image:
  # -- The image registry to pull from
  registry: docker.io
  # -- The image repository to pull from
  repository: nodered/node-red
  # -- The image pull policy
  pullPolicy: IfNotPresent
  # -- The image tag to pull, default: `Chart.appVersion`
  tag: ""

npmrc:
  # -- Enable custom npmrc config
  enabled: false
  # -- Configuration to use any compatible registry
  registry: "https://registry.npmjs.org"
  # -- Configuration to add custom npmrc config
  content: |
    # Custom npmrc config

# -- node-red env, see more environment variables in the [node-red documentation](https://nodered.org/docs/getting-started/docker)
env:
  # Possible Values:
  - name: TZ
    value: "Europe/Berlin"
  # NODE_OPTIONS:
  # NODE_RED_ENABLE_PROJECTS:
  # NODE_RED_ENABLE_SAFE_MODE:
  # FLOWS:
  # example:
  # env:
  # - name: "NODE_RED_ENABLE_SAFE_MODE"
  #   value: ""

# -- Pod Security Context see [values.yaml](values.yaml)
podSecurityContext:
  # -- node-red group is 1000
  fsGroup: 1000
  # -- node-red user is 1000
  runAsUser: 1000

# -- Security Context see [values.yaml](values.yaml)
securityContext:
  privileged: false
  runAsNonRoot: true
  allowPrivilegeEscalation: false
  readOnlyRootFilesystem: true
  runAsGroup: 10003
  runAsUser: 10003
  seccompProfile:
    type: RuntimeDefault
  capabilities:
    drop:
      - ALL

service:
  # -- Kubernetes service type
  type: ClusterIP
  # -- Kubernetes port where service is exposed
  port: 1880

#  Enable Service-Monitor for node-red
metrics:
  # -- Deploy metrics service
  enabled: false
  path: /metrics
  serviceMonitor:
    # -- Enable a prometheus ServiceMonitor
    enabled: false
    # -- Prometheus basicAuth configuration for ServiceMonitor endpoint
    basicAuth: {}
    # -- Prometheus ServiceMonitor interval
    interval: 30s
    # -- Prometheus [RelabelConfigs] to apply to samples before scraping
    relabelings: []
    # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
    metricRelabelings: []
    # -- Prometheus ServiceMonitor selector
    selector: {}
    # prometheus: kube-prometheus

    # -- Prometheus ServiceMonitor namespace
    namespace: "" # "monitoring"
    # -- Prometheus ServiceMonitor labels
    additionalLabels: {}

persistence:
  enabled: true
  accessMode: ReadWriteOnce
  size: 5Gi

ingress:
  # -- Enable an ingress resource for the server
  enabled: true
  # -- Defines which ingress controller will implement the resource
  className: "ingress-internal"
  # -- Additional ingress annotations
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  hosts:
    #  Ingress accepted hostnames
    - host: nodered.dc
      paths:
          # -- The base path
        - path: /
          # --  Ingress type of path
          pathType: ImplementationSpecific
  # --  Ingress TLS configuration
  tls:
    - secretName: chart-example-tls
      hosts:
       - nodered.dc
      certificate:
        enabled: true
        name: "nodered-tls"
        issuerRef:
          kind: ClusterIssuer
          name: "vault-issuer"

# -- CPU/Memory resource requests/limits
resources:
  limits:
    cpu: 1000m
    memory: 1024Mi
  requests:
    cpu: 50m
    memory: 64Mi

# -- You can configure node-red using a settings file. default: {}
settings: {}
# Details about the content of the settings.js, you can lookup under
# https://nodered.org/docs/user-guide/runtime/settings-file
# The ConfigMap should already exist and the key must be named `settings.js`
#  name: settings-config
#  configMapName: settings-config

sidecar:
  # -- Enable the sidecar
  enabled: false
  # Env variables to pass to the sidecar
  env:
    # -- Set the sleep time for refresh script
    sleep_time_sidecar: 5s
    # -- If METHOD is set to LIST, the sidecar will just list config-maps/secrets and exit. With SLEEP it will list all config-maps/secrets, then sleep for SLEEP_TIME seconds. Anything else will continuously watch for changes (see https://kubernetes.io/docs/reference/using-api/api-concepts/#efficient-detection-of-changes).
    method: watch
    # -- Label that should be used for filtering
    label: node-red-settings
    # -- The value for the label you want to filter your resources on. Don't set a value to filter by any value
    label_value: "1"
    # -- Absolute path to shell script to execute after a configmap got reloaded.
    script: flow_refresh.sh
    # The username for the API Call, check node-red documentation for more information
    username: ""
    # -- Password as key value pair
    password: ""
    # -- Password from existing secret
    passwordFromExistingSecret: {}
    # -- Name of the secret that contains the password
    #  name: node-red-api-admin-password
    # -- Key of the secret that contains the password
    #  key: password
  # -- Extra Environments for the sidecar
  extraEnv: []
  # -- Resources for the sidecar
  resources: {}
  # -- Security context for the sidecar
  securityContext: {}
  #  Image for the sidecar
  image:
    # -- The image registry to pull the sidecar from
    registry: quay.io
    # -- The image repository to pull from
    repository: kiwigrid/k8s-sidecar
    # -- The image tag to pull, default: `1.23.1`
    tag: 1.25.3
    # -- The image pull policy, default: `IfNotPresent`
    pullPolicy: IfNotPresent
  # -- The extra volume mounts for the sidecar
  volumeMounts: []