values.yaml

# -- (`int`) The number of Pods to start up by default. If the
# `autoscaling.enabled` parameter is set, then this serves as the "start
# scale" for an application. Setting this to `null` prevents the setting from
# being applied at all in the PodSpec, leaving it to Kubernetes to use the
# default value (1). https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#replicas
replicaCount: 2

# -- (`int`) The default revisionHistoryLimit in Kubernetes is 10 - which is
# just really noisy. Set our default to 3. https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy
revisionHistoryLimit: 3

# -- Set up a PodDisruptionBudget for the Deployment. See
# https://kubernetes.io/docs/tasks/run-application/configure-pdb/ for more
# details.
podDisruptionBudget:
  maxUnavailable: 1

image:
  # -- (String) The Docker image name and repository for your application
  repository: nginx

  # -- (String) Always, Never or IfNotPresent
  pullPolicy: IfNotPresent

  # -- (String) Overrides the image tag whose default is the chart appVersion.
  tag: null

  # -- (String) Forcefully overrides the `image.tag` setting - this is useful
  # if you have an outside too that automatically updates the `image.tag`
  # value, but you want your application operators to be able to squash that
  # override themselves.
  forceTag: null

# -- The command run by the container. This overrides `ENTRYPOINT`. If not
# specified, the container's default entrypoint is used. The exact rules of how
# commadn and args are interpreted can be # found at:
# https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/
command: []

# -- The arguments passed to the command. If unspecified the container defaults
# are used. The exact rules of how commadn and args are interpreted can be #
# found at:
# https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/
args: []

# -- A list of 'volumes' that can be mounted into the Pod. See
# https://kubernetes.io/docs/concepts/storage/volumes/.
volumes: []

# -- A stringified list of 'volumes' similar to the `Values.volumes` parameter,
# but this one gets run through the `tpl` function so that you can use
# templatized values if you need to. See
# https://kubernetes.io/docs/concepts/storage/volumes/.
volumesString: ""
# eg:
#
# volumesString: |-
#   - name: test-html-mount
#     configMap:
#       name: "{{ include "nd-common.fullname" . }}-test-map"

# An optional proxy sidecar configuration is provided - but its a rough
# beginning here, it doesn't provide any real configuration for the proxy, so
# we expect that the proxy container is preconfigured (for example,
# Okta-proxy). In the future we'll add support in for creating ConfigMaps and
# Secrets that can be bound into the sidecar container for a more complete
# solution.
proxySidecar:
  # -- (Boolean) Enables injecting a pre-defined reverse proxy sidecar
  # container into the Pod containers list.
  enabled: false

  # -- (String) The name of the proxy sidecar container
  name: proxy

  image:
    # -- (String) The Docker image name and repository for the sidecar
    repository: nginx

    # -- (String) The Docker tag for the sidecar
    tag: latest

    # -- (String) Always, Never or IfNotPresent
    pullPolicy: IfNotPresent

  # -- Environment Variables for the primary container. These are all run
  # through the tpl function (the key name and value), so you can dynamically
  # name resources as you need.
  env: []

  # -- Pull all of the environment variables listed in a ConfigMap into the
  # Pod. See
  # https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables
  # for more details.
  envFrom: []

  # -- List of VolumeMounts that are applied to the proxySidecar container -
  # these must refer to volumes set in the `Values.volumes` parameter.
  volumeMounts: []

  # -- A PodSpec "Resources" object for the proxy container
  resources: {}

  # -- A PodSpec container "startupProbe" configuration object. Takes
  # precedence (overrides) whatever is set at the root-level probe
  startupProbe: null

  # -- A PodSpec container "livenessProbe" configuration object. Takes
  # precedence (overrides) whatever is set at the root-level probe
  livenessProbe: null

  # -- A PodSpec container "readinessProbe" configuration object. Takes
  # precedence (overrides) whatever is set at the root-level probe
  readinessProbe: null

# -- A PodSpec container "startupProbe" configuration object. Note that this
# startupProbe will be applied to the proxySidecar container instead if that
# is enabled.
startupProbe: null

# -- A PodSpec container "livenessProbe" configuration object. Note that this
# livenessProbe will be applied to the proxySidecar container instead if that
# is enabled.
livenessProbe: null

