[
  {
    "path": ".github/ISSUE_TEMPLATE.md",
    "content": "<!-- Thanks for filing an issue!\nBefore hitting the button, please answer these questions.\nIt's helpful to search the existing GitHub issues first.\nIt's likely that another user has already reported the issue you're facing,\nor it's a known issue that we're already aware of-->\n\n**Is this a request for help?**:\n\n---\n\n**Is this a BUG REPORT or FEATURE REQUEST?** (choose one):\n\n<!--\nIf this is a BUG REPORT, please:\n  - Fill in as much of the template below as you can.  If you leave out\n    information, we can't help you as well.\n\nIf this is a FEATURE REQUEST, please:\n  - Describe *in detail* the feature/behavior/change you'd like to see.\n\nIn both cases, be ready for followup questions, and please respond in a timely\nmanner.  If we can't reproduce a bug or think a feature already exists, we\nmight close your issue.  If we're wrong, PLEASE feel free to reopen it and\nexplain why.\n-->\n\n**Version of Helm and Kubernetes**:\n\n\n**Which chart in which version**:\n\n\n**What happened**:\n\n\n**What you expected to happen**:\n\n\n**How to reproduce it** (as minimally and precisely as possible):\n\n\n**Anything else we need to know**:\n"
  },
  {
    "path": ".github/PULL_REQUEST_TEMPLATE.md",
    "content": "<!--\nThank you for contributing to kiwigrid/charts. Before you submit this PR we'd like to\nmake sure you are aware of our technical requirements and best practices:\n\n* https://github.com/helm/charts/blob/master/CONTRIBUTING.md#technical-requirements\n* https://github.com/helm/helm/tree/master/docs/chart_best_practices\n\nFor a quick overview across what we will look at reviewing your PR, please read\nour review guidelines:\n\n* https://github.com/helm/charts/blob/master/REVIEW_GUIDELINES.md\n\nFollowing our best practices right from the start will accelerate the review process and\nhelp get your PR merged quicker.\n\nWhen updates to your PR are requested, please add new commits and do not squash the\nhistory. This will make it easier to identify new changes. The PR will be squashed\nanyways when it is merged. Thanks.\n\nFor fast feedback, please @-mention maintainers that are listed in the Chart.yaml file.\n\nPlease make sure you test your changes before you push them. Once pushed, a Github Action\nwill run across your changes and do some initial checks and linting. These checks run\nvery quickly. Please check the results. We would like these checks to pass before we\neven continue reviewing your changes.\n-->\n\n#### What this PR does / why we need it:\n\n\n#### Which issue this PR fixes\n*(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*\n  - fixes #\n\n\n#### Special notes for your reviewer:\n\n\n#### Checklist\n[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]\n- [ ] [DCO](https://developercertificate.org) signed\n- [ ] Chart Version bumped (if the pr is an update to an existing chart)\n- [ ] Variables are documented in the README.md\n- [ ] Title of the PR starts with chart name (e.g. `[fluentd-elasticsearch]`)\n"
  },
  {
    "path": ".github/check-for-chart-changes.sh",
    "content": "#!/bin/bash\n#\n# check for chart changes to speedup ci\n#\n\nset -x\nset -o errexit\nset -o pipefail\n\necho \"Check for chart changes to speedup ci...\"\n\nCHART_CHANGES=\"$(git diff --find-renames --name-only \"$(git rev-parse --abbrev-ref HEAD)\" remotes/origin/master -- charts)\"\n\nif [ -z \"${CHART_CHANGES}\" ]; then\n  echo -e \"\\n\\n Error! No chart changes detected! Exiting... \\n\"\n  exit 1\nelse\n  echo -e \"\\nChanges found in:\"\n  echo \"${CHART_CHANGES}\"\n  echo -e \"\\nContinue with next job... \\n\"\nfi\n"
  },
  {
    "path": ".github/config.yml",
    "content": "# Configuration for request-info - https://github.com/behaviorbot/request-info\n\n# *OPTIONAL* Comment to reply with\n# Can be either a string :\n# requestInfoReplyComment: >\n#   We would appreciate it if you could provide us with more info about this issue/pr!\n\n# Or an array:\nrequestInfoReplyComment:\n - Ah no! young blade! That was a trifle short!\n - Tell me more !\n - I am sure you can be more effusive ;-)\n\n# *OPTIONAL* default titles to check against for lack of descriptiveness\n# MUST BE ALL LOWERCASE\nrequestInfoDefaultTitles:\n  - Update README.md\n\n# *OPTIONAL* Label to be added to Issues and Pull Requests with insufficient information given\nrequestInfoLabelToAdd: needs-more-info\n\n# *OPTIONAL* Require Issues to contain more information than what is provided in the issue templates\n# Will fail if the issue's body is equal to a provided template\ncheckIssueTemplate: true\n\n# *OPTIONAL* Require Pull Requests to contain more information than what is provided in the PR template\n# Will fail if the pull request's body is equal to the provided template\ncheckPullRequestTemplate: true\n\n# # *OPTIONAL* Only warn about insufficient information on these events type\n# # Keys must be lowercase. Valid values are 'issue' and 'pullRequest'\n# requestInfoOn:\n#   pullRequest: true\n#   issue: true\n\n# # *OPTIONAL* Add a list of people whose Issues/PRs will not be commented on\n# # keys must be GitHub usernames\n# requestInfoUserstoExclude:\n#   - monotek\n#   - axdotl\n"
  },
  {
    "path": ".github/ct.yaml",
    "content": "helm-extra-args: --timeout 1200s\ncheck-version-increment: true\ndebug: true\nchart-repos:\n  - kiwigrid=https://kiwigrid.github.io/\n  - minio=https://helm.min.io\n"
  },
  {
    "path": ".github/deploy-chart.sh",
    "content": "#!/bin/bash\n#\n# deploy kiwigrid charts to kiwigrid.github.io\n#\n\nset -x\nset -o errexit\nset -o pipefail\n\nCHART_DIR=\"charts\"\nCHART_REPO=\"git@github.com:kiwigrid/kiwigrid.github.io.git\"\nREPO_DIR=\"kiwigrid.github.io\"\nREPO_ROOT=\"$(git rev-parse --show-toplevel)\"\nTMP_DIR=\"tmp\"\n# needed for github actions as home dir would be /github/home/ otherwise\nHOME=\"/home/gkh\"\n\n# ssh config\nmkdir -p /home/gkh/.ssh\necho \"${SSH_PRIVATE_KEY}\" > /home/gkh/.ssh/id_rsa\nchmod 600 /home/gkh/.ssh/id_rsa\nssh-keyscan github.com >> /home/gkh/.ssh/known_hosts\n\n# get kiwigrid.github.io\ntest -d \"${REPO_ROOT}\"/\"${REPO_DIR}\" && rm -rf \"${REPO_ROOT:=?}\"/\"${REPO_DIR:=?}\"\ngit clone \"${CHART_REPO}\" \"${REPO_ROOT}\"/\"${REPO_DIR}\"\n\n# get not builded charts\nwhile read -r FILE; do\n  echo \"check file ${FILE}\"\n  if [ ! -f \"${REPO_ROOT}/${REPO_DIR}/$(yq r - name < \"${FILE}\")-$(yq r - version < \"${FILE}\").tgz\" ]; then\n    echo \"append chart ${FILE}\"\n    CHARTS=\"${CHARTS} $(yq r - name < \"${FILE}\")\"\n  fi\ndone < <(find \"${REPO_ROOT}/${CHART_DIR}\" -maxdepth 2 -mindepth 2 -type f -name \"[Cc]hart.yaml\")\n\nif [ -z \"${CHARTS}\" ]; then\n  echo \"no chart changes... so no chart build and upload needed... exiting...\"\n  exit 0\nfi\n\n# set original file dates\n(\ncd \"${REPO_ROOT}\"/\"${REPO_DIR}\" || exit\nwhile read -r FILE; do\n  ORG_FILE_TIME=$(git log --pretty=format:%cd --date=format:'%y%m%d%H%M' \"${FILE}\" | tail -n 1)\n  echo \"set original time ${ORG_FILE_TIME} to ${FILE}\"\n  touch -c -t \"${ORG_FILE_TIME}\" \"${FILE}\"\ndone < <(git ls-files charts)\n)\n\n# preserve dates in index.yaml by moving old charts and index out of the repo before packaging the new version\nmkdir -p \"${REPO_ROOT}\"/\"${TMP_DIR}\"\nmv \"${REPO_ROOT}\"/\"${REPO_DIR}\"/index.yaml \"${REPO_ROOT}\"/\"${TMP_DIR}\" || true\nmv \"${REPO_ROOT}\"/\"${REPO_DIR}\"/*.tgz \"${REPO_ROOT}\"/\"${TMP_DIR}\"\n\n#add helm repos\nif ! helm repo list | grep -q \"^stable\"; then\n  helm repo add stable https://kubernetes-charts.storage.googleapis.com\nfi\nhelm repo add kiwigrid https://kiwigrid.github.io\nhelm repo add minio https://helm.min.io\nhelm repo update\n\n# build helm dependencies for all charts\nfind \"${REPO_ROOT}\"/\"${CHART_DIR}\" -mindepth 1 -maxdepth 1 -type d -exec helm dependency build {} \\;\n\n# package only changed charts\nfor CHART in ${CHARTS}; do\n  echo \"building ${CHART} chart...\"\n  helm package \"${REPO_ROOT}\"/\"${CHART_DIR}\"/\"${CHART}\" --destination \"${REPO_ROOT}\"/\"${REPO_DIR}\"\ndone\n\n# Create index and merge with previous index which contains the non-changed charts\nhelm repo index --merge \"${REPO_ROOT}\"/\"${TMP_DIR}\"/index.yaml --url https://\"${REPO_DIR}\" \"${REPO_ROOT}\"/\"${REPO_DIR}\"\n\n# move old charts back into git repo\nmv \"${REPO_ROOT}\"/\"${TMP_DIR}\"/*.tgz \"${REPO_ROOT}\"/\"${REPO_DIR}\"\n\n# push changes to github\ncd \"${REPO_ROOT}\"/\"${REPO_DIR}\"\ngit config --global user.email \"ci@kiwigrid-robot.com\"\ngit config --global user.name \"kiwigrid-ci-bot\"\ngit add --all .\ngit commit -m \"Push Kiwigrid charts via Github action build nr. ${GITHUB_RUN_NUMBER}\"\ngit push --set-upstream origin master\n"
  },
  {
    "path": ".github/kind-config.yaml",
    "content": "kind: Cluster\napiVersion: kind.x-k8s.io/v1alpha4\nnodes:\n# the control plane node config\n- role: control-plane\n# the 2 workers\n- role: worker\n- role: worker\n"
  },
  {
    "path": ".github/kubeval.sh",
    "content": "#!/bin/bash\n#\n# use kubeval to validate helm generated kubernetes manifest\n#\n\nset -x\nset -o errexit\nset -o pipefail\n\nCHART_DIRS=\"$(git diff --find-renames --name-only \"$(git rev-parse --abbrev-ref HEAD)\" remotes/origin/master -- charts | grep '[cC]hart.yaml' | sed -e 's#/[Cc]hart.yaml##g')\"\nHELM_VERSION=\"v3.1.2\"\nKUBEVAL_VERSION=\"0.15.0\"\nSCHEMA_LOCATION=\"https://raw.githubusercontent.com/instrumenta/kubernetes-json-schema/master/\"\n\n# install helm\ncurl --silent --show-error --fail --location --output get_helm.sh https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get\nchmod 700 get_helm.sh\n./get_helm.sh --version \"${HELM_VERSION}\"\n\n# install kubeval\ncurl --silent --show-error --fail --location --output /tmp/kubeval.tar.gz https://github.com/instrumenta/kubeval/releases/download/\"${KUBEVAL_VERSION}\"/kubeval-linux-amd64.tar.gz\nsudo tar -C /usr/local/bin -xf /tmp/kubeval.tar.gz kubeval\n\n# validate charts\nfor CHART_DIR in ${CHART_DIRS};do\n  echo \"helm dependency build...\"\n  helm dependency build \"${CHART_DIR}\"\n\n  echo \"kubeval(idating) ${CHART_DIR##charts/} chart...\"\n  helm template \"${CHART_DIR}\" | kubeval --strict --ignore-missing-schemas --kubernetes-version \"${KUBERNETES_VERSION#v}\" --schema-location \"${SCHEMA_LOCATION}\"\ndone\n"
  },
  {
    "path": ".github/lint-scripts.sh",
    "content": "#!/bin/sh\n#\n# lint bash scripts\n#\n\nset -x\nset -o errexit\n\nCONFIG_DIR=\".github\"\n\nTMP_FILE=\"$(mktemp)\"\n\nfind \"${CONFIG_DIR}\" -type f -name \"*.sh\" > \"${TMP_FILE}\"\n\nwhile read -r FILE; do\n  echo lint \"${FILE}\"\n  shellcheck -x \"${FILE}\"\ndone < \"${TMP_FILE}\"\n"
  },
  {
    "path": ".github/stale.yml",
    "content": "# Number of days of inactivity before an issue becomes stale\ndaysUntilStale: 60\n# Number of days of inactivity before a stale issue is closed\ndaysUntilClose: 7\n# Issues with these labels will never be considered stale\nexemptLabels:\n  - pinned\n  - security\n# Label to use when marking an issue as stale\nstaleLabel: wontfix\n# Comment to post when marking an issue as stale. Set to `false` to disable\nmarkComment: >\n  This issue has been automatically marked as stale because it has not had\n  recent activity. It will be closed if no further activity occurs. Thank you\n  for your contributions.\n# Comment to post when closing a stale issue. Set to `false` to disable\ncloseComment: false\n"
  },
  {
    "path": ".github/workflows/ci.yaml",
    "content": "name: ci\n\non:\n  pull_request:\n\nenv:\n  helm-version: \"v3.9.0\"\n  kubeval-version: \"v0.16.1\"\n\njobs:\n  lint-bash-scripts:\n    runs-on: ubuntu-latest\n    steps:\n      - name: Checkout\n        uses: actions/checkout@v2\n      - name: Lint Bash scripts\n        uses: docker://koalaman/shellcheck-alpine:v0.7.0\n        with:\n          args: .github/lint-scripts.sh\n\n  check-for-chart-changes:\n    runs-on: ubuntu-latest\n    steps:\n      - name: Checkout\n        uses: actions/checkout@v2\n      - name: Fetch history\n        run: git fetch --prune --unshallow\n      - name: Check for chart changes\n        run: .github/check-for-chart-changes.sh\n\n  lint-chart:\n    runs-on: ubuntu-latest\n    needs: check-for-chart-changes\n    steps:\n      - name: Checkout\n        uses: actions/checkout@v2\n      - name: Fetch history\n        run: git fetch --prune --unshallow\n      - name: Run chart-testing (lint)\n        uses: helm/chart-testing-action@main\n        with:\n          command: lint\n          config: .github/ct.yaml\n\n  kubeval-chart:\n    runs-on: ubuntu-20.04\n    needs:\n      - lint-chart\n    strategy:\n      matrix:\n        k8s:\n          - v1.21.10\n          - v1.22.7\n          - v1.23.5\n    steps:\n      - name: Checkout\n        uses: actions/checkout@v3\n        with:\n          fetch-depth: 0\n      - name: Set up Helm\n        uses: azure/setup-helm@v3.1\n        with:\n          version: \"${{ env.helm-version }}\"\n      - name: Run kubeval\n        env:\n          KUBERNETES_VERSION: ${{ matrix.k8s }}\n          KUBEVAL_VERSION: \"${{ env.kubeval-version }}\"\n        run: .github/kubeval.sh\n\n  install-chart:\n    name: install-chart\n    runs-on: ubuntu-latest\n    needs:\n      - lint-chart\n      - kubeval-chart\n    strategy:\n      matrix:\n        k8s:\n          - v1.21.10\n          - v1.22.7\n          - v1.23.5\n    steps:\n      - name: Checkout\n        uses: actions/checkout@v3\n        with:\n          fetch-depth: 0\n      - name: Set up Helm\n        uses: azure/setup-helm@v3.1\n        with:\n          version: \"${{ env.helm-version }}\"\n      - uses: actions/setup-python@v4.1.0\n        with:\n          python-version: 3.7\n      - name: Set up chart-testing\n        uses: helm/chart-testing-action@v2.2.1\n      - name: Run chart-testing (list-changed)\n        id: list-changed\n        run: |\n          changed=$(ct list-changed --config .github/ct.yaml)\n          if [[ -n \"$changed\" ]]; then\n            echo \"::set-output name=changed::true\"\n          fi\n      - name: Create kind cluster\n        uses: helm/kind-action@v1.3.0\n        if: steps.list-changed.outputs.changed == 'true'\n        with:\n          config: .github/kind-config.yaml\n          node_image: kindest/node:${{ matrix.k8s }}\n      - name: Run chart-testing (install)\n        run: ct install --config .github/ct.yaml\n"
  },
  {
    "path": ".github/workflows/deploy.yaml",
    "content": "name: deploy\n\non:\n  push:\n    branches: [master]\n\njobs:\n  deploy-chart:\n    name: deploy-chart\n    runs-on: ubuntu-latest\n    steps:\n      - name: Checkout\n        uses: actions/checkout@v2\n      - name: Fetch history\n        run: git fetch --prune --unshallow  \n      - name: Lint Bash scripts\n        uses: docker://koalaman/shellcheck-alpine:v0.7.0\n        with:\n          args: /github/workspace/.github/lint-scripts.sh        \n      - name: Set user permissions\n        run: chmod -R 777 /home/runner/work\n      - name: Deploy Helm chart\n        env:\n          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY_KIWIGRID_GITHUB_IO }}\n        uses: docker://kiwigrid/gcloud-kubectl-helm:2.16.1-272.0.0-184\n        with:\n          args: /github/workspace/.github/deploy-chart.sh\n\n"
  },
  {
    "path": ".gitignore",
    "content": "*.tgz\n.ci/test.sh\ncharts/*/charts\ncharts/*/requirements.lock\nkiwigrid.github.io\ntmp\n"
  },
  {
    "path": "LICENSE",
    "content": "MIT License\n\nCopyright (c) 2018 Kiwigrid GmbH\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n"
  },
  {
    "path": "README.md",
    "content": "# Kiwigrid Helm charts\n\n[![Github Action](https://github.com/kiwigrid/helm-charts/workflows/deploy/badge.svg)](https://github.com/kiwigrid/helm-charts/actions)\n\n## Add repo\n\n```console\n$ helm repo add kiwigrid https://kiwigrid.github.io\n```\n\n## Support\n\n* Please don't write mails directly to the maintainers.\n* Use the Github issue tracker instead.\n\n## Adding charts\n\n* Use a fork of this repo\n* Always sign your commits (git commit -s -m 'usefull commitmessage')\n* Do NOT touch default (master) branch in any forks\n* Always create new branches to work on\n* Create a Github pull request and fill out the PR template\n* Follow Helm best practices: [https://docs.helm.sh/chart_best_practices](https://docs.helm.sh/chart_best_practices)\n"
  },
  {
    "path": "charts/any-resource/.helmignore",
    "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n.vscode/\n"
  },
  {
    "path": "charts/any-resource/Chart.yaml",
    "content": "apiVersion: v1\nappVersion: \"0.1.0\"\ndescription: A Helm chart to bring any kind of resources in a k8s cluster\nname: any-resource\nversion: 0.1.0\nhome: https://github.com/kiwigrid/helm-charts\nmaintainers:\n- name: axdotl\n  email: axel.koehler@kiwigrid.com\n"
  },
  {
    "path": "charts/any-resource/README.md",
    "content": "# A Helm Chart for any Kind of Resources\n\nThe purpose of this chart is to become able to manage every installed resources in a Kubernetes cluster via HELM.\n\nFor example:\n  * Global secrets (e.g. TLS certs or `imagePullSecrets`)\n  * ConfigMaps (e.g. grafana-dashboards, see https://github.com/helm/charts/tree/master/stable/grafana#sidecar-for-dashboards)\n  * Custom Resources (e.g. `GcpNamespaceRestriction`, see https://github.com/kiwigrid/gcp-serviceaccount-controller)\n\n## Example\n\nCreate a file called `custom-values.yaml` with following content:\n```yaml\nanyResources:\n  myPullSecret: |-\n    apiVersion: v1\n    data:\n      .dockercfg: eyJodHRwczovL215LmRvY2tlci5yZWdpc3RyeSI6eyJ1c2VybmFtZSI6ImRvY2tlciIsInBhc3N3b3JkIjoidW5rbm93biIsImF1dGgiOiJFaWsxYWhrdXVzaG9ocGhpdWY5emFocGhlZVRoYXhhPSJ9fQo=\n    kind: Secret\n    metadata:\n      name: my-pull-secret\n    type: kubernetes.io/dockercfg\n```\n\nInstall\n```console\nhelm upgrade --install my-pull-secret --values custom-values.yaml kiwigrid/any-resource\n```\n\n## Open Issue\n\n* HELM standard label support\n"
  },
  {
    "path": "charts/any-resource/templates/NOTES.txt",
    "content": "Any resources deployed.\n"
  },
  {
    "path": "charts/any-resource/templates/_helpers.tpl",
    "content": "{{/* vim: set filetype=mustache: */}}\n{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"any-resource.name\" -}}\n{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCreate a default fully qualified app name.\nWe truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).\nIf release name contains chart name it will be used as a full name.\n*/}}\n{{- define \"any-resource.fullname\" -}}\n{{- if .Values.fullnameOverride -}}\n{{- .Values.fullnameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- $name := default .Chart.Name .Values.nameOverride -}}\n{{- if contains $name .Release.Name -}}\n{{- .Release.Name | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- printf \"%s-%s\" .Release.Name $name | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n{{- end -}}\n{{- end -}}\n\n{{/*\nCreate chart name and version as used by the chart label.\n*/}}\n{{- define \"any-resource.chart\" -}}\n{{- printf \"%s-%s\" .Chart.Name .Chart.Version | replace \"+\" \"_\" | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n"
  },
  {
    "path": "charts/any-resource/templates/any-resources.yaml",
    "content": "{{- if .Values.anyResources -}}\n{{- range $key, $value := .Values.anyResources -}}\n{{ $value }}\n---\n{{ end -}}\n{{ else }}\napiVersion: v1\nkind: ConfigMap\nmetadata:\n  name: {{ include \"any-resource.fullname\" . }}-dummy\n  labels:\n    app.kubernetes.io/name: {{ include \"any-resource.name\" . }}\n    helm.sh/chart: {{ include \"any-resource.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\ndata:\n  foo: bar\n{{- end -}}\n"
  },
  {
    "path": "charts/any-resource/values.yaml",
    "content": "anyResources: {}\n#  exampleResource: |-\n#    apiVersion: v1\n#    kind: ConfigMap\n#    metadata:\n#      name: example-resource\n#    data:\n#      foo: bar\n"
  },
  {
    "path": "charts/ditto-digital-twins/.helmignore",
    "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n.vscode/\n"
  },
  {
    "path": "charts/ditto-digital-twins/Chart.yaml",
    "content": "apiVersion: v1\nappVersion: \"1.0.0-M3\"\ndescription: A Helm chart for Eclipse Ditto\nname: ditto-digital-twins\nversion: 0.7.1\nhome: www.eclipse.org/ditto\nsources:\n- https://github.com/eclipse/ditto\n- https://github.com/kiwigrid/helm-charts/tree/master/charts/ditto-digital-twins\nicon: https://www.eclipse.org/ditto/images/ditto.svg\ndeprecated: true\n"
  },
  {
    "path": "charts/ditto-digital-twins/README.md",
    "content": "# This chart is deprecated. Ditto is now maintained within the [Eclipse Packages project](https://github.com/eclipse/packages/tree/master/charts/ditto)\n\n## Introduction\n\n[Eclipse Ditto™](https://www.eclipse.org/ditto/) is a technology in the IoT implementing a software pattern called “digital twins”.\nA digital twin is a virtual, cloud based, representation of his real world counterpart (real world “Things”, e.g. devices like sensors, smart heating, connected cars, smart grids, EV charging stations, …).\n\nThis chart uses `eclipse/ditto-XXX` containers to run Ditto inside Kubernetes.\n\n## Motivation\n\nThis chart is based on the [Eclipse Ditto Helm chart](https://github.com/eclipse/ditto/tree/master/deployment/helm).\nUnfortunately the referenced chart is not available in a Helm registry.\nThis is the main reason why we decided to provide our own chart.\nFurthermore we want to cover some other points:\n\n* Enhance flexibility\n* Enable Prometheus support\n* Usage of dedicated ServiceAccount\n* PodDisruptionBudget\n* Ingress\n* OIDC support w/o manual change of nginx config\n\n## Prerequisites\n\n* Has been tested on Kubernetes 1.11+\n\n## Installing the Chart\n\nTo install the chart with the release name `ditto-digital-twins`, run the following command:\n\n```bash\nhelm install kiwigrid/ditto-digital-twins --name ditto-digital-twins\n```\n\n## Uninstalling the Chart\n\nTo uninstall/delete the `ditto-digital-twins` deployment:\n\n```bash\nhelm delete ditto-digital-twins\n```\n\nThe command removes all the Kubernetes components associated with the chart and deletes the release.\n\n> **Tip**: To completely remove the release, run `helm delete --purge ditto-digital-twins`\n\n## Configuration\n\nPlease view the `values.yaml` for the list of possible configuration values with its documentation.\n\nSpecify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example:\n\n```bash\nhelm install --name ditto-digital-twins --set swaggerui.enabled=false kiwigrid/ditto-digital-twins\n```\n\nAlternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart.\n\n## Configuration Examples\n\n### OpenID Connect (OIDC)\n\nTo enable OIDC authentiaction adjust following properties:\n\n```yaml\nglobal:\n  jwtOnly: true\n\ngateway:\n  enableDummyAuth: false\n  systemProps:\n    - \"-Dditto.gateway.authentication.oauth.openid-connect-issuers.myprovider=openid-connect.onelogin.com/oidc\"\n```\n\n### Securing Devops Resource\n\nTo secure /devops and /status resource adjust configuration to (username will be `devops`):\n\n```yaml\ngateway:\n  enableDummyAuth: false\n  devopsSecureStatus: true\n  devopsPassword: foo\n  statusPassword: bar\n``\n"
  },
  {
    "path": "charts/ditto-digital-twins/nginx-config/index.html",
    "content": "<!doctype html>\n<html>\n<head>\n  <title>Welcome to Eclipse Ditto</title>\n  <style>\n    body {\n      text-align: center;\n      padding: 150px;\n    }\n\n    h1 {\n      font-size: 50px;\n    }\n\n    body {\n      font: 20px Helvetica, sans-serif;\n      color: #333;\n    }\n\n    article {\n      display: block;\n      text-align: left;\n      width: 750px;\n      margin: 0 auto;\n    }\n\n    a {\n      color: #dc8100;\n      text-decoration: none;\n    }\n\n    a:hover {\n      color: #333;\n      text-decoration: none;\n    }\n  </style>\n</head>\n<body>\n\n<article>\n  <h1>You have started Eclipse Ditto</h1>\n  <div>\n    <p>Thank you for trying out Eclipse Ditto!</p>\n    <p>In order to get started quickly, you can now have a look at the OpenAPI documentation for\n    <ul>\n      <li><a href=\"/apidoc/1\">API version 1</a></li>\n      <li><a href=\"/apidoc/2\">API version 2</a></li>\n    </ul>\n    <p>Try out the HTTP APIs by using username \"ditto\" and password \"ditto\" when asked for by your browser.</p>\n    <p>We'll add more documentation and examples soon.</p>\n    <p>&mdash; the Ditto team</p>\n  </div>\n</article>\n\n</body>\n</html>\n\n"
  },
  {
    "path": "charts/ditto-digital-twins/nginx-config/nginx-cors.conf",
    "content": "#\n# CORS header support\n#\n# As of Nginx 1.7.5, add_header supports an \"always\" parameter which\n# allows CORS to work if the backend returns 4xx or 5xx status code.\n#\n# For more information on CORS, please see: http://enable-cors.org/\n# From this Gist: https://gist.github.com/Stanback/7145487\n# And this: https://gist.github.com/pauloricardomg/7084524\n#\n\nset $cors '1';\n\n# OPTIONS indicates a CORS pre-flight request\nif ($request_method = 'OPTIONS') {\n  set $cors \"${cors}o\";\n}\n\nif ($cors = '1') {\n  add_header 'Access-Control-Allow-Origin' '*' always;\n  add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;\n  add_header 'Access-Control-Allow-Credentials' 'true' always;\n  add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,Content-Length,DNT,If-Match,If-Modified-Since,If-None-Match,Keep-Alive,Origin,User-Agent,X-Requested-With' always;\n}\n\n# OPTIONS (pre-flight) request from allowed CORS domain. return response directly\nif ($cors = '1o') {\n  # Tell client that this pre-flight info is valid for 20 days\n  add_header 'Access-Control-Max-Age' 1728000;\n  add_header 'Access-Control-Allow-Origin' '*' always;\n  add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;\n  add_header 'Access-Control-Allow-Credentials' 'true' always;\n  add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,Content-Length,DNT,If-Match,If-Modified-Since,If-None-Match,Keep-Alive,Origin,User-Agent,X-Requested-With' always;\n  add_header 'Content-Type' 'text/plain charset=UTF-8';\n  add_header 'Content-Length' 0;\n  return 200;\n}\n"
  },
  {
    "path": "charts/ditto-digital-twins/nginx-config/nginx.htpasswd",
    "content": "# this file contains sample users and their hashed password\nditto:A6BgmB8IEtPTs\n"
  },
  {
    "path": "charts/ditto-digital-twins/openapi/ditto-api-1.yml",
    "content": "# Copyright (c) 2017 Contributors to the Eclipse Foundation\n#\n# See the NOTICE file(s) distributed with this work for additional\n# information regarding copyright ownership.\n#\n# This program and the accompanying materials are made available under the\n# terms of the Eclipse Public License 2.0 which is available at\n# http://www.eclipse.org/legal/epl-2.0\n#\n# SPDX-License-Identifier: EPL-2.0\nopenapi: 3.0.0\ninfo:\n  title: Eclipse Ditto HTTP API\n  description: JSON-based, REST-like API for Eclipse Ditto\n  version: \"1\"\nservers:\n  - url: https://ditto.eclipse.org/api/1\n    description: \"online Ditto Sandbox\"\n  - url: /api/1\n    description: \"local Ditto\"\ntags:\n  - name: Things\n    description: Manage every Thing\n  - name: Features\n    description: Structure the Features of your Things\n  - name: Things-Search\n    description: Find every Thing\n  - name: Messages\n    description: Talk with your Things\nsecurity:\n#  - Google:\n#    - openid\n  - basicAuth: []\n  - bearerAuth: []\npaths:\n  /things:\n    get:\n      summary: List all available Things\n      description: |-\n        Returns all Things passed in by the required parameter `ids`.\n\n        Optionally you can use field selectors (see parameter `fields`) to only get the specified fields.\n\n        To retrieve all Things the logged in user is allowed to read, please use the `GET /search/things` operation.\n      tags:\n        - Things\n      parameters:\n        - name: ids\n          in: query\n          description: Contains a comma separated list of `thingId`s to retrieve in one single request.\n          required: true\n          schema:\n            type: string\n        - $ref: '#/components/parameters/thingFieldsQueryParam'\n      responses:\n        '200':\n          description: The successfully completed request contains as its result the first 200 for the user available Things, sorted by their `thingId`.\n          content:\n            application/json:\n              schema:\n                type: array\n                items:\n                  $ref: '#/components/schemas/Thing'\n        '400':\n          description: The request could not be completed. At least one of the defined query parameters was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '414':\n          description: The request could not be completed due to an URI length exceeding 8k characters.\n    post:\n      summary: Create a new Thing\n      description: |-\n        Creates the Thing defined in the optional JSON body.\n\n        The ID of the created Thing is a UUID generated by the service with the default namespace `org.eclipse.ditto`.\n        Any `thingId`\n        specified in the request body is therefore ignored. The ACL of the created Thing must include at least one\n        entry with `READ`, `WRITE` and `ADMINISTRATE` permissions set to `true`.\n        If no ACL is provided, a default ACL with an entry for the authorized subject with all permissions set to\n        `true` will be created.\n      tags:\n        - Things\n      responses:\n        '201':\n          description: The Thing was successfully created.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n            Location:\n              description: The location of the created Thing resource\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/Thing'\n        '400':\n          description: |-\n            The request could not be completed. The JSON of the Thing to be created was invalid or the `thingId` was\n            wrongly set in the request body.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        content:\n          application/json:\n            schema:\n              $ref: '#/components/schemas/NewThing'\n            example: {}\n        description: |-\n          JSON representation of the Thing to be created.\n\n\n          Use the placeholder `{{ request:subjectId }}` in order to let the backend insert the authenticated subjectId of the HTTP request.\n  /things/{thingId}:\n    get:\n      summary: Retrieve a specific Thing\n      description: |-\n        Returns the Thing identified by the `thingId` path parameter.\n        The response includes all details about the Thing.\n        Optionally you can use field selectors (see parameter `fields`) to only get the specified fields.\n      tags:\n        - Things\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/thingFieldsQueryParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '200':\n          description: The request successfully returned the specific Thing.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/Thing'\n        '304':\n          $ref: '#/components/responses/notModified'\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or one of the defined query parameters was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: The request could not be completed. The Thing with the given ID was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n    put:\n      summary: Create or update a Thing with a specified ID\n      description: |-\n        Create or update the Thing specified by the `thingId` path parameter and the optional JSON body. The `thingId` has to:\n\n          * contain a mandatory namespace prefix (java package notation + `:` colon) - periods (`.`) may be used in namespace but not as first or last character\n          * conform to RFC-2396 (URI)\n\n        #### Valid examples\n\n          * `org.eclipse.ditto.myproject:myFridge1`\n          * `mynamespace:myFridge1`\n\n        #### Invalid examples\n\n          * `42:myFridge1`\n          * `.foo:myFridge1`\n          * `bar.:myFridge1`\n\n        The ID of a Thing can't be changed after creation. Any `thingId` specified in the request body is therefore ignored.\n\n        ### Creation of a new Thing\n\n        The ACL of the created Thing must include at least one entry with `READ`, `WRITE` and `ADMINISTRATE` permissions set to `true`.\n        If no ACL is provided, a default ACL with an entry for the authorized subject with all permissions set to `true` will be created.\n\n\n        Use the placeholder `{{ request:subjectId }}` in order to let the backend insert the authenticated subjectId of the HTTP request.\n\n        ### Permissions for updating an existing Thing\n\n        For updating an existing Thing the authorized subject has to have the `WRITE` permission.\n        If the new Thing to update contains an `acl` entry, the authorized subject additionally has to have the `ADMINISTRATE` permission.\n        For authorized subjects which don't have the `ADMINISTRATE` permission, the complete Thing may be updated if the `acl` entry is not set.\n\n        ### Partially updating an existing Thing\n\n        When updating an existing Thing already containing `attributes`, `acl` or `features` the already existing fields\n        must not explicitly be provided again. For this \"PUT Thing\" request (and only for this top-level update on the\n        Thing) the top-level field to update is merged with the existing top-level fields of the Thing.\n\n\n        For example: A Thing already exists with this content:\n\n        ```\n\n        {\n          \"thingId\": \"namespace:thing-name\",\n          \"acl\": {...},\n          \"attributes\": {\n            \"foo\": 1\n          },\n          \"features\": {...}\n        }\n\n        ```\n\n        The Thing's `attributes` may be modified without having to pass the `acl` or the `features` in again. The content\n        of the request's body would be sufficient for updating the `attributes`:\n\n        ```\n\n        {\n          \"attributes\": {\n            \"foo\": 2,\n            \"bar\": false\n          }\n        }\n\n        ```\n\n        The `acl` and `features` of the Thing will not be overwritten, the Thing will be merged as one would expect it:\n\n        ```\n\n        {\n          \"thingId\": \"namespace:thing-name\",\n          \"acl\": {...},\n          \"attributes\": {\n            \"foo\": 2,\n            \"bar\": false\n          },\n          \"features\": {...}\n        }\n\n        ```\n      tags:\n        - Things\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '201':\n          description: The Thing was successfully created.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n            Location:\n              description: The location of the created Thing resource\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/Thing'\n        '204':\n          description: The Thing was successfully modified.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or the JSON of the Thing to be created/modified was either invalid or did contain a `thingId` which did not match the ID in the URL.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions.\n            For modifying an existing Thing `WRITE` permission is required.\n\n            If the `acl` of the Thing should be updated as well, the permission `ADMINISTRATE` is additionally required.\n            The complete Thing without `acl` can however be updated with `WRITE` permission if the body does not contain an `acl` entry.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        content:\n          application/json:\n            schema:\n              $ref: '#/components/schemas/NewThing'\n            example: {}\n        description: |-\n          JSON representation of the Thing to be modified.\n\n\n          Use the placeholder `{{ request:subjectId }}` in order to let the backend insert the authenticated subjectId of the HTTP request.