# Notes: ensure to keep the schema 'values.schema.json' in sync with this file

# If defined Kubernetes object names will be <release-name>-nameOverride
#   Default is <release-name>-<chart-name>
# nameOverride:

# If defined "fullnameOverride" will fully override Kubernetes object names
# fullnameOverride:

solace:
  # solace.redundancy=false will create a single-node non-HA deployment;
  #  true will create an HA deployment with Primary, Backup and Monitoring nodes.
  redundancy: false

  # See `kubectl explain poddisruptionbudget.spec` for more
  # ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
  # Default value `false`, for this to be `true` `solace.redundancy` has to also be `true`.
  podDisruptionBudgetForHA: false

  # solace.systemScaling provides exact fine-grained specification of the event broker scaling parameters
  #   and the assigned CPU / memory resources to the Pod
  # if provided, these settings will OVERRIDE solace.size
  # if provided, all parameters must be set
  # For scaling documentation look for "system scaling" at  docs.solace.com
  # Use the online calculator for "Container (messaging)" to determine CPU, Memory and Storage requirements
  # https://docs.solace.com/Assistance-Tools/Resource-Calculator/pubsubplus-resource-calculator.html
  # systemScaling:
  #   # maxConnections: max supported number of client connections
  #   maxConnections: 100
  #   # maxQueueMessages: number of queue messages, in millions of messages
  #   maxQueueMessages: 100
  #   # maxSpoolUsage: max Spool Usage, in MB. Also ensure adequate storage.size parameter, use the calculator
  #   maxSpoolUsage: 1500
  #   # cpu: CPUs in cores
  #   cpu: 2
  #   # memory: host Virtual Memory
  #   memory: 3410Mi
  #   # maxKafkaBridgeCount: Maximum number of Kafka bridges
  #   maxKafkaBridgeCount: 0
  #   # maxKafkaBrokerConnectionCount: Maximum number of connections to Kafka brokers
  #   maxKafkaBrokerConnectionCount: 0
  #   # maxBridgeCount: Maximum number of bridges
  #   maxBridgeCount: 25
  #   # maxSubscriptionCount: Maximum number of subscriptions
  #   maxSubscriptionCount: 50000
  #   # maxGuaranteedMessageSize: Maximum guaranteed message size in MB
  #   maxGuaranteedMessageSize: 10

  # solace.podModifierEnabled=true enables modifying (reducing) CPU and memory resources for Monitoring nodes in an HA deployment
  # this must be provided and set to true to enable adjustments by the solace-pod-modifier admission plugin
  # podModifierEnabled: true

  # solace.size defines deployment scaling tier with max # of connections, see README for valid options
  #  dev uses minimum resources but performance is not guaranteed; use prod for production-ready
  # solace.size is IGNORED if solace.systemScaling is provided.
  size: prod1k

  # solace.usernameAdminPassword sets the password for the management user "admin".
  # If empty, a password will be autogenerated but note that for upgrade you need to
  #  obtain the generated password and provide it for each upgrade. 
  # Obtain the generated password from the deployment using
  #   kubectl get secret <release-name>-solace-secrets -o jsonpath="{.data.username_admin_password}" | base64 --decode
  # Note: This method passes the password as plain text in values.yaml, which is not recommended for production.
  usernameAdminPassword:

  # solace.usernameAdminPasswordSecretName specifies the name of an existing Kubernetes secret containing the admin password.
  # This is the recommended approach for production environments to avoid storing passwords in plain text.
  # If specified, this takes precedence over usernameAdminPassword.
  # The secret must contain a key named 'username_admin_password' with the admin password.
  # usernameAdminPasswordSecretName:

  # solace.timezone setting for the Solace Event Broker container, if undefined default is UTC. Valid values are tz database time zone names.
  # timezone: UTC

  # solace.extraEnvVars can be used to add extra environment variables to the Solace Event Broker container
  # Important: env variables defined here will not override the ones defined in solaceConfigMap
  # A primary use case is to specify configuration keys (Note that configuration keys are only evaluated upon initial startup)
  #  refer to: https://docs.solace.com/Configuring-and-Managing/SW-Broker-Specific-Config/Docker-Tasks/Config-SW-Broker-Container-Cfg-Keys.htm
  #extraEnvVars:
  #  - name: env_variable_name
  #    value: "env_variable_value"

  # solace.extraEnvVarsCM specifies the name of existing ConfigMap containing extra environment variables
  #extraEnvVarsCM: ""

  # solace.extraEnvVarsSecret specifies the name of existing Secret containing extra environment variables (in case of sensitive data)
  #extraEnvVarsSecret: ""

  # affinity can be added to statefulset pod to allow selecting subset of the nodes
  # set https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ for more details
  # example:
  #affinity:
  #  nodeAffinity:
  #    requiredDuringSchedulingIgnoredDuringExecution:
  #      nodeSelectorTerms:
  #      - matchExpressions:
  #        - key: nodepool
  #          operator: In
  #          values:
  #          - solace
  affinity: {}

  # tolerations are added to statefulset pods to enable running pods on tainted nodes
  # see https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ for more details
  # example:
  #tolerations:
  #- effect: NoSchedule
  #  key: nodepool
  #  operator: Equal
  #  value: solace
  tolerations: []

image:
  # Default repository
  repository: solace/solace-pubsub-standard
  # Recommending to use a specific version tag for production
  tag: latest

  # Specify if not using default IfNotPresent
  # pullPolicy: IfNotPresent

  # Provide an existing ImagePullSecret's name if using secure image repo.
  # pullSecretName:

securityContext:
  # securityContext.enabled=true sets the pod security context
  #   to defined securityContext.fsGroup (required) and runAsUser (optional)
  #   ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  enabled: true
  # fsGroup: expecting a number
  fsGroup: 1000002
  # runAsUser: expecting a number
  runAsUser: 1000001

# enableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to false.
enableServiceLinks: false

serviceAccount:
  # create=true will create a service account to be used for the deployment
  create: true
  # name if specified will be used as service account name - must exist if create=false
  # name:

tls:
  # Enable TLS, default is false (not enabled)
  enabled: false
  #
  # Name of the Secret that contains the certificates - required if TLS enabled, no default
  # serverCertificatesSecret: 'example-tls-secret'
  #
  # Certificate filename, default tls.crt
  # certFilename: 'tls.crt'
  #
  # Certificate Key filename, default tls.key
  # certKeyFilename: 'tls.key'

service:
  # service.type specifies how to expose the service: options include ClusterIP, NodePort, LoadBalancer (default if not specified)
  type: LoadBalancer

  # service.annotations allows to add provider-specific service annotations, see example below
  #annotations:
  #  networking.gke.io/load-balancer-type: "internal"

  # List here all ports to be exposed as external service.
  #    "containerPorts" (from the Solace Event Broker container) will be exposed as external "servicePorts",
  # Refer to the Solace documentation of Default Port Numbers for the containerPorts.
  ports:
      - servicePort: 2222
        containerPort: 2222
        protocol: TCP
        name: tcp-ssh
      - servicePort: 8080
        containerPort: 8080
        protocol: TCP
        name: tcp-semp
      - servicePort: 1943
        containerPort: 1943
        protocol: TCP
        name: tls-semp
      - servicePort: 55555
        containerPort: 55555
        protocol: TCP
        name: tcp-smf
      - servicePort: 55003
        containerPort: 55003
        protocol: TCP
        name: tcp-smfcomp
      - servicePort: 55443
        containerPort: 55443
        protocol: TCP
        name: tls-smf
      - servicePort: 55556
        containerPort: 55556
        protocol: TCP
        name: tcp-smfroute
      - servicePort: 8008
        containerPort: 8008
        protocol: TCP
        name: tcp-web
      - servicePort: 1443
        containerPort: 1443
        protocol: TCP
        name: tls-web
      - servicePort: 9000
        containerPort: 9000
        protocol: TCP
        name: tcp-rest
      - servicePort: 9443
        containerPort: 9443
        protocol: TCP
        name: tls-rest
      - servicePort: 5672
        containerPort: 5672
        protocol: TCP
        name: tcp-amqp
      - servicePort: 5671
        containerPort: 5671
        protocol: TCP
        name: tls-amqp
      - servicePort: 1883
        containerPort: 1883
        protocol: TCP
        name: tcp-mqtt
      - servicePort: 8883
        containerPort: 8883
        protocol: TCP
        name: tls-mqtt
      - servicePort: 8000
        containerPort: 8000
        protocol: TCP
        name: tcp-mqttweb
      - servicePort: 8443
        containerPort: 8443
        protocol: TCP
        name: tls-mqttweb

storage:
  # storage.persistent set to false will use ephemeral storage and the rest of the storage params will be ignored
  #  false is not recommended for production use
  persistent: true

  # storage.customVolumeMount enables specifying a YAML fragment how the data volume should be mounted.
  #   If customVolumeMount is defined the rest of the storage params will be ignored
  #   This example shows how to mount the Solace Event Broker data volume from an existing pvc "test-claim". Ensure to preserve indentation.
  # customVolumeMount: |
  #   persistentVolumeClaim:
  #     claimName: existing-pvc-name

  # storage.slow=true to indicate slow storage used, must be set for NFS. Default is false.
  # slow: true

  # storage.useStorageClass will be used if specified, verify it exists using `kubectl get sc`.
  # If not defined, the deployment will try to use the default storage class for the k8s cluster.
  # useStorageClass: standard

  # storage.size: refer to the System Resource Requirements in Solace documentation for minimum storage requirements
  size: 30Gi

  # storage.monitorStorageSize: if provided this will create and assign the minimum recommended storage to Monitor pods. For initial deployments only.
  monitorStorageSize: 1500M

  #storage.useStorageGroup: use a single mount point storage-group, as recommended from Solace Event Broker version 9.12
  #  if undefined or set to false, the legacy behavior is to individually mount storage-elements in subdirectories.
  #  Note: legacy mount still works for broker version 9.12 and later but may be deprecated in the future.
  # useStorageGroup: true

insights:
  # If set to true, this will enable the collection of metrics and logs for the Solace broker
  enabled: false

  environmentVariables:
    # API key for your Solace Insights subscription, available from the Solace Cloud Console. This value is required.
    INSIGHTS_AGENT_API_KEY: ""
    # Site location where broker metrics and logs will flow, available from the Solace Cloud Console. This value is required.
    INSIGHTS_AGENT_SITE: ""
    # Tags for metrics and logs, available from the Solace Cloud Console. This value is required.
    INSIGHTS_AGENT_TAGS: ""

  image:
    # Image repository for the Insights Agent container
    repository: gcr.io/gcp-maas-prod/solace-insights-agent
    # Image tag for the Insights Agent container
    tag: latest
    # Image pull secret name for the Insights Agent container. The pull secret is available from the Solace Cloud Console.
    pullSecretName: gcr-reg-secret

  resources:
    requests:
      # Minimum CPU resource required by the insights-agent container
      cpu: 200m
      # Minimum memory resource required by the insights-agent container
      memory: 256Mi
    limits:
      # Maximum CPU resource the insights-agent container can use
      cpu: 200m
      # Maximum memory resource the insights-agent container can use
      memory: 512Mi