# -- A PodSpec container "readinessProbe" configuration object. Note that this
# readinessProbe will be applied to the proxySidecar container instead if that
# is enabled. This is **required**.
readinessProbe: null

# -- (`ContainerPort[]`) A list of Port objects that are exposed by the
# service. These ports are applied to the main container, or the proxySidecar
# container (if enabled). The port list is also used to generate Network
# Policies that allow ingress into the pods. See
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#containerport-v1-core
# for details.
#
# **Note: We have added an optional "port" field to this list that allows the
# user to override the Service Port (for example 80) that a client  connects
# to, without altering the Container Port (say, 8080) that is listening for
# connections.
ports:
  - name: http
    containerPort: 80
    protocol: TCP
    # Optional flag to override the client-facing port for service requests.
    port:

# -- Supply a reference to a Secret that can be used by Kubernetes to pull down
# the Docker image. This is only used in local development, in combination with
# our `kube_create_ecr_creds` function from dotfiles.
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
containerName: ""

serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""

# -- https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution
terminationGracePeriodSeconds: null

# -- Environment Variables for the primary container. These are all run
# through the tpl function (the key name and value), so you can dynamically
# name resources as you need.
env: []
  # Example
  # - name: VAR
  #   value: MyString
  #
  # - name: MY-DYNAMIC-VAR-{{ .Release.Name }}
  #   value:
  #     secretKeyRef:
  #       name: {{ .Release.Name }}-secret
  #       key: foo
  #

# -- Pull all of the environment variables listed in a ConfigMap into the
# Pod. See
# https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables
# for more details.
envFrom: []
  # Example:
  # - configMapRef:
  #     name: my-config-vars

# -- (`Map`) Map of environment variables to plaintext secrets, KMS, or Bitnami Sealed Secrets encrypted secrets.
secrets: {}

# -- (String) AWS region where the KMS key is located
kmsSecretsRegion:

# -- (String) Secrets Engine determines the type of Secret Resource that will be created (`KMSSecret`, `SealedSecret`, `Secret`). kms || sealed || plaintext are possible values.
secretsEngine: plaintext

# -- List of VolumeMounts that are applied to the application container -
# these must refer to volumes set in the `Values.volumes` parameter.
volumeMounts: []

# -- (`Map`) List of Labels to be added to the PodSpec
podLabels: {}

# -- (`Map`) List of Annotations to be added to the PodSpec
podAnnotations: {}

podSecurityContext: {}
  # fsGroup: 2000

# -- https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#min-ready-seconds
minReadySeconds: null

# -- https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#progress-deadline-seconds
progressDeadlineSeconds: null

# -- https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
deploymentStrategy: {}

# -- Before a pod gets terminated, Kubernetes sends a SIGTERM signal to every
# container and waits for period of time (10s by default) for all containers to
# exit gracefully. If your app doesn't handle the SIGTERM signal or if it
# doesn't exit within the grace period, Kubernetes will kill the container and
# any inflight requests that your app is processing will fail.
#
# Make sure you set this to SHORTER than the terminationGracePeriod (30s
# default) setting.
#
# https://docs.flagger.app/tutorials/zero-downtime-deployments#graceful-shutdown
preStopCommand:
  - /bin/sleep
  - '10'

securityContext: {}
  # capabilities:
  #   drop:
  #   - ALL
  # readOnlyRootFilesystem: true
  # runAsNonRoot: true
  # runAsUser: 1000

service:
  type: ClusterIP

  # -- (`string`) Optional override for the Service name. Can be used to create
  # a simpler more friendly service name that is not specific to the
  # application name.
  name:

# Configuration for creating a dedicated ALB for your service. This is
# acceptable - but not the preferred method (see the IngressGateway setup
# below).
ingress:
  enabled: false

  # -- Any annotations you wish to add to the ALB. See
  # https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/ingress/annotations/
  # for more details.
  annotations: {}

  # -- This setting configures the ALB to listen specifically to requests for
  # this hostname. It _also_ ties into the external-dns controller and
  # automatically provisions DNS hostnames matching this value (presuming that
  # they are allowed by the cluster settings).
  host: '{{ include "nd-common.fullname" . }}.{{ .Release.Namespace }}'

  # -- https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types
  pathType: Prefix

  # -- See the `ingress.pathType` setting documentation.
  path: '/'

  # -- If `true`, then this will annotate the Ingress with a special AWS ALB
  # Ingress Controller annotation that configures an SSL-redirect at the ALB
  # level.
  sslRedirect: true  # ties into "actions.ssl-redirect" above