\n    delete:\n      summary: Delete a specific Thing\n      description: |-\n        Deletes the Thing identified by the `thingId` path parameter.\n      tags:\n        - Things\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '204':\n          description: The Thing was successfully deleted.\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions.\n            For deleting an existing Thing `WRITE` and `ADMINISTRATE` permissions are required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: The request could not be completed. The Thing with the given ID was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n  /things/{thingId}/acl:\n    get:\n      summary: Retrieve the complete ACL of a Thing\n      description: |-\n        Returns the Access Control List (ACL) of the Thing identified by the `thingId` path parameter.\n        The response contains the ACL as JSON object containing a key for each subject having ACL permissions.\n      tags:\n        - Things\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '200':\n          description: The request successfully returned completed and returned is the Access Control List.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/Acl'\n              example:\n                {\n                  \"authorizationSubject1\": {\n                    \"READ\": true,\n                    \"WRITE\": true,\n                    \"ADMINISTRATE\": true\n                  },\n                  \"authorizationSubjectN\": {\n                    \"READ\": true,\n                    \"WRITE\": true,\n                    \"ADMINISTRATE\": true\n                  }\n                }\n        '304':\n          $ref: '#/components/responses/notModified'\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '404':\n          description: The request could not be completed. The Thing with the given ID was not found in the context of the authenticated user.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n    put:\n      summary: Modify the complete ACL of a Thing\n      description: |-\n        Modify the complete Access Control List (ACL) of the Thing identified by the `thingId` path parameter.\n\n        The ACL must include at least one entry with `READ`, `WRITE` and `ADMINISTRATE` permissions set to `true`.\n      tags:\n        - Things\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '204':\n          description: The Access Control List was successfully updated.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or the JSON was invalid, or no valid ACL JSON object.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions.\n            For modifying the ACL of an existing Thing `ADMINISTRATE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: The request could not be completed. The Thing with the given ID was not found in the context of the authenticated user.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        content:\n          application/json:\n            schema:\n              $ref: '#/components/schemas/Acl'\n            example:\n              {\n                \"{{ request:subjectId }}\":{\n                  \"READ\": true,\n                  \"WRITE\": true,\n                  \"ADMINISTRATE\": true\n                }\n              }\n        description: |-\n          JSON representation of the Access Control List (ACL).\n\n\n          Use the placeholder `{{ request:subjectId }}` in order to let the backend insert the authenticated subjectId of the HTTP request.\n        required: true\n  /things/{thingId}/acl/{authorizationSubject}:\n    get:\n      summary: Retrieve one ACL entry of a Thing for a specific subject\n      description: |-\n        Returns one Access Control List (ACL) entry of the Thing identified by the `thingId` path parameter and for the subject\n        identified by the `authorizationSubject` path parameter.\n      tags:\n        - Things\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/authorizationSubjectPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '200':\n          description: The request successfully returned completed and returned is the ACL entry.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AclEntry'\n        '304':\n          $ref: '#/components/responses/notModified'\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: The request could not be completed. The Thing with the given ID or the ACL entry was not found in the context of the authenticated user.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n    put:\n      summary: Create or modify one ACL entry of a Thing for a specific subject\n      description: |-\n        Create or modify the Access Control List (ACL) entry of the Thing identified by the `thingId` path parameter and for the subject\n        identified by the `authorizationSubject` path parameter.\n\n        An ACL entry must contain values for `READ`, `WRITE` and `ADMINISTRATE` permissions, all other permissions will be ignored.\n        The ACL must contain at least one entry with all permissions set to `true`.\n      tags:\n        - Things\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/authorizationSubjectPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '201':\n          description: The ACL entry was successfully created.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n            Location:\n              description: The location of the created ACL entry\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AclEntry'\n        '204':\n          description: The ACL entry was successfully updated.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or the JSON was invalid, or no valid ACL JSON object.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions.\n            For modifying an ACL entry of an existing Thing `ADMINISTRATE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: The request could not be completed. The Thing with the given ID was not found in the context of the authenticated user.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        $ref: '#/components/requestBodies/AclEntry'\n    delete:\n      summary: Delete one ACL entry of a Thing for a specific subject\n      description: |-\n        Deletes the the Access Control List (ACL) entry of the Thing identified by the `thingId` path parameter and for the subject\n        identified by the `authorizationSubject` path parameter.\n\n        The ACL must contain at least one entry with all permissions set to `true`.\n      tags:\n        - Things\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/authorizationSubjectPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '204':\n          description: The ACL entry was successfully deleted.\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions.\n            For deleting an ACL entry of an existing Thing `ADMINISTRATE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: The request could not be completed. The Thing with the given ID was not found in the context of the authenticated user.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n  '/things/{thingId}/attributes':\n    get:\n      summary: List all Attributes of a specific Thing\n      description: |-\n        Returns all Attributes of the Thing identified by the `thingId` path parameter.\n      tags:\n        - Things\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/attributesFieldsQueryParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '200':\n          description: The Attributes of the specific Thing were successfully retrieved.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/Attributes'\n        '304':\n          $ref: '#/components/responses/notModified'\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: The request could not be completed. The Thing with the given ID was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n    put:\n      summary: Create or update all Attributes of a specific Thing at once\n      description: |-\n        Create or update the Attributes of a Thing identified by the `thingId` path parameter at once.\n        The Attributes will be replaced by the request body's JSON.\n      tags:\n        - Things\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '201':\n          description: The Attributes were successfully created.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n            Location:\n              description: The location of the created Attribute resource\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/Attributes'\n        '204':\n          description: The Attributes were successfully updated.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or the JSON was invalid or was not a JSON object.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions.\n            For modifying the Attributes of an existing Thing `WRITE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: The request could not be completed. The Thing with the given ID was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        $ref: '#/components/requestBodies/Attributes'\n    delete:\n      summary: Delete all Attributes of a specific Thing at once\n      description: |-\n        Deletes all Attributes of the Thing identified by the `thingId` path parameter at once.\n      tags:\n        - Things\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '204':\n          description: The Attributes were successfully deleted.\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions.\n             For deleting all Attributes of an existing Thing `WRITE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: The request could not be completed. The Thing with the given ID or its Attributes were not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n  '/things/{thingId}/attributes/{attributePath}':\n    get:\n      ummary: Retrieve a specific Attribute of a specific Thing\n      description: |-\n        Returns a specific Attribute of the Thing identified by the `thingId` path parameter. The Attribute (JSON) can be referenced hierarchically by applying JSON Pointer notation (RFC-6901), e.g.:\n        `/things/{thingId}/attributes/address/city` in order to retrieve the `city` field of an `address` object.\n      tags:\n        - Things\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/attributePathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '200':\n          description: The Attribute was successfully retrieved.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n        '304':\n          $ref: '#/components/responses/notModified'\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: The request could not be completed. The Thing with the given ID or the Attribute at the specified path was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n    put:\n      summary: Create or update a specific Attribute of a specific Thing\n      description: |-\n        Create or update a specific Attribute of the Thing identified by the `thingId` path parameter.\n        The Attribute will be created if it doesn't exist or else updated. The Attribute (JSON) can be referenced hierarchically by applying JSON Pointer notation (RFC-6901), e.g.:\n        `/things/{thingId}/attributes/address/city` in order to create/update the `city` field of an `address` object.\n      tags:\n        - Things\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/attributePathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '201':\n          description: The Attribute was successfully created.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n            Location:\n              description: The location of the created Attribute resource\n              schema:\n                type: string\n        '204':\n          description: The Attribute was successfully modified.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For modifying a single Attribute of an existing Thing `WRITE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: The request could not be completed. The Thing with the given ID was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        $ref: '#/components/requestBodies/Value'\n    delete:\n      summary: Delete a specific Attribute of a specific Thing\n      description: |-\n        Deletes a specific Attribute of the Thing identified by the `thingId` path parameter. The Attribute (JSON) can be referenced hierarchically by applying JSON Pointer notation (RFC-6901), e.g.:\n        `/things/{thingId}/attributes/address/city` in order to delete the `city` field of an `address` object.\n      tags:\n        - Things\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/attributePathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '204':\n          description: The Attribute was successfully deleted.\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For deleting a single Attribute of an existing Thing `WRITE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: The request could not be completed. The Thing with the given ID or the Attribute at the specified path was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n  /things/{thingId}/features:\n    get:\n      summary: List all Features of a specific Thing\n      description: |-\n        Returns all Features of the Thing identified by the `thingId` path parameter.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featuresFieldsQueryParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '200':\n          description: The list of Features of the specific Thing were successfully retrieved.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/Features'\n              example:\n                {\n                  \"featureId1\": {\n                    \"definition\": [ \"namespace:definition1:v1.0\" ],\n                    \"properties\": { \"property1\": \"value1\" }\n                  },\n                  \"featureId2\": {\n                    \"definition\": [ \"namespace:definition2:v1.0\" ],\n                    \"properties\": { \"property2\": \"value2\" }\n                  }\n                }\n        '304':\n          $ref: '#/components/responses/notModified'\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or at least one of the defined query parameters was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: The request could not be completed. The Thing with the given ID was not found or the Features have not been defined.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n    put:\n      summary: Create or modify all Features of a specific Thing at once\n      description: |-\n        Create or modify the Features of a Thing identified by the `thingId` path parameter at once. The list of Features will be replaced by the request body's JSON.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '201':\n          description: The Features were successfully created.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n            Location:\n              description: The location of the created Features resource\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/Features'\n              example:\n                {}\n        '204':\n          description: The Features were successfully modified.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or the JSON was invalid or was not a JSON object.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions.\n            For modifying all features of an existing Thing `WRITE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: The request could not be completed. The Thing with the given ID was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        content:\n          application/json:\n            schema:\n              $ref: '#/components/schemas/Features'\n            example: {}\n        description: |-\n          JSON object of the Features to be modified at once. It can be also `null` or an empty object `{}` (all features cleared).\n        required: true\n    delete:\n      summary: Delete all Features of a specific Thing\n      description: |-\n        Deletes all features of the Thing identified by the `thingId` path parameter.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '204':\n          description: The Features were successfully deleted.\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For deleting all features of an existing Thing `WRITE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: The request could not be completed. The Thing with the given ID was not found or the Features have not been defined.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n  '/things/{thingId}/features/{featureId}':\n    get:\n      summary: Retrieve a specific Feature of a specific Thing\n      description: |-\n        Returns a specific Feature identified by the `featureId` path parameter of the Thing identified by the `thingId` path parameter.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/featureFieldsQueryParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '200':\n          description: The Feature was successfully retrieved.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/Feature'\n        '304':\n          $ref: '#/components/responses/notModified'\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or at least one of the defined query parameters was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: The request could not be completed. The Thing with the given ID or the Feature with the specified `featureId` was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n    put:\n      summary: Create or modify a specific Feature of a specific Thing\n      description: |-\n        Create or modify a specific Feature identified by the `featureId` path parameter of the Thing identified by the `thingId` path parameter.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '201':\n          description: The Feature was successfully created.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n            Location:\n              description: The location of the created Feature resource\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/Feature'\n        '204':\n          description: The Feature was successfully modified.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or the JSON of the Feature to be created was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions.\n            For modifying a single feature of an existing Thing `WRITE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: The request could not be completed. The Thing with the given ID was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        content:\n          application/json:\n            schema:\n              $ref: '#/components/schemas/Feature'\n            example: {}\n        description: |-\n          JSON representation of the Feature to be created/modified. It can also be `null` or an empty object `{}`.\n        required: true\n    delete:\n      summary: Delete a specific Feature of a specific Thing\n      description: |-\n        Deletes a specific Feature identified by the `featureId` path parameter of the Thing identified by the `thingId` path parameter.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '204':\n          description: The Feature was successfully deleted.\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions.\n            For deleting a single feature of an existing Thing `WRITE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: The request could not be completed. The Thing with the given ID or the Feature at the specified path was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n  '/things/{thingId}/features/{featureId}/definition':\n    get:\n      summary: List the Definition of a Feature\n      description: |-\n        Returns the complete Definition of the Feature identified by the `thingId` and\n        `featureId` path parameter.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '200':\n          description: The Definition was successfully retrieved.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/FeatureDefinition'\n        '304':\n          $ref: '#/components/responses/notModified'\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or at least one of the defined query parameters was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The specified Feature has no\n            Definition or the Thing with the specified `thingId` or the Feature\n            with `featureId` was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n    put:\n      summary: Create or update the Definition of a Feature\n      description: |-\n        Create or update the complete Definition of a Feature identified by the `thingId`\n        and `featureId` path parameter at once. The Definition will be replaced\n        by the request body's JSON array.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '201':\n          description: The Definition was successfully created.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n            Location:\n              description: The location of the created Definition resource\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/FeatureDefinition'\n        '204':\n          description: The Definition was successfully updated.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or the JSON was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions.\n            For modifying the Definition of an existing Feature `WRITE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The Thing or the Feature with\n            the given ID was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        content:\n          application/json:\n            schema:\n              $ref: '#/components/schemas/FeatureDefinition'\n            example: {}\n        description: |-\n          JSON array of the complete Definition to be updated. Consider that\n          the value has to be a JSON array or `null`. The content of the JSON array\n          are strings in the format `\"namespace:name:version\"` which is enforced.\n        required: true\n    delete:\n      summary: Delete the Definition of a Feature\n      description: |-\n        Deletes the complete Definition of the Feature identified by the `thingId` and\n        `featureId` path parameter.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '204':\n          description: The Definition was successfully deleted.\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions.\n            For deleting the Definition of an existing Feature `WRITE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The specified Feature has no\n            Definition or the Thing with the specified `thingId` or the Feature\n            with `featureId` was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n  '/things/{thingId}/features/{featureId}/properties':\n    get:\n      summary: List all Properties of a Feature.\n      description: |-\n        Returns all Properties of the Feature identified by the `thingId` and `featureId` path parameter.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/propertiesFieldsQueryParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '200':\n          description: The Properties were successfully retrieved.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/FeatureProperties'\n        '304':\n          $ref: '#/components/responses/notModified'\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or at least one of the defined query parameters was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: The request could not be completed. The specified Feature has no Properties or the Thing with the specified `thingId` or the Feature with `featureId` was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n    put:\n      summary: Create or update all Properties of a Feature at once.\n      description: |-\n        Create or update the Properties of a Feature identified by the `thingId` and `featureId` path parameter at once.\n        The Properties will be replaced by the request body's JSON.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '201':\n          description: The Properties were successfully created.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/FeatureProperties'\n        '204':\n          description: The Properties were successfully updated.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or the JSON was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions.\n            For modifying the Properties of an existing Feature `WRITE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: The request could not be completed. The Thing or the Feature with the given ID was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        content:\n          application/json:\n            schema:\n              $ref: '#/components/schemas/FeatureProperties'\n            example: {}\n        description: |-\n          JSON object of all Properties to be updated at once. Consider that the value has to be a JSON object or `null`. We strongly recommend to use a restricted set of characters for the key (identifier). Currently these identifiers should follow the pattern: [_a-zA-Z][_a-zA-Z0-9\\-]*\n        required: true\n    delete:\n      summary: Delete all Properties of a Feature.\n      description: |-\n        Deletes all Properties of the Feature identified by the `thingId` and `featureId` path parameter.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '204':\n          description: The Properties were successfully deleted.\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions.\n            For deleting the Properties of an existing Feature `WRITE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: The request could not be completed. The specified Feature has no Properties or the Thing with the specified `thingId` or the Feature with `featureId` was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n  /things/{thingId}/features/{featureId}/properties/{propertyPath}:\n    get:\n      summary: Retrieve a specific Property of a Feature.\n      description: |-\n        Returns the Property of the Feature identified by the `thingId` and `featureId` path parameter. The Property (JSON) can be referenced hierarchically by applying JSON Pointer notation (RFC-6901), e.g.:\n        `/things/{thingId}/features/{featureId}/properties/location/latitude` in order to retrieve the `latitude` field of an `location` Property.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/propertyPathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '200':\n          description: The Property was successfully retrieved.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n        '304':\n          $ref: '#/components/responses/notModified'\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: The request could not be completed. The specified Property or the Thing with the specified `thingId` or the Feature with `featureId` was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n    put:\n      summary: Create or update a specific Property of a Feature.\n      description: |-\n        Create or update a specific Property of a Feature identified by the `thingId` and `featureId` path parameter.\n        The Property will be created if it doesn't exist or else updated. The Property (JSON) can be referenced hierarchically by applying JSON Pointer notation (RFC-6901), e.g.:\n        `/things/{thingId}/features/{featureId}/properties/location/latitude` in order to create/update the `latitude` field of an `location` object.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/propertyPathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '201':\n          description: The Property was successfully created.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n        '204':\n          description: The Property was successfully updated.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n              schema:\n                type: string\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or the JSON was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions.\n            For creating/updating a Property of an existing Feature `WRITE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: The request could not be completed. The Thing or the Feature with the given ID was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        $ref: '#/components/requestBodies/Value'\n    delete:\n      summary: Delete a specific Property of a Feature.\n      description: |-\n        Deletes a specific Property of the Feature identified by the `thingId` and `featureId` path parameter.  The Property (JSON) can be referenced hierarchically by applying JSON Pointer notation (RFC-6901), e.g.:\n        `/things/{thingId}/features/{featureId}/properties/location/latitude` in order to delete the `latitude` field of an `location` Property.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/propertyPathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '204':\n          description: The Property was successfully deleted.\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: The request could not be completed. The specified Property or the Thing with the specified `thingId` or the Feature with `featureId` was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n  /things/{thingId}/inbox/claim:\n    post:\n      summary: Initiates claiming a specific Thing in order to gain access.\n      description: |-\n        Send a Claim message to the Thing identified by the `thingId` path\n        parameter in order to gain access to it. The Claim message is forwarded\n        together with the request body and `Content-Type` header to client(s)\n        which registered for Claim messages of the specific Thing.\n\n\n        The decision whether to grant access (by setting permissions) is\n        completely up to the client(s) which handle the Claim message.\n\n\n        The HTTP request blocks until a response to the issued Claim message is\n        available or until the `timeout` is expired. If many clients respond to\n        the issued message, the first response will complete the HTTP request.\n        No special permissions are required to issue a Claim message.\n      tags:\n        - Messages\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/messageClaimTimeoutParam'\n      responses:\n        '200':\n          description: The Claim message was processed successfully and the response body contains the custom response. The response body may contain arbitrary data chosen by the recipient. The response code defaults to `200` but may be chosen by the recipient too.\n        '204':\n          description: The Claim message was processed successfully and no custom response body was set. The response code defaults to `204` but may be chosen by the recipient.\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or at least one of the defined path parameters was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '413':\n          $ref: '#/components/responses/messageTooLarge'\n        '429':\n          description: The user has sent too many requests in a given amount of time (\"rate limiting\").\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n      requestBody:\n        $ref: '#/components/requestBodies/Payload'\n  /things/{thingId}/inbox/messages/{messageSubject}:\n    post:\n      summary: Send a message TO a specific Thing.\n      description: |-\n        Send a message with the subject `messageSubject` `TO` the Thing\n        identified by the `thingId` path parameter. The request body contains\n        the message payload and the `Content-Type` header defines its type. The\n        API does not provide any kind of acknowledgement that the message was\n        received by the Thing. In order to send a message, the user needs `WRITE`\n        permission at the Thing level.\n\n        The HTTP request blocks until a response to the message is available\n        or until the `timeout` is expired. If many clients respond to\n        the issued message, the first response will complete the HTTP request.\n\n        In order to handle the message in a fire and forget manner, add\n        a query-parameter `timeout=0` to the request.\n      tags:\n        - Messages\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/messageSubjectPathParam'\n        - $ref: '#/components/parameters/messageTimeoutParam'\n      responses:\n        '202':\n          description: The message was sent but not necessarly received by the Thing (fire and forget).\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or at least one of the defined path parameters was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller does not have `WRITE` permission at the Thing level.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '413':\n          $ref: '#/components/responses/messageTooLarge'\n      requestBody:\n        $ref: '#/components/requestBodies/Payload'\n  /things/{thingId}/outbox/messages/{messageSubject}:\n    post:\n      summary: Send a message FROM a specific Thing.\n      description: |-\n        Send a message with the subject `messageSubject` `FROM` the Thing\n        identified by the `thingId` path parameter. The request body contains\n        the message payload and the `Content-Type` header defines its type.\n        In order to send a message, the user needs `WRITE` permission at the\n        Thing level.\n\n        The HTTP request blocks until a response to the message is available\n        or until the `timeout` is expired. If many clients respond to\n        the issued message, the first response will complete the HTTP request.\n\n        In order to handle the message in a fire and forget manner, add\n        a query-parameter `timeout=0` to the request.\n      tags:\n        - Messages\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/messageSubjectPathParam'\n        - $ref: '#/components/parameters/messageTimeoutParam'\n      responses:\n        '202':\n          description: The message was sent (fire and forget).\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or at least one of the defined path parameters was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller does not have `WRITE` permission at the Thing level.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '413':\n          $ref: '#/components/responses/messageTooLarge'\n      requestBody:\n        $ref: '#/components/requestBodies/Payload'\n  /things/{thingId}/features/{featureId}/inbox/messages/{messageSubject}:\n    post:\n      summary: Send a message TO a specific Feature of a specific Thing.\n      description: |-\n        Send a message with the subject `messageSubject` `TO` the Feature\n        specified by the `featureId` and `thingId` path parameter. The request\n        body contains the message payload and the `Content-Type` header defines\n        its type. The API does not provide any kind of acknowledgement that the\n        message was received by the Feature. In order to send a message, the user needs `WRITE` permission at the Thing level.\n\n        The HTTP request blocks until a response to the message is available\n        or until the `timeout` is expired. If many clients respond to\n        the issued message, the first response will complete the HTTP request.\n\n        In order to handle the message in a fire and forget manner, add\n        a query-parameter `timeout=0` to the request.\n      tags:\n        - Messages\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/messageSubjectPathParam'\n        - $ref: '#/components/parameters/messageTimeoutParam'\n      responses:\n        '202':\n          description: The message was sent but not necessarly received by the Feature (fire and forget).\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or at least one of the defined path parameters was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller does not have `WRITE` permission at the Thing level.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '413':\n          $ref: '#/components/responses/messageTooLarge'\n      requestBody:\n        $ref: '#/components/requestBodies/Payload'\n  /things/{thingId}/features/{featureId}/outbox/messages/{messageSubject}:\n    post:\n      summary: Send a message FROM a specific Feature of a specific Thing.