio.apiVersion The istio apiVersion to use for Gateway and VirtualService resources
  ##
  apiVersion: networking.istio.io/v1

  ## @param istio.hosts One or more hosts exposed by Istio
  ##
  hosts: []

  gateway:
    ## @param istio.gateway.annotations Additional annotations for the Gateway resource
    ##
    annotations: {}
    ## @param istio.gateway.selector [object, default: { istio: ingress }] The selector matches the ingress gateway pod labels
    ##
    selector:
      istio: ingress
    ## @param istio.gateway.http.enabled Enable HTTP server port 80
    ## @param istio.gateway.http.httpsRedirect If set to true, a 301 redirect is send for all HTTP connections
    ##
    http:
      enabled: true
      httpsRedirect: false
    ## @param istio.gateway.https.enabled Enable HTTPS server on port 443
    ## @param istio.gateway.https.tlsCredentialName The name of the secret that holds the TLS certs including the CA certificates.
    ## @param istio.gateway.https.tlsCipherSuites If specified, only support the specified cipher list.
    ## NOTE: The secret must exist in the namespace of the istio gateway pod
    ##
    https:
      enabled: false
      tlsCredentialName: ""
      tlsCipherSuites: []
    ## @param istio.gateway.extraServers Additional servers for the Gateway resource
    ## ref: https://istio.io/latest/docs/reference/config/networking/gateway/#Server
    ##
    extraServers: []

  virtualService:
    ## @param istio.virtualService.annotations Additional annotations for the VirtualService resource.
    ##
    annotations: {}
    ## @param istio.virtualService.backendHeaders Header manipulation rules for backend traffic
    ## ref: https://istio.io/latest/docs/reference/config/networking/virtual-service/#Headers
    ##
    backendHeaders: {}
    ## @param istio.virtualService.frontendHeaders Header manipulation rules for frontend traffic
    ## ref: https://istio.io/latest/docs/reference/config/networking/virtual-service/#Headers
    ##
    frontendHeaders: {}

## @section Persistence Parameters
##

## Enable persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
##
persistence:
  ## @param persistence.enabled Enable persistence using Persistent Volume Claims
  ##
  enabled: true

  ## @param persistence.apps.existingClaim Name of an existing PVC to use
  ## @param persistence.apps.storageClass PVC Storage Class for shuffle-apps volume
  ## Note: The default StorageClass will be used if not defined. Set it to `-` to disable dynamic provisioning
  ## @param persistence.apps.subPath The sub path used in the volume
  ## @param persistence.apps.accessModes The access mode of the volume
  ## @param persistence.apps.size The size of the volume
  ## @param persistence.apps.annotations Annotations for the PVC
  ## @param persistence.apps.selector Selector to match an existing Persistent Volume
  apps:
    existingClaim: ""
    storageClass: ""
    subPath: ""
    accessModes:
      - ReadWriteOnce
    size: 5Gi
    annotations: {}
    selector: {}

  ## @param persistence.appBuilder.storageClass PVC Storage Class for backend-apps-claim volume
  ## Note: The default StorageClass will be used if not defined. Set it to `-` to disable dynamic provisioning
  ## @param persistence.appBuilder.accessModes The access mode of the volume
  ## @param persistence.appBuilder.size The size of the volume
  ## @param persistence.appBuilder.annotations Annotations for the PVC
  ## @param persistence.appBuilder.selector Selector to match an existing Persistent Volume
  appBuilder:
    storageClass: ""
    accessModes:
      - ReadWriteOnce
    size: 5Gi
    annotations: {}
    selector: {}

  ## @param persistence.files.existingClaim Name of an existing PVC to use
  ## @param persistence.files.storageClass PVC Storage Class for shuffle-files volume
  ## Note: The default StorageClass will be used if not defined. Set it to `-` to disable dynamic provisioning
  ## @param persistence.files.subPath The sub path used in the volume
  ## @param persistence.files.accessModes The access mode of the volume
  ## @param persistence.files.size The size of the volume
  ## @param persistence.files.annotations Annotations for the PVC
  ## @param persistence.files.selector Selector to match an existing Persistent Volume
  files:
    existingClaim: ""
    storageClass: ""
    subPath: ""
    accessModes:
      - ReadWriteOnce
    size: 5Gi
    annotations: {}
    selector: {}