  # -- This is the port "name" that the `Service` will point to on the backing
  # Pods. This value must match one of the values of `.name` in the
  # `Values.ports` configuration.
  portName: http

  # -- If set, this will override the `service.portName` parameter, and the
  # `Service` object will point specifically to this port number on the backing
  # Pods.
  port: null

# Configuration for creating a VirtualService inside the Istio Service Mesh
# Ingress Gateways. This is the preferred method for exposing a service because
# we have far greater visbility and granularity into the performance, it costs
# less, and deployments are actually faster this way.
virtualService:
  # -- (Boolean) Maps the Service to an Istio IngressGateway, exposing the
  # service outside of the Kubernetes cluster.
  enabled: false

  # -- Any annotations you wish to add to the `VirtualService` resource. See
  # https://istio.io/latest/docs/reference/config/annotations/ for more
  # details.
  annotations: {}

  # -- (`map`) If set, this will populate the corsPolicy setting for the
  # VirtualService. See
  # https://istio.io/latest/docs/reference/config/networking/virtual-service/#CorsPolicy
  # for more details.
  corsPolicy: {}

  # -- (`map[]`) A list of Istio `HTTPMatchRequest` objects that will be
  # applied to the VirtualService. This is the more advanced and customizable
  # way of controlling which paths get sent to your backend. These are added
  # _in addition_ to the `paths` or `path` settings. See
  # https://istio.io/latest/docs/reference/config/networking/virtual-service/#HTTPMatchRequest
  # for examples.
  matches: {}

  # -- A list of destination hostnames that this VirtualService will accept
  # traffic for. Multiple names can be listed here. See
  # https://istio.io/latest/docs/reference/config/networking/virtual-service/#VirtualService
  # for more details.
  hosts:
    - '{{ include "nd-common.fullname" . }}'

  # -- The name of the Istio `Gateway` resource that this `VirtualService`
  # will register with. You can get a list of the avaialable `Gateways` by
  # running `kubectl -n istio-system get gateways`. Not specifying a Gateway
  # means that you are creating a VirtualService routing definition only inside
  # of the Kubernetes cluster, which is totally reasonable if you want to do
  # that.
  #
  # Must be in the form of $namespace/$gateway. Eg,
  # "istio-system/default-gateway".
  gateways: []

  # Maintenance mode creates a specific fault injection within your VirtualService
  #
  # If enabled, the generic `faults` option below MUST be empty "{}" (as this creates a very
  # specified fault injection).
  #
  # Otherwise, we fail to render the chart.
  maintenanceMode:

    # -- (`bool`) Set to true if you want to create a specialized HTTP fault injection
    # that aborts the proxying of requests to your service. You can also set the HTTP response that
    # is returned when this mode is set.
    enabled: false

    # -- (`int`) The HTTP response code that is returned when maintenanceMode is enabled.
    httpStatus: 503


  # -- The default path prefix that the `VirtualService` will match requests
  # against to pass to the default `Service` object in this deployment.
  path: '/'

  # -- (`string[]`) List of optional path prefixes that the `VirtualService`
  # will use to match requests against and will pass to the `Service` object in
  # this deployment. This list replaces the `path` prefix above - use one or
  # the other, do not use both.
  paths: []

  # -- This is the backing Pod port _number_ to route traffic to. This must
  # match a `containerPort` in the `Values.ports` list.
  port: 80

  tls: ""

  # -- (`map`) Pass in an optional
  # [`HTTPRetry`](https://istio.io/latest/docs/reference/config/networking/virtual-service/#HTTPRetry)
  # configuration here to control how services retry their failed requests to
  # the backend service. The default behavior is to retry 2 times if a 503 is returned.
  retries: {}

  # -- (`map`) Pass in an optional
  # [`HTTPFaultInjection`](https://istio.io/latest/docs/reference/config/networking/virtual-service/#HTTPFaultInjection)
  # configuration here to specify faults such as delaying or aborting the proxying of requests to the service.
  #
  # If a configuration here is set, maintenanceMode.enabled MUST be set to 'false' (as that creates a very
  # specific fault injection).
  #
  # Otherwise, we fail to render the chart.
  fault: {}

resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi

# Enabling Horizontal Pod Autoscaling (HPA) ensures that your application
# scales up to meet demand.
autoscaling:
  # -- Controls whether or not an HorizontalPodAutoscaler resource is created.
  enabled: false