\n      description: |-\n        Send a message with the subject `messageSubject` `FROM` the Feature\n        specified by the `featureId` and `thingId` path parameter. The request\n        body contains the message payload and the `Content-Type` header defines\n        its type. In order to send a message, the user needs `WRITE` permission\n        at the Thing level.\n\n        The HTTP request blocks until a response to the message is available\n        or until the `timeout` is expired. If many clients respond to\n        the issued message, the first response will complete the HTTP request.\n\n        In order to handle the message in a fire and forget manner, add\n        a query-parameter `timeout=0` to the request.\n      tags:\n        - Messages\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/messageSubjectPathParam'\n        - $ref: '#/components/parameters/messageTimeoutParam'\n      responses:\n        '202':\n          description: The message was sent (fire and forget).\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or at least one of the defined path parameters was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller does not have `WRITE` permission at the Thing level.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '413':\n          $ref: '#/components/responses/messageTooLarge'\n      requestBody:\n        $ref: '#/components/requestBodies/Payload'\n  /search/things:\n    get:\n      summary: Search for Things\n      description: |-\n        This resource can be used to search for things.\n\n        The query parameter `filter` is not mandatory. If it is not set there are returned all things which the logged\n        in user is allowed to read. The resource supports sorting\n        and paging. If paging is not explicitly specified by means of the `limit`\n        option, a default count of `25` documents is returned.\n\n        To search for nested properties, we use JSON Pointer notation (RFC-6901).\n        See the following example how to search for the sub property `location`\n        of the parent property `attributes` with a forward slash as separator:\n\n        ```eq(attributes/location,\"kitchen\")```\n      parameters:\n        - $ref: '#/components/parameters/searchFilter'\n        - $ref: '#/components/parameters/namespacesFilter'\n        - $ref: '#/components/parameters/thingFieldsQueryParam'\n        - name: option\n          in: query\n          description: |-\n            Possible values for the parameter:\n\n            ###### Sort operations\n\n            * ```sort([+|-]{property})```\n            * ```sort([+|-]{property},[+|-]{property},...)```\n\n            ###### Paging operations\n\n            * ```size({page-size})```  Maximum allowed page-size is `200`.\n            * ```cursor({cursor-id})```  Start the search from the cursor location. Specify the cursor ID without\n            quotation marks. Cursor IDs are given in responses and mark the position after the final search result.\n            The meaning of cursor IDs is unspecified and may change without notice.\n\n            The paging option `limit({offset},{count})` is deprecated.\n            It may result in slow queries, time-outs and will be removed eventually.\n\n            ##### Examples:\n\n            * ```sort(+thingId)```\n            * ```sort(-attributes/manufacturer)```\n            * ```sort(+thingId,-attributes/manufacturer)```\n            * ```size(10)``` return 10 results\n            * ```cursor(LOREMIPSUM)```  return results after the position of the cursor `LOREMIPSUM`.\n\n            ##### Combine:\n\n            If you need to specify multiple options, when using the swagger UI just write each option in a new line.\n            When using the plain REST API programmatically,\n            you will need to separate the options using a comma (,) character.\n\n            ```size(200),cursor(LOREMIPSUM)```\n\n            The deprecated paging option `limit` may not combine with the other paging options `size` and `cursor`.\n          required: false\n          schema:\n            type: array\n            items:\n              type: string\n\n      tags:\n        - Things-Search\n      responses:\n        '200':\n          description: An array of the matching things.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/SearchResultThings'\n        '400':\n          description: The request could not be completed. A provided parameter was in a wrong format.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: The request could not be completed due to an invalid authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '504':\n          description: The request ran out of time to execute on the the back-end. Optimize your query and try again.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n  /search/things/count:\n    get:\n      summary: Count Things\n      description: |-\n        This resource can be used to count things.\n\n        The query parameter `filter` is not mandatory. If it is not set there is returned the total amount of things which the logged\n        in user is allowed to read.\n\n        To search for nested properties, we use JSON Pointer notation (RFC-6901).\n        See the following example how to search for the sub property `location`\n        of the parent property `attributes` with a forward slash as separator:\n\n        ```eq(attributes/location,\"kitchen\")```\n      parameters:\n        - $ref: '#/components/parameters/searchFilter'\n        - $ref: '#/components/parameters/namespacesFilter'\n\n      tags:\n        - Things-Search\n      responses:\n        '200':\n          description: A number indicating the amount of matched things\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/SearchResultThingsCount'\n        '400':\n          description: The request could not be completed. A provided parameter was in a wrong format.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: The request could not be completed due to an invalid authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '504':\n          description: The request ran out of time to execute on the the back-end. Optimize your query and try again.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\ncomponents:\n  requestBodies:\n    Attributes:\n      content:\n        application/json:\n          schema:\n            $ref: '#/components/schemas/Attributes'\n          example: {}\n      description: |-\n        JSON object of all Attributes to be modified at once.\n        Consider that the value has to be a JSON object or `null`, examples:\n\n          * an object: `{ \"key\": \"value\"}` -} We strongly recommend to use a restricted set of characters for the key (identifier). Currently these identifiers should follow the pattern: [_a-zA-Z][_a-zA-Z0-9\\-]*\n          * an empty object: `{}`\n      required: true\n    AclEntry:\n      content:\n        application/json:\n          schema:\n            $ref: '#/components/schemas/AclEntry'\n          example:\n            {\n              \"READ\": true,\n              \"WRITE\": true,\n              \"ADMINISTRATE\": true\n            }\n      description: |-\n        JSON representation of the Access Control List (ACL) entry for a single\n        authorization subject\n      required: true\n    Payload:\n      content:\n        application/json:\n          schema:\n            type: string\n            example: ''\n        application/octet-stream:\n          schema:\n            type: string\n            example: ''\n        text/plain:\n          schema:\n            type: string\n            example: ''\n      description: |-\n        Payload of the message with max size of 250 kB. It can be any HTTP\n        supported content, including binary content.\n    Value:\n      content:\n        application/json:\n          schema:\n            type: object\n            example: {}\n      description: |-\n        JSON representation of the value to be created/updated. This may be as\n        well `null` or an empty object.\n\n        Consider that the value has to be a JSON value, examples:\n\n          * for a number, the JSON value is the number: `42`\n\n          * for a string, the JSON value must be quoted: `\"aString\"`\n\n          * for a boolean, the JSON value is the boolean: `true`\n\n          * for an object, the JSON value is the object: `{ \"key\": \"value\"}` -} We strongly recommend to use a restricted set of characters for the key (identifier). Currently these identifiers should follow the pattern: [_a-zA-Z][_a-zA-Z0-9\\-]*\n\n          * for an list, the JSON value is the list: `[ 1,2,3 ]`\n      required: true\n  securitySchemes:\n    basicAuth:\n      type: http\n      description: |-\n        Eclipse Ditto sandbox demo user (demo1 ... demo9) + password (demo)\n      scheme: basic\n    bearerAuth:\n      type: http\n      scheme: bearer\n      bearerFormat: JWT\n      description: |-\n        A JSON Web Token issued by a supported OAuth 2.0 Identity Provider, e.g. a Google \"id_token\"\n  schemas:\n    Error:\n      properties:\n        status:\n          type: integer\n          description: The HTTP status of the error\n        message:\n          type: string\n          description: The message of the error - what went wrong\n        description:\n          type: string\n          description: A description how to fix the error or more details\n        href:\n          type: string\n          description: A link to further information about the error and how to fix it\n      required:\n        - status\n        - message\n    AdvancedError:\n      properties:\n        status:\n          type: integer\n          description: The HTTP status of the error\n        error:\n          type: string\n          description: The error code of the occurred exception\n        message:\n          type: string\n          description: The message of the error - what went wrong\n        description:\n          type: string\n          description: A description how to fix the error or more details\n        href:\n          type: string\n          description: A link to further information about the error and how to fix it\n      required:\n        - status\n        - error\n        - message\n    Attributes:\n      type: object\n      description: An arbitrary JSON object.\n    FeatureDefinition:\n      type: array\n      items:\n        $ref: '#/components/schemas/FeatureDefinitionString'\n    FeatureDefinitionString:\n      type: string\n      description: \"A single fully qualified identifier of a Feature Definition in the form 'namespace:name:version'\"\n      pattern: ([_a-zA-Z0-9\\-.]+):([_a-zA-Z0-9\\-.]+):([_a-zA-Z0-9\\-.]+)\n    FeatureProperties:\n      type: object\n      description: An arbitrary JSON object.\n    Feature:\n      type: object\n      properties:\n        definition:\n          $ref: '#/components/schemas/FeatureDefinition'\n          description: The Definition of this Feature\n        properties:\n          $ref: '#/components/schemas/FeatureProperties'\n          description: The Properties of this Feature\n    SearchResultThings:\n      properties:\n        items:\n          type: array\n          items:\n            $ref: '#/components/schemas/Thing'\n        cursor:\n          type: string\n    SearchResultThingsCount:\n      type: integer\n    NewThing:\n      type: object\n      properties:\n        acl:\n          $ref: '#/components/schemas/Acl'\n          description: The Access Control List of this Thing containing one AclEntry for each\n        attributes:\n          $ref: '#/components/schemas/Attributes'\n          description: The attributes of this Thing\n        features:\n          $ref: '#/components/schemas/Features'\n          description: The Features of this Thing\n    Thing:\n      type: object\n      required:\n        - thingId\n        - acl\n        - attributes\n        - features\n      properties:\n        thingId:\n          type: string\n          description: |-\n            Unique identifier representing the Thing - has to:\n\n              * contain the mandatory namespace prefix (java package notation + `:` colon) - periods (`.`) may be used in namespace but not as first or last character\n              * conform to RFC-2396 (URI)\n        acl:\n          $ref: '#/components/schemas/Acl'\n          description: The Access Control List of this Thing containing one AclEntry for each arbitrary `authorizationSubject` key\n        attributes:\n          $ref: '#/components/schemas/Attributes'\n          description: The attributes of this Thing\n        features:\n          $ref: '#/components/schemas/Features'\n          description: The Features of this Thing\n    Acl:\n      type: object\n      description: Access Control List containing one AclEntry for each arbitrary `authorizationSubject` key\n      properties:\n      additionalProperties:\n        $ref: '#/components/schemas/AclEntry'\n    AclEntry:\n      type: object\n      description: Single Access Control List entry containing the permissions (READ, WRITE, ADMINISTRATE) for the Authorization Subject.\n      required:\n        - READ\n        - WRITE\n        - ADMINISTRATE\n      properties:\n        READ:\n          type: boolean\n          description: Whether the Authorization Subject has permissions to read this entity\n        WRITE:\n          type: boolean\n          description: Whether the Authorization Subject has permissions to modify this entity\n        ADMINISTRATE:\n          type: boolean\n          description: Whether the Authorization Subject has permissions to modify this entity's Access Control List\n    Features:\n      type: object\n      description: List of Features where the key represents the `featureId` of each Feature. The `featureId` key must be unique in the list.\n      properties:\n      additionalProperties:\n        $ref: '#/components/schemas/Feature'\n  responses:\n    entityTooLarge:\n      description: |-\n        The created or modified entity is larger than the accepted limit of 100 kB.\n      content:\n        application/json:\n          schema:\n            $ref: '#/components/schemas/AdvancedError'\n    messageTooLarge:\n      description: |-\n        The size of the send message is larger than the accepted limit of 250 kB.\n      content:\n        application/json:\n          schema:\n            $ref: '#/components/schemas/AdvancedError'\n    notModified:\n      description: |-\n        The (sub-)resource has not been modified. This happens when you specified a If-None-Match header which\n        matches the current ETag of the (sub-)resource.\n      headers:\n        ETag:\n          description: |-\n            The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n            \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n          schema:\n            type: string\n    preconditionFailed:\n      description: |-\n        A precondition for reading or writing the (sub-)resource failed. This will happen for write requests, when you\n        specified an If-Match or If-None-Match header which fails the precondition check against the current ETag of\n        the (sub-)resource. For read requests, this error may only happen for a failing If-Match header. In case of a\n        failing If-None-Match header for a read request, status 304 will be returned instead.\n      headers:\n        ETag:\n          description: |-\n            The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n            \"rev:<revision>\", for sub-resources it has the format \"hash:<calculated-hash>\".\n          schema:\n            type: string\n      content:\n        application/json:\n          schema:\n            $ref: '#/components/schemas/AdvancedError'\n  parameters:\n    ifMatchHeaderParam:\n      name: If-Match\n      in: header\n      description:  >-\n        The `If-Match` header which has to conform to RFC-7232 (Conditional Requests). Common usages are:\n          * optimistic locking by specifying the `ETag` from a previous GET response, e.g. `If-Match: \"rev:4711\"`\n          * retrieving or modifying a resource only if it already exists, e.g. `If-Match: *`\n      required: false\n      schema:\n        type: string\n    ifNoneMatchHeaderParam:\n      name: If-None-Match\n      in: header\n      description:  >-\n        The `If-None-Match` header which has to conform to RFC-7232 (Conditional Requests). A common usage scenario is to\n        modify a resource only if it does not yet exist, thus to create it, by specifying `If-None-Match: *`.\n      required: false\n      schema:\n        type: string\n    featureIdPathPathParam:\n      name: featureId\n      in: path\n      description: The ID of the Feature - has to conform to RFC-2396 (URI)\n      required: true\n      schema:\n        type: string\n    attributePathPathParam:\n      name: attributePath\n      in: path\n      description: The path to the Attribute\n      required: true\n      schema:\n        type: string\n    thingIdPathParam:\n      name: thingId\n      in: path\n      description: |-\n        The ID of the Thing - has to:\n\n          * contain the mandatory namespace prefix (java package notation + `:` colon)\n          * conform to RFC-2396 (URI)\n      required: true\n      schema:\n        type: string\n    messageSubjectPathParam:\n      name: messageSubject\n      in: path\n      description: The subject of the Message - has to conform to RFC-2396 (URI)\n      required: true\n      schema:\n        type: string\n    messageClaimTimeoutParam:\n      name: timeout\n      in: query\n      description: |-\n        Contains an optional timeout (in seconds) of how long to wait for the Claim response and therefore block the\n        HTTP request. Default value (if omitted): 60 seconds. Maximum value: 600 seconds. A value of 0 seconds applies\n        fire and forget semantics for the message.\n      required: false\n      schema:\n        type: integer\n    messageTimeoutParam:\n      name: timeout\n      in: query\n      description: |-\n        Contains an optional timeout (in seconds) of how long to wait for the message response and therefore block the\n        HTTP request. Default value (if omitted): 10 seconds. Maximum value: 60 seconds. A value of 0 seconds applies\n        fire and forget semantics for the message.\n      required: false\n      schema:\n        type: integer\n    authorizationSubjectPathParam:\n      name: authorizationSubject\n      in: path\n      description: The subject for authorization (e.g. a user id) inside an ACL\n      required: true\n      schema:\n        type: string\n    propertyPathPathParam:\n      name: propertyPath\n      in: path\n      description: The path to the Property\n      required: true\n      schema:\n        type: string\n    thingFieldsQueryParam:\n      name: fields\n      in: query\n      description: |-\n        Contains a comma separated list of fields to be included in the returned JSON. Attributes can be selected in the same manner.\n\n        #### Selectable fields\n\n        * `thingId`\n\n        * `acl`\n\n        * `attributes`\n\n          Supports selecting arbitrary sub-fields by using a comma separated list:\n            * several attribute paths can be passed as a comma separated list of JSON pointers (RFC-6901)\n\n              For example:\n                * `?fields=attributes/model` would select only `model` attribute value (if present)\n                * `?fields=attributes/model,attributes/make` would select only `model` and `make` attribute values (if present)\n\n          Supports selecting arbitrary sub-fields of objects by wrapping sub-fields inside parentheses `( )`:\n            * a comma-separated list of sub-fields (a sub-field is a JSON pointer (RFC-6901) separated with `/`) to select\n            * sub-selectors can be used to request only specific sub-fields by placing expressions in parentheses `( )` after a selected subfield\n\n              For example:\n               * `?fields=attributes(model,make)` would select only `model` and `make` attribute values (if present)\n               * `?fields=attributes(location/longitude)` would select the `longitude` value inside the `location` object\n               * `?fields=attributes/address/postal(city,street)` would select the `city` and `street` values inside the `postal` object inside the `address` object\n\n\n        * `features`\n\n          Supports selecting arbitrary fields in features similar to `attributes` (see also Features documentation for more details)\n\n        * `_namespace`\n\n          Specifically selects the namespace also contained in the `thingId`\n\n        * `_revision`\n\n          Specifically selects the revision of the Thing. The revision is a counter which is incremented on each modification of a Thing.\n\n        * `_modified`\n\n          Specifically selects the modified timestamp of the Thing in ISO-8601 UTC format. The timestamp is set on each modification of a Thing.\n\n        #### Examples\n\n        * `?fields=thingId,attributes,features`\n\n        * `?fields=attributes(model,make),features`\n\n        * `?fields=thingId,attributes/location/longitude,attributes/address(city,street)`\n\n      required: false\n      schema:\n        type: string\n    attributesFieldsQueryParam:\n      name: fields\n      in: query\n      description: |-\n        Contains a comma separated list of fields from the attributes to be included in the returned JSON.\n\n        #### Selectable fields\n\n        Supports selecting arbitrary sub-fields as defined in the attributes by using a comma separated list:\n          * several properties paths can be passed as a comma separated list of JSON pointers (RFC-6901)\n\n            For example:\n              * `?fields=model` would select only `model` attribute value (if present)\n              * `?fields=model,make` would select only `model` and `make` attribute values (if present)\n\n        Supports selecting arbitrary sub-fields of objects by wrapping sub-fields inside parentheses `( )`:\n          * a comma-separated list of sub-fields (a sub-field is a JSON pointer (RFC-6901) separated with `/`) to select\n          * sub-selectors can be used to request only specific sub-fields by placing expressions in parentheses `( )` after a selected subfield\n\n            For example:\n             * `?fields=location(longitude,latitude)` would select the `longitude` and `latitude` value inside the `location` attribute\n\n        #### Examples\n\n        * `?fields=model,make,location(longitude,latitude)`\n\n        * `?fields=listOfAddresses/postal(city,street))`\n\n      required: false\n      schema:\n        type: string\n    propertiesFieldsQueryParam:\n      name: fields\n      in: query\n      description: |-\n        Contains a comma separated list of fields from the properties to be included in the returned JSON.\n\n        #### Selectable fields\n\n        Supports selecting arbitrary sub-fields as defined in the properties by using a comma separated list:\n          * several properties paths can be passed as a comma separated list of JSON pointers (RFC-6901)\n\n            For example:\n              * `?fields=temperature` would select only `temperature` property value (if present)\n              * `?fields=temperature,humidity` would select only `temperature` and `humidity` property values (if present)\n\n        Supports selecting arbitrary sub-fields of objects by wrapping sub-fields inside parentheses `( )`:\n          * a comma-separated list of sub-fields (a sub-field is a JSON pointer (RFC-6901) separated with `/`) to select\n          * sub-selectors can be used to request only specific sub-fields by placing expressions in parentheses `( )` after a selected subfield\n\n            For example:\n             * `?fields=location(longitude,latitude)` would select the `longitude` and `latitude` value inside the `location` property\n\n        #### Examples\n\n        * `?fields=temperature,humidity,location(longitude,latitude)`\n\n        * `?fields=configuration,status(powerConsumption/watts)`\n\n      required: false\n      schema:\n        type: string\n    featuresFieldsQueryParam:\n      name: fields\n      in: query\n      description: |-\n        Contains a comma separated list of fields from one or more Features to be included in the returned JSON.\n\n        #### Selectable fields\n\n        * `{featureId}` The ID of the Feature to select properties in\n\n          * `properties`\n\n            Supports selecting arbitrary sub-fields by using a comma separated list:\n              * several properties paths can be passed as a comma separated list of JSON pointers (RFC-6901)\n\n                For example:\n                  * `?fields={featureId}/properties/color` would select only `color` property value (if present) of the Feature identified with `{featureId}`\n                  * `?fields={featureId}/properties/color,properties/brightness` would select only `color` and `brightness` property values (if present) of the Feature identified with `{featureId}`\n\n            Supports selecting arbitrary sub-fields of objects by wrapping sub-fields inside parentheses `( )`:\n              * a comma-separated list of sub-fields (a sub-field is a JSON pointer (RFC-6901) separated with `/`) to select\n              * sub-selectors can be used to request only specific sub-fields by placing expressions in parentheses `( )` after a selected subfield\n\n                For example:\n                 * `?fields={featureId}/properties(color,brightness)` would select only `color` and `brightness` property values (if present) of the Feature identified with `{featureId}`\n                 * `?fields={featureId}/properties(location/longitude)` would select the `longitude` value inside the `location` object of the Feature identified with `{featureId}`\n\n\n        #### Examples\n\n        * `?fields=EnvironmentScanner/properties(temperature,humidity)`\n\n        * `?fields=EnvironmentScanner/properties(temperature,humidity),Vehicle/properties/configuration`\n\n      required: false\n      schema:\n        type: string\n    featureFieldsQueryParam:\n      name: fields\n      in: query\n      description: |-\n        Contains a comma separated list of fields from the selected Feature to be included in the returned JSON.\n\n        #### Selectable fields\n\n        * `properties`\n\n          Supports selecting arbitrary sub-fields by using a comma separated list:\n            * several properties paths can be passed as a comma separated list of JSON pointers (RFC-6901)\n\n              For example:\n                * `?fields=properties/color` would select only `color` property value (if present)\n                * `?fields=properties/color,properties/brightness` would select only `color` and `brightness` property values (if present)\n\n          Supports selecting arbitrary sub-fields of objects by wrapping sub-fields inside parentheses `( )`:\n            * a comma-separated list of sub-fields (a sub-field is a JSON pointer (RFC-6901) separated with `/`) to select\n            * sub-selectors can be used to request only specific sub-fields by placing expressions in parentheses `( )` after a selected subfield\n\n              For example:\n               * `?fields=properties(color,brightness)` would select only `color` and `brightness` property values (if present)\n               * `?fields=properties(location/longitude)` would select the `longitude` value inside the `location` object\n\n        #### Examples\n\n        * `?fields=properties(color,brightness)`\n\n      required: false\n      schema:\n        type: string\n    searchFilter:\n      name: filter\n      in: query\n      description: |-\n        Possible values for the parameter:\n\n        ##### Filter operations\n\n        * ```eq({property},{value})```\n\n        * ```ne({property},{value})```\n\n        * ```gt({property},{value})```\n\n        * ```ge({property},{value})```\n\n        * ```lt({property},{value})```\n\n        * ```le({property},{value})```\n\n        * ```in({property},{value},{value},...)```\n\n        * ```like({property},{value})```\n\n        * ```exists({property})```\n\n\n        Note: When using filter operations, only things with the specified properties are returned.\n        For example, the filter `ne(attributes/owner, \"SID123\")` will only return things that have the `owner` attribute.\n\n\n        ##### logical operations\n\n        * ```and({query},{query},...)```\n\n        * ```or({query},{query},...)```\n\n        * ```not({query})```\n\n\n        ##### Examples\n\n        * ```eq(attributes/location,\"kitchen\")```\n\n        * ```exists(features/featureId)```\n\n        * ```and(eq(attributes/location,\"kitchen\"),eq(attributes/color,\"red\"))```\n\n        * ```or(eq(attributes/location,\"kitchen\"),eq(attributes/location,\"living-room\"))```\n      required: false\n      schema:\n        type: string\n    namespacesFilter:\n      name: namespaces\n      in: query\n      description: |-\n        A comma separated list of namespaces. This list is used to limit the query to things in the given namespaces\n        only. When this parameter is omitted, all namespaces will be queried.\n\n\n        #### Examples:\n\n        * `?namespaces=com.example.namespace`\n\n        * `?namespaces=com.example.namespace1,com.example.namespace2`\n      required: false\n      schema:\n        type: string\n"
  },
  {
    "path": "charts/ditto-digital-twins/openapi/ditto-api-2.yml",
    "content": "# Copyright (c) 2017 Contributors to the Eclipse Foundation\n#\n# See the NOTICE file(s) distributed with this work for additional\n# information regarding copyright ownership.\n#\n# This program and the accompanying materials are made available under the\n# terms of the Eclipse Public License 2.0 which is available at\n# http://www.eclipse.org/legal/epl-2.0\n#\n# SPDX-License-Identifier: EPL-2.0\nopenapi: 3.0.0\ninfo:\n  title: Eclipse Ditto HTTP API\n  description: JSON-based, REST-like API for Eclipse Ditto\n  version: \"2\"\nservers:\n  - url: https://ditto.eclipse.org/api/2\n    description: \"online Ditto Sandbox\"\n  - url: /api/2\n    description: \"local Ditto\"\ntags:\n  - name: Things\n    description: Manage every Thing\n  - name: Features\n    description: Structure the Features of your Things\n  - name: Policies\n    description: Control access to your Things\n  - name: Things-Search\n    description: Find every Thing\n  - name: Messages\n    description: Talk with your Things\nsecurity:\n  #  - Google:\n  #    - openid\n  - basicAuth: []\n  - bearerAuth: []\npaths:\n  ###\n  ### Things\n  ###\n  /things:\n    get:\n      summary: List all available Things\n      description: |-\n        Returns all Things passed in by the required parameter `ids`. Optionally\n        you can use field selectors (see parameter `fields`) to only get the\n        specified fields.\n      tags:\n        - Things\n      parameters:\n        - name: ids\n          in: query\n          description: |-\n            Contains a comma separated list of `thingId`s to retrieve in one\n            single request.\n          required: true\n          schema:\n            type: string\n        - $ref: '#/components/parameters/thingFieldsQueryParam'\n      responses:\n        '200':\n          description: |-\n            The successfully completed request contains as its result the first\n            200 for the user available Things, sorted by their `thingId`.\n          content:\n            application/json:\n              schema:\n                type: array\n                items:\n                  $ref: '#/components/schemas/Thing'\n        '400':\n          description: |-\n            The request could not be completed. At least one of the defined\n            query parameters was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '414':\n          description: |-\n            The request could not be completed due to an URI length exceeding 8k\n            characters.\n    post:\n      summary: Create a new Thing\n      description: |-\n        Creates the Thing defined in the optional JSON body.\n\n        The ID of the created Thing is a UUID generated by the service with the default namespace `org.eclipse.ditto`.\n        Any `thingId` specified in the request body is\n        therefore ignored. The Policy must include at least one entry with\n        `WRITE` permission on the `policy:/` resource. If no Policy is provided,\n        a default Policy will be created which grants all permissions to the\n        authorized subject on the root thing and policy resource.\n      tags:\n        - Things\n      responses:\n        '201':\n          description: The Thing was successfully created.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n            Location:\n              description: The location of the created Thing resource\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/Thing'\n        '400':\n          description: |-\n            The request could not be completed. Possible reasons:\n\n              * the `thingId` was wrongly set in the request body\n              * the JSON of the Thing to be created was invalid\n\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '403':\n          description: |-\n            The request could not be completed. Either\n              * as the caller would not have access to the thing after creating it with the given policy.\n              * as the caller had insufficient permissions.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed as either:\n              * the referenced thing does not exist.\n              * the caller had insufficient permissions to read the referenced thing.\n              * the Policy that should be copied does not exist.\n              * the caller had insufficient permissions to read the Policy that should be copied.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        content:\n          application/json:\n            schema:\n              $ref: '#/components/schemas/NewThing'\n            example: {}\n        description: JSON representation of the Thing to be created.\n  '/things/{thingId}':\n    get:\n      summary: Retrieve a specific Thing\n      description: |-\n        Returns the Thing identified by the `thingId` path parameter. The\n        response includes details about the Thing. Note that the Thing's Policy\n        is not included in the response per default. Optionally you can use\n        field selectors (see parameter `fields`) to only get the specified\n        fields. E.g., you can get the Thing's Policy by using a field selector.\n      tags:\n        - Things\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/thingFieldsQueryParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '200':\n          description: The request successfully returned the specific Thing.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/Thing'\n        '304':\n          $ref: '#/components/responses/notModified'\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or one of the defined query parameters was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '404':\n          description: |-\n            The request could not be completed. The Thing with the given ID was\n            not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n    put:\n      summary: Create or update a Thing with a specified ID\n      description: |-\n        Create or update the Thing specified by the `thingId` path parameter and\n        the optional JSON body. The `thingId` has to:\n\n          * contain a mandatory namespace prefix (java package notation + `:` colon) - periods (`.`) may be used in namespace but not as first or last character\n          * conform to RFC-2396 (URI)\n\n        #### Valid examples\n\n          * `com.bosch.myproject:myFridge1`\n          * `mynamespace:myFridge1`\n\n        #### Invalid examples\n\n          * `42:myFridge1`\n          * `.foo:myFridge1`\n          * `bar.:myFridge1`\n\n        The ID of a Thing can't be changed after creation. Any `thingId`\n        specified in the request body is therefore ignored.