# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
---
image:
  registry: {{ .Values.global.imageRegistry | default .Values.images.umsNotificationsApi.registry | quote }}
  repository: {{ .Values.images.umsNotificationsApi.repository }}
  pullPolicy: {{ .Values.global.imagePullPolicy }}
  tag: {{ .Values.images.umsNotificationsApi.tag }}
  pullSecrets:
    {{- range .Values.global.imagePullSecrets }}
    - name: {{ . | quote }}
    {{- end }}

notificationsapi:
  apply_database_migrations: "True"
  dev_mode: "False"
  environment: "staging"
  log_level: "DEBUG"
  sql_echo: "False"
  api_prefix: "/univention/portal/notifications-api"

postgresql:
  bundled: false
  connection:
    host: {{ .Values.databases.umsNotificationsApi.host | quote }}
    port: {{ .Values.databases.umsNotificationsApi.port | quote }}
  auth:
    username: {{ .Values.databases.umsNotificationsApi.username | quote }}
    database: {{ .Values.databases.umsNotificationsApi.name | quote }}
    password: {{ .Values.databases.umsNotificationsApi.password | default .Values.secrets.postgresql.umsNotificationsApiUser | quote }}
    existingSecret: "ums-notifications-api-postgresql-credentials"

resources:
  {{ .Values.resources.umsNotificationsApi | toYaml | nindent 2 }}

securityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - "ALL"
  privileged: false
  seccompProfile:
    type: "RuntimeDefault"
  readOnlyRootFilesystem: false
  runAsUser: 1000
  runAsGroup: 1000
  runAsNonRoot: false
  seLinuxOptions:
    {{ .Values.seLinuxOptions.umsNotificationsApi | toYaml | nindent 4 }}

extraSecrets:
  - name: ums-notifications-api-postgresql-credentials
    stringData:
      password: {{ .Values.databases.umsNotificationsApi.password | default .Values.secrets.postgresql.umsNotificationsApiUser | quote }}
...