  # -- (`map`) Controls the way that the AutoScaler scales up and down. We use
  # this to control the speed in which the scaler responds to scaleUp and
  # scaleDown events. Explicitly set this to `null` to let Kubernetes set its
  # default policy.
  behavior:
    scaleUp:
      # -- (`int`) https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#stabilization-window
      #
      # The stabilization window is used to restrict the flapping of replica
      # count when the metrics used for scaling keep fluctuating. The
      # autoscaling algorithm uses this window to infer a previous desired
      # state and avoid unwanted changes to workload scale.
      #
      # For example, in the following example snippet, a stabilization window
      # is specified for scaleDown.
      #
      #   behavior:
      #     scaleDown:
      #       stabilizationWindowSeconds: 300
      #
      # When the metrics indicate that the target should be scaled down the
      # algorithm looks into previously computed desired states, and uses the
      # highest value from the specified interval. In the above example, all
      # desired states from the past 5 minutes will be considered.
      #
      # This approximates a rolling maximum, and avoids having the scaling
      # algorithm frequently remove Pods only to trigger recreating an
      # equivalent Pod just moments later.
      #
      stabilizationWindowSeconds: 0

      # -- (`string`) When evaluating the desired scale for the service, pick
      # from one of the below behaviors based on which one scales up the most
      # pods.
      #
      # So, when scaling from 1 pod, the pattern looks like this:
      #
      # 1 -> 5 -> 10 -> 20 -> 40 -> 80  (over 5 minutes)
      #
      selectPolicy: Max

      policies:
        # -- (`map`) Increase by no more than 4 pods per 60 seconds.
        #
        # Eg: 1 -> 5 -> 9 -> 13...
        - type: Pods
          value: 4
          periodSeconds: 60

        # -- (`map`) Increase by up to 100% of the pods per 60 seconds.
        #
        # Eg: 1 -> 2 -> 4 -> 8 -> 16...
        - type: Percent
          value: 100
          periodSeconds: 60

    scaleDown:
      # -- (`int`) https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#stabilization-window
      #
      # The stabilization window is used to restrict the flapping of replica
      # count when the metrics used for scaling keep fluctuating. The
      # autoscaling algorithm uses this window to infer a previous desired
      # state and avoid unwanted changes to workload scale.
      #
      # For example, in the following example snippet, a stabilization window
      # is specified for scaleDown.
      #
      #   behavior:
      #     scaleDown:
      #       stabilizationWindowSeconds: 300
      #
      # When the metrics indicate that the target should be scaled down the
      # algorithm looks into previously computed desired states, and uses the
      # highest value from the specified interval. In the above example, all
      # desired states from the past 5 minutes will be considered.
      #
      # This approximates a rolling maximum, and avoids having the scaling
      # algorithm frequently remove Pods only to trigger recreating an
      # equivalent Pod just moments later.
      #
      stabilizationWindowSeconds: 300

      # -- (`string`) Ensure that we can scale down up to 5 pods at a time, so
      # that our scale-down rate is graceful in general. We'd rather scale down
      # quickly than constantly be bouncing around.
      #
      # 50 -> 45 -> 40 -> 35 -> 30 -> 25 -> 20 -> 15 -> 12 -> 9 -> 7 -> 6 -> 5 -> 4 -> 3 -> 2 -> 1
      #
      selectPolicy: Min

      policies:
        # -- (`map`) Allow up to 5 pods to be removed within a 60 second window.
        - type: Pods
          value: 5
          periodSeconds: 60

        # -- (`map) On larger deployments, we want to limit the scale-down so
        # that we don't have to bounce too quickly back up if the scale-down
        # was too aggressive. Limit is 25% of the containers every minute.
        - type: Percent
          value: 25
          periodSeconds: 60

        # For record, this is the default policy:
        #
        # https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#default-behavior
        #
        # - type: Percent
        #   value: 100
        #   periodSeconds: 60

  # -- Sets the minimum number of Pods to run
  minReplicas: 1

  # -- Sets the maximum number of Pods to run
  maxReplicas: 100

  # -- Configures the HPA to target a particular CPU utilization percentage
  targetCPUUtilizationPercentage: 80

  # -- If supplied, configures the HPA to target a particular Memory utilization percentage
  # targetMemoryUtilizationPercentage: 80