\n\n        ### Creation of a new Thing\n\n        The Policy must include at least one entry with `WRITE` permission on\n        the `policy:/` resource. If no Policy is provided, a default Policy will\n        be created which grants all permissions to the authorized subject on the\n        root thing and policy resource.\n\n        ### Permissions for updating an existing Thing\n\n        For updating an existing Thing the authorized subject has to have an\n        unrestricted `WRITE` permission on the Thing's root resource.\n\n        ### Partially updating an existing Thing\n\n        When updating an existing Thing already containing `attributes`, `policyId` or `features` the already existing fields\n        must not explicitly be provided again. For this \"PUT Thing\" request (and only for this top-level update on the\n        Thing) the top-level field to update is merged with the existing top-level fields of the Thing.\n\n\n        For example: A Thing already exists with this content:\n\n        ```\n\n        {\n          \"thingId\": \"namespace:thing-name\",\n          \"policyId\": \"namespace:policy-name\",\n          \"attributes\": {\n            \"foo\": 1\n          },\n          \"features\": {...}\n        }\n\n        ```\n\n        The Thing's `attributes` may be modified without having to pass the `policyId` or the `features` in again. The content\n        of the request's body would be sufficient for updating the `attributes`:\n\n        ```\n\n        {\n          \"attributes\": {\n            \"foo\": 2,\n            \"bar\": false\n          }\n        }\n\n        ```\n\n        The `policyId` and `features` of the Thing will not be overwritten, the Thing will be merged as one would expect it:\n\n        ```\n\n        {\n          \"thingId\": \"namespace:thing-name\",\n          \"policyId\": \"namespace:policy-name\",\n          \"attributes\": {\n            \"foo\": 2,\n            \"bar\": false\n          },\n          \"features\": {...}\n        }\n\n        ```\n      tags:\n        - Things\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '201':\n          description: The Thing was successfully created.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n            Location:\n              description: The location of the created Thing resource\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/Thing'\n        '204':\n          description: The Thing was successfully modified.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or the JSON of the Thing to be created/modified was either invalid\n            or did contain a `thingId` which did not match the ID in the URL.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '403':\n          description: |-\n            The request could not be completed. Either\n              * as the caller would not have access to the thing after creating it with the given policy.\n              * as the caller had insufficient permissions.\n                For modifying an existing Thing an unrestricted `WRITE` permission on the Thing's root resource is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed as either:\n              * the referenced thing does not exist.\n              * the caller had insufficient permissions to read the referenced thing.\n              * the Policy that should be copied does not exist.\n              * the caller had insufficient permissions to read the Policy that should be copied.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        content:\n          application/json:\n            schema:\n              $ref: '#/components/schemas/NewThing'\n            example: {}\n        description: JSON representation of the Thing to be modified.\n    delete:\n      summary: Delete a specific Thing\n      description: |-\n        Deletes the Thing identified by the `thingId` path parameter. This will\n        not delete the Policy used for controlling access to this Thing managed\n        by resource `/policies/{policyId}`.\n      tags:\n        - Things\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '204':\n          description: The Thing was successfully deleted.\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For deleting an existing Thing an unrestricted `WRITE` permission on the Thing's root resource is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The Thing with the given ID was\n            not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n  '/things/{thingId}/policyId':\n    get:\n      summary: Retrieve the Policy ID of a Thing\n      description: |-\n        Returns the Policy ID of the Thing identified by the `thingId` path parameter.\n      tags:\n        - Things\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '200':\n          description: The request successfully returned the Policy ID.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                type: string\n        '304':\n          $ref: '#/components/responses/notModified'\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: The request could not be completed. The Thing with the given ID was not found in the context of the authenticated user.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n    put:\n      summary: Create or update the Policy ID of a Thing\n      description: |-\n        Create or update the Policy ID of the Thing identified by the `thingId`\n        path parameter. If the Thing had not yet a `policyId` set it was\n        considered to be in API version 1, access controlled by the `acl`\n        mechanism. In that case PUTing a `policyId` will create the Policy ID.\n      tags:\n        - Things\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '201':\n          description: |-\n            The Policy ID was successfully created - the Thing was migrated to API version 2.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                type: string\n        '204':\n          description: The Policy ID was successfully updated.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n\n        '404':\n          description: |-\n            The request could not be completed. The Thing with the given ID was\n            not found in the context of the authenticated user.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        content:\n          application/json:\n            schema:\n              type: string\n              example: '<namespace>:<policyName>'\n        description: |-\n          The Policy ID used for controlling access to this Thing. Managed by\n          resource `/policies/{policyId}`.\n\n            * contain the mandatory namespace prefix (java package notation + `:` colon) - periods (`.`) may be used in namespace but not as first or last character\n            * conform to RFC-2396 (URI)\n        required: true\n  '/things/{thingId}/attributes':\n    get:\n      summary: List all Attributes of a specific Thing\n      description: |-\n        Returns all Attributes of the Thing identified by the `thingId` path parameter.\n      tags:\n        - Things\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/attributesFieldsQueryParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '200':\n          description: The Attributes of the specific Thing were successfully retrieved.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/Attributes'\n        '304':\n          $ref: '#/components/responses/notModified'\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '404':\n          description: |-\n            The request could not be completed. The Thing with the given ID was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n    put:\n      summary: Create or update all Attributes of a specific Thing at once\n      description: |-\n        Create or update the Attributes of a Thing identified by the `thingId`\n        path parameter at once. The Attributes will be replaced by the request\n        body's JSON.\n      tags:\n        - Things\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '201':\n          description: The Attributes were successfully created.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n            Location:\n              description: The location of the created Attribute resource\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/Attributes'\n        '204':\n          description: The Attributes were successfully updated.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or the JSON was invalid or was not a JSON object.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For modifying the Attributes of an existing Thing `WRITE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The Thing with the given ID was\n            not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        $ref: '#/components/requestBodies/Attributes'\n    delete:\n      summary: Delete all Attributes of a specific Thing at once\n      description: |-\n        Deletes all Attributes of the Thing identified by the `thingId` path\n        parameter at once.\n      tags:\n        - Things\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '204':\n          description: The Attributes were successfully deleted.\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For deleting all Attributes of an existing Thing `WRITE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The Thing with the given ID or\n            its Attributes were not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n  '/things/{thingId}/attributes/{attributePath}':\n    get:\n      summary: Retrieve a specific Attribute of a specific Thing\n      description: |-\n        Returns a specific Attribute of the Thing identified by the `thingId`\n        path parameter. The Attribute (JSON) can be referenced hierarchically by\n        applying JSON Pointer notation (RFC-6901), e.g.:\n        `/things/{thingId}/attributes/address/city` in order to retrieve the\n        `city` field of an `address` object.\n      tags:\n        - Things\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/attributePathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '200':\n          description: The Attribute was successfully retrieved.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n        '304':\n          $ref: '#/components/responses/notModified'\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '404':\n          description: |-\n            The request could not be completed. The Thing with the given ID or\n            the Attribute at the specified path was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n    put:\n      summary: Create or update a specific Attribute of a specific Thing\n      description: |-\n        Create or update a specific Attribute of the Thing identified by the\n        `thingId` path parameter. The Attribute will be created if it doesn't\n        exist or else updated. The Attribute (JSON) can be referenced\n        hierarchically by applying JSON Pointer notation (RFC-6901), e.g.:\n        `/things/{thingId}/attributes/address/city` in order to create/update\n        the `city` field of an `address` object.\n      tags:\n        - Things\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/attributePathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '201':\n          description: The Attribute was successfully created.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n            Location:\n              description: The location of the created Attribute resource\n              schema:\n                type: string\n        '204':\n          description: The Attribute was successfully modified.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For modifying a single Attribute of an existing Thing `WRITE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The Thing with the given ID was\n            not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        $ref: '#/components/requestBodies/Value'\n    delete:\n      summary: Delete a specific Attribute of a specific Thing\n      description: |-\n        Deletes a specific Attribute of the Thing identified by the `thingId`\n        path parameter. The Attribute (JSON) can be referenced hierarchically by\n        applying JSON Pointer notation (RFC-6901), e.g.:\n        `/things/{thingId}/attributes/address/city` in order to delete the\n        `city` field of an `address` object.\n      tags:\n        - Things\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/attributePathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '204':\n          description: The Attribute was successfully deleted.\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For deleting a single Attribute of an existing Thing `WRITE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The Thing with the given ID or\n            the Attribute at the specified path was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n  ###\n  ### Features\n  ###\n  '/things/{thingId}/features':\n    get:\n      summary: List all Features of a specific Thing\n      description: |-\n        Returns all Features of the Thing identified by the `thingId` path\n        parameter.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featuresFieldsQueryParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '200':\n          description: |-\n            The list of Features of the specific Thing were successfully\n            retrieved.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/Features'\n              example:\n                {\n                  \"featureId1\": {\n                    \"definition\": [ \"namespace:definition1:v1.0\" ],\n                    \"properties\": { \"property1\": \"value1\" }\n                  },\n                  \"featureId2\": {\n                    \"definition\": [ \"namespace:definition2:v1.0\" ],\n                    \"properties\": { \"property2\": \"value2\" }\n                  }\n                }\n        '304':\n          $ref: '#/components/responses/notModified'\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or at least one of the defined query parameters was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '404':\n          description: |-\n            The request could not be completed. The Thing with the given ID was\n            not found or the Features have not been defined.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n    put:\n      summary: Create or modify all Features of a specific Thing at once\n      description: |-\n        Create or modify the Features of a Thing identified by the `thingId`\n        path parameter at once. The list of Features will be replaced by the\n        request body's JSON.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '201':\n          description: The Features were successfully created.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n            Location:\n              description: The location of the created Features resource\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/Features'\n              example:\n                {}\n        '204':\n          description: The Features were successfully modified.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or the JSON was invalid or was not a JSON object.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For modifying all features of an existing Thing `WRITE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The Thing with the given ID was\n            not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        content:\n          application/json:\n            schema:\n              $ref: '#/components/schemas/Features'\n            example: {}\n        description: |-\n          JSON object of the Features to be modified at once. It can be also\n          `null` or an empty object `{}` (all features cleared).\n        required: true\n    delete:\n      summary: Delete all Features of a specific Thing\n      description: |-\n        Deletes all features of the Thing identified by the `thingId` path\n        parameter.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '204':\n          description: The Features were successfully deleted.\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For deleting all features of an existing Thing `WRITE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The Thing with the given ID was\n            not found or the Features have not been defined.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n  '/things/{thingId}/features/{featureId}':\n    get:\n      summary: Retrieve a specific Feature of a specific Thing\n      description: |-\n        Returns a specific Feature identified by the `featureId` path parameter\n        of the Thing identified by the `thingId` path parameter.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/featureFieldsQueryParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '200':\n          description: The Feature was successfully retrieved.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/Feature'\n        '304':\n          $ref: '#/components/responses/notModified'\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or at least one of the defined query parameters was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '404':\n          description: |-\n            The request could not be completed. The Thing with the given ID or\n            the Feature with the specified `featureId` was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n    put:\n      summary: Create or modify a specific Feature of a specific Thing\n      description: |-\n        Create or modify a specific Feature identified by the `featureId` path\n        parameter of the Thing identified by the `thingId` path parameter.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '201':\n          description: The Feature was successfully created.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n            Location:\n              description: The location of the created Feature resource\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/Feature'\n        '204':\n          description: The Feature was successfully modified.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or the JSON of the Feature to be created was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For modifying a single feature of an existing Thing `WRITE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The Thing with the given ID was\n            not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        content:\n          application/json:\n            schema:\n              $ref: '#/components/schemas/Feature'\n            example: {}\n        description: |-\n          JSON representation of the Feature to be created/modified. It can also\n          be `null` or an empty object `{}`.\n        required: true\n    delete:\n      summary: Delete a specific Feature of a specific Thing\n      description: |-\n        Deletes a specific Feature identified by the `featureId` path parameter\n        of the Thing identified by the `thingId` path parameter.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '204':\n          description: The Feature was successfully deleted.\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For deleting a single feature of an existing Thing `WRITE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The Thing with the given ID or\n            the Feature at the specified path was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n  '/things/{thingId}/features/{featureId}/definition':\n    get:\n      summary: List the Definition of a Feature\n      description: |-\n        Returns the complete Definition of the Feature identified by the `thingId` and\n        `featureId` path parameter.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '200':\n          description: The Definition was successfully retrieved.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/FeatureDefinition'\n        '304':\n          $ref: '#/components/responses/notModified'\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or at least one of the defined query parameters was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The specified Feature has no\n            Definition or the Thing with the specified `thingId` or the Feature\n            with `featureId` was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n    put:\n      summary: Create or update the Definition of a Feature\n      description: |-\n        Create or update the complete Definition of a Feature identified by the `thingId`\n        and `featureId` path parameter at once. The Definition will be replaced\n        by the request body's JSON array.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '201':\n          description: The Definition was successfully created.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n            Location:\n              description: The location of the created Definition resource\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/FeatureDefinition'\n        '204':\n          description: The Definition was successfully updated.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or the JSON was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For modifying the Definition of an existing Feature `WRITE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The Thing or the Feature with\n            the given ID was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        content:\n          application/json:\n            schema:\n              $ref: '#/components/schemas/FeatureDefinition'\n            example: {}\n        description: |-\n          JSON array of the complete Definition to be updated. Consider that the\n          value has to be a JSON array or `null`. The content of the JSON array\n          are strings in the format `\"namespace:name:version\"` which is\n          enforced.\n        required: true\n    delete:\n      summary: Delete the Definition of a Feature\n      description: |-\n        Deletes the complete Definition of the Feature identified by the `thingId` and\n        `featureId` path parameter.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '204':\n          description: The Definition was successfully deleted.\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For deleting the Definition of an existing Feature `WRITE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The specified Feature has no\n            Definition or the Thing with the specified `thingId` or the Feature\n            with `featureId` was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n  '/things/{thingId}/features/{featureId}/properties':\n    get:\n      summary: List all Properties of a Feature\n      description: |-\n        Returns all Properties of the Feature identified by the `thingId` and\n        `featureId` path parameter.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/propertiesFieldsQueryParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '200':\n          description: The Properties were successfully retrieved.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/FeatureProperties'\n        '304':\n          $ref: '#/components/responses/notModified'\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or at least one of the defined query parameters was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '404':\n          description: |-\n            The request could not be completed. The specified Feature has no\n            Properties or the Thing with the specified `thingId` or the Feature\n            with `featureId` was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n    put:\n      summary: Create or update all Properties of a Feature at once\n      description: |-\n        Create or update the Properties of a Feature identified by the `thingId`\n        and `featureId` path parameter at once. The Properties will be replaced\n        by the request body's JSON.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '201':\n          description: The Properties were successfully created.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/FeatureProperties'\n        '204':\n          description: The Properties were successfully updated.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or the JSON was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For modifying the Properties of an existing Feature `WRITE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The Thing or the Feature with\n            the given ID was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        content:\n          application/json:\n            schema:\n              $ref: '#/components/schemas/FeatureProperties'\n            example: {}\n        description: |-\n          JSON object of all Properties to be updated at once. Consider that the\n          value has to be a JSON object or `null`. We strongly recommend to use\n          a restricted set of characters for the key (identifier). Currently\n          these identifiers should follow the pattern: [_a-zA-Z][_a-zA-Z0-9\\-]*\n        required: true\n    delete:\n      summary: Delete all Properties of a Feature\n      description: |-\n        Deletes all Properties of the Feature identified by the `thingId` and\n        `featureId` path parameter.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '204':\n          description: The Properties were successfully deleted.\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For deleting the Properties of an existing Feature `WRITE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The specified Feature has no\n            Properties or the Thing with the specified `thingId` or the Feature\n            with `featureId` was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n  '/things/{thingId}/features/{featureId}/properties/{propertyPath}':\n    get:\n      summary: Retrieve a specific Property of a Feature\n      description: |-\n        Returns the Property of the Feature identified by the `thingId` and\n        `featureId` path parameter. The Property (JSON) can be referenced\n        hierarchically by applying JSON Pointer notation (RFC-6901), e.g.:\n        `/things/{thingId}/features/{featureId}/properties/location/latitude` in\n        order to retrieve the `latitude` field of an `location` Property.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/propertyPathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '200':\n          description: The Property was successfully retrieved.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n        '304':\n          $ref: '#/components/responses/notModified'\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '404':\n          description: |-\n            The request could not be completed. The specified Property or the\n            Thing with the specified `thingId` or the Feature with `featureId`\n            was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n    put:\n      summary: Create or update a specific Property of a Feature\n      description: |-\n        Create or update a specific Property of a Feature identified by the\n        `thingId` and `featureId` path parameter. The Property will be created\n        if it doesn't exist or else updated. The Property (JSON) can be\n        referenced hierarchically by applying JSON Pointer notation (RFC-6901),\n        e.g.:\n        `/things/{thingId}/features/{featureId}/properties/location/latitude` in\n        order to create/update the `latitude` field of an `location` object.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/propertyPathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '201':\n          description: The Property was successfully created.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n        '204':\n          description: The Property was successfully updated.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or the JSON was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For creating/updating a Property of an existing Feature `WRITE` permission is required.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The Thing or the Feature with\n            the given ID was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        $ref: '#/components/requestBodies/Value'\n    delete:\n      summary: Delete a specific Property of a Feature\n      description: |-\n        Deletes a specific Property of the Feature identified by the `thingId`\n        and `featureId` path parameter.  The Property (JSON) can be referenced\n        hierarchically by applying JSON Pointer notation (RFC-6901), e.g.:\n        `/things/{thingId}/features/{featureId}/properties/location/latitude` in\n        order to delete the `latitude` field of an `location` Property.\n      tags:\n        - Features\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/propertyPathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '204':\n          description: The Property was successfully deleted.\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '404':\n          description: |-\n            The request could not be completed. The specified Property or the\n            Thing with the specified `thingId` or the Feature with `featureId`\n            was not found.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n  ###\n  ### Messages\n  ###\n  '/things/{thingId}/inbox/claim':\n    post:\n      summary: Initiates claiming a specific Thing in order to gain access\n      description: |-\n        Send a Claim message to the Thing identified by the `thingId` path\n        parameter in order to gain access to it. The Claim message is forwarded\n        together with the request body and `Content-Type` header to client(s)\n        which registered for Claim messages of the specific Thing.\n\n\n        The decision whether to grant access (by setting permissions) is\n        completely up to the client(s) which handle the Claim message.\n\n\n        The HTTP request blocks until a response to the issued Claim message is\n        available or until the `timeout` is expired. If many clients respond to\n        the issued message, the first response will complete the HTTP request.\n        No special permissions are required to issue a Claim message.\n      tags:\n        - Messages\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/messageClaimTimeoutParam'\n      responses:\n        '200':\n          description: |-\n            The Claim message was processed successfully and the response body\n            contains the custom response. The response body may contain\n            arbitrary data chosen by the recipient. The response code defaults\n            to `200` but may be chosen by the recipient too.\n        '204':\n          description: |-\n            The Claim message was processed successfully and no custom response\n            body was set. The response code defaults to `204` but may be chosen\n            by the recipient.\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or at least one of the defined path parameters was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '413':\n          $ref: '#/components/responses/messageTooLarge'\n        '429':\n          description: |-\n            The user has sent too many requests in a given amount of time (\"rate\n            limiting\").\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n      requestBody:\n        $ref: '#/components/requestBodies/Payload'\n  '/things/{thingId}/inbox/messages/{messageSubject}':\n    post:\n      summary: Send a message TO a specific Thing\n      description: |-\n        Send a message with the subject `messageSubject` `TO` the Thing\n        identified by the `thingId` path parameter. The request body contains\n        the message payload and the `Content-Type` header defines its type. The\n        API does not provide any kind of acknowledgement that the message was\n        received by the Thing. In order to send a message, the user needs `WRITE`\n        permission at the Thing level.\n\n        The HTTP request blocks until a response to the message is available\n        or until the `timeout` is expired. If many clients respond to\n        the issued message, the first response will complete the HTTP request.\n\n        In order to handle the message in a fire and forget manner, add\n        a query-parameter `timeout=0` to the request.\n      tags:\n        - Messages\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/messageSubjectPathParam'\n        - $ref: '#/components/parameters/messageTimeoutParam'\n      responses:\n        '202':\n          description: |-\n            The message was sent but not necessarily received by the Thing (fire and forget).\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or at least one of the defined path parameters was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller does not have `WRITE` permission on the resource message:/inbox/messages/`messageSubject`.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '413':\n          $ref: '#/components/responses/messageTooLarge'\n      requestBody:\n        $ref: '#/components/requestBodies/Payload'\n  '/things/{thingId}/outbox/messages/{messageSubject}':\n    post:\n      summary: Send a message FROM a specific Thing\n      description: |-\n        Send a message with the subject `messageSubject` `FROM` the Thing\n        identified by the `thingId` path parameter. The request body contains\n        the message payload and the `Content-Type` header defines its type.\n        In order to send a message, the user needs `WRITE` permission at the\n        Thing level.\n\n        The HTTP request blocks until a response to the message is available\n        or until the `timeout` is expired. If many clients respond to\n        the issued message, the first response will complete the HTTP request.\n\n        In order to handle the message in a fire and forget manner, add\n        a query-parameter `timeout=0` to the request.\n      tags:\n        - Messages\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/messageSubjectPathParam'\n        - $ref: '#/components/parameters/messageTimeoutParam'\n      responses:\n        '202':\n          description: The message was sent (fire and forget).\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or at least one of the defined path parameters was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller does not have `WRITE` permission on the resource message:/outbox/messages/`messageSubject`.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '413':\n          $ref: '#/components/responses/messageTooLarge'\n      requestBody:\n        $ref: '#/components/requestBodies/Payload'\n  '/things/{thingId}/features/{featureId}/inbox/messages/{messageSubject}':\n    post:\n      summary: Send a message TO a specific Feature of a specific Thing\n      description: |-\n        Send a message with the subject `messageSubject` `TO` the Feature\n        specified by the `featureId` and `thingId` path parameter. The request\n        body contains the message payload and the `Content-Type` header defines\n        its type. The API does not provide any kind of acknowledgement that the\n        message was received by the Feature. In order to send a message, the user needs `WRITE` permission at the Thing level.\n\n        The HTTP request blocks until a response to the message is available\n        or until the `timeout` is expired. If many clients respond to\n        the issued message, the first response will complete the HTTP request.\n\n        In order to handle the message in a fire and forget manner, add\n        a query-parameter `timeout=0` to the request.\n      tags:\n        - Messages\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/messageSubjectPathParam'\n        - $ref: '#/components/parameters/messageTimeoutParam'\n      responses:\n        '202':\n          description: |-\n            The message was sent but not necessarily received by the Feature\n            (fire and forget).