# Declare variables to be passed into your templates.
## @section Global
## @param nameOverride Individual release name suffix.
## @param fullnameOverride Override the complete release name logic.
nameOverride: ""
fullnameOverride: ""

## @section Configuration
config:
  webConfig:
    ## @param config.webConfig.existingSecret.enabled Mount an existing secret containing the key `webConfig.yaml`.
    ## @param config.webConfig.existingSecret.secretName Name of the existing secret containing the key `webConfig.yaml`.
    existingSecret:
      enabled: false
      secretName: ""

    ## @param config.webConfig.secret.annotations Additional annotations of the secret containing the `webConfig.yaml`.
    ## @param config.webConfig.secret.labels Additional labels of the secret containing the `webConfig.yaml`.
    ## @param config.webConfig.secret.webConfig Content of the `webConfig.yaml`.
    ## @skip config.webConfig.secret.webConfig Skip individual web configuration.
    secret:
      annotations: {}
      labels: {}
      webConfig: {}
        # basic_auth_users:
        #   prom: <bcrypted password>
        # http_server_config:
        #   http2: true
        # tls_server_config:
        #   cert_file: /path/to/cert.pem
        #   client_allowed_sans:
        #   - fail2ban.example.local
        #   client_ca_file: /path/to/ca.pem
        #   key_file: /path/to/key.pem
        #   max_version: TLS13
        #   min_version: TLS12

## @section Daemonset
daemonSet:
  ## @param daemonSet.annotations Additional deployment annotations.
  ## @param daemonSet.labels Additional deployment labels.
  annotations: {}
  labels: {}

  ## @param daemonSet.additionalContainers List of additional containers.
  additionalContainers: []
  # - command: [ "sh", "-c", "echo hello world" ]
  #   image: "docker.io/library/busybox:latest"
  #   name: side-car

  ## @param daemonSet.affinity Affinity for the fail2ban-exporter daemonSet.
  affinity: {}
    # nodeAffinity:
    #   requiredDuringSchedulingIgnoredDuringExecution:
    #     nodeSelectorTerms:
    #     - matchExpressions:
    #       - key: kubernetes.io/os
    #         operator: In
    #         values:
    #         - linux
    #   preferredDuringSchedulingIgnoredDuringExecution:
    #   - weight: 20
    #     preference:
    #       matchExpressions:
    #       - key: kubernetes.io/arch
    #         operator: In
    #         values:
    #         - amd64

  ## @param daemonSet.initContainers List of additional init containers.
  initContainers: []
  # - command: [ "sh", "-c", "echo hello world" ]
  #   image: "docker.io/library/busybox:latest"
  #   name: init

  ## @param daemonSet.dnsConfig dnsConfig of the fail2ban-exporter daemonSet.
  dnsConfig: {}
    # nameservers:
    # - 192.0.2.1 # this is an example
    # searches:
    # - ns1.svc.cluster-domain.example
    # - my.dns.search.suffix
    # options:
    # - name: ndots
    #   value: "2"
    # - name: edns0

  ## @param daemonSet.dnsPolicy dnsPolicy of the fail2ban-exporter daemonSet.
  dnsPolicy: ""

  ## @param daemonSet.hostname Individual hostname of the pod.
  ## @param daemonSet.subdomain Individual domain of the pod.
  hostname: ""
  subdomain: ""

  ## @param daemonSet.hostNetwork Use the kernel network namespace of the host system.
  hostNetwork: false

  ## @param daemonSet.imagePullSecrets Secret to use for pulling the image.
  imagePullSecrets: []
  # - name: "my-custom-secret"

  fail2banExporter:
    ## @param daemonSet.fail2banExporter.args Arguments passed to the fail2ban-exporter container.
    args: []

    ## @param daemonSet.fail2banExporter.env List of environment variables for the fail2ban-exporter container.
    env: []
    # - name: SPECIAL_ENV_A
    #   value: special-key
    # - name: SPECIAL_ENV
    #   valueFrom:
    #     configMapKeyRef:
    #       name: special-config
    #       key: special-key
    # - name: SPECIAL_ENV
    #   valueFrom:
    #     secretKeyRef:
    #       name: special-secret
    #       key: special-key