# -- (`string`) If set, this value will be used in the .spec.nodeSelector to
# ensure that these pods specifically launch on the desired target Operating
# System. Must be set.
targetOperatingSystem: linux

# -- (`string`) If set, this value will be used in the .spec.nodeSelector to
# ensure that these pods specifically launch on the desired target host
# architecture. If set to null/empty-string, then this value will not be set.
targetArchitecture: amd64

# -- (`map`) A list of key/value pairs that will be added in to the
# nodeSelector spec for the pods.
nodeSelector: {}

tolerations: []

# -- (`string`) An array of custom TopologySpreadConstraint settings applied to
# the PodSpec within the Deployment. Each of these TopologySpreadObjects should
# conform to the
# [`pod.spec.topologySpreadConstraints`](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#api)
# API - but the `labelSelector` field should be left out, it will be inserted
# automatically for you.
topologySpreadConstraints: []

# -- (`string`) The topologyKey to use when asking Kubernetes to schedule the
# pods in a particular distribution. The default is to spread across zones
# evenly. Other options could be `kubernetes.io/hostname` to spread across EC2
# instances, or `node.kubernetes.io/instance-type` to spread across instance
# types for example.
topologyKey: topology.kubernetes.io/zone

# -- (`int`) The maxSkew setting applied to the default
# TopologySpreadConstraint if `enableTopologySpread` is set to `true`.
topologySkew: 1

# -- (`bool`) If set to `true`, then a default `TopologySpreadConstraint` will
# be created that forces your pods to be evenly distributed across nodes based
# on the `topologyKey` setting. The maximum skew between the spread is
# controlled with `topologySkew`.
enableTopologySpread: false

# -- (`string[]`) If supplied, an individual `Deployment` (and optional `HPA`)
# is created for each of the Availability Zone strings passed in. The default
# usage of this parameter would be to ensure that each AZ in your
# infrastructure has its own Deployment and HPA for scaling that is independent
# of the others. This is useful for services that are accessed by zone-aware
# clients, where the load may be imbalanced from one zone to another.
deploymentZones: []

# -- (`bool`) During the transition from (or to) individual zone deployment
# resources, flip this setting to `True` to enable the creation of BOTH the
# Zone-Aware AND Default Deployment resources. This ensures that during the
# rollover from one to the other configuration, you do not lose all of your
# pods.
deploymentZonesTransition: false

affinity: {}

# Monitoring configuration for metric scraping against the Prometheus-style
# metrics endpoint.
monitor:
  # -- (`bool`) If enabled, ServiceMonitor resources for Prometheus Operator
  # are created or if `Values.istio.enabled` is `True`, then the appropriate
  # Pod Annotations will be added for the istio-proxy sidecar container to
  # scrape the metrics.
  enabled: true

  # -- (`string`) Name of the port to scrape for metrics - this is the name of
  # the port that will be exposed in your `PodSpec` for scraping purposes.
  portName: http-metrics

  # -- (`int`) Number of the port to scrape for metrics - this port will be
  # exposed in your `PodSpec` to ensure it can be scraped.
  portNumber: 9090

  # -- (`string`) Path to scrape metrics from within your Pod.
  path: /metrics

  # -- (`map`) ServiceMonitor annotations.
  annotations: {}

  # -- Additional ServiceMonitor labels.
  labels: {}

  # -- ServiceMonitor scrape interval
  interval: null

  # -- (`int`) The maximum number of metrics that can be scraped - if there are
  # more than this, then scraping will fail entirely by Prometheus. This is
  # used as a circuit breaker to avoid blowing up Prometheus memory footprints.
  sampleLimit: 25000

  # -- ServiceMonitor scrape timeout in Go duration format (e.g. 15s)
  scrapeTimeout: null

  # -- ServiceMonitor relabel configs to apply to samples before scraping
  # https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
  relabelings: []

  # -- ServiceMonitor MetricRelabelConfigs to apply to samples before ingestion.
  # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
  metricRelabelings:
    # By default, drop the go_.* and process_.* metrics. These metrics are
    # usually not used, and cause a bunch of high cardinality data to be
    # stored.
    - sourceLabels: [__name__]
      regex: (go|process)_.*
      action: drop