\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or at least one of the defined path parameters was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller does not have `WRITE` permission on the resource message:/features/`featureId`/inbox/messages/`messageSubject`.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '413':\n          $ref: '#/components/responses/messageTooLarge'\n      requestBody:\n        $ref: '#/components/requestBodies/Payload'\n  '/things/{thingId}/features/{featureId}/outbox/messages/{messageSubject}':\n    post:\n      summary: Send a message FROM a specific Feature of a specific Thing\n      description: |-\n        Send a message with the subject `messageSubject` `FROM` the Feature\n        specified by the `featureId` and `thingId` path parameter. The request\n        body contains the message payload and the `Content-Type` header defines\n        its type. In order to send a message, the user needs `WRITE` permission\n        at the Thing level.\n\n        The HTTP request blocks until a response to the message is available\n        or until the `timeout` is expired. If many clients respond to\n        the issued message, the first response will complete the HTTP request.\n\n        In order to handle the message in a fire and forget manner, add\n        a query-parameter `timeout=0` to the request.\n      tags:\n        - Messages\n      parameters:\n        - $ref: '#/components/parameters/thingIdPathParam'\n        - $ref: '#/components/parameters/featureIdPathPathParam'\n        - $ref: '#/components/parameters/messageSubjectPathParam'\n        - $ref: '#/components/parameters/messageTimeoutParam'\n      responses:\n        '202':\n          description: The message was sent (fire and forget).\n        '400':\n          description: |-\n            The request could not be completed. The `thingId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or at least one of the defined path parameters was invalid.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller does not have `WRITE` permission on the resource message:/features/`featureId`/outbox/messages/`messageSubject`.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '413':\n          $ref: '#/components/responses/messageTooLarge'\n      requestBody:\n        $ref: '#/components/requestBodies/Payload'\n  ###\n  ### Policies\n  ###\n  '/policies/{policyId}':\n    get:\n      summary: Retrieve a specific Policy\n      description: |-\n        Returns the Policy identified by the `policyId` path parameter. The\n        response contains the Policy as JSON object consisting of Policy\n        Entries.\n      tags:\n        - Policies\n      parameters:\n        - $ref: '#/components/parameters/policyIdPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '200':\n          description: |-\n            The request successfully returned completed and returned is the\n            Policy.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/Policy'\n        '304':\n          $ref: '#/components/responses/notModified'\n        '400':\n          description: |-\n            The request could not be completed. The `policyId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '404':\n          description: |-\n            The request could not be completed. The Policy with the given ID was\n            not found in the context of the authenticated user.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n    put:\n      summary: Create or update a Policy with a specified ID\n      description: |-\n        Modify the complete Policy identified by the `policyId` path parameter. The `policyId` has to:\n\n          * contain a mandatory namespace prefix (java package notation + `:` colon) - periods (`.`) may be used in namespace but not as first or last character\n          * conform to RFC-2396 (URI)\n\n        #### Valid examples\n\n          * `com.bosch.myproject:myPolicy1`\n          * `mynamespace:myPolicy1`\n\n        #### Invalid examples\n\n          * `42:myFridge1`\n          * `.foo:myFridge1`\n          * `bar.:myFridge1`\n\n        The ID of a Policy can't be changed after creation. Any `policyId` specified in the request body is therefore\n        ignored.\n\n      tags:\n        - Policies\n      parameters:\n        - $ref: '#/components/parameters/policyIdPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '201':\n          description: The Policy was successfully created.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n            Location:\n              description: The location of the created Policy resource\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/Policy'\n        '204':\n          description: The Policy was successfully updated.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n        '400':\n          description: |-\n            The request could not be completed. The `policyId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or the JSON was invalid, or no valid Policy JSON object.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For modifying a complete Policy, `WRITE` permission on the resource `policy:/` is required without having any revoke.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The Policy with the given ID was\n            not found in the context of the authenticated user.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        content:\n          application/json:\n            schema:\n              $ref: '#/components/schemas/Policy'\n            example: {}\n        description: |-\n          JSON representation of the Policy.\n\n\n          Use the placeholder `{{ request:subjectId }}` in order to let the\n          backend insert the authenticated subjectId of the HTTP request.\n        required: true\n    delete:\n      summary: Delete a specific Policy\n      description: |-\n        Deletes the Policy identified by the `policyId` path parameter. Deleting\n        a Policy does not implicitly delete other entities (e.g. Things) which\n        use this Policy. Those have to be deleted in advance of deleting the\n        Policy.\n      tags:\n        - Policies\n      parameters:\n        - $ref: '#/components/parameters/policyIdPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '204':\n          description: The Policy was successfully deleted.\n        '400':\n          description: |-\n            The request could not be completed. The `policyId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or the JSON was invalid, or no valid Policy JSON object.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For deleting an existing Policy, `WRITE` permission on the resource `policy:/` is required without having any revoke.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The Policy with the given ID was\n            not found in the context of the authenticated user.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n  '/policies/{policyId}/entries':\n    get:\n      summary: Retrieve the entries of a specific Policy\n      description: |-\n        Returns the Policy entries of the Policy identified by the `policyId`\n        path parameter.\n      tags:\n        - Policies\n      parameters:\n        - $ref: '#/components/parameters/policyIdPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '200':\n          description: |-\n            The request successfully returned completed and returned are the\n            Policy entries.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/PolicyEntries'\n        '304':\n          $ref: '#/components/responses/notModified'\n        '400':\n          description: |-\n            The request could not be completed. The `policyId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '404':\n          description: |-\n            The request could not be completed. The Policy with the given ID was\n            not found in the context of the authenticated user.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n    put:\n      summary: Modify the entries of a specific Policy\n      description: |-\n        Modify the Policy entries of the Policy identified by the `policyId`\n        path parameter.\n      tags:\n        - Policies\n      parameters:\n        - $ref: '#/components/parameters/policyIdPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '204':\n          description: The Policy entries were successfully updated.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n        '400':\n          description: |-\n            The request could not be completed. The `policyId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or the JSON was invalid, or no valid Policy entry JSON object.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For modifying the Policy entries of an existing Policy, `WRITE` permission on the resource `policy:/entries` is required is required without having any revoke.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The Policy with the given ID was\n            not found in the context of the authenticated user.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        content:\n          application/json:\n            schema:\n              $ref: '#/components/schemas/PolicyEntries'\n            example: {}\n        description: |-\n          JSON representation of the Policy entries.\n\n\n          Use the placeholder `{{ request:subjectId }}` in order to let the\n          backend insert the authenticated subjectId of the HTTP request.\n        required: true\n  '/policies/{policyId}/entries/{label}':\n    get:\n      summary: Retrieve one Policy entry of a Policy for a specific label\n      description: |-\n        Returns one Policy entry of the Policy identified by the `policyId` path\n        parameter and for the label identified by the `label` path parameter.\n      tags:\n        - Policies\n      parameters:\n        - $ref: '#/components/parameters/policyIdPathParam'\n        - $ref: '#/components/parameters/labelPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '200':\n          description: |-\n            The request successfully returned completed and returned is the\n            Policy entry.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/PolicyEntry'\n        '304':\n          $ref: '#/components/responses/notModified'\n        '400':\n          description: |-\n            The request could not be completed. The `policyId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '404':\n          description: |-\n            The request could not be completed. The Policy with the given ID or\n            the Policy entry was not found in the context of the authenticated\n            user.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n    put:\n      summary: Create or modify one Policy entry of a Policy for a specific label\n      description: |-\n        Create or modify the Policy entry of the Policy identified by the\n        `policyId` path parameter and with the label identified by the `label`\n        path parameter.\n      tags:\n        - Policies\n      parameters:\n        - $ref: '#/components/parameters/policyIdPathParam'\n        - $ref: '#/components/parameters/labelPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '201':\n          description: The Policy entry was successfully created.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n            Location:\n              description: The location of the created Policy entry\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/PolicyEntry'\n        '204':\n          description: The Policy entry was successfully updated.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n        '400':\n          description: |-\n            The request could not be completed. The `policyId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or the JSON was invalid, or no valid Policy entry JSON object.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For modifying a Policy entry of an existing Policy, `WRITE` permission on the resource `policy:/entries/{label}` is required is required without having any revoke.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The Policy with the given ID was\n            not found in the context of the authenticated user.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        content:\n          application/json:\n            schema:\n              $ref: '#/components/schemas/PolicyEntry'\n            example: {}\n        description: |-\n          JSON representation of the Policy entry.\n\n\n          Use the placeholder `{{ request:subjectId }}` in order to let the\n          backend insert the authenticated subjectId of the HTTP request.\n        required: true\n    delete:\n      summary: Delete one Policy entry of a Policy for a specific label\n      description: |-\n        Deletes the Policy entry of the Policy identified by the `policyId` path\n        parameter and with the label identified by the `label` path parameter.\n      tags:\n        - Policies\n      parameters:\n        - $ref: '#/components/parameters/policyIdPathParam'\n        - $ref: '#/components/parameters/labelPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '204':\n          description: The Policy entry was successfully deleted.\n        '400':\n          description: |-\n            The request could not be completed. The `policyId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For deleting a Policy entry of an existing Policy, `WRITE` permission on the resource `policy:/entries/{label}` is required is required without having any revoke.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The Policy with the given ID was\n            not found in the context of the authenticated user.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n  '/policies/{policyId}/entries/{label}/subjects':\n    get:\n      summary: Retrieve all Subjects of a Policy entry\n      description: |-\n        Returns all Subjects of the Policy entry of the Policy identified by the\n        `policyId` path parameter and for the label identified by the `label`\n        path parameter.\n      tags:\n        - Policies\n      parameters:\n        - $ref: '#/components/parameters/policyIdPathParam'\n        - $ref: '#/components/parameters/labelPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '200':\n          description: The request successfully returned. The subjects are returned.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/Subjects'\n        '304':\n          $ref: '#/components/responses/notModified'\n        '400':\n          description: |-\n            The request could not be completed. The `policyId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '404':\n          description: |-\n            The request could not be completed. The Policy with the given ID or\n            the Policy entry was not found in the context of the authenticated\n            user.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n    put:\n      summary: Create or modify all Subjects of a Policy Entry\n      description: |-\n        Create or modify all Subjects of the Policy entry of the Policy\n        identified by the `policyId` path parameter and with the label\n        identified by the `label` path parameter.\n      tags:\n        - Policies\n      parameters:\n        - $ref: '#/components/parameters/policyIdPathParam'\n        - $ref: '#/components/parameters/labelPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '204':\n          description: The Subjects were successfully created or updated.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n        '400':\n          description: |-\n            The request could not be completed. The `policyId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or the JSON was invalid, or no valid Subjects JSON object.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For modifying Subjects of an existing Policy entry, `WRITE` permission on the resource `policy:/entries/{label}/subjects` is required is required without having any revoke.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The Policy with the given ID was\n            not found in the context of the authenticated user.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        content:\n          application/json:\n            schema:\n              $ref: '#/components/schemas/Subjects'\n            example: {}\n        description: |-\n          JSON representation of the Subjects.\n\n\n          Use the placeholder `{{ request:subjectId }}` in order to let the\n          backend insert the authenticated subjectId of the HTTP request.\n        required: true\n  '/policies/{policyId}/entries/{label}/subjects/{subjectId}':\n    get:\n      summary: Retrieve one specific Subject of a Policy entry\n      description: |-\n        Returns the Subject with ID `subjectId` of the Policy entry identified\n        by the `label` path parameter belonging to the Policy identified by the\n        `policyId` path parameter.\n      tags:\n        - Policies\n      parameters:\n        - $ref: '#/components/parameters/policyIdPathParam'\n        - $ref: '#/components/parameters/labelPathParam'\n        - $ref: '#/components/parameters/subjectIdPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '200':\n          description: |-\n            The request successfully returned completed and returned is the\n            Subject.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/SubjectEntry'\n        '304':\n          $ref: '#/components/responses/notModified'\n        '400':\n          description: |-\n            The request could not be completed. The `policyId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '404':\n          description: |-\n            The request could not be completed. The Policy with the given ID,\n            the Policy entry or the Subject was not found in the context of the\n            authenticated user.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n    put:\n      summary: Create or modify one specific Subject of a Policy entry\n      description: |-\n        Create or modify the Subject with ID `subjectId` of the Policy entry\n        identified by the `label` path parameter belonging to the Policy\n        identified by the `policyId` path parameter.\n      tags:\n        - Policies\n      parameters:\n        - $ref: '#/components/parameters/policyIdPathParam'\n        - $ref: '#/components/parameters/labelPathParam'\n        - $ref: '#/components/parameters/subjectIdPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '201':\n          description: The Subject was successfully created.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n            Location:\n              description: The location of the created Subject\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/SubjectEntry'\n        '204':\n          description: The Subject was successfully updated.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n        '400':\n          description: |-\n            The request could not be completed. The `policyId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or the JSON was invalid, or no valid Subject JSON object.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For modifying a Subject of an existing Policy entry, `WRITE` permission on the resource `policy:/entries/{label}/subjects/{subjectId}` is required without having any revoke.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The Policy with the given ID or\n            the Policy entry was not found in the context of the authenticated\n            user.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        content:\n          application/json:\n            schema:\n              $ref: '#/components/schemas/SubjectEntry'\n            example: {}\n        description: JSON representation of the Subject\n        required: true\n    delete:\n      summary: Delete one specific Subject of a Policy entry\n      description: |-\n        Deletes the Subject with ID `subjectId` of the Policy entry identified\n        by the `label` path parameter belonging to the Policy identified by the\n        `policyId` path parameter.\n      tags:\n        - Policies\n      parameters:\n        - $ref: '#/components/parameters/policyIdPathParam'\n        - $ref: '#/components/parameters/labelPathParam'\n        - $ref: '#/components/parameters/subjectIdPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '204':\n          description: The Subject was successfully deleted.\n        '400':\n          description: |-\n            The request could not be completed. The `policyId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For deleting a Subject of an existing Policy entry, `WRITE` permission on the resource `policy:/entries/{label}/subjects/{subjectId}` is required without having any revoke.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The Policy with the given ID,\n            the Policy entry or the Subject was not found in the context of the\n            authenticated user.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n  '/policies/{policyId}/entries/{label}/resources':\n    get:\n      summary: Retrieve all Resources of a Policy entry\n      description: |-\n        Returns all Resources of the Policy entry of the Policy identified by\n        the `policyId` path parameter and for the label identified by the\n        `label` path parameter.\n      tags:\n        - Policies\n      parameters:\n        - $ref: '#/components/parameters/policyIdPathParam'\n        - $ref: '#/components/parameters/labelPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '200':\n          description: The request successfully returned. The resources are returned.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/Resources'\n        '304':\n          $ref: '#/components/responses/notModified'\n        '400':\n          description: |-\n            The request could not be completed. The `policyId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '404':\n          description: |-\n            The request could not be completed. The Policy with the given ID or\n            the Policy entry was not found in the context of the authenticated\n            user.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n    put:\n      summary: Create or modify all Resources of a Policy Entry\n      description: |-\n        Create or modify all Resources of the Policy entry of the Policy\n        identified by the `policyId` path parameter and with the label\n        identified by the `label` path parameter.\n      tags:\n        - Policies\n      parameters:\n        - $ref: '#/components/parameters/policyIdPathParam'\n        - $ref: '#/components/parameters/labelPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '204':\n          description: The Resources were successfully created or updated.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n        '400':\n          description: |-\n            The request could not be completed. The `policyId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or the JSON was invalid, or no valid Resources JSON object.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For modifying Resources of an existing Policy entry, `WRITE` permission on the resource `policy:/entries/{label}/resources` is required without having any revoke.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The Policy with the given ID or\n            the Policy entry was not found in the context of the authenticated\n            user.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        content:\n          application/json:\n            schema:\n              $ref: '#/components/schemas/Resources'\n            example: {}\n        description: JSON representation of the Resources\n        required: true\n  '/policies/{policyId}/entries/{label}/resources/{resourcePath}':\n    get:\n      summary: Retrieve one specific Resource of a Policy entry\n      description: |-\n        Returns the Resource with path `resourcePath` of the Policy entry\n        identified by the `label` path parameter belonging to the Policy\n        identified by the `policyId` path parameter.\n      tags:\n        - Policies\n      parameters:\n        - $ref: '#/components/parameters/policyIdPathParam'\n        - $ref: '#/components/parameters/labelPathParam'\n        - $ref: '#/components/parameters/resourcePathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '200':\n          description: |-\n            The request successfully returned completed and returned is the\n            Resource.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/ResourceEntry'\n        '304':\n          $ref: '#/components/responses/notModified'\n        '400':\n          description: |-\n            The request could not be completed. The `policyId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '404':\n          description: |-\n            The request could not be completed. The Policy with the given ID,\n            the Policy entry or the Resource was not found in the context of the\n            authenticated user.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n    put:\n      summary: Create or modify one specific Resource of a Policy entry\n      description: |-\n        Create or modify the Resource with path `resourcePath` of the Policy\n        entry identified by the `label` path parameter belonging to the Policy\n        identified by the `policyId` path parameter.\n      tags:\n        - Policies\n      parameters:\n        - $ref: '#/components/parameters/policyIdPathParam'\n        - $ref: '#/components/parameters/labelPathParam'\n        - $ref: '#/components/parameters/resourcePathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '201':\n          description: The Resource was successfully created.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n            Location:\n              description: The location of the created Resource\n              schema:\n                type: string\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/ResourceEntry'\n        '204':\n          description: The Resource was successfully updated.\n          headers:\n            ETag:\n              description: |-\n                The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n                \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n              schema:\n                type: string\n        '304':\n          $ref: '#/components/responses/notModified'\n        '400':\n          description: |-\n            The request could not be completed. The `policyId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n\n            Or the JSON was invalid, or no valid Resource JSON object.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For modifying a Resource of an existing Policy entry, `WRITE` permission on the resource `policy:/entries/{label}/resources/{resourcePath}` is required without having any revoke.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The Policy with the given ID or\n            the Policy entry was not found in the context of the authenticated\n            user.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n        '413':\n          $ref: '#/components/responses/entityTooLarge'\n      requestBody:\n        content:\n          application/json:\n            schema:\n              $ref: '#/components/schemas/ResourceEntry'\n            example: {}\n        description: JSON representation of the Resource\n        required: true\n    delete:\n      summary: Delete one Resource of a Policy entry\n      description: |-\n        Deletes the Resource with path `resourcePath` of the Policy entry\n        identified by the `label` path parameter belonging to the Policy\n        identified by the `policyId` path parameter.\n      tags:\n        - Policies\n      parameters:\n        - $ref: '#/components/parameters/policyIdPathParam'\n        - $ref: '#/components/parameters/labelPathParam'\n        - $ref: '#/components/parameters/resourcePathPathParam'\n        - $ref: '#/components/parameters/ifMatchHeaderParam'\n        - $ref: '#/components/parameters/ifNoneMatchHeaderParam'\n      responses:\n        '204':\n          description: The Resource was successfully deleted.\n        '400':\n          description: |-\n            The request could not be completed. The `policyId` either\n\n              * does not contain the mandatory namespace prefix (java package notation + `:` colon)\n              * does not conform to RFC-2396 (URI)\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: |-\n            The request could not be completed as the caller had insufficient permissions. For deleting a Resource of an existing Policy entry, `WRITE` permission on the resource `policy:/entries/{label}/resources/{resourcePath}` is required without having any revoke.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '404':\n          description: |-\n            The request could not be completed. The Policy with the given ID,\n            the Policy entry or the Resource was not found in the context of the\n            authenticated user.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '412':\n          $ref: '#/components/responses/preconditionFailed'\n  ###\n  ### Things-Search\n  ###\n  /search/things:\n    get:\n      summary: Search for Things\n      description: |-\n        This resource can be used to search for things.\n\n        The query parameter `filter` is not mandatory. If it is not set there\n        are returned all things which the logged in user is allowed to read. The\n        resource supports sorting and paging. If paging is not explicitly\n        specified by means of the `limit` option, a default count of `25`\n        documents is returned.\n\n        To search for nested properties, we use JSON Pointer notation\n        (RFC-6901). See the following example how to search for the sub property\n        `location` of the parent property `attributes` with a forward slash as\n        separator:\n\n        ```eq(attributes/location,\"kitchen\")```\n      parameters:\n        - $ref: '#/components/parameters/searchFilter'\n        - $ref: '#/components/parameters/namespacesFilter'\n        - $ref: '#/components/parameters/thingFieldsQueryParam'\n        - name: option\n          in: query\n          description: |-\n            Possible values for the parameter:\n\n            ###### Sort operations\n\n            * ```sort([+|-]{property})```\n            * ```sort([+|-]{property},[+|-]{property},...)```\n\n            ###### Paging operations\n\n            * ```size({page-size})```  Maximum allowed page-size is `200`.\n            * ```cursor({cursor-id})```  Start the search from the cursor location. Specify the cursor ID without\n            quotation marks. Cursor IDs are given in responses and mark the position after the final search result.\n            The meaning of cursor IDs is unspecified and may change without notice.\n\n            The paging option `limit({offset},{count})` is deprecated.\n            It may result in slow queries, time-outs and will be removed eventually.\n\n            ##### Examples:\n\n            * ```sort(+thingId)```\n            * ```sort(-attributes/manufacturer)```\n            * ```sort(+thingId,-attributes/manufacturer)```\n            * ```size(10)``` return 10 results\n            * ```cursor(LOREMIPSUM)```  return results after the position of the cursor `LOREMIPSUM`.\n\n            ##### Combine:\n\n            If you need to specify multiple options, when using the swagger UI just write each option in a new line.\n            When using the plain REST API programmatically,\n            you will need to separate the options using a comma (,) character.\n\n            ```size(200),cursor(LOREMIPSUM)```\n\n            The deprecated paging option `limit` may not combine with the other paging options `size` and `cursor`.\n          required: false\n          schema:\n            type: array\n            items:\n              type: string\n      tags:\n        - Things-Search\n      responses:\n        '200':\n          description: An array of the matching things.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/SearchResultThings'\n        '400':\n          description: |-\n            The request could not be completed. A provided parameter was in a\n            wrong format.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: The request could not be completed due to an invalid authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '504':\n          description: The request ran out of time to execute on the the back-end. Optimize your query and try again.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n  /search/things/count:\n    get:\n      summary: Count Things\n      description: |-\n        This resource can be used to count things.\n\n        The query parameter `filter` is not mandatory. If it is not set there is\n        returned the total amount of things which the logged in user is allowed\n        to read.\n\n        To search for nested properties, we use JSON Pointer notation\n        (RFC-6901). See the following example how to search for the sub property\n        `location` of the parent property `attributes` with a forward slash as\n        separator:\n\n        ```eq(attributes/location,\"kitchen\")```\n      parameters:\n        - $ref: '#/components/parameters/searchFilter'\n        - $ref: '#/components/parameters/namespacesFilter'\n      tags:\n        - Things-Search\n      responses:\n        '200':\n          description: A number indicating the amount of matched things\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/SearchResultThingsCount'\n        '400':\n          description: |-\n            The request could not be completed. A provided parameter was in a\n            wrong format.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '401':\n          description: The request could not be completed due to missing authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '403':\n          description: The request could not be completed due to an invalid authentication.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\n        '504':\n          description: The request ran out of time to execute on the the back-end. Optimize your query and try again.\n          content:\n            application/json:\n              schema:\n                $ref: '#/components/schemas/AdvancedError'\ncomponents:\n  schemas:\n    Error:\n      properties:\n        status:\n          type: integer\n          description: The HTTP status of the error\n        message:\n          type: string\n          description: The message of the error - what went wrong\n        description:\n          type: string\n          description: A description how to fix the error or more details\n        href:\n          type: string\n          description: A link to further information about the error and how to fix it\n      required:\n        - status\n        - message\n    AdvancedError:\n      properties:\n        status:\n          type: integer\n          description: The HTTP status of the error\n        error:\n          type: string\n          description: The error code of the occurred exception\n        message:\n          type: string\n          description: The message of the error - what went wrong\n        description:\n          type: string\n          description: A description how to fix the error or more details\n        href:\n          type: string\n          description: A link to further information about the error and how to fix it\n      required:\n        - status\n        - error\n        - message\n    Attributes:\n      type: object\n      description: An arbitrary JSON object.\n    FeatureDefinition:\n      type: array\n      items:\n        type: string\n        description: \"A single fully qualified identifier of a Feature Definition in the form 'namespace:name:version'\"\n        pattern: ([_a-zA-Z0-9\\-.]