    ## @param daemonSet.fail2banExporter.envFrom List of environment variables mounted from configMaps or secrets for the fail2ban-exporter container.
    envFrom: []
    # - configMapRef:
    #     name: special-config
    # - secretRef:
    #     name: special-secret

    ## @param daemonSet.fail2banExporter.image.registry Image registry, eg. `docker.io`.
    ## @param daemonSet.fail2banExporter.image.repository Image repository, eg. `library/busybox`.
    ## @param daemonSet.fail2banExporter.image.tag Custom image tag, eg. `0.1.0`. Defaults to `appVersion`.
    ## @param daemonSet.fail2banExporter.image.pullPolicy Image pull policy.
    image:
      registry: git.cryptic.systems
      repository: volker.raschek/prometheus-fail2ban-exporter
      tag: ""
      pullPolicy: IfNotPresent

    ## @param daemonSet.fail2banExporter.resources CPU and memory resources of the pod.
    resources: {}
      # limits:
      #   cpu:
      #   ephemeral-storage:
      #   memory:
      # requests:
      #   cpu:
      #   ephemeral-storage:
      #   memory:

    ## @param daemonSet.fail2banExporter.securityContext Security context of the container of the daemonSet.
    securityContext: {}
      # capabilities:
      #   add:
      #   - NET_RAW
      #   drop:
      #   - ALL
      # privileged: false
      # readOnlyRootFilesystem: true
      # runAsNonRoot: true
      # runAsUser: 1000

    ## @param daemonSet.fail2banExporter.volumeMounts Additional volume mounts.
    ## @skip daemonSet.fail2banExporter.volumeMounts Skip individual volume mounts configuration.
    volumeMounts:
    - name: socket
      mountPath: /var/run/fail2ban

  ## @param daemonSet.nodeSelector NodeSelector of the fail2ban-exporter daemonSet.
  nodeSelector: {}

  ## @param daemonSet.priorityClassName PriorityClassName of the fail2ban-exporter daemonSet.
  priorityClassName: ""

  ## @param daemonSet.restartPolicy Restart policy of the fail2ban-exporter daemonSet.
  restartPolicy: ""

  ## @param daemonSet.securityContext Security context of the fail2ban-exporter daemonSet.
  securityContext: {}
    # fsGroup: 2000

  ## @param daemonSet.updateStrategy.rollingUpdate.maxSurge The maximum number of pods that can be scheduled above the desired number of pods during a rolling update.
  ## @param daemonSet.updateStrategy.rollingUpdate.maxUnavailable The maximum number of pods that can be unavailable during a rolling update.
  ## @param daemonSet.updateStrategy.type Strategy type - `OnDelete` or `RollingUpdate`.
  updateStrategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
    type: "RollingUpdate"

  ## @param daemonSet.terminationGracePeriodSeconds How long to wait until forcefully kill the pod.
  terminationGracePeriodSeconds: 60

  ## @param daemonSet.tolerations Tolerations of the fail2ban-exporter daemonSet.
  tolerations: []
  # - key: database/type
  #   operator: Equal
  #   value: fail2ban
  #   effect: NoSchedule

  ## @param daemonSet.topologySpreadConstraints TopologySpreadConstraints of the fail2ban-exporter daemonSet.
  topologySpreadConstraints: []
  # - topologyKey: kubernetes.io/hostname
  #   whenUnsatisfiable: DoNotSchedule
  #   labelSelector:
  #     matchLabels:
  #       app.kubernetes.io/instance: prometheus-fail2ban-exporter

  ## @param daemonSet.volumes Additional volumes to mount into the pods of the prometheus-exporter daemonset.
  ## @skip daemonSet.volumes Skip individual volumes configuration.
  volumes:
  - name: socket
    hostPath:
      path: /var/run/fail2ban
      type: Directory
  # - name: my-configmap-volume
  #   config:
  #     name: my-configmap
  # - name: my-secret-volume
  #   secret:
  #     secretName: my-secret