  # -- (`enum: http, https`) ServiceMonitor will use http by default, but you can pick https as well
  scheme: http

  # -- ServiceMonitor will use these tlsConfig settings to make the health check requests
  tlsConfig: null

# Configuration that lets the chart know that it's operating inside of an Istio
# service mesh or not. If it is, certain defaults are applied to various Pod
# and other resource configurations.
istio:
  # -- (`bool`) Whether or not the service should be part of an Istio Service
  # Mesh. If this is turned on and `Values.monitor.enabled=true`, then the
  # Istio Sidecar containers will be configured to pull and merge the metrics
  # from the application, rather than creating a new `ServiceMonitor` object.
  enabled: true

  # -- (`list`) If supplied, this is a list of inbound TCP ports that are excluded
  # from being proxied by the Istio-proxy Envoy sidecar process. The
  # `.Values.monitor.portNumber` is already included by default.
  # The port values can either be integers or templatized strings.
  excludeInboundPorts: []

  # -- (`list`) If supplied, this is a list of outbound TCP ports that are excluded
  # from being proxied by the Istio-proxy Envoy sidecar process.
  # The port values can either be integers or templatized strings.
  excludeOutboundPorts: []

  # -- (`list <str>`) If supplied, this is the command that will be passed into
  # the `istio-proxy` sidecar container as a pre-stop function. This is used to
  # delay the shutdown of the istio-proxy sidecar in some way or another. Our
  # own default behavior is applied if this value is not set - which is that
  # the sidecar will wait until it does not see the application container
  # listening on any TCP ports, and then it will shut down.
  #
  # eg:
  # preStopCommand: [ /bin/sleep, "30" ]
  preStopCommand: null

  # -- (`bool`) If set to "True", then the Istio Metrics Merging system will be
  # turned on and Envoy will attempt to scrape metrics from the application pod
  # and merge them with its own. This defaults to False beacuse in most
  # environments we want to explicitly split up the metrics and collect Istio
  # metrics separate from Application metrics.
  metricsMerging: false

# -- (`string`) Set a different priority class to the pods, by default the default priority class is given to pods.
# Priority class could be used to prioritize pods over others and allow them to evict other pods with lower priorities.
priorityClassName: null

# Network access controls for the Pods in this application
network:
  # -- (`strings[]`) A list of namespaces that are allowed to access the Pods in
  # this application. If not supplied, then no `NetworkPolicy` or `AuthorizationPolicy`
  # is created, and your application may be isolated to itself. Note, enabling
  # `VirtualService` or `Ingress` configurations will create their own
  # dedicated `NetworkPolicy` resources, so this is only intended for internal
  # service-to-service communication grants.
  allowedNamespaces: []

  # -- (`bool`) If set to "True", then the NetworkPolicies will be opened up
  # and traffic auth will be managed by Istio's `AuthorizationPolicy` instead.
  #
  # This assumes your app is part of the Istio service mesh
  allowAll: false

# Configures labels and other parameters assuming that the Datadog Agent is
# installed on the underlying hosts and is part of the Kubernetes cluster.
datadog:
  # -- (`bool`) Whether or not the various datadog labels and options should be
  # included or not.
  enabled: true

  # -- (`string`) The "env" tag to configure for the application - this maps to
  # the Datadog environment concept for isolating traces/apm data. _We default
  # to not setting this, so that the Datadog Agent's own "ENV" setting is used
  # as the default behavior. Only override this in special cases._
  env: null

  # -- (`string`) If set, this configures the "service" tag. If this is not
  # set, the tag defaults to the `.Release.Name` for the application.
  service: null

  # -- (`bool`) If true, then we will configure the Datadog agent to scrape
  # metrics from the application pod via the values set in the
  # .Values.monitor.* map.
  scrapeMetrics: false

  # -- (`string`) The prefix to append to all metrics that are scraped by
  # Datadog. We set this to one common value so that common metrics (like
  # `istio_.*` or `go_.*`) are shared across all apps in Datadog for easier
  # dashboard creation as well as comparision between applications.
  metricsNamespace: eks