+):([_a-zA-Z0-9\\-.]+):([_a-zA-Z0-9\\-.]+)\n    FeatureProperties:\n      type: object\n      description: An arbitrary JSON object.\n    Feature:\n      type: object\n      properties:\n        definition:\n          $ref: '#/components/schemas/FeatureDefinition'\n          description: The Definition of this Feature\n        properties:\n          $ref: '#/components/schemas/FeatureProperties'\n          description: The Properties of this Feature\n    SearchResultThings:\n      properties:\n        items:\n          type: array\n          items:\n            $ref: '#/components/schemas/Thing'\n        cursor:\n          type: string\n    SearchResultThingsCount:\n      type: integer\n    NewThing:\n      type: object\n      properties:\n        _policy:\n          $ref: '#/components/schemas/Policy'\n          description: |-\n            The initial Policy to create for this Thing. This will create a separate Policy entity managed by resource `/policies/{thingId}`.\n\n\n            Use the placeholder `{{ request:subjectId }}` in order to let the backend insert the authenticated subjectId of the HTTP request.\n        _copyPolicyFrom:\n          type: string\n          description: |-\n            This field may contain the Policy ID of an existing Policy.\n            The Policy is copied and used for this newly created Thing. This field may also contain a placeholder\n            reference to a Thing in the format `{{ ref:things/[thingId]/policyId }}` where you need to replace `[thingId]`\n            with a valid Thing ID. The newly created Thing will then obtain a copy of the Policy of the referenced Thing.\n            In the case of using a reference, the caller needs to have READ access to both the Thing and the Policy of the Thing.\n            In the case of using an explicit policy id to copy from, the caller needs to have READ access to the Policy.\n            If you want to specify a Policy ID for the copied policy, use the policyId field.\n            This field must not be used together with the field `_policy`. If you specify both `_policy` and\n            `_copyPolicyFrom` this will lead to an error response.\n        policyId:\n          type: string\n          description: |-\n            The Policy ID used for controlling access to this Thing. Managed by\n            resource `/policies/{policyId}`.\n        attributes:\n          $ref: '#/components/schemas/Attributes'\n          description: The attributes of this Thing\n        features:\n          $ref: '#/components/schemas/Features'\n          description: The Features of this Thing\n    Thing:\n      type: object\n      required:\n        - thingId\n        - policyId\n        - attributes\n        - features\n      properties:\n        thingId:\n          type: string\n          description: Unique identifier representing the thing\n        policyId:\n          type: string\n          description: The policy ID used for controlling access to this thing, managed by resource `/policies/{policyId}`\n        attributes:\n          $ref: '#/components/schemas/Attributes'\n          description: The attributes of this thing\n        features:\n          $ref: '#/components/schemas/Features'\n          description: The features of this thing\n    Policy:\n      type: object\n      description: Policy consisting of PolicyEntries\n      properties:\n        entries:\n          $ref: '#/components/schemas/PolicyEntries'\n    PolicyEntries:\n      type: object\n      description: PolicyEntries containing one PolicyEntry for each arbitrary `label` key\n      properties:\n        label1:\n          $ref: '#/components/schemas/PolicyEntry'\n        labelN:\n          $ref: '#/components/schemas/PolicyEntry'\n    PolicyEntry:\n      type: object\n      description: Single Policy entry containing Subjects and Resources.\n      required:\n        - subjects\n        - resources\n      properties:\n        subjects:\n          $ref: '#/components/schemas/Subjects'\n        resources:\n          $ref: '#/components/schemas/Resources'\n    Subjects:\n      type: object\n      description: |-\n        (Authorization) Subjects containing one SubjectEntry for each arbitrary\n        `issuer:subjectId` key. `issuer` being one of the following\n        `iot-permissions`, `iot-things`\n      properties:\n        'iot-permissions:subjectId1':\n          $ref: '#/components/schemas/SubjectEntry'\n        'iot-permissions:subjectIdN':\n          $ref: '#/components/schemas/SubjectEntry'\n    SubjectEntry:\n      type: object\n      description: Single (Authorization) Subject entry holding its type.\n      required:\n        - type\n      properties:\n        type:\n          type: string\n          description: the type of the (Authorization) Subject\n          enum:\n            - iot-permissions-sid\n            - iot-permissions-userid\n            - iot-permissions-groupid\n            - iot-permissions-roleid\n            - iot-things-clientid\n            - jwt\n    Resources:\n      type: object\n      description: |-\n        (Authorization) Resources containing one ResourceEntry for each\n        `type:path` key, `type` being one of the following `thing`, `policy`,\n        `message`\n      properties:\n        'thing:/':\n          $ref: '#/components/schemas/ResourceEntry'\n        'thing:/attributes/some/path':\n          $ref: '#/components/schemas/ResourceEntryRestricted'\n        'policy:/':\n          $ref: '#/components/schemas/ResourceEntry'\n        'message:/':\n          $ref: '#/components/schemas/ResourceEntry'\n    ResourceEntry:\n      type: object\n      description: |-\n        Single (Authorization) Resource entry defining permissions per effect.\n        Allowed effects are `grant` and `revoke`.\n      properties:\n        grant:\n          type: array\n          items:\n            $ref: '#/components/schemas/Permission'\n        revoke:\n          type: array\n          items:\n            $ref: '#/components/schemas/Permission'\n    ResourceEntryRestricted:\n      type: object\n      description: |-\n        Single (Authorization) Resource entry defining permissions per effect.\n        Allowed effects are `grant` and `revoke`.\n      properties:\n        grant:\n          type: array\n          items:\n            $ref: '#/components/schemas/Permission'\n        revoke:\n          type: array\n          items:\n            $ref: '#/components/schemas/Permission'\n    Permission:\n      type: string\n      description: A Permission allows a certain action on an entity\n      enum:\n        - READ\n        - WRITE\n    Features:\n      type: object\n      description: |-\n        List of Features where the key represents the `featureId` of each Feature.\n        The `featureId` key must be unique in the list.\n      additionalProperties:\n        $ref: '#/components/schemas/Feature'\n    TagTopologyResponse:\n      type: object\n      properties:\n        tag:\n          type: string\n          description: Tag name of the saved Topology snapshot.\n        tagTimestamp:\n          type: string\n          description: Timestamp of the saved Topology snapshot.\n    GraphQLExecutionError:\n      type: object\n      properties:\n        status:\n          type: integer\n          description: The HTTP status of unprocessable entity (422)\n        error:\n          type: string\n          description: |-\n            The error code of GraphQL execution error\n            `\"topologoes:graphql.execution.error\"`\n        message:\n          type: string\n          description: |-\n            A description of what happened `\"GraphQL execution failed with\n            errors.\"`\n        graphql_errors:\n          type: array\n          items:\n            type: string\n          description: A list of error messages from the GraphQL engine.\n      required:\n        - status\n        - error\n        - message\n        - graphql_errors\n    GraphQLRequest:\n      type: object\n    GraphQLResponse:\n      type: object\n      required:\n        - data\n      properties:\n        data:\n          type: object\n          description: The result of the GraphQL query.\n    GraphQLSchema:\n      type: string\n      description: The GraphQL schema.\n      example: |\n        schema @expand(template: \"Topology\") { query: Ignored }\n\n        type Campus implements Topology {\n        id:         ID!\n        campusName: String\n        buildings:  [Building]\n        companies:  [Company]\n        }\n\n        type Building implements Referenceable {\n          buildingName: String\n          rooms:        [Room]\n        }\n\n        type Room implements Referenceable {\n          roomName: String\n          area:     Float\n        }\n\n        type Company {\n          name:  String\n          units: [Referenceable]\n        }\n    Topology:\n      type: object\n      required:\n        - topologyId\n        - policyId\n        - schemaId\n      properties:\n        topologyId:\n          type: string\n          description: The ID of the Topology.\n        policyId:\n          type: string\n          description: |-\n            The Policy ID used for controlling access to this Topology. Managed by\n            resource `/policies/{policyId}`.\n        schemaId:\n          type: string\n          description: |-\n            The Topology Schema ID defining this Topology. Managed by resource `/topology-schemas/{schemaId}`.\n    NewTopology:\n      type: object\n      required:\n        - policyId\n        - schemaId\n      properties:\n        policyId:\n          type: string\n          description: |-\n            The Policy ID used for controlling access to this Topology. Managed by\n            resource `/policies/{policyId}`.\n        schemaId:\n          type: string\n          description: |-\n            The Topology Schema ID defining this Topology. Managed by\n            resource `/topology-schemas/{schemaId}`.\n        _content:\n          $ref: '#/components/schemas/NewTopologyContent'\n    NewTopologyContent:\n      type: object\n      properties:\n        query:\n          type: string\n          description: Only `create` mutation allowed here.\n        variables:\n          type: object\n    NewTopologyResponse:\n      type: object\n      required:\n        - topologyId\n        - policyId\n        - schemaId\n      properties:\n        topologyId:\n          type: string\n          description: The ID of the modified Topology.\n        policyId:\n          type: string\n          description: |-\n            The Policy ID used for controlling access to this Topology. Managed by\n            resource `/policies/{policyId}`.\n        schemaId:\n          type: string\n          description: |-\n            The Topology Schema ID defining this Topology. Managed by\n            resource `/topology-schemas/{schemaId}`.\n        data:\n          type: object\n          description: GraphQL operation result if `_content` was provided with the request body.\n    SearchResultTopologies:\n      properties:\n        items:\n          type: array\n          items:\n            $ref: '#/components/schemas/Topology'\n    TopologySchema:\n      type: object\n      required:\n        - schemaId\n        - policyId\n      properties:\n        schemaId:\n          type: string\n          description: The ID of the Topology Schema.\n        policyId:\n          type: string\n          description: |-\n            The Policy ID used for controlling access to this Topology Schema. Managed by\n            resource `/policies/{policyId}`.\n        content:\n          $ref: '#/components/schemas/GraphQLSchema'\n    NewTopologySchema:\n      type: object\n      required:\n        - schemaId\n        - policyId\n      properties:\n        schemaId:\n          type: string\n          description: The ID of the Topology Schema.\n        policyId:\n          type: string\n          description: |-\n            The Policy ID used for controlling access to this Topology Schema. Managed by\n            resource `/policies/{policyId}`.\n        content:\n          $ref: '#/components/schemas/GraphQLSchema'\n    NewTopologySchemaResponse:\n      type: object\n      required:\n        - schemaId\n        - policyId\n      properties:\n        schemaId:\n          type: string\n          description: The ID of the modified Topology Schema.\n        policyId:\n          type: string\n          description: |-\n            The Policy ID used for controlling access to this Topology Schema. Managed by\n            resource `/policies/{policyId}`.\n        content:\n          $ref: '#/components/schemas/GraphQLSchema'\n\n  responses:\n    entityTooLarge:\n      description: |-\n        The created or modified entity is larger than the accepted limit of 100 kB.\n      content:\n        application/json:\n          schema:\n            $ref: '#/components/schemas/AdvancedError'\n    messageTooLarge:\n      description: |-\n        The size of the send message is larger than the accepted limit of 250 kB.\n      content:\n        application/json:\n          schema:\n            $ref: '#/components/schemas/AdvancedError'\n    notModified:\n      description: |-\n        The (sub-)resource has not been modified. This happens when you specified a If-None-Match header which\n         matches the current ETag of the (sub-)resource.\n      headers:\n        ETag:\n          description: |-\n            The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n            \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n          schema:\n            type: string\n    preconditionFailed:\n      description: |-\n        A precondition for reading or writing the (sub-)resource failed. This will happen for write requests, when you\n        specified an If-Match or If-None-Match header which fails the precondition check against the current ETag of\n        the (sub-)resource. For read requests, this error may only happen for a failing If-Match header. In case of a\n        failing If-None-Match header for a read request, status 304 will be returned instead.\n      headers:\n        ETag:\n          description: |-\n            The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format\n            \"rev:[revision]\", for sub-resources it has the format \"hash:[calculated-hash]\".\n          schema:\n            type: string\n      content:\n        application/json:\n          schema:\n            $ref: '#/components/schemas/AdvancedError'\n\n  parameters:\n    ifMatchHeaderParam:\n      name: If-Match\n      in: header\n      description:  >-\n        The `If-Match` header which has to conform to RFC-7232 (Conditional Requests). Common usages are:\n          * optimistic locking by specifying the `ETag` from a previous GET response, e.g. `If-Match: \"rev:4711\"`\n          * retrieving or modifying a resource only if it already exists, e.g. `If-Match: *`\n      required: false\n      schema:\n        type: string\n    ifNoneMatchHeaderParam:\n      name: If-None-Match\n      in: header\n      description:  >-\n        The `If-None-Match` header which has to conform to RFC-7232 (Conditional Requests). A common usage scenario is to\n        modify a resource only if it does not yet exist, thus to create it, by specifying `If-None-Match: *`.\n      required: false\n      schema:\n        type: string\n    featureIdPathPathParam:\n      name: featureId\n      in: path\n      description: The ID of the Feature - has to conform to RFC-2396 (URI)\n      required: true\n      schema:\n        type: string\n    attributePathPathParam:\n      name: attributePath\n      in: path\n      description: The path to the Attribute\n      required: true\n      schema:\n        type: string\n    thingIdPathParam:\n      name: thingId\n      in: path\n      description: |-\n        The ID of the Thing - has to:\n\n          * contain the mandatory namespace prefix (java package notation + `:` colon)\n          * conform to RFC-2396 (URI)\n      required: true\n      schema:\n        type: string\n    policyIdPathParam:\n      name: policyId\n      in: path\n      description: |-\n        The ID of the Policy - has to:\n\n          * contain the mandatory namespace prefix (java package notation + `:` colon)\n          * conform to RFC-2396 (URI)\n      required: true\n      schema:\n        type: string\n    topologyIdPathParam:\n      name: topologyId\n      in: path\n      description: |-\n        The ID of the Topology - has to:\n         * contain the mandatory namespace prefix (java package notation + `:` colon)\n         * conform to RFC-2396 (URI)\n      required: true\n      schema:\n        type: string\n    topologyTagPathParam:\n      name: tagId\n      in: path\n      description: |-\n        A Tag of a Topology - has to:\n\n          * contain 0 or more unreserved URI characters (letters, digits, `-`, `.`, `_`, `~`)\n           * `1.1`\n           * `~topo-1_MILESTONE`\n\n          * Invalid examples:\n           * `%22topo:logy/+5`\n           * `!(x=42+y=z)`\n      required: true\n      schema:\n        type: string\n    topologyTagQueryParam:\n      name: tag\n      in: query\n      description: |-\n        A tag of a topology - has to:\n\n          * contain 1 or more unreserved URI characters (letters, digits, `-`, `.`, `_`, `~`)\n           * `1.1`\n           * `topo1-MILESTONE`\n\n          * Invalid examples:\n           * `%22topo:logy/+5`\n           * `topo?x=42&y=x`\n      required: false\n      schema:\n        type: string\n    topologyTimestampQueryParam:\n      name: tag_timestamp\n      in: query\n      description: |-\n        Timestamp of a Topology tagged in the past - has to:\n\n        * conform to the ISO 8601 calendar date and time format with mandatory\n        time zone designation.\n          The date must be a fully specified calendar date. Week and ordinal dates are not supported. The time may be\n          accurate up to hours, minutes, seconds or milliseconds. The separator `T` between the date and the time is\n          mandatory. We support both the expanded format `YYYY-MM-DDThh:mm:ss.sTZD` and the basic format\n          `YYYYMMDDThhmmss.sTZD`, where `TZD` is a URL-encoded time zone designator (`Z`, `%2Bhh:mm`, `-hh:mm`,\n          `%2Bhhmm`, or `-hhmm`).\n\n          Valid examples are:\n             * `2017-01-03T10:15:30.013Z`\n             * `20170103T101530.013Z`\n             * `2017-02-03T10:15:30%2B01:00`\n             * `2017-02-03T10:15:30-01:00`\n      required: false\n      schema:\n        type: string\n    topologyQueryQueryParam:\n      name: query\n      in: query\n      description: |-\n        A URL-encoded GraphQL query string. Suitable for small queries only: The\n        size of the entire URL should not exceed 8 kilobyte.\n      required: true\n      schema:\n        type: string\n    topologyVariablesQueryParam:\n      name: variables\n      in: query\n      description: |-\n        A URL-encoded JSON object containing exactly the variables used in the\n        GraphQL query.\n      required: false\n      schema:\n        type: string\n    topologyOperationNameQueryParam:\n      name: operationName\n      in: query\n      required: false\n      description: |-\n        If several named operations are defined in a GraphQL query, this parameter\n        names the operation to be executed.\n      schema:\n        type: string\n    schemaIdPathParam:\n      name: schemaId\n      in: path\n      description: |-\n        The ID of the Schema:\n\n          * has to follow the pattern `namespace`:`name`:`version`\n          * `namespace` must conform to java package notation\n          * `name` and `version` must conform to RFC-2396 (URI)\n      required: true\n      schema:\n        type: string\n    schemaFieldsQueryParam:\n      name: fields\n      in: query\n      description: |-\n        Contains a comma separated list of fields to be included in the returned JSON.\n\n        #### Selectable fields\n\n        * `schemaId`\n\n        * `policyId`\n\n        * `content`\n\n        * `_revision`\n\n          Specifically selects the revision of the Schema. The revision is a counter which is incremented on each\n          modification of a Schema.\n\n        #### Example\n\n        * `?fields=schemaId,_revision`\n      required: false\n      schema:\n        type: string\n    topologyFieldsQueryParam:\n      name: fields\n      in: query\n      description: |-\n        Contains a comma separated list of fields to be included in the returned JSON.\n\n        #### Selectable fields\n\n        * `topologyId`\n\n        * `policyId`\n\n        * `schemaId`\n\n        * `_revision`\n\n          Specifically selects the revision of the Topology. The revision is a counter which is incremented on each\n          modification of a Topology.\n\n        #### Example\n\n        * `?fields=topologyId,_revision`\n      required: false\n      schema:\n        type: string\n    messageSubjectPathParam:\n      name: messageSubject\n      in: path\n      description: The subject of the Message - has to conform to RFC-2396 (URI)\n      required: true\n      schema:\n        type: string\n    messageClaimTimeoutParam:\n      name: timeout\n      in: query\n      description: |-\n        Contains an optional timeout (in seconds) of how long to wait for the Claim response and therefore block the\n        HTTP request. Default value (if omitted): 60 seconds. Maximum value: 600 seconds. A value of 0 seconds applies\n        fire and forget semantics for the message.\n      required: false\n      schema:\n        type: integer\n    messageTimeoutParam:\n      name: timeout\n      in: query\n      description: |-\n        Contains an optional timeout (in seconds) of how long to wait for the message response and therefore block the\n        HTTP request. Default value (if omitted): 10 seconds. Maximum value: 60 seconds. A value of 0 seconds applies\n        fire and forget semantics for the message.\n      required: false\n      schema:\n        type: integer\n\n\n    labelPathParam:\n      name: label\n      in: path\n      description: The label of a Policy entry\n      required: true\n      schema:\n        type: string\n    subjectIdPathParam:\n      name: subjectId\n      in: path\n      description: The ID of an (Authorization) Subject\n      required: true\n      schema:\n        type: string\n    resourcePathPathParam:\n      name: resourcePath\n      in: path\n      description: The path of an (Authorization) Resource\n      required: true\n      schema:\n        type: string\n    propertyPathPathParam:\n      name: propertyPath\n      in: path\n      description: The path to the Property\n      required: true\n      schema:\n        type: string\n    thingFieldsQueryParam:\n      name: fields\n      in: query\n      description: |-\n        Contains a comma separated list of fields to be included in the returned\n        JSON. Attributes can be selected in the same manner.\n\n        #### Selectable fields\n\n        * `thingId`\n\n        * `policyId`\n\n        * `_policy`\n\n         Specifically selects the policy of the Thing. (The policy is not contained in the returned JSON per default.)\n\n        * `attributes`\n\n          Supports selecting arbitrary sub-fields by using a comma separated list:\n            * several attribute paths can be passed as a comma separated list of JSON pointers (RFC-6901)\n\n              For example:\n                * `?fields=attributes/model` would select only `model` attribute value (if present)\n                * `?fields=attributes/model,attributes/make` would select only `model` and `make` attribute values (if present)\n\n          Supports selecting arbitrary sub-fields of objects by wrapping sub-fields inside parentheses `( )`:\n            * a comma-separated list of sub-fields (a sub-field is a JSON pointer (RFC-6901) separated with `/`) to select\n            * sub-selectors can be used to request only specific sub-fields by placing expressions in parentheses `( )` after a selected subfield\n\n              For example:\n               * `?fields=attributes(model,make)` would select only `model` and `make` attribute values (if present)\n               * `?fields=attributes(location/longitude)` would select the `longitude` value inside the `location` object\n               * `?fields=attributes/address/postal(city,street)` would select the `city` and `street` values inside the `postal` object inside the `address` object\n\n\n        * `features`\n\n          Supports selecting arbitrary fields in features similar to `attributes` (see also Features documentation for more details)\n\n        * `_namespace`\n\n          Specifically selects the namespace also contained in the `thingId`\n\n        * `_revision`\n\n          Specifically selects the revision of the Thing. The revision is a counter which is incremented on each modification of a Thing.\n\n        * `_modified`\n\n          Specifically selects the modified timestamp of the Thing in ISO-8601 UTC format. The timestamp is set on each modification of a Thing.\n\n        #### Examples\n\n        * `?fields=thingId,attributes,features`\n\n        * `?fields=attributes(model,make),features`\n\n        *\n        `?fields=thingId,attributes/location/longitude,attributes/address(city,street)`\n      required: false\n      schema:\n        type: string\n    attributesFieldsQueryParam:\n      name: fields\n      in: query\n      description: |-\n        Contains a comma separated list of fields from the attributes to be\n        included in the returned JSON.\n\n        #### Selectable fields\n\n        Supports selecting arbitrary sub-fields as defined in the attributes by\n        using a comma separated list:\n          * several properties paths can be passed as a comma separated list of JSON pointers (RFC-6901)\n\n            For example:\n              * `?fields=model` would select only `model` attribute value (if present)\n              * `?fields=model,make` would select only `model` and `make` attribute values (if present)\n\n        Supports selecting arbitrary sub-fields of objects by wrapping sub-fields\n        inside parentheses `( )`:\n          * a comma-separated list of sub-fields (a sub-field is a JSON pointer (RFC-6901) separated with `/`) to select\n          * sub-selectors can be used to request only specific sub-fields by placing expressions in parentheses `( )` after a selected subfield\n\n            For example:\n             * `?fields=location(longitude,latitude)` would select the `longitude` and `latitude` value inside the `location` attribute\n\n        #### Examples\n\n        * `?fields=model,make,location(longitude,latitude)`\n\n        * `?fields=listOfAddresses/postal(city,street))`\n      required: false\n      schema:\n        type: string\n    propertiesFieldsQueryParam:\n      name: fields\n      in: query\n      description: |-\n        Contains a comma separated list of fields from the properties to be\n        included in the returned JSON.\n\n        #### Selectable fields\n\n        Supports selecting arbitrary sub-fields as defined in the properties by\n        using a comma separated list:\n          * several properties paths can be passed as a comma separated list of JSON pointers (RFC-6901)\n\n            For example:\n              * `?fields=temperature` would select only `temperature` property value (if present)\n              * `?fields=temperature,humidity` would select only `temperature` and `humidity` property values (if present)\n\n        Supports selecting arbitrary sub-fields of objects by wrapping sub-fields\n        inside parentheses `( )`:\n          * a comma-separated list of sub-fields (a sub-field is a JSON pointer (RFC-6901) separated with `/`) to select\n          * sub-selectors can be used to request only specific sub-fields by placing expressions in parentheses `( )` after a selected subfield\n\n            For example:\n             * `?fields=location(longitude,latitude)` would select the `longitude` and `latitude` value inside the `location` property\n\n        #### Examples\n\n        * `?fields=temperature,humidity,location(longitude,latitude)`\n\n        * `?fields=configuration,status(powerConsumption/watts)`\n      required: false\n      schema:\n        type: string\n    featuresFieldsQueryParam:\n      name: fields\n      in: query\n      description: |-\n        Contains a comma separated list of fields from one or more Features to be\n        included in the returned JSON.\n\n        #### Selectable fields\n\n        * `{featureId}` The ID of the Feature to select properties in\n\n          * `properties`\n\n            Supports selecting arbitrary sub-fields by using a comma separated list:\n              * several properties paths can be passed as a comma separated list of JSON pointers (RFC-6901)\n\n                For example:\n                  * `?fields={featureId}/properties/color` would select only `color` property value (if present) of the Feature identified with `{featureId}`\n                  * `?fields={featureId}/properties/color,properties/brightness` would select only `color` and `brightness` property values (if present) of the Feature identified with `{featureId}`\n\n            Supports selecting arbitrary sub-fields of objects by wrapping sub-fields inside parentheses `( )`:\n              * a comma-separated list of sub-fields (a sub-field is a JSON pointer (RFC-6901) separated with `/`) to select\n              * sub-selectors can be used to request only specific sub-fields by placing expressions in parentheses `( )` after a selected subfield\n\n                For example:\n                 * `?fields={featureId}/properties(color,brightness)` would select only `color` and `brightness` property values (if present) of the Feature identified with `{featureId}`\n                 * `?fields={featureId}/properties(location/longitude)` would select the `longitude` value inside the `location` object of the Feature identified with `{featureId}`\n\n\n        #### Examples\n\n        * `?fields=EnvironmentScanner/properties(temperature,humidity)`\n\n        *\n        `?fields=EnvironmentScanner/properties(temperature,humidity),Vehicle/properties/configuration`\n      required: false\n      schema:\n        type: string\n    featureFieldsQueryParam:\n      name: fields\n      in: query\n      description: |-\n        Contains a comma separated list of fields from the selected Feature to be\n        included in the returned JSON.\n\n        #### Selectable fields\n\n        * `properties`\n\n          Supports selecting arbitrary sub-fields by using a comma separated list:\n            * several properties paths can be passed as a comma separated list of JSON pointers (RFC-6901)\n\n              For example:\n                * `?fields=properties/color` would select only `color` property value (if present)\n                * `?fields=properties/color,properties/brightness` would select only `color` and `brightness` property values (if present)\n\n          Supports selecting arbitrary sub-fields of objects by wrapping sub-fields inside parentheses `( )`:\n            * a comma-separated list of sub-fields (a sub-field is a JSON pointer (RFC-6901) separated with `/`) to select\n            * sub-selectors can be used to request only specific sub-fields by placing expressions in parentheses `( )` after a selected subfield\n\n              For example:\n               * `?fields=properties(color,brightness)` would select only `color` and `brightness` property values (if present)\n               * `?fields=properties(location/longitude)` would select the `longitude` value inside the `location` object\n\n        #### Examples\n\n        * `?fields=properties(color,brightness)`\n      required: false\n      schema:\n        type: string\n    searchFilter:\n      name: filter\n      in: query\n      description: |-\n\n        ##### Filter operations:\n\n        * ```eq({property},{value})```\n\n        * ```ne({property},{value})```\n\n        * ```gt({property},{value})```\n\n        * ```ge({property},{value})```\n\n        * ```lt({property},{value})```\n\n        * ```le({property},{value})```\n\n        * ```in({property},{value},{value},...)```\n\n        * ```like({property},{value})```\n\n        * ```exists({property})```\n\n\n        Note: When using filter operations, only things with the specified properties are returned.\n        For example, the filter `ne(attributes/owner, \"SID123\")` will only return things that do have\n        the `owner` attribute.\n\n\n        ##### Logical operations:\n\n\n        * ```and({query},{query},...)```\n\n        * ```or({query},{query},...)```\n\n        * ```not({query})```\n\n\n        ##### Examples:\n\n        * ```eq(attributes/location,\"kitchen\")```\n\n        * ```exists(features/featureId)```\n\n        * ```and(eq(attributes/location,\"kitchen\"),eq(attributes/color,\"red\"))```\n\n        * ```or(eq(attributes/location,\"kitchen\"),eq(attributes/location,\"living-room\"))```\n      required: false\n      schema:\n        type: string\n    namespacesFilter:\n      name: namespaces\n      in: query\n      description: |-\n        A comma separated list of namespaces. This list is used to limit the query to things in the given namespaces\n        only. When this parameter is omitted, all namespaces will be queried.\n\n\n        #### Examples:\n\n        * `?namespaces=com.example.namespace`\n\n        * `?namespaces=com.example.namespace1,com.example.namespace2`\n      required: false\n      schema:\n        type: string\n\n  requestBodies:\n    Payload:\n      content:\n        application/json:\n          schema:\n            type: string\n            example: ''\n        application/octet-stream:\n          schema:\n            type: string\n            example: ''\n        text/plain:\n          schema:\n            type: string\n            example: ''\n      description: |-\n        Payload of the message with max size of 250 kB. It can be any HTTP\n        supported content, including binary content.\n    Attributes:\n      content:\n        application/json:\n          schema:\n            $ref: '#/components/schemas/Attributes'\n          example: {}\n      description: |-\n        JSON object of all Attributes to be modified at once. Consider that the\n        value has to be a JSON object or `null`, examples:\n\n          * an object: `{ \"key\": \"value\"}` -} We strongly recommend to use a restricted set of characters for the key (identifier). Currently these identifiers should follow the pattern: [_a-zA-Z][_a-zA-Z0-9\\-]*\n          * an empty object: `{}`\n      required: true\n    Value:\n      content:\n        application/json:\n          schema:\n            type: object\n            example: {}\n      description: |-\n        JSON representation of the value to be created/updated. This may be as\n        well `null` or an empty object.\n\n        Consider that the value has to be a JSON value, examples:\n\n          * for a number, the JSON value is the number: `42`\n\n          * for a string, the JSON value must be quoted: `\"aString\"`\n\n          * for a boolean, the JSON value is the boolean: `true`\n\n          * for an object, the JSON value is the object: `{ \"key\": \"value\"}` -} We strongly recommend to use a restricted set of characters for the key (identifier). Currently these identifiers should follow the pattern: [_a-zA-Z][_a-zA-Z0-9\\-]*\n\n          * for an list, the JSON value is the list: `[ 1,2,3 ]`\n      required: true\n\n  securitySchemes:\n    basicAuth:\n      type: http\n      description: |-\n        Eclipse Ditto sandbox demo user (demo1 ... demo9) + password (demo)\n      scheme: basic\n    bearerAuth:\n      type: http\n      scheme: bearer\n      bearerFormat: JWT\n      description: |-\n        A JSON Web Token issued by a supported OAuth 2.0 Identity Provider, e.g. a Google \"id_token\"\n"