## @section Grafana
## @param grafana.enabled Enable integration into Grafana. Require the Prometheus operator daemonSet.
grafana:
  enabled: false

  ## @param grafana.dashboardDiscoveryLabels Labels that Grafana uses to discover resources. The labels may vary depending on the Grafana daemonSet.
  ## @skip grafana.dashboardDiscoveryLabels Skip individual configuration.
  dashboardDiscoveryLabels:
    grafana_dashboard: "1"

  dashboards:
    ## @param grafana.dashboards.fail2banExporter.enabled Enable deployment of Grafana dashboard `fail2banExporter`.
    ## @param grafana.dashboards.fail2banExporter.annotations Additional configmap annotations.
    ## @param grafana.dashboards.fail2banExporter.labels Additional configmap labels.
    fail2banExporter:
      enabled: true
      annotations: {}
      labels: {}

## @section Ingress
ingress:
  ## @param ingress.enabled Enable creation of an ingress resource. Requires, that the http service is also enabled.
  ## @param ingress.className Ingress class.
  ## @param ingress.annotations Additional ingress annotations.
  ## @param ingress.labels Additional ingress labels.
  enabled: false
  className: "nginx"
  annotations: {}
  labels: {}

  ## @param ingress.hosts Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k.
  ## @skip ingress.hosts Skip individual host configuration.
  hosts: []
  # - host: fail2ban-exporter.example.local
  #   paths:
  #   - path: /
  #     pathType: Prefix

  ## @param ingress.tls Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``.
  ## @skip ingress.tls Skip individual TLS configuration.
  tls: []
  # - secretName: fail2ban-exporter-http-tls
  #   hosts:
  #   - fail2ban-exporter.example.local

## @section Pod disruption
## @param podDisruptionBudget Pod disruption budget.
podDisruptionBudget: {}
#  maxUnavailable: 1
#  minAvailable: 1

## @section Network
## @param networkPolicies Deploy network policies based on the used container network interface (CNI) implementation - like calico or weave.
networkPolicies: {}

## @section Prometheus
prometheus:
  ## @param prometheus.metrics.enabled Enable of scraping metrics by Prometheus.
  metrics:
    enabled: true

    ## @param prometheus.metrics.podMonitor.enabled Enable creation of a podMonitor. Excludes the existence of a serviceMonitor resource.
    ## @param prometheus.metrics.podMonitor.annotations Additional podMonitor annotations.
    ## @param prometheus.metrics.podMonitor.enableHttp2 Enable HTTP2.
    ## @param prometheus.metrics.podMonitor.followRedirects FollowRedirects configures whether scrape requests follow HTTP 3xx redirects.
    ## @param prometheus.metrics.podMonitor.honorLabels Honor labels.
    ## @param prometheus.metrics.podMonitor.labels Additional podMonitor labels.
    ## @param prometheus.metrics.podMonitor.interval Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used.
    ## @param prometheus.metrics.podMonitor.path HTTP path for scraping Prometheus metrics.
    ## @param prometheus.metrics.podMonitor.relabelings RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields.
    ## @param prometheus.metrics.podMonitor.scrapeTimeout Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used.
    ## @param prometheus.metrics.podMonitor.scheme HTTP scheme to use for scraping. For example `http` or `https`.
    ## @param prometheus.metrics.podMonitor.tlsConfig TLS configuration to use when scraping the metric endpoint by Prometheus.
    ## @skip prometheus.metrics.podMonitor.tlsConfig Skip individual TLS configuration.
    podMonitor:
      enabled: false
      annotations: {}
      enableHttp2: true
      followRedirects: false
      honorLabels: false
      labels: {}
      interval: "60s"
      path: "/metrics"
      relabelings: []
      scrapeTimeout: "30s"
      scheme: "http"
      tlsConfig: {}