  # -- (`strings[]`) A list of strings that match the metric names that Datadog
  # should scrape from the endpoint. This defaults to `"*"` to tell it to
  # scrape ALL metrics - however, if your app exposes too many metrics (>
  # 2000), Datadog will drop them all on the ground.
  metricsToScrape:
    - '"*"'

  scrapeLogs:
    # -- (`bool`) If true, then it will enable application logging to datadog.
    enabled: true
    # -- (`string`) If set, this configures the "source" tag. If this is not
    # set, the tag defaults to the `.Release.Name` for the application.
    source: null
    # -- (`map[]`) A list of map that sets different log processing rules.
    # https://docs.datadoghq.com/agent/logs/advanced_log_collection/?tab=configurationfile
    processingRules: []

tests:
  connection:
    # -- Controls whether or not this Helm test component is enabled.
    enabled: true

    # -- The command used to trigger the test.
    command: ['curl', '--retry-connrefused', '--retry', '5']
    # -- A list of arguments passed into the command. These are run through the tpl function.
    args:
      - '{{ include "nd-common.fullname" . }}'
    # By default, we actually use the source-image for the main application as
    # the image for testing, This allows the image to contain its own "client"
    # (curl, in this example) for testing the application. Alternatively, you
    # can configure your own testing image.
    image:
      # -- Sets the image-name that will be used in the "connection"
      # integration test. If this is left empty, then the .image.repository
      # value will be used instead (and the .image.tag will also be used).
      # By default, prefer the latest official version to handle cases where the
      # app image provides either no curl binary or an outdated one.
      repository: curlimages/curl
      # -- Sets the tag that will be used in the "connection" integration test.
      # If this is left empty, the default is "latest"
      tag:

# -- The URL of the runbook for this service.
runbookUrl: https://github.com/Nextdoor/k8s-charts/blob/main/charts/simple-app/README.md

# Configure alerts for all istio VirtualServices in the namespace this chart is launched in.
# If you are launching a single copy of simple-app in a namespace, just leave this enabled
# to reproduce similar behavior to services launched on ECS with dedicated ALBs. For more
# complex scenarios, you may want to disable this, and have your application chart directly
# depend on istio-alerts.
istio-alerts:
  # -- (`bool`) Whether or not to enable the istio-alerts chart.
  enabled: true

# Container Alerting Rules
#
# These rules are designed to provide very basic but critical monitoring for
# the health of your containers and pods. More specific alerts can be created
# by you - but these apply to the pods and resources managed by this chart.
prometheusRules:
  # -- (`bool`) Whether or not to enable the prometheus-alerts chart.
  enabled: true

  # -- (`map`) Additional custom labels attached to every PrometheusRule
  additionalRuleLabels: {}

  # -- Monitors Pods for Containers that are terminated either for unexpected
  # reasons like ContainerCannotRun. If that number breaches the $threshold (1)
  # for $for (1m), then it will alert.
  PodContainerTerminated:
    severity: warning
    threshold: 0
    over: 10m
    for: 1m
    reasons:
      # - Error  < when a container is evicted gracefully, the "error" state is used.
      - ContainerCannotRun
      - DeadlineExceeded

  # -- Pod is in a CrashLoopBackOff state and is not becoming healthy.
  PodCrashLoopBackOff:
    severity: warning
    for: 10m

  # -- Pod has been in a non-ready state for more than a specific threshold
  PodNotReady:
    severity: warning
    for: 15m

  # -- Container is being throttled by the CGroup - needs more resources.
  # This value is appropriate for applications that are highly sensitive to
  # request latency. Insensitive workloads might need to raise this percentage
  # to avoid alert noise.
  CPUThrottlingHigh:
    severity: warning
    threshold: 5
    for: 15m

  # -- Pod container waiting longer than threshold
  ContainerWaiting:
    severity: warning
    for: 1h

  # -- Deployment generation mismatch due to possible roll-back
  DeploymentGenerationMismatch:
    severity: warning
    for: 15m

  # -- HPA has not matched descired number of replicas
  HpaReplicasMismatch:
    severity: warning
    for: 15m

  # -- HPA is running at max replicas
  HpaMaxedOut:
    severity: warning
    for: 15m

# Extra Containers
#
# Additional sidecar containers to include with the base application
# container. The container definitions can include template variables.
extraContainers: []


# Init Containers
#
# Containers to run before main application container is started.
# The container definitions can include template variables. See
# https://kubernetes.io/docs/concepts/workloads/pods/init-containers
# for more details.
initContainers: []