  },
  {
    "path": "charts/ditto-digital-twins/requirements.yaml",
    "content": "dependencies:\n  - name: mongodb\n    repository: https://kubernetes-charts.storage.googleapis.com\n    version: 7.4.4\n    condition: mongodb.enabled\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/NOTES.txt",
    "content": "Eclipse Ditto installed!\n\nAccess ditto in your browser (http://localhost:8080) by running:\n\n    kubectl --namespace {{ .Release.Namespace }} port-forward svc/{{ include \"ditto-digital-twins.fullname\" . }}-nginx 8080:8080\n\nThe /status resource can be accessed by:\n\n    export STATUS_PWD=$(kubectl --namespace {{ .Release.Namespace }} get secret {{ include \"ditto-digital-twins.fullname\" . }}-gateway-secret -o jsonpath=\"{.data.status-password}\" | base64 --decode)\n    curl -i -X GET \"http://devops:${STATUS_PWD}@localhost:8080/status\"\n\nThe /devops resource can be accessed by:\n\n    export DEVOPS_PWD=$(kubectl --namespace {{ .Release.Namespace }} get secret {{ include \"ditto-digital-twins.fullname\" . }}-gateway-secret -o jsonpath=\"{.data.devops-password}\" | base64 --decode)\n    curl -i -X GET \"http://devops:${DEVOPS_PWD}@localhost:8080/devops\"\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/_helpers.tpl",
    "content": "{{/* vim: set filetype=mustache: */}}\n{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"ditto-digital-twins.name\" -}}\n{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCreate a default fully qualified app name.\nWe truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).\nIf release name contains chart name it will be used as a full name.\n*/}}\n{{- define \"ditto-digital-twins.fullname\" -}}\n{{- if .Values.fullnameOverride -}}\n{{- .Values.fullnameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- $name := default .Chart.Name .Values.nameOverride -}}\n{{- if contains $name .Release.Name -}}\n{{- .Release.Name | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- printf \"%s-%s\" .Release.Name $name | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n{{- end -}}\n{{- end -}}\n\n{{/*\nCreate chart name and version as used by the chart label.\n*/}}\n{{- define \"ditto-digital-twins.chart\" -}}\n{{- printf \"%s-%s\" .Chart.Name .Chart.Version | replace \"+\" \"_\" | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCommon labels\n*/}}\n{{- define \"ditto-digital-twins.labels\" -}}\nhelm.sh/chart: {{ include \"ditto-digital-twins.chart\" . }}\napp.kubernetes.io/instance: {{ .Release.Name }}\n{{- if .Chart.AppVersion }}\napp.kubernetes.io/version: {{ .Chart.AppVersion | quote }}\n{{- end }}\napp.kubernetes.io/managed-by: {{ .Release.Service }}\n{{- end -}}\n\n{{/*\nCreate the name of the service account to use\n*/}}\n{{- define \"ditto-digital-twins.serviceAccountName\" -}}\n{{- if .Values.serviceAccount.create -}}\n    {{ default (include \"ditto-digital-twins.fullname\" .) .Values.serviceAccount.name }}\n{{- else -}}\n    {{ default \"default\" .Values.serviceAccount.name }}\n{{- end -}}\n{{- end -}}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/concierge-deployment.yaml",
    "content": "{{- if .Values.concierge.enabled -}}\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-concierge\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-concierge\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\nspec:\n  replicas: {{ .Values.concierge.replicaCount }}\n  strategy:\n  {{- with .Values.concierge.updateStrategy }}\n  {{- toYaml . | nindent 4 }}\n  {{- end }}\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-concierge\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-concierge\n        app.kubernetes.io/instance: {{ .Release.Name }}\n        actorSystemName: {{ .Values.akka.actorSystemName }}\n        {{- with .Values.concierge.additionalLabels }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n      annotations:\n        {{- if .Values.global.prometheus.enabled }}\n        prometheus.io/scrape: \"true\"\n        prometheus.io/path: \"/\"\n        prometheus.io/port: \"{{ .Values.global.prometheus.port }}\"\n        {{- end }}\n        checksum/mongodb-config: {{ include (print $.Template.BasePath \"/mongodb-secret.yaml\") . | sha256sum }}\n        {{- with .Values.concierge.additionalAnnotations }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n    spec:\n      {{- if .Values.rbac.enabled }}\n      serviceAccountName: {{ template \"ditto-digital-twins.serviceAccountName\" . }}\n      {{- end }}\n    {{- with .Values.global.imagePullSecrets }}\n      imagePullSecrets:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n      containers:\n        - name: {{ .Chart.Name }}-concierge\n          image: \"{{ .Values.concierge.image.repository }}:{{ .Values.concierge.image.tag }}\"\n          imagePullPolicy: {{ .Values.concierge.image.imagePullPolicy }}\n          command: [\"java\"]\n          args:\n          {{- if .Values.concierge.systemProps }}\n            {{- toYaml .Values.concierge.systemProps | nindent 12 }}\n          {{- end }}\n            - \"-jar\"\n            - \"/opt/ditto/starter.jar\"\n          env:\n            - name: POD_LABEL_SELECTOR\n              value: \"app.kubernetes.io/name=%s\"\n            - name: POD_NAMESPACE\n              value: {{ .Release.Namespace }}\n            - name: INSTANCE_INDEX\n              valueFrom:\n                fieldRef:\n                  apiVersion: v1\n                  fieldPath: metadata.name\n            - name: HOSTNAME\n              valueFrom:\n                fieldRef:\n                  apiVersion: v1\n                  fieldPath: status.podIP\n            - name: DISCOVERY_METHOD\n              value: \"kubernetes-api\"\n            - name: TZ\n              value: \"{{ .Values.global.timezone }}\"\n            - name: OPENJ9_JAVA_OPTIONS\n              value: \"-XX:MaxRAMPercentage=80 -XX:InitialRAMPercentage=40 -XX:+ExitOnOutOfMemoryError{{ if .Values.dbconfig.concierge.ssl }} -Dorg.mongodb.async.type=netty{{ end }}\"\n            - name: MONGO_DB_SSL_ENABLED\n              value: \"{{ if .Values.dbconfig.concierge.ssl }}true{{ else }}false{{ end }}\"\n            - name: MONGO_DB_URI\n              valueFrom:\n                secretKeyRef:\n                  name: {{ include \"ditto-digital-twins.fullname\" . }}-mongodb-secret\n                  key: concierge-uri\n          {{- if .Values.global.prometheus.enabled }}\n            - name: PROMETHEUS_PORT\n              value: \"{{ .Values.global.prometheus.port }}\"\n          {{- end }}\n          {{- if .Values.concierge.extraEnv }}\n            {{- toYaml .Values.concierge.extraEnv | nindent 12 }}\n          {{- end }}\n          ports:\n            - name: http\n              containerPort: 8080\n              protocol: TCP\n            - name: remoting\n              containerPort: {{ .Values.akka.remoting.port }}\n              protocol: TCP\n            - name: management\n              containerPort: {{ .Values.akka.mgmthttp.port }}\n              protocol: TCP\n          readinessProbe:\n            httpGet:\n              port: management\n              path: /ready\n            initialDelaySeconds: {{ .Values.concierge.readinessProbe.initialDelaySeconds }}\n            periodSeconds: {{ .Values.concierge.readinessProbe.periodSeconds }}\n            timeoutSeconds: {{ .Values.concierge.readinessProbe.timeoutSeconds }}\n            failureThreshold: {{ .Values.concierge.readinessProbe.failureThreshold }}\n          livenessProbe:\n            httpGet:\n              port: management\n              path: /alive\n            initialDelaySeconds: {{ .Values.concierge.livenessProbe.initialDelaySeconds }}\n            periodSeconds: {{ .Values.concierge.livenessProbe.periodSeconds }}\n            timeoutSeconds: {{ .Values.concierge.livenessProbe.timeoutSeconds }}\n            failureThreshold: {{ .Values.concierge.livenessProbe.failureThreshold }}\n          resources:\n            {{- toYaml .Values.concierge.resources | nindent 12 }}\n      {{- with .Values.concierge.nodeSelector }}\n      nodeSelector:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n    {{- with .Values.concierge.affinity }}\n      affinity:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- with .Values.concierge.tolerations }}\n      tolerations:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/concierge-networkpolicy.yaml",
    "content": "{{- if .Values.concierge.networkPolicy.enabled }}\nkind: NetworkPolicy\napiVersion: networking.k8s.io/v1\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-concierge\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-concierge\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\nspec:\n  podSelector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-concierge\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  policyTypes:\n  - Ingress\n  - Egress\n  ingress:\n  # Allow inner cluster communication\n  - from:\n    - podSelector:\n        matchLabels:\n          actorSystemName: {{ .Values.akka.actorSystemName }}\n    ports:\n    - protocol: TCP\n      port: {{ .Values.akka.remoting.port }}\n    - protocol: TCP\n      port: {{ .Values.akka.mgmthttp.port }}\n# Open all egress\n  egress:\n  - {}\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/concierge-pdb.yaml",
    "content": "{{- if and .Values.concierge.podDisruptionBudget.enabled (gt .Values.concierge.replicaCount 1.0) -}}\napiVersion: policy/v1beta1\nkind: PodDisruptionBudget\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-concierge\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-concierge\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\nspec:\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-concierge\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  minAvailable: {{ .Values.concierge.podDisruptionBudget.minAvailable }}\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/connectivity-deployment.yaml",
    "content": "{{- if .Values.connectivity.enabled -}}\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-connectivity\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-connectivity\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\nspec:\n  replicas: {{ .Values.connectivity.replicaCount }}\n  strategy:\n  {{- with .Values.connectivity.updateStrategy }}\n  {{- toYaml . | nindent 4 }}\n  {{- end }}\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-connectivity\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-connectivity\n        app.kubernetes.io/instance: {{ .Release.Name }}\n        actorSystemName: {{ .Values.akka.actorSystemName }}\n        {{- with .Values.connectivity.additionalLabels }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n      annotations:\n        {{- if .Values.global.prometheus.enabled }}\n        prometheus.io/scrape: \"true\"\n        prometheus.io/path: \"/\"\n        prometheus.io/port: \"{{ .Values.global.prometheus.port }}\"\n        {{- end }}\n        checksum/mongodb-config: {{ include (print $.Template.BasePath \"/mongodb-secret.yaml\") . | sha256sum }}\n        {{- with .Values.connectivity.additionalAnnotations }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n    spec:\n      {{- if .Values.rbac.enabled }}\n      serviceAccountName: {{ template \"ditto-digital-twins.serviceAccountName\" . }}\n      {{- end }}\n    {{- with .Values.global.imagePullSecrets }}\n      imagePullSecrets:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n      containers:\n        - name: {{ .Chart.Name }}-connectivity\n          image: \"{{ .Values.connectivity.image.repository }}:{{ .Values.connectivity.image.tag }}\"\n          imagePullPolicy: {{ .Values.connectivity.image.imagePullPolicy }}\n          command: [\"java\"]\n          args:\n          {{- if .Values.connectivity.systemProps }}\n            {{- toYaml .Values.connectivity.systemProps | nindent 12 }}\n          {{- end }}\n            - \"-jar\"\n            - \"/opt/ditto/starter.jar\"\n          env:\n            - name: POD_LABEL_SELECTOR\n              value: \"app.kubernetes.io/name=%s\"\n            - name: POD_NAMESPACE\n              value: {{ .Release.Namespace }}\n            - name: INSTANCE_INDEX\n              valueFrom:\n                fieldRef:\n                  apiVersion: v1\n                  fieldPath: metadata.name\n            - name: HOSTNAME\n              valueFrom:\n                fieldRef:\n                  apiVersion: v1\n                  fieldPath: status.podIP\n            - name: DISCOVERY_METHOD\n              value: \"kubernetes-api\"\n            - name: TZ\n              value: \"{{ .Values.global.timezone }}\"\n            - name: OPENJ9_JAVA_OPTIONS\n              value: \"-XX:MaxRAMPercentage=80 -XX:InitialRAMPercentage=40 -XX:+ExitOnOutOfMemoryError{{ if .Values.dbconfig.connectivity.ssl }} -Dorg.mongodb.async.type=netty{{ end }}\"\n            - name: MONGO_DB_SSL_ENABLED\n              value: \"{{ if .Values.dbconfig.connectivity.ssl }}true{{ else }}false{{ end }}\"\n            - name: MONGO_DB_URI\n              valueFrom:\n                secretKeyRef:\n                  name: {{ include \"ditto-digital-twins.fullname\" . }}-mongodb-secret\n                  key: connectivity-uri\n          {{- if .Values.global.prometheus.enabled }}\n            - name: PROMETHEUS_PORT\n              value: \"{{ .Values.global.prometheus.port }}\"\n          {{- end }}\n          {{- if .Values.connectivity.extraEnv }}\n            {{- toYaml .Values.connectivity.extraEnv | nindent 12 }}\n          {{- end }}\n          ports:\n            - name: http\n              containerPort: 8080\n              protocol: TCP\n            - name: remoting\n              containerPort: {{ .Values.akka.remoting.port }}\n              protocol: TCP\n            - name: management\n              containerPort: {{ .Values.akka.mgmthttp.port }}\n              protocol: TCP\n          readinessProbe:\n            httpGet:\n              port: management\n              path: /ready\n            initialDelaySeconds: {{ .Values.connectivity.readinessProbe.initialDelaySeconds }}\n            periodSeconds: {{ .Values.connectivity.readinessProbe.periodSeconds }}\n            timeoutSeconds: {{ .Values.connectivity.readinessProbe.timeoutSeconds }}\n            failureThreshold: {{ .Values.connectivity.readinessProbe.failureThreshold }}\n          livenessProbe:\n            httpGet:\n              port: management\n              path: /alive\n            initialDelaySeconds: {{ .Values.connectivity.livenessProbe.initialDelaySeconds }}\n            periodSeconds: {{ .Values.connectivity.livenessProbe.periodSeconds }}\n            timeoutSeconds: {{ .Values.connectivity.livenessProbe.timeoutSeconds }}\n            failureThreshold: {{ .Values.connectivity.livenessProbe.failureThreshold }}\n          resources:\n            {{- toYaml .Values.connectivity.resources | nindent 12 }}\n      {{- with .Values.connectivity.nodeSelector }}\n      nodeSelector:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n    {{- with .Values.connectivity.affinity }}\n      affinity:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- with .Values.connectivity.tolerations }}\n      tolerations:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/connectivity-networkpolicy.yaml",
    "content": "{{- if .Values.connectivity.networkPolicy.enabled }}\nkind: NetworkPolicy\napiVersion: networking.k8s.io/v1\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-connectivity\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-connectivity\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\nspec:\n  podSelector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-connectivity\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  policyTypes:\n  - Ingress\n  - Egress\n  ingress:\n  # Allow inner cluster communication\n  - from:\n    - podSelector:\n        matchLabels:\n          actorSystemName: {{ .Values.akka.actorSystemName }}\n    ports:\n    - protocol: TCP\n      port: {{ .Values.akka.remoting.port }}\n    - protocol: TCP\n      port: {{ .Values.akka.mgmthttp.port }}\n  # Open all egress\n  egress:\n  - {}\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/connectivity-pdb.yaml",
    "content": "{{- if and .Values.connectivity.podDisruptionBudget.enabled (gt .Values.connectivity.replicaCount 1.0) -}}\napiVersion: policy/v1beta1\nkind: PodDisruptionBudget\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-connectivity\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-connectivity\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\nspec:\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-connectivity\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  minAvailable: {{ .Values.connectivity.podDisruptionBudget.minAvailable }}\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/gateway-deployment.yaml",
    "content": "{{- if .Values.gateway.enabled -}}\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-gateway\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-gateway\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\nspec:\n  replicas: {{ .Values.gateway.replicaCount }}\n  strategy:\n  {{- with .Values.gateway.updateStrategy }}\n  {{- toYaml . | nindent 4 }}\n  {{- end }}\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-gateway\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-gateway\n        app.kubernetes.io/instance: {{ .Release.Name }}\n        actorSystemName: {{ .Values.akka.actorSystemName }}\n        {{- with .Values.gateway.additionalLabels }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n      annotations:\n        {{- if .Values.global.prometheus.enabled }}\n        prometheus.io/scrape: \"true\"\n        prometheus.io/path: \"/\"\n        prometheus.io/port: \"{{ .Values.global.prometheus.port }}\"\n        {{- end }}\n        checksum/password-config: {{ include (print $.Template.BasePath \"/gateway-secret.yaml\") . | sha256sum }}\n        checksum/mongodb-config: {{ include (print $.Template.BasePath \"/mongodb-secret.yaml\") . | sha256sum }}\n        {{- with .Values.gateway.additionalAnnotations }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n    spec:\n      {{- if .Values.rbac.enabled }}\n      serviceAccountName: {{ template \"ditto-digital-twins.serviceAccountName\" . }}\n      {{- end }}\n    {{- with .Values.global.imagePullSecrets }}\n      imagePullSecrets:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n      containers:\n        - name: {{ .Chart.Name }}-gateway\n          image: \"{{ .Values.gateway.image.repository }}:{{ .Values.gateway.image.tag }}\"\n          imagePullPolicy: {{ .Values.gateway.image.imagePullPolicy }}\n          command: [\"java\"]\n          args:\n          {{- if .Values.gateway.systemProps }}\n            {{- toYaml .Values.gateway.systemProps | nindent 12 }}\n          {{- end }}\n            - \"-jar\"\n            - \"/opt/ditto/starter.jar\"\n          env:\n            - name: POD_LABEL_SELECTOR\n              value: \"app.kubernetes.io/name=%s\"\n            - name: POD_NAMESPACE\n              value: {{ .Release.Namespace }}\n            - name: ENABLE_DUMMY_AUTH\n              value: {{ .Values.gateway.enableDummyAuth | quote }}\n            - name: INSTANCE_INDEX\n              valueFrom:\n                fieldRef:\n                  apiVersion: v1\n                  fieldPath: metadata.name\n            - name: HOSTNAME\n              valueFrom:\n                fieldRef:\n                  apiVersion: v1\n                  fieldPath: status.podIP\n            - name: DISCOVERY_METHOD\n              value: \"kubernetes-api\"\n            - name: TZ\n              value: \"{{ .Values.global.timezone }}\"\n            - name: OPENJ9_JAVA_OPTIONS\n              value: \"-XX:MaxRAMPercentage=80 -XX:InitialRAMPercentage=40 -XX:+ExitOnOutOfMemoryError\"\n            - name: DEVOPS_SECURE_STATUS\n              value: \"{{ .Values.gateway.devopsSecureStatus }}\"\n            - name: DEVOPS_PASSWORD\n              valueFrom:\n                secretKeyRef:\n                  name: {{ include \"ditto-digital-twins.fullname\" . }}-gateway-secret\n                  key: devops-password\n            - name: STATUS_PASSWORD\n              valueFrom:\n                secretKeyRef:\n                  name: {{ include \"ditto-digital-twins.fullname\" . }}-gateway-secret\n                  key: status-password\n          {{- if .Values.global.prometheus.enabled }}\n            - name: PROMETHEUS_PORT\n              value: \"{{ .Values.global.prometheus.port }}\"\n          {{- end }}\n          {{- if .Values.gateway.extraEnv }}\n            {{- toYaml .Values.gateway.extraEnv | nindent 12 }}\n          {{- end }}\n          ports:\n            - name: http\n              containerPort: 8080\n              protocol: TCP\n            - name: remoting\n              containerPort: {{ .Values.akka.remoting.port }}\n              protocol: TCP\n            - name: management\n              containerPort: {{ .Values.akka.mgmthttp.port }}\n              protocol: TCP\n          readinessProbe:\n            httpGet:\n              port: management\n              path: /ready\n            initialDelaySeconds: {{ .Values.gateway.readinessProbe.initialDelaySeconds }}\n            periodSeconds: {{ .Values.gateway.readinessProbe.periodSeconds }}\n            timeoutSeconds: {{ .Values.gateway.readinessProbe.timeoutSeconds }}\n            failureThreshold: {{ .Values.gateway.readinessProbe.failureThreshold }}\n          livenessProbe:\n            httpGet:\n              port: management\n              path: /alive\n            initialDelaySeconds: {{ .Values.gateway.livenessProbe.initialDelaySeconds }}\n            periodSeconds: {{ .Values.gateway.livenessProbe.periodSeconds }}\n            timeoutSeconds: {{ .Values.gateway.livenessProbe.timeoutSeconds }}\n            failureThreshold: {{ .Values.gateway.livenessProbe.failureThreshold }}\n          resources:\n            {{- toYaml .Values.gateway.resources | nindent 12 }}\n      {{- with .Values.gateway.nodeSelector }}\n      nodeSelector:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n    {{- with .Values.gateway.affinity }}\n      affinity:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- with .Values.gateway.tolerations }}\n      tolerations:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/gateway-networkpolicy.yaml",
    "content": "{{- if .Values.gateway.networkPolicy.enabled }}\nkind: NetworkPolicy\napiVersion: networking.k8s.io/v1\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-gateway\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-gateway\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\nspec:\n  podSelector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-gateway\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  policyTypes:\n  - Ingress\n  - Egress\n  ingress:\n  # Allow access from Nginx\n  - from:\n    - podSelector:\n        matchLabels:\n          app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-nginx\n          app.kubernetes.io/instance: {{ .Release.Name }}\n    ports:\n    - protocol: TCP\n      port: http\n  # Allow inner cluster communication\n  - from:\n    - podSelector:\n        matchLabels:\n          actorSystemName: {{ .Values.akka.actorSystemName }}\n    ports:\n    - protocol: TCP\n      port: {{ .Values.akka.remoting.port }}\n    - protocol: TCP\n      port: {{ .Values.akka.mgmthttp.port }}\n  # Open all egress\n  egress:\n  - {}\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/gateway-pdb.yaml",
    "content": "{{- if and .Values.gateway.podDisruptionBudget.enabled (gt .Values.gateway.replicaCount 1.0) -}}\napiVersion: policy/v1beta1\nkind: PodDisruptionBudget\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-gateway\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-gateway\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\nspec:\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-gateway\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  minAvailable: {{ .Values.gateway.podDisruptionBudget.minAvailable }}\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/gateway-secret.yaml",
    "content": "apiVersion: v1\nkind: Secret\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-gateway-secret\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-gateway-secret\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\ntype: Opaque\ndata:\n  {{- if .Values.gateway.devopsPassword }}\n  devops-password: {{ .Values.gateway.devopsPassword | b64enc | quote }}\n  {{- else }}\n  devops-password: {{ randAlphaNum 12 | b64enc | quote }}\n  {{- end }}\n  {{- if .Values.gateway.statusPassword }}\n  status-password: {{ .Values.gateway.statusPassword | b64enc | quote }}\n  {{- else }}\n  status-password: {{ randAlphaNum 12 | b64enc | quote }}\n  {{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/gateway-service.yaml",
    "content": "{{- if .Values.gateway.enabled -}}\napiVersion: v1\nkind: Service\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-gateway\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-gateway\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\n  {{- with .Values.gateway.service.annotations }}\n  annotations:\n    {{- toYaml . | nindent 4 }}\n  {{- end }}\nspec:\n  ports:\n    - port: {{ .Values.gateway.service.port }}\n      targetPort: http\n      protocol: TCP\n      name: http\n  selector:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-gateway\n    app.kubernetes.io/instance: {{ .Release.Name }}\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/mongodb-secret.yaml",
    "content": "apiVersion: v1\nkind: Secret\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-mongodb-secret\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-mongodb-secret\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\ntype: Opaque\ndata:\n  concierge-uri: {{ .Values.dbconfig.concierge.uri | b64enc | quote}}\n  connectivity-uri: {{ .Values.dbconfig.connectivity.uri  | b64enc | quote}}\n  things-uri: {{ .Values.dbconfig.things.uri  | b64enc | quote}}\n  searchDB-uri: {{ .Values.dbconfig.searchDB.uri  | b64enc | quote}}\n  policies-uri: {{ .Values.dbconfig.policies.uri  | b64enc | quote}}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/nginx-config.yaml",
    "content": "{{- if .Values.nginx.enabled -}}\n{{- $releaseName := .Release.Name -}}\n{{- $name := include \"ditto-digital-twins.name\" . -}}\n{{- $labels := include \"ditto-digital-twins.labels\" . -}}\n{{ $root := . }}\n{{ range $path, $bytes := .Files.Glob \"nginx-config/**\" }}\napiVersion: v1\nkind: ConfigMap\nmetadata:\n  name: {{ $releaseName }}-{{ $path | replace \"/\" \"-\" | replace \".\" \"-\" }}\n  labels:\n    app.kubernetes.io/name: {{ $name }}-nginx-config\n{{ $labels | indent 4 }}\ndata:\n  {{ $path | replace \"nginx-config/\" \"\"}}: |-\n{{ $root.Files.Get $path | indent 4 }}\n---\n{{- end -}}\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/nginx-configmap.yaml",
    "content": "apiVersion: v1\nkind: ConfigMap\nmetadata:\n  name: {{ .Release.Name }}-nginx-conf\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-nginx-conf\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\ndata:\n  nginx.conf: |-\n    worker_processes 1;\n    \n    events {worker_connections 1024;}\n    \n    http {\n      charset utf-8;\n      default_type application/json;\n    \n      # timeouts are configured slightly higher than ditto-ditto-digital-twins-gateway read-timeout of 60 seconds\n      proxy_connect_timeout 70; # seconds, default: 60\n      proxy_send_timeout 70; # seconds, default: 60\n      proxy_read_timeout 70; # seconds, default: 60\n      send_timeout 70; # seconds, default: 60\n    \n      client_header_buffer_size 8k; # allow longer URIs + headers (default: 1k)\n      large_client_header_buffers 4 16k;\n    \n      merge_slashes off; # allow multiple slashes for CRS Authentication\n    \n      upstream {{ include \"ditto-digital-twins.fullname\" . }}-gateway {\n        server {{ include \"ditto-digital-twins.fullname\" . }}-gateway:8080;\n      }\n    \n      server {\n        listen 80;\n        server_name localhost;\n    \n        location / {\n          index index.html;\n        }\n    \n        # api\n        location /api {\n          include nginx-cors.conf;\n\n          {{ if .Values.global.jwtOnly -}}\n          proxy_pass_request_headers    on;\n          proxy_set_header              Authorization       $http_authorization;\n          {{ else }}\n          auth_basic                    \"Authentication required\";\n          auth_basic_user_file          nginx.htpasswd;\n          proxy_set_header              X-Forwared-User     $remote_user;\n          proxy_set_header              x-ditto-dummy-auth  \"nginx:${remote_user}\";\n          {{- end }}\n        \n          proxy_pass                    http://{{ include \"ditto-digital-twins.fullname\" . }}-gateway;\n          proxy_http_version            1.1;\n          proxy_set_header              Host                $http_host;\n          proxy_set_header              X-Real-IP           $remote_addr;\n          proxy_set_header              X-Forwarded-For     $proxy_add_x_forwarded_for;\n    \n          proxy_set_header Connection  '';\n          chunked_transfer_encoding    off;\n          proxy_buffering              off;\n          proxy_cache                  off;\n        }\n    \n        # ws\n        location /ws {\n\n          {{ if .Values.global.jwtOnly -}}\n          proxy_pass_request_headers    on;\n          proxy_set_header              Authorization       $http_authorization;\n          {{ else }}\n          auth_basic                    \"Authentication required\";\n          auth_basic_user_file          nginx.htpasswd;\n          proxy_set_header              X-Forwared-User     $remote_user;\n          proxy_set_header              x-ditto-dummy-auth  \"nginx:${remote_user}\";\n          {{- end }}\n          \n          proxy_pass                    http://{{ include \"ditto-digital-twins.fullname\" . }}-gateway;\n          proxy_http_version            1.1;\n          proxy_set_header              Host                $http_host;\n          proxy_set_header              X-Real-IP           $remote_addr;\n          proxy_set_header              X-Forwarded-For     $proxy_add_x_forwarded_for;\n    \n          proxy_set_header              Upgrade             $http_upgrade;\n          proxy_set_header              Connection          \"upgrade\";\n          proxy_read_timeout            1d;\n          proxy_send_timeout            1d;\n        }\n    \n        # health\n        location /health {\n          include nginx-cors.conf;\n    \n          proxy_pass                    http://{{ include \"ditto-digital-twins.fullname\" . }}-gateway/health;\n          proxy_http_version            1.1;\n          proxy_set_header              Host                $http_host;\n          proxy_set_header              X-Real-IP           $remote_addr;\n          proxy_set_header              X-Forwarded-For     $proxy_add_x_forwarded_for;\n          proxy_set_header              X-Forwarded-User    $remote_user;\n        }\n    \n        # status\n        location /status {\n          include nginx-cors.conf;\n    \n          proxy_pass                    http://{{ include \"ditto-digital-twins.fullname\" . }}-gateway/overall/status;\n          proxy_http_version            1.1;\n          proxy_set_header              Host                $http_host;\n          proxy_set_header              X-Real-IP           $remote_addr;\n          proxy_set_header              X-Forwarded-For     $proxy_add_x_forwarded_for;\n          proxy_set_header              X-Forwarded-User    $remote_user;\n        }\n    \n        # devops\n        location /devops {\n          include nginx-cors.conf;\n\n          proxy_pass                    http://{{ include \"ditto-digital-twins.fullname\" . }}-gateway/devops;\n          proxy_http_version            1.1;\n          proxy_set_header              Host                $http_host;\n          proxy_set_header              X-Real-IP           $remote_addr;\n          proxy_set_header              X-Forwarded-For     $proxy_add_x_forwarded_for;\n          proxy_set_header              X-Forwarded-User    $remote_user;\n        }\n    \n        # swagger\n        # access API doc on: /apidoc/1 or /apidoc/2\n        location /apidoc/ {\n          rewrite ^/apidoc/([0-9])$ $scheme://$http_host/apidoc/?url=/apidoc/openapi/ditto-api-$1.yml  redirect;\n          proxy_pass                    http://{{ include \"ditto-digital-twins.fullname\" . }}-swaggerui:8080/;\n          proxy_http_version            1.1;\n          proxy_set_header              Host                $http_host;\n        }\n      }\n    }\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/nginx-deployment.yaml",
    "content": "{{- if .Values.nginx.enabled -}}\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-nginx\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-nginx\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\nspec:\n  replicas: {{ .Values.nginx.replicaCount }}\n  strategy:\n  {{- with .Values.nginx.updateStrategy }}\n  {{- toYaml . | nindent 4 }}\n  {{- end }}\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-nginx\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-nginx\n        app.kubernetes.io/instance: {{ .Release.Name }}\n        {{- with .Values.nginx.additionalLabels }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n      annotations:\n        checksum/nginx-conf: {{ include (print $.Template.BasePath \"/nginx-configmap.yaml\") . | sha256sum }}\n        checksum/nginx-config: {{ include (print $.Template.BasePath \"/nginx-config.yaml\") . | sha256sum }}\n        {{- with .Values.nginx.additionalAnnotations }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n    spec:\n    {{- with .Values.global.imagePullSecrets }}\n      imagePullSecrets:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n      containers:\n        - name: {{ .Chart.Name }}-nginx\n          image: \"{{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag }}\"\n          imagePullPolicy: {{ .Values.nginx.image.imagePullPolicy }}\n          env:\n          {{- if .Values.nginx.extraEnv }}\n            {{- toYaml .Values.nginx.extraEnv | nindent 12 }}\n          {{- end }}\n          ports:\n            - name: http\n              containerPort: 80\n              protocol: TCP\n          {{- if .Values.nginx.readinessProbe }}\n          readinessProbe:\n            {{- toYaml .Values.nginx.readinessProbe | nindent 12 }}\n          {{- end }}\n          {{- if .Values.nginx.livenessProbe }}\n          livenessProbe:\n            {{- toYaml .Values.nginx.livenessProbe | nindent 12 }}\n          {{- end }}\n          resources:\n            {{- toYaml .Values.nginx.resources | nindent 12 }}\n          volumeMounts:\n            - name: nginx-conf\n              mountPath: /etc/nginx/nginx.conf\n              subPath: nginx.conf\n            - name: nginx-htpasswd\n              mountPath: /etc/nginx/nginx.htpasswd\n              subPath: nginx.htpasswd\n            - name: nginx-cors\n              mountPath: /etc/nginx/nginx-cors.conf\n              subPath: nginx-cors.conf\n            - name: nginx-index\n              mountPath: /etc/nginx/html/index.html\n              subPath: index.html\n      volumes:\n        - name: nginx-conf\n          configMap:\n            name: {{ .Release.Name }}-nginx-conf\n        - name: nginx-htpasswd\n          configMap:\n            name: {{ .Release.Name }}-nginx-config-nginx-htpasswd\n        - name: nginx-cors\n          configMap:\n            name: {{ .Release.Name }}-nginx-config-nginx-cors-conf\n        - name: nginx-index\n          configMap:\n            name: {{ .Release.Name }}-nginx-config-index-html\n{{- if .Values.nginx.rootAccess }}\n      securityContext:\n        runAsUser: 0\n{{- end }}\n      {{- with .Values.nginx.nodeSelector }}\n      nodeSelector:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n    {{- with .Values.nginx.affinity }}\n      affinity:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- with .Values.nginx.tolerations }}\n      tolerations:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/nginx-ingress.yaml",