## @section Init Container Parameters
##

## 'volumePermissions' init container parameters
## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values
##   based on the *podSecurityContext/*containerSecurityContext parameters
##
volumePermissions:
  ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup`
  ##
  enabled: false
  ## OS Shell + Utility image
  ## ref: https://hub.docker.com/r/bitnami/os-shell/tags/
  ## @param volumePermissions.image.registry OS Shell + Utility image registry
  ## @param volumePermissions.image.repository OS Shell + Utility image repository
  ## @param volumePermissions.image.tag OS Shell + Utility image tag (immutable tags are recommended)
  ## @param volumePermissions.image.pullPolicy OS Shell + Utility image pull policy
  ## @param volumePermissions.image.pullSecrets OS Shell + Utility image pull secrets
  ##
  image:
    registry: docker.io
    repository: bitnamilegacy/os-shell
    tag: 12-debian-12-r30
    pullPolicy: IfNotPresent
    ## Optionally specify an array of imagePullSecrets.
    ## Secrets must be manually created in the namespace.
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
    ## e.g:
    ## pullSecrets:
    ##   - myRegistryKeySecretName
    ##
    pullSecrets: []
  ## Init container's resource requests and limits
  ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
  ## @param volumePermissions.resourcesPreset Set init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
  ##
  resourcesPreset: "nano"
  ## @param volumePermissions.resources Set init container requests and limits for different resources like CPU or memory (essential for production workloads)
  ## Example:
  ## resources:
  ##   requests:
  ##     cpu: 2
  ##     memory: 512Mi
  ##   limits:
  ##     cpu: 3
  ##     memory: 1024Mi
  ##
  resources: {}
  ## Init container Container Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
  ## @param volumePermissions.containerSecurityContext.enabled Enabled init container' Security Context
  ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in init container
  ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser
  ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the
  ##   data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
  ##   "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed)
  ##
  containerSecurityContext:
    enabled: true
    seLinuxOptions: {}
    runAsUser: 0

## @section OpenSearch Parameters
##

## OpenSearch chart configuration
## ref: https://github.com/bitnami/charts/blob/main/bitnami/opensearch/values.yaml
## @param opensearch.enabled Switch to enable or disable the opensearch helm chart
## @skip opensearch.sysctlImage
## @skip opensearch.image
## @skip opensearch.master
## @skip opensearch.data
## @skip opensearch.coordinating
## @skip opensearch.ingest
## @skip opensearch.dashboards
##
opensearch:
  enabled: true
  sysctlImage:
    enabled: false
  image:
    registry: docker.io
    repository: bitnamilegacy/opensearch
    tag: "3.2.0"
  master:
    replicaCount: 1
  data:
    replicaCount: 1
  coordinating:
    replicaCount: 0
  ingest:
    replicaCount: 0
  dashboards:
    enabled: false

## @section Vault Parameters
##

vault:
  ## @param vault.role Specify the Vault role, which should be used to get the secret from Vault.
  ## NOTE: This value is used as a default for all secrets and can be overwritten for individual secrets
  ##       with the vaultRole property.
  ##
  role: ""

  ## @param vault.secrets A list of VaultSecrets to create
  ## NOTE: 'type', 'name' and 'path' must be set
  ## type is the type of the Kubernetes secret
  ## name is the suffix of the name of the resulting (Vault)Secret
  ## path is the path of the corresponding secret in Vault
  ## Additional VaultSecret parameters can optionally be set.
  ## Ref: https://github.com/ricoberger/vault-secrets-operator/blob/0409d56beb36ab95c4582a0cc35c0a2b517961e7/api/v1alpha1/vaultsecret_types.go#L9-L59
  ## e.g:
  ## secrets:
  ##   - type: Opaque
  ##     name: "example"
  ##     path: "example/secret"
  ##
  secrets: []
## @section Other Parameters
##