### helm upgrade --cleanup-on-fail --install aki-transparenzregister-mongo bitnami/mongodb --namespace transparenzregister --create-namespace --values values.yaml

global:
  storageClass: "csi-beegfs-dynhot-sc"
  namespaceOverride: ""

namespaceOverride: ""
clusterDomain: kicluster.local

## @param extraDeploy Array of extra objects to deploy with the release
## extraDeploy:
## - apiVersion: v1
##   kind: Service
##   metadata:
##     ...
##   spec:
##     ...
extraDeploy: []

## @param commonLabels Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template
##
commonLabels: {}
## @param commonAnnotations Common annotations to add to all Mongo resources (sub-charts are not considered). Evaluated as a template
##
commonAnnotations: {}

## @section MongoDB(®) parameters
##
image:
  registry: docker.io
  repository: bitnami/mongodb
  tag: 6.0.8-debian-11-r0
  debug: false

## @param architecture MongoDB(®) architecture (`standalone` or `replicaset`)
## note replicaset needs more configuration
architecture: standalone
useStatefulSet: false # StatefulSet instead of a Deployment (only when `architecture=standalone`)

## MongoDB(®) Authentication parameters
## ref: https://docs.mongodb.com/manual/tutorial/enable-authentication/
auth:
  enabled: true
  rootUser: root
  ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#setting-the-root-user-and-password-on-first-run
  rootPassword: <some pw>
  ## MongoDB(&reg;) custom users and databases
  ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#creating-a-user-and-database-on-first-run
  ## @param auth.usernames List of custom users to be created during the initialization
  ## @param auth.passwords List of passwords for the custom users set at `auth.usernames`
  ## @param auth.databases List of custom databases to be created during the initialization
  ##
  usernames: ["aki_transparenzregister"]
  passwords: <[some pw]>
  databases: ["transparenzregister"]
  ## @param auth.username DEPRECATED: use `auth.usernames` instead
  ## @param auth.password DEPRECATED: use `auth.passwords` instead
  ## @param auth.database DEPRECATED: use `auth.databases` instead
  username: ""
  password: ""
  database: ""

  ## @param auth.existingSecret Existing secret with MongoDB(&reg;) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, `mongodb-replica-set-key`)
  ## NOTE: When it's set the previous parameters are ignored.
  existingSecret: ""

tls:
  ## @param tls.enabled Enable MongoDB(&reg;) TLS support between nodes in the cluster as well as between mongo clients and nodes
  ##
  enabled: false
  ## @param tls.autoGenerated Generate a custom CA and self-signed certificates
  ##
  autoGenerated: true
  ## @param tls.existingSecret Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`)
  ## NOTE: When it's set it will disable secret creation.
  ##
  existingSecret: ""
  ## Add Custom CA certificate
  ## @param tls.caCert Custom CA certificated (base64 encoded)
  ## @param tls.caKey CA certificate private key (base64 encoded)
  ##
  caCert: ""
  caKey: ""
  ## @param tls.pemChainIncluded Flag to denote that the Certificate Authority (CA) certificates are bundled with the endpoint cert.
  ## Certificates must be in proper order, where the top certificate is the leaf and the bottom certificate is the top-most intermediate CA.
  ##
  pemChainIncluded: false
  standalone:
    ## @param tls.standalone.existingSecret Existing secret with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled.
    ## NOTE: When it's set it will disable certificate self-generation from existing CA.
    ##
    existingSecret: ""
  
  image:
    registry: docker.io
    repository: bitnami/nginx
    tag: 1.25.1-debian-11-r9
  ## @param tls.extraDnsNames Add extra dns names to the CA, can solve x509 auth issue for pod clients
  ## extraDnsNames
  ##   "DNS.6": "$my_host"
  ##   "DNS.7": "$test"
  extraDnsNames: []
  ## @param tls.mode Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`)
  mode: requireTLS


## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
hostAliases: []
## mongo db general settings:
directoryPerDB: false # not sure whatperformance gains/impact this would have
disableJavascript: false # should probably be disabled when not needed. Required for serverside map reduce.

## overwrite config file for mongo db http://docs.mongodb.org/manual/reference/configuration-options/
configuration: "" 

extraFlags: []
extraEnvVars: []
## @param extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data)
extraEnvVarsSecret: ""

affinity: {}
nodeSelector: {}
tolerations: []

podLabels: {}
podAnnotations: {}

containerSecurityContext:
  enabled: true
  runAsUser: 1001
  runAsGroup: 0
  runAsNonRoot: true
  allowPrivilegeEscalation: false
  seccompProfile:
    type: RuntimeDefault
  capabilities:
    drop:
      - ALL

resources:
  limits: {}
  requests: {}

containerPorts:
  mongodb: 27017

sidecars: []
extraVolumeMounts: []
extraVolumes: []

service:
  nameOverride: ""  # service name
  type: NodePort   # others are NodePort and LoadBalancer ( only for standalone architecture)
  portName: mongodb # (only for standalone architecture)
  ports:
    mongodb: 27017 

  nodePorts:
    mongodb: 30217

  ## @param service.externalIPs Specify the externalIP value ClusterIP service type (only for standalone architecture)
  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
  ##
  externalIPs: []
  ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
  extraPorts: []
  ## @param service.annotations Provide any additional annotations that may be required
  annotations: {}
  ## @param service.externalTrafficPolicy service external traffic policy (only for standalone architecture)
  ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
  externalTrafficPolicy: Local

persistence:
  enabled: true
  ## @param persistence.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`)
  ## Requires persistence.enabled: true
  ## If defined, PVC must be created manually before volume will be bound
  ## Ignored when mongodb.architecture=replicaset
  existingClaim: ""
  ## @param persistence.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted
  resourcePolicy: ""
  storageClass: "csi-beegfs-dynhot-sc"
  ## @param persistence.accessModes PV Access Mode
  ##
  accessModes:
    - ReadWriteOnce
  annotations: {}