---
## Set default image, imageTag, and imagePullPolicy. 
## ref: https://hub.docker.com/_/postgres
##
image:
  repository: postgres
  tag: "11.5"
  pullPolicy: IfNotPresent

  ## Optionally specify an imagePullSecret.
  ## Secret must be manually created in the namespace.
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
  ##
  # pullSecret: myRegistrKeySecretName

## Expose the nifi service to be accessed from outside the cluster (LoadBalancer service).
## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it.
## ref: http://kubernetes.io/docs/user-guide/services/
##
service:
  type: ClusterIP
  annotations: {}
  ## clusterIP:

  ## Set the LoadBalancer service type to internal only.
  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
  ##
  # loadBalancerIP:

  ## Load Balancer sources
  ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
  ##
  # loadBalancerSourceRanges:
  # - 10.10.10.0/24

## Postgresql values
postgresql:
  username: dsmr
  password: dsmr
  database: dsmr
  port: 5432
  # initdbArgs 
  # initdbWalDir
  dataDir: /var/lib/postgresql/data
# extraEnv

  ## PostgreSQL configuration
  ## Specify runtime configuration parameters as a dict, using camelCase, e.g.
  ## {"sharedBuffers": "500MB"}
  ## Alternatively, you can put your postgresql.conf under the configs/ directory
  ## ref: https://www.postgresql.org/docs/current/static/runtime-config.html
  ##
  #  config: {"sharedBuffers": "500MB"}
  ## PostgreSQL client authentication configuration
  ## Specify content for pg_hba.conf
  ## Default: do not create pg_hba.conf
  ## Alternatively, you can put your pg_hba.conf under the files/ directory
  # pghba: |-
  #   local all all trust
  #   host all all localhost trust
  #   host mydatabase mysuser 192.168.0.0/24 md5
  #initdbscripts: |-
    #!/bin/sh
    #echo "helloworld"
  ## ConfigMap with PostgreSQL configuration
  ## NOTE: This will override postgresql.config and postgresql.pghba
  # configMap:

##
## Init containers parameters:
## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup
##
volumePermissions:
  enabled: true
  image:
    registry: docker.io
    repository: debian
    tag: buster-slim
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: Always
    ## Optionally specify an array of imagePullSecrets.
    ## Secrets must be manually created in the namespace.
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
    ##
    # pullSecrets:
    #   - myRegistryKeySecretName
  ## Init container Security Context
  securityContext:
    runAsUser: 0

## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
  enabled: true
  fsGroup: 1001
  runAsUser: 1001

ldap:
  enabled: false
  pgldapconfig: |-
    # Reference: https://github.com/larskanis/pg-ldap-sync/blob/master/config/sample-config.yaml
    # Connection parameters to LDAP server
    ldap_connection:
      host: example.com
      port: 389
      auth:
        method: :simple
        username: cn=admin,dc=example,dc=com
        password: -password-goes-here-

      # Search parameters for LDAP users which should be synchronized
    ldap_users:
      base: OU=People,dc=example,dc=com
      # LDAP filter (according to RFC 2254)
      # defines to users in LDAP to be synchronized
      filter: (&(objectClass=person)(objectClass=organizationalPerson)(givenName=*)(sn=*))
      # this attribute is used as PG role name
      name_attribute: sAMAccountName
      # lowercase name for use as PG role name
      lowercase_name: true
    ldap_groups:
        base: OU=people,dc=example,dc=com
        filter: (|(cn=group1)(cn=group2)(cn=group3))
        # this attribute is used as PG role name
        name_attribute: cn
        # this attribute must reference to all member DN's of the given group
        member_attribute: member
    # Connection parameters to PostgreSQL server
    # see also: http://rubydoc.info/gems/pg/PG/Connection#initialize-instance_method
    pg_connection:
      host: 
      dbname: postgres # the db name is usually "postgres"
      user: postgres # the user name is usually "postgres"
      password: postgres # kubectl get secret --namespace fadi <pod_name> -o jsonpath="{.data.postgresql-password}" | base64 --decode
    pg_users:
      # Filter for identifying LDAP generated users in the database.
      # It's the WHERE-condition to "SELECT rolname, oid FROM pg_roles"
      filter: rolcanlogin AND NOT rolsuper
      # Options for CREATE RULE statements
      create_options: LOGIN
    pg_groups:
      # Filter for identifying LDAP generated groups in the database.
      # It's the WHERE-condition to "SELECT rolname, oid FROM pg_roles"
      filter: NOT rolcanlogin AND NOT rolsuper
      # Options for CREATE RULE statements
      create_options: NOLOGIN
      grant_options:

  cron:
    schedule: "*/1 * * * *"
    repo: ceticasbl/pg-ldap-sync
    tag: latest
    restartPolicy: Never
    mountPath: /workspace
    subPath: ""

## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
  enabled: true
  mountPath: /var/lib/postgresql
  subPath: ""
  accessModes:  [ReadWriteOnce]
  ## Storage Capacity for persistent volume
  size: 10Gi
  annotations: {}
  existingClaim: nfs-postgres-claim

## Configure liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
##
#readinessProbe:
#  httpGet:
#    path: /
#    port: http
#  initialDelaySeconds: 60
#  periodSeconds: 15
#  timeoutSeconds: 10
#livenessProbe:
#   httpGet:
#     path: /
#     port: http
#   initialDelaySeconds: 60
#   periodSeconds: 30
#   timeoutSeconds: 10

## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##

## initdb scripts
## Specify dictionary of scripts to be run at first boot
## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory
##
resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #  cpu: 100m
  #  memory: 128Mi
  # requests:
  #  cpu: 100m
  #  memory: 128Mi

nodeSelector: {}
tolerations: []