# Default values for planka.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

replicaCount: 1

image:
  repository: ghcr.io/plankanban/planka
  pullPolicy: IfNotPresent
  # Overrides the image tag whose default is the chart appVersion.
  tag: ""

imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""

# Generate a secret using openssl rand -base64 45
secretkey: ""

## @param existingSecretkeySecret Name of an existing secret containing the session key string
## NOTE: Must contain key `key`
## NOTE: When it's set, the secretkey parameter is ignored
existingSecretkeySecret: ""

## @param existingAdminCredsSecret Name of an existing secret containing the admin username and password
## NOTE: Must contain keys `username` and `password`
## NOTE: When it's set, the `admin_username` and `admin_password` parameters are ignored
existingAdminCredsSecret: ""

# Base url for Planka. Will override `ingress.hosts[0].host`
# Defaults to `http://localhost:3000` if ingress is disabled.
baseUrl: ""

serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""

podAnnotations: {}

podSecurityContext: {}
  # fsGroup: 2000

securityContext: {}
  # capabilities:
  #   drop:
  #   - ALL
  # readOnlyRootFilesystem: true
  # runAsNonRoot: true
  # runAsUser: 1000

service:
  type: ClusterIP
  port: 1337
  ## @param service.containerPort Planka HTTP container port
  ## If empty will default to 1337
  ##
  containerPort: 1337

ingress:
  enabled: false
  className: ""
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  hosts:
      # Used to set planka BASE_URL if no `baseurl` is provided.
    - host: planka.local
      paths:
        - path: /
          pathType: ImplementationSpecific
  tls: []
  #  - secretName: planka-tls
  #    hosts:
  #      - planka.local

resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi

autoscaling:
  enabled: false
  minReplicas: 1
  maxReplicas: 100
  targetCPUUtilizationPercentage: 80
  # targetMemoryUtilizationPercentage: 80

nodeSelector: {}

tolerations: []

affinity: {}

postgresql:
  enabled: true
  auth:
    database: planka
    username: planka
    password: ""
    postgresPassword: ""
    replicationPassword: ""
    # existingSecret: planka-postgresql
  serviceBindings:
    enabled: true

## Set this or existingDburlSecret if you disable the built-in postgresql deployment
dburl:

## @param existingDburlSecret Name of an existing secret containing a DBurl connection string
## NOTE: Must contain key `uri`
## NOTE: When it's set, the `dburl` parameter is ignored
##
existingDburlSecret: ""

## PVC-based data storage configuration
persistence:
  enabled: false
  # existingClaim: netbox-data
  # storageClass: "-"
  accessMode: ReadWriteOnce
  size: 10Gi

## OpenID Identity Management configuration
##
## Example:
## ---------------
## oidc:
##   enabled: true
##   clientId: sxxaAIAxVXlCxTmc1YLHBbQr8NL8MqLI2DUbt42d
##   clientSecret: om4RTMRVHRszU7bqxB7RZNkHIzA8e4sGYWxeCwIMYQXPwEBWe4SY5a0wwCe9ltB3zrq5f0dnFnp34cEHD7QSMHsKvV9AiV5Z7eqDraMnv0I8IFivmuV5wovAECAYreSI
##   issuerUrl: https://auth.local/application/o/planka/
##   admin:
##     roles:
##       - planka-admin
##
## ---------------
## NOTE: A minimal configuration requires setting `clientId`, `clientSecret` and `issuerUrl`. (plus `admin.roles` for administrators)
## ref: https://docs.planka.cloud/docs/Configuration/OIDC
##
oidc:
  ## @param oidc.enabled Enable single sign-on (SSO) with OpenID Connect (OIDC)
  ##
  enabled: false

  ## OIDC credentials
  ## @param oidc.clientId A string unique to the provider that identifies your app.
  ## @param oidc.clientSecret A secret string that the provider uses to confirm ownership of a client ID.
  ##
  ## NOTE: Either specify inline `clientId` and `clientSecret` or refer to them via `existingSecret`
  ##
  clientId: ""
  clientSecret: ""

  ## @param oidc.existingSecret Name of an existing secret containing OIDC credentials
  ## NOTE: Must contain key `clientId` and `clientSecret`
  ## NOTE: When it's set, the `clientId` and `clientSecret` parameters are ignored
  ##
  existingSecret: ""

  ## @param oidc.issuerUrl The OpenID connect metadata document endpoint
  ##
  issuerUrl: ""

  ## @param oidc.scopes A list of scopes required for OIDC client.
  ## If empty will default to `openid`, `profile` and `email`
  ## NOTE: Planka needs the email and name claims
  ##
  scopes: []

  ## Admin permissions configuration
  admin:
    ## @param oidc.admin.ignoreRoles If set to true, the admin roles will be ignored.
    ## It is useful if you want to use OIDC for authentication but not for authorization.
    ## If empty will default to `false`
    ##
    ignoreRoles: false

    ## @param oidc.admin.rolesAttribute The name of a custom group claim that you have configured in your OIDC provider
    ## If empty will default to `groups`
    ##
    rolesAttribute: groups

    ## @param oidc.admin.roles The names of the admin groups
    ##
    roles: []
      # - planka-admin