    ## @param prometheus.metrics.serviceMonitor.enabled Enable creation of a serviceMonitor. Excludes the existence of a podMonitor resource.
    ## @param prometheus.metrics.serviceMonitor.annotations Additional serviceMonitor annotations.
    ## @param prometheus.metrics.serviceMonitor.labels Additional serviceMonitor labels.
    ## @param prometheus.metrics.serviceMonitor.enableHttp2 Enable HTTP2.
    ## @param prometheus.metrics.serviceMonitor.followRedirects FollowRedirects configures whether scrape requests follow HTTP 3xx redirects.
    ## @param prometheus.metrics.serviceMonitor.honorLabels Honor labels.
    ## @param prometheus.metrics.serviceMonitor.interval Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used.
    ## @param prometheus.metrics.serviceMonitor.path HTTP path for scraping Prometheus metrics.
    ## @param prometheus.metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields.
    ## @param prometheus.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used.
    ## @param prometheus.metrics.serviceMonitor.scheme HTTP scheme to use for scraping. For example `http` or `https`.
    ## @param prometheus.metrics.serviceMonitor.tlsConfig TLS configuration to use when scraping the metric endpoint by Prometheus.
    ## @skip prometheus.metrics.serviceMonitor.tlsConfig Skip individual TLS configuration.
    serviceMonitor:
      enabled: false
      annotations: {}
      labels: {}
      enableHttp2: true
      followRedirects: false
      honorLabels: false
      interval: "60s"
      path: "/metrics"
      relabelings: []
      scrapeTimeout: "30s"
      scheme: "http"
      tlsConfig: {}

  ## @param prometheus.rules Array of Prometheus rules for monitoring the application and triggering alerts.
  ## @skip prometheus.rules Skip individual Prometheus rules.
  rules: []

## @section Service
## @param services.http.enabled Enable the service.
## @param services.http.annotations Additional service annotations.
## @param services.http.externalIPs External IPs for the service.
## @param services.http.externalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation.
## @param services.http.internalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic.
## @param services.http.ipFamilies IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization.
## @param services.http.labels Additional service labels.
## @param services.http.loadBalancerClass LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`.
## @param services.http.loadBalancerIP LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`.
## @param services.http.loadBalancerSourceRanges Source range filter for LoadBalancer. Requires service from type `LoadBalancer`.
## @param services.http.port Port to forward the traffic to.
## @param services.http.sessionAffinity Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`.
## @param services.http.sessionAffinityConfig Contains the configuration of the session affinity.
## @param services.http.type Kubernetes service type for the traffic.
services:
  http:
    enabled: true
    annotations: {}
    externalIPs: []
    externalTrafficPolicy: "Cluster"
    internalTrafficPolicy: "Cluster"
    ipFamilies: []
    labels: {}
    loadBalancerClass: ""
    loadBalancerIP: ""
    loadBalancerSourceRanges: []
    port: 9191
    sessionAffinity: "None"
    sessionAffinityConfig: {}
    type: "ClusterIP"

## @section ServiceAccount
serviceAccount:
  ## @param serviceAccount.existing.enabled Use an existing service account instead of creating a new one. Assumes that the user has all the necessary kubernetes API authorizations.
  ## @param serviceAccount.existing.serviceAccountName Name of the existing service account.
  existing:
    enabled: false
    serviceAccountName: ""

  ## @param serviceAccount.new.annotations Additional service account annotations.
  ## @param serviceAccount.new.labels Additional service account labels.
  ## @param serviceAccount.new.automountServiceAccountToken Enable/disable auto mounting of the service account token.
  ## @param serviceAccount.new.imagePullSecrets ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this serviceAccount.
  ## @param serviceAccount.new.secrets Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount.
  new:
    annotations: {}
    labels: {}
    automountServiceAccountToken: true
    imagePullSecrets: []
    # - name: "my-image-pull-secret"
    secrets: []
    # - name: "my-secret"
    #   namespace: "my-namespace"
    #   fieldPath: "my-field"