    "content": "{{- if .Values.ingress.enabled -}}\n{{- $fullName := include \"ditto-digital-twins.fullname\" . -}}\n{{- if semverCompare \">=1.14-0\" .Capabilities.KubeVersion.GitVersion -}}\napiVersion: networking.k8s.io/v1beta1\n{{- else -}}\napiVersion: extensions/v1beta1\n{{- end }}\nkind: Ingress\nmetadata:\n  name: {{ $fullName }}\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-nginx\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\n  {{- with .Values.ingress.annotations }}\n  annotations:\n    {{- toYaml . | nindent 4 }}\n  {{- end }}\nspec:\n{{- if .Values.ingress.tls }}\n  tls:\n  {{- range .Values.ingress.tls }}\n    - hosts:\n      {{- range .hosts }}\n        - {{ . | quote }}\n      {{- end }}\n      secretName: {{ .secretName }}\n  {{- end }}\n{{- end }}\n  rules:\n  {{- range .Values.ingress.hosts }}\n    - host: {{ .host | quote }}\n      http:\n        paths:\n        {{- range .paths }}\n          - path: {{ . }}\n            backend:\n              serviceName: {{ $fullName }}-nginx\n              servicePort: http\n        {{- end }}\n  {{- end }}\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/nginx-service.yaml",
    "content": "{{- if .Values.nginx.enabled -}}\napiVersion: v1\nkind: Service\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-nginx\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-nginx\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\n  {{- with .Values.nginx.annotations }}\n  annotations:\n    {{- toYaml . | nindent 4 }}\n  {{- end }}\nspec:\n  type: {{ .Values.nginx.service.type }}\n  ports:\n    - port: {{ .Values.nginx.service.port }}\n      targetPort: http\n      protocol: TCP\n      name: http\n  selector:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-nginx\n    app.kubernetes.io/instance: {{ .Release.Name }}\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/policies-deployment.yaml",
    "content": "{{- if .Values.policies.enabled -}}\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-policies\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-policies\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\nspec:\n  replicas: {{ .Values.policies.replicaCount }}\n  strategy:\n  {{- with .Values.policies.updateStrategy }}\n  {{- toYaml . | nindent 4 }}\n  {{- end }}\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-policies\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-policies\n        app.kubernetes.io/instance: {{ .Release.Name }}\n        actorSystemName: {{ .Values.akka.actorSystemName }}\n        {{- with .Values.policies.additionalLabels }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n      annotations:\n        {{- if .Values.global.prometheus.enabled }}\n        prometheus.io/scrape: \"true\"\n        prometheus.io/path: \"/\"\n        prometheus.io/port: \"{{ .Values.global.prometheus.port }}\"\n        {{- end }}\n        checksum/mongodb-config: {{ include (print $.Template.BasePath \"/mongodb-secret.yaml\") . | sha256sum }}\n        {{- with .Values.policies.additionalAnnotations }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n    spec:\n      {{- if .Values.rbac.enabled }}\n      serviceAccountName: {{ template \"ditto-digital-twins.serviceAccountName\" . }}\n      {{- end }}\n    {{- with .Values.global.imagePullSecrets }}\n      imagePullSecrets:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n      containers:\n        - name: {{ .Chart.Name }}-policies\n          image: \"{{ .Values.policies.image.repository }}:{{ .Values.policies.image.tag }}\"\n          imagePullPolicy: {{ .Values.policies.image.imagePullPolicy }}\n          command: [\"java\"]\n          args:\n          {{- if .Values.policies.systemProps }}\n            {{- toYaml .Values.policies.systemProps | nindent 12 }}\n          {{- end }}\n            - \"-jar\"\n            - \"/opt/ditto/starter.jar\"\n          env:\n            - name: POD_LABEL_SELECTOR\n              value: \"app.kubernetes.io/name=%s\"\n            - name: POD_NAMESPACE\n              value: {{.Release.Namespace}}\n            - name: INSTANCE_INDEX\n              valueFrom:\n                fieldRef:\n                  apiVersion: v1\n                  fieldPath: metadata.name\n            - name: HOSTNAME\n              valueFrom:\n                fieldRef:\n                  apiVersion: v1\n                  fieldPath: status.podIP\n            - name: DISCOVERY_METHOD\n              value: \"kubernetes-api\"\n            - name: TZ\n              value: \"{{ .Values.global.timezone }}\"\n            - name: OPENJ9_JAVA_OPTIONS\n              value: \"-XX:MaxRAMPercentage=80 -XX:InitialRAMPercentage=40 -XX:+ExitOnOutOfMemoryError{{ if .Values.dbconfig.policies.ssl }} -Dorg.mongodb.async.type=netty{{ end }}\"\n            - name: MONGO_DB_SSL_ENABLED\n              value: \"{{ if .Values.dbconfig.policies.ssl }}true{{ else }}false{{ end }}\"\n            - name: MONGO_DB_URI\n              valueFrom:\n                secretKeyRef:\n                  name: {{ include \"ditto-digital-twins.fullname\" . }}-mongodb-secret\n                  key: policies-uri\n          {{- if .Values.global.prometheus.enabled }}\n            - name: PROMETHEUS_PORT\n              value: \"{{ .Values.global.prometheus.port }}\"\n          {{- end }}\n          {{- if .Values.policies.extraEnv }}\n            {{- toYaml .Values.policies.extraEnv | nindent 12 }}\n          {{- end }}\n          ports:\n            - name: http\n              containerPort: 8080\n              protocol: TCP\n            - name: remoting\n              containerPort: {{ .Values.akka.remoting.port }}\n              protocol: TCP\n            - name: management\n              containerPort: {{ .Values.akka.mgmthttp.port }}\n              protocol: TCP\n          readinessProbe:\n            httpGet:\n              port: management\n              path: /ready\n            initialDelaySeconds: {{ .Values.policies.readinessProbe.initialDelaySeconds }}\n            periodSeconds: {{ .Values.policies.readinessProbe.periodSeconds }}\n            timeoutSeconds: {{ .Values.policies.readinessProbe.timeoutSeconds }}\n            failureThreshold: {{ .Values.policies.readinessProbe.failureThreshold }}\n          livenessProbe:\n            httpGet:\n              port: management\n              path: /alive\n            initialDelaySeconds: {{ .Values.policies.livenessProbe.initialDelaySeconds }}\n            periodSeconds: {{ .Values.policies.livenessProbe.periodSeconds }}\n            timeoutSeconds: {{ .Values.policies.livenessProbe.timeoutSeconds }}\n            failureThreshold: {{ .Values.policies.livenessProbe.failureThreshold }}\n          resources:\n            {{- toYaml .Values.policies.resources | nindent 12 }}\n      {{- with .Values.policies.nodeSelector }}\n      nodeSelector:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n    {{- with .Values.policies.affinity }}\n      affinity:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- with .Values.policies.tolerations }}\n      tolerations:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/policies-networkpolicy.yaml",
    "content": "{{- if .Values.policies.networkPolicy.enabled }}\nkind: NetworkPolicy\napiVersion: networking.k8s.io/v1\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-policies\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-policies\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\nspec:\n  podSelector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-policies\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  policyTypes:\n  - Ingress\n  - Egress\n  ingress:\n  # Allow inner cluster communication\n  - from:\n    - podSelector:\n        matchLabels:\n          actorSystemName: {{ .Values.akka.actorSystemName }}\n    ports:\n    - protocol: TCP\n      port: {{ .Values.akka.remoting.port }}\n    - protocol: TCP\n      port: {{ .Values.akka.mgmthttp.port }}\n  # Open all egress\n  egress:\n  - {}\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/policies-pdb.yaml",
    "content": "{{- if and .Values.policies.podDisruptionBudget.enabled (gt .Values.policies.replicaCount 1.0) -}}\napiVersion: policy/v1beta1\nkind: PodDisruptionBudget\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-policies\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-policies\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\nspec:\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-policies\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  minAvailable: {{ .Values.policies.podDisruptionBudget.minAvailable }}\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/role.yaml",
    "content": "{{- if .Values.rbac.enabled -}}\nkind: Role\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\nrules:\n- apiGroups: [\"\"]\n  resources: [\"pods\"]\n  verbs: [\"get\", \"watch\", \"list\"]\n{{- end -}}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/rolebinding.yaml",
    "content": "{{- if .Values.rbac.enabled -}}\nkind: RoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\nroleRef:\n  kind: Role\n  name: {{ include \"ditto-digital-twins.fullname\" . }}\n  apiGroup: rbac.authorization.k8s.io\nsubjects:\n- kind: ServiceAccount\n  name: {{ template \"ditto-digital-twins.serviceAccountName\" . }}\n{{- end -}}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/serviceaccount.yaml",
    "content": "{{- if .Values.serviceAccount.create -}}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: {{ template \"ditto-digital-twins.serviceAccountName\" . }}\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\n{{- end -}}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/swaggerui-config.yaml",
    "content": "{{- if .Values.swaggerui.enabled -}}\napiVersion: v1\nkind: ConfigMap\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-swaggerui\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-swaggerui\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\ndata:\n{{ (.Files.Glob \"openapi/*\").AsConfig | indent 2 }}\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/swaggerui-deployment.yaml",
    "content": "{{- if .Values.swaggerui.enabled -}}\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-swaggerui\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-swaggerui\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\nspec:\nspec:\n  replicas: {{ .Values.swaggerui.replicaCount }}\n  strategy:\n  {{- with .Values.swaggerui.updateStrategy }}\n  {{- toYaml . | nindent 4 }}\n  {{- end }}\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-swaggerui\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-swaggerui\n        app.kubernetes.io/instance: {{ .Release.Name }}\n        {{- with .Values.swaggerui.additionalLabels }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n      annotations:\n        {{- with .Values.swaggerui.additionalAnnotations }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n    spec:\n    {{- with .Values.global.imagePullSecrets }}\n      imagePullSecrets:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n      containers:\n        - name: {{ .Chart.Name }}-swaggerui\n          image: \"{{ .Values.swaggerui.image.repository }}:{{ .Values.swaggerui.image.tag }}\"\n          imagePullPolicy: {{ .Values.swaggerui.image.imagePullPolicy }}\n          env:\n          {{- if .Values.swaggerui.extraEnv }}\n            {{- toYaml .Values.swaggerui.extraEnv | nindent 12 }}\n          {{- end }}\n          ports:\n            - name: http\n              containerPort: 8080\n              protocol: TCP\n          volumeMounts:\n            - name: swagger-ui-api\n              mountPath: /usr/share/nginx/html/openapi\n      volumes:\n        - name: swagger-ui-api\n          configMap:\n            name: {{ include \"ditto-digital-twins.fullname\" . }}-swaggerui\n{{- if .Values.swaggerui.rootAccess }}\n      securityContext:\n        runAsUser: 0\n{{- end }}\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/swaggerui-networkpolicy.yaml",
    "content": "{{- if .Values.swaggerui.networkPolicy.enabled }}\nkind: NetworkPolicy\napiVersion: networking.k8s.io/v1\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-swaggerui\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-swaggerui\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\nspec:\n  podSelector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-swaggerui\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  policyTypes:\n  - Ingress\n  - Egress\n  ingress:\n  - from:\n    - podSelector:\n        matchLabels:\n          app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-nginx\n          app.kubernetes.io/instance: {{ .Release.Name }}\n    ports:\n    - protocol: TCP\n      port: 8080\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/swaggerui-pdb.yaml",
    "content": "{{- if and .Values.swaggerui.podDisruptionBudget.enabled (gt .Values.swaggerui.replicaCount 1.0) -}}\napiVersion: policy/v1beta1\nkind: PodDisruptionBudget\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-swaggerui\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-swaggerui\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\nspec:\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-swaggerui\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  minAvailable: {{ .Values.swaggerui.podDisruptionBudget.minAvailable }}\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/swaggerui-service.yaml",
    "content": "{{- if .Values.swaggerui.enabled -}}\napiVersion: v1\nkind: Service\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-swaggerui\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-swaggerui\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\n  {{- with .Values.swaggerui.annotations }}\n  annotations:\n    {{- toYaml . | nindent 4 }}\n  {{- end }}\nspec:\n  ports:\n    - port: {{ .Values.swaggerui.service.port }}\n      targetPort: http\n      protocol: TCP\n      name: http\n  selector:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-swaggerui\n    app.kubernetes.io/instance: {{ .Release.Name }}\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/things-deployment.yaml",
    "content": "{{- if .Values.things.enabled -}}\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-things\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-things\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\nspec:\n  replicas: {{ .Values.things.replicaCount }}\n  strategy:\n  {{- with .Values.things.updateStrategy }}\n  {{- toYaml . | nindent 4 }}\n  {{- end }}\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-things\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-things\n        app.kubernetes.io/instance: {{ .Release.Name }}\n        actorSystemName: {{ .Values.akka.actorSystemName }}\n        {{- with .Values.things.additionalLabels }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n      annotations:\n        {{- if .Values.global.prometheus.enabled }}\n        prometheus.io/scrape: \"true\"\n        prometheus.io/path: \"/\"\n        prometheus.io/port: \"{{ .Values.global.prometheus.port }}\"\n        {{- end }}\n        checksum/mongodb-config: {{ include (print $.Template.BasePath \"/mongodb-secret.yaml\") . | sha256sum }}\n        {{- with .Values.things.additionalAnnotations }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n    spec:\n      {{- if .Values.rbac.enabled }}\n      serviceAccountName: {{ template \"ditto-digital-twins.serviceAccountName\" . }}\n      {{- end }}\n    {{- with .Values.global.imagePullSecrets }}\n      imagePullSecrets:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n      containers:\n        - name: {{ .Chart.Name }}-things\n          image: \"{{ .Values.things.image.repository }}:{{ .Values.things.image.tag }}\"\n          imagePullPolicy: {{ .Values.things.image.imagePullPolicy }}\n          command: [\"java\"]\n          args:\n          {{- if .Values.things.systemProps }}\n            {{- toYaml .Values.things.systemProps | nindent 12 }}\n          {{- end }}\n            - \"-jar\"\n            - \"/opt/ditto/starter.jar\"\n          env:\n            - name: POD_LABEL_SELECTOR\n              value: \"app.kubernetes.io/name=%s\"\n            - name: POD_NAMESPACE\n              value: {{.Release.Namespace}}\n            - name: INSTANCE_INDEX\n              valueFrom:\n                fieldRef:\n                  apiVersion: v1\n                  fieldPath: metadata.name\n            - name: HOSTNAME\n              valueFrom:\n                fieldRef:\n                  apiVersion: v1\n                  fieldPath: status.podIP\n            - name: DISCOVERY_METHOD\n              value: \"kubernetes-api\"\n            - name: TZ\n              value: \"{{ .Values.global.timezone }}\"\n            - name: OPENJ9_JAVA_OPTIONS\n              value: \"-XX:MaxRAMPercentage=80 -XX:InitialRAMPercentage=40 -XX:+ExitOnOutOfMemoryError{{ if .Values.dbconfig.things.ssl }} -Dorg.mongodb.async.type=netty{{ end }}\"\n            - name: MONGO_DB_SSL_ENABLED\n              value: \"{{ if .Values.dbconfig.things.ssl }}true{{ else }}false{{ end }}\"\n            - name: MONGO_DB_URI\n              valueFrom:\n                secretKeyRef:\n                  name: {{ include \"ditto-digital-twins.fullname\" . }}-mongodb-secret\n                  key: things-uri\n          {{- if .Values.global.prometheus.enabled }}\n            - name: PROMETHEUS_PORT\n              value: \"{{ .Values.global.prometheus.port }}\"\n          {{- end }}\n          {{- if .Values.things.extraEnv }}\n            {{- toYaml .Values.things.extraEnv | nindent 12 }}\n          {{- end }}\n          ports:\n            - name: http\n              containerPort: 8080\n              protocol: TCP\n            - name: remoting\n              containerPort: {{ .Values.akka.remoting.port }}\n              protocol: TCP\n            - name: management\n              containerPort: {{ .Values.akka.mgmthttp.port }}\n              protocol: TCP\n          readinessProbe:\n            httpGet:\n              port: management\n              path: /ready\n            initialDelaySeconds: {{ .Values.things.readinessProbe.initialDelaySeconds }}\n            periodSeconds: {{ .Values.things.readinessProbe.periodSeconds }}\n            timeoutSeconds: {{ .Values.things.readinessProbe.timeoutSeconds }}\n            failureThreshold: {{ .Values.things.readinessProbe.failureThreshold }}\n          livenessProbe:\n            httpGet:\n              port: management\n              path: /alive\n            initialDelaySeconds: {{ .Values.things.livenessProbe.initialDelaySeconds }}\n            periodSeconds: {{ .Values.things.livenessProbe.periodSeconds }}\n            timeoutSeconds: {{ .Values.things.livenessProbe.timeoutSeconds }}\n            failureThreshold: {{ .Values.things.livenessProbe.failureThreshold }}\n          resources:\n            {{- toYaml .Values.things.resources | nindent 12 }}\n      {{- with .Values.things.nodeSelector }}\n      nodeSelector:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n    {{- with .Values.things.affinity }}\n      affinity:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- with .Values.things.tolerations }}\n      tolerations:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/things-networkpolicy.yaml",
    "content": "{{- if .Values.things.networkPolicy.enabled }}\nkind: NetworkPolicy\napiVersion: networking.k8s.io/v1\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-things\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-things\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\nspec:\n  podSelector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-things\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  policyTypes:\n  - Ingress\n  - Egress\n  ingress:\n  # Allow access from concierge\n  - from:\n    - podSelector:\n        matchLabels:\n          app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-concierge\n          app.kubernetes.io/instance: {{ .Release.Name }}\n    ports:\n    - protocol: TCP\n      port: http\n  # Allow inner cluster communication\n  - from:\n    - podSelector:\n        matchLabels:\n          actorSystemName: {{ .Values.akka.actorSystemName }}\n    ports:\n    - protocol: TCP\n      port: {{ .Values.akka.remoting.port }}\n    - protocol: TCP\n      port: {{ .Values.akka.mgmthttp.port }}\n  # Open all egress\n  egress:\n  - {}\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/things-pdb.yaml",
    "content": "{{- if and .Values.things.podDisruptionBudget.enabled (gt .Values.things.replicaCount 1.0) -}}\napiVersion: policy/v1beta1\nkind: PodDisruptionBudget\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-things\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-things\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\nspec:\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-things\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  minAvailable: {{ .Values.things.podDisruptionBudget.minAvailable }}\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/thingssearch-deployment.yaml",
    "content": "{{- if .Values.thingsSearch.enabled -}}\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-thingssearch\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-thingssearch\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\nspec:\n  replicas: {{ .Values.thingsSearch.replicaCount }}\n  strategy:\n  {{- with .Values.thingsSearch.updateStrategy }}\n  {{- toYaml . | nindent 4 }}\n  {{- end }}\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-thingssearch\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-thingssearch\n        app.kubernetes.io/instance: {{ .Release.Name }}\n        actorSystemName: {{ .Values.akka.actorSystemName }}\n        {{- with .Values.thingsSearch.additionalLabels }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n      annotations:\n        {{- if .Values.global.prometheus.enabled }}\n        prometheus.io/scrape: \"true\"\n        prometheus.io/path: \"/\"\n        prometheus.io/port: \"{{ .Values.global.prometheus.port }}\"\n        {{- end }}\n        checksum/mongodb-config: {{ include (print $.Template.BasePath \"/mongodb-secret.yaml\") . | sha256sum }}\n        {{- with .Values.thingsSearch.additionalAnnotations }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n    spec:\n      {{- if .Values.rbac.enabled }}\n      serviceAccountName: {{ template \"ditto-digital-twins.serviceAccountName\" . }}\n      {{- end }}\n    {{- with .Values.global.imagePullSecrets }}\n      imagePullSecrets:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n      containers:\n        - name: {{ .Chart.Name }}-thingssearch\n          image: \"{{ .Values.thingsSearch.image.repository }}:{{ .Values.thingsSearch.image.tag }}\"\n          imagePullPolicy: {{ .Values.thingsSearch.image.imagePullPolicy }}\n          command: [\"java\"]\n          args:\n          {{- if .Values.thingsSearch.systemProps }}\n            {{- toYaml .Values.thingsSearch.systemProps | nindent 12 }}\n          {{- end }}\n            - \"-jar\"\n            - \"/opt/ditto/starter.jar\"\n          env:\n            - name: POD_LABEL_SELECTOR\n              value: \"app.kubernetes.io/name=%s\"\n            - name: POD_NAMESPACE\n              value: {{.Release.Namespace}}\n            - name: INSTANCE_INDEX\n              valueFrom:\n                fieldRef:\n                  apiVersion: v1\n                  fieldPath: metadata.name\n            - name: HOSTNAME\n              valueFrom:\n                fieldRef:\n                  apiVersion: v1\n                  fieldPath: status.podIP\n            - name: DISCOVERY_METHOD\n              value: \"kubernetes-api\"\n            - name: TZ\n              value: \"{{ .Values.global.timezone }}\"\n            - name: OPENJ9_JAVA_OPTIONS\n              value: \"-XX:MaxRAMPercentage=80 -XX:InitialRAMPercentage=40 -XX:+ExitOnOutOfMemoryError{{ if .Values.dbconfig.searchDB.ssl }} -Dorg.mongodb.async.type=netty{{ end }}\"\n            - name: MONGO_DB_SSL_ENABLED\n              value: \"{{ if .Values.dbconfig.searchDB.ssl }}true{{ else }}false{{ end }}\"\n            - name: MONGO_DB_URI\n              valueFrom:\n                secretKeyRef:\n                  name: {{ include \"ditto-digital-twins.fullname\" . }}-mongodb-secret\n                  key: searchDB-uri\n          {{- if .Values.global.prometheus.enabled }}\n            - name: PROMETHEUS_PORT\n              value: \"{{ .Values.global.prometheus.port }}\"\n          {{- end }}\n          {{- if .Values.thingsSearch.extraEnv }}\n            {{- toYaml .Values.thingsSearch.extraEnv | nindent 12 }}\n          {{- end }}\n          ports:\n            - name: http\n              containerPort: 8080\n              protocol: TCP\n            - name: remoting\n              containerPort: {{ .Values.akka.remoting.port }}\n              protocol: TCP\n            - name: management\n              containerPort: {{ .Values.akka.mgmthttp.port }}\n              protocol: TCP\n          readinessProbe:\n            httpGet:\n              port: management\n              path: /ready\n            initialDelaySeconds: {{ .Values.thingsSearch.readinessProbe.initialDelaySeconds }}\n            periodSeconds: {{ .Values.thingsSearch.readinessProbe.periodSeconds }}\n            timeoutSeconds: {{ .Values.thingsSearch.readinessProbe.timeoutSeconds }}\n            failureThreshold: {{ .Values.thingsSearch.readinessProbe.failureThreshold }}\n          livenessProbe:\n            httpGet:\n              port: management\n              path: /alive\n            initialDelaySeconds: {{ .Values.thingsSearch.livenessProbe.initialDelaySeconds }}\n            periodSeconds: {{ .Values.thingsSearch.livenessProbe.periodSeconds }}\n            timeoutSeconds: {{ .Values.thingsSearch.livenessProbe.timeoutSeconds }}\n            failureThreshold: {{ .Values.thingsSearch.livenessProbe.failureThreshold }}\n          resources:\n            {{- toYaml .Values.thingsSearch.resources | nindent 12 }}\n      {{- with .Values.thingsSearch.nodeSelector }}\n      nodeSelector:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n    {{- with .Values.thingsSearch.affinity }}\n      affinity:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- with .Values.thingsSearch.tolerations }}\n      tolerations:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/thingssearch-networkpolicy.yaml",
    "content": "{{- if .Values.thingsSearch.networkPolicy.enabled }}\nkind: NetworkPolicy\napiVersion: networking.k8s.io/v1\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-thingssearch\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-thingssearch\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\nspec:\n  podSelector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-thingssearch\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  policyTypes:\n  - Ingress\n  - Egress\n  ingress:\n  # Allow inner cluster communication\n  - from:\n    - podSelector:\n        matchLabels:\n          actorSystemName: {{ .Values.akka.actorSystemName }}\n    ports:\n    - protocol: TCP\n      port: {{ .Values.akka.remoting.port }}\n    - protocol: TCP\n      port: {{ .Values.akka.mgmthttp.port }}\n  # Open all egress\n  egress:\n  - {}\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/templates/thingssearch-pdb.yaml",
    "content": "{{- if and .Values.things.podDisruptionBudget.enabled (gt .Values.things.replicaCount 1.0) -}}\napiVersion: policy/v1beta1\nkind: PodDisruptionBudget\nmetadata:\n  name: {{ include \"ditto-digital-twins.fullname\" . }}-thingssearch\n  labels:\n    app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-thingssearch\n{{ include \"ditto-digital-twins.labels\" . | indent 4 }}\nspec:\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"ditto-digital-twins.name\" . }}-thingssearch\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  minAvailable: {{ .Values.things.podDisruptionBudget.minAvailable }}\n{{- end }}\n"
  },
  {
    "path": "charts/ditto-digital-twins/values.yaml",
    "content": "# Default values for ditto-digital-twins.\n# This is a YAML-formatted file.\n# Declare variables to be passed into your templates.\n\nserviceAccount:\n  ## create controls whether a service account should be created\n  create: true\n  ## name of the service account to use\n  ## If not set and create is true, a name is generated using the fullname template\n  name:\n\nrbac:\n  ## enabled controls whether RBAC resources will be created\n  enabled: true\n\nnameOverride: \"\"\nfullnameOverride: \"\"\n\n## dbconfig for mongodb connections\n## will be handled as k8s secret as connection uri might contain auth credentials\ndbconfig:\n  concierge:\n    uri: mongodb://ditto-mongodb:27017/concierge\n    ssl: false\n  connectivity:\n    uri: mongodb://ditto-mongodb:27017/connectivity\n    ssl: false\n  things:\n    uri: mongodb://ditto-mongodb:27017/things\n    ssl: false\n  searchDB:\n    uri: mongodb://ditto-mongodb:27017/searchDB\n    ssl: false\n  policies:\n    uri: mongodb://ditto-mongodb:27017/policies\n    ssl: false\n\n## ingress configuration\ningress:\n  enabled: false\n  annotations: {}\n    # kubernetes.io/tls-acme: \"true\"\n    # ingress.kubernetes.io/ssl-redirect: \"true\"\n  hosts:\n    - host: ditto.example.com\n      paths: []\n        # - /api\n        # - /ws\n        # - /devops\n        # - /status\n        # - /health\n        # - /apidoc\n\n  tls: []\n  #  - secretName: ditto-tls\n  #    hosts:\n  #      - ditto.example.com\n\n## ----------------------------------------------------------------------------\n## global configuration shared by all components\nglobal:\n  ## jwtOnly controls whether only OpenID-Connect authentication is supported\n  ## if false, basicAuth is used\n  ## ref: https://www.eclipse.org/ditto/installation-operating.html#openid-connect\n  jwtOnly: false\n  ## timezone\n  timezone: Europe/Berlin\n  ## imagePullSecrets will be added to every deployment\n  imagePullSecrets: []\n  prometheus:\n    ## enabled controls whether scrape config annotation will be added to pod templates\n    enabled: true\n    ## port where prometheus metrics will be provided\n    port: 9095\n\n\n## ----------------------------------------------------------------------------\n## akka actor configuration\n## ref: https://doc.akka.io/docs/akka/current/typed/index.html\nakka:\n  ## actorSystemName\n  actorSystemName: ditto-cluster\n  remoting:\n    ## port for remoting\n    port: 2551\n  mgmthttp:\n    ## port for http managment\n    port: 8558\n\n\n## ----------------------------------------------------------------------------\n## concierge configuration\n## ref: https://www.eclipse.org/ditto/architecture-services-concierge.html\nconcierge:\n  ## enabled controls whether Concierge related resources should be created\n  enabled: true\n  ## replicaCount for concierge service\n  replicaCount: 1\n  ## updateStrategy for concierge service\n  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy\n  updateStrategy:\n    type: RollingUpdate\n    rollingUpdate:\n      maxSurge: 1\n      maxUnavailable: 0\n  ## additionalLabels on concierge pods\n  additionalLabels: {}\n  ## additionalAnnotations on concierge pods\n  additionalAnnotations: {}\n  image:\n    ## repository for the concierge docker image\n    repository: docker.io/eclipse/ditto-concierge\n    ## tag for the concierge docker image\n    tag: 1.0.0-M3\n    ## pullPolicy for the concierge docker image\n    pullPolicy: IfNotPresent\n  ## systemProps used to define arbritrary system properties for concierge service\n  ## ref: https://www.eclipse.org/ditto/installation-operating.html#configuration\n  systemProps: []\n  ## extraEnv to add arbritrary environment variable to concierge container\n  extraEnv: []\n  ## resources for the concierge container\n  resources: {}\n    # requests:\n    #   memory: 512Mi\n    # limits:\n    #   ## no cpu limit to avoid CFS scheduler limits\n    #   ## ref: https://doc.akka.io/docs/akka/snapshot/additional/deploy.html#in-kubernetes\n    #   ## cpu: \"\"\n    #   memory: 1Gi\n  ## readinessProbe configuration for concierge\n  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes\n  readinessProbe:\n    initialDelaySeconds: 45\n    periodSeconds: 10\n    timeoutSeconds: 1\n    failureThreshold: 3\n  ## livenessProbe configuration for concierge\n  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes\n  livenessProbe:\n    initialDelaySeconds: 180\n    periodSeconds: 10\n    timeoutSeconds: 3\n    failureThreshold: 4\n  networkPolicy:\n    ## enabled controls whether concierge related NetworkPolicy should be created\n    enabled: true\n  podDisruptionBudget:\n    ## enabled controls whether concierge related PodDisruptionBudget should be created\n    enabled: true\n    ## minAvailable number of replicas during voluntary disruptions\n    minAvailable: 1\n  ## nodeSelector\n  ## https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector\n  nodeSelector: {}\n  ## tolerations\n  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\n  tolerations: []\n  ## affinity\n  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity\n  affinity: {}\n\n\n## ----------------------------------------------------------------------------\n## connectivity configuration\n## ref: https://www.eclipse.org/ditto/architecture-services-connectivity.html\nconnectivity:\n  ## enabled controls whether connectivity related resources should be created\n  enabled: true\n  ## replicaCount for connectivity service\n  replicaCount: 1\n  ## updateStrategy for connectivity service\n  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy\n  updateStrategy:\n    type: RollingUpdate\n    rollingUpdate:\n      maxSurge: 1\n      maxUnavailable: 0\n  ## additionalLabels on connectivity pods\n  additionalLabels: {}\n  ## additionalAnnotations on connectivity pods\n  additionalAnnotations: {}\n  image:\n    ## repository for the connectivity docker image\n    repository: docker.io/eclipse/ditto-connectivity\n    ## tag for the connectivity docker image\n    tag: 1.0.0-M3\n    ## pullPolicy for the connectivity docker image\n    pullPolicy: IfNotPresent\n  ## systemProps used to define arbritrary system properties for connectivity service\n  ## ref: https://www.eclipse.org/ditto/installation-operating.html#configuration\n  systemProps: []\n  ## extraEnv to add arbritrary environment variable to connectivity container\n  extraEnv: []\n  ## resources for the connectivity container\n  resources: {}\n    # requests:\n    #   memory: 512Mi\n    # limits:\n    #   ## no cpu limit to avoid CFS scheduler limits\n    #   ## ref: https://doc.akka.io/docs/akka/snapshot/additional/deploy.html#in-kubernetes\n    #   ## cpu: \"\"\n    #   memory: 1Gi\n  ## readinessProbe configuration for connectivity\n  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes\n  readinessProbe:\n    initialDelaySeconds: 45\n    periodSeconds: 10\n    timeoutSeconds: 1\n    failureThreshold: 3\n  ## livenessProbe configuration for connectivity\n  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes\n  livenessProbe:\n    initialDelaySeconds: 180\n    periodSeconds: 10\n    timeoutSeconds: 3\n    failureThreshold: 4\n  networkPolicy:\n    ## enabled controls whether connectivity related NetworkPolicy should be created\n    enabled: true\n  podDisruptionBudget:\n    ## enabled controls whether connectivity related PodDisruptionBudget should be created\n    enabled: true\n    ## minAvailable number of replicas during voluntary disruptions\n    minAvailable: 1\n  ## nodeSelector\n  ## https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector\n  nodeSelector: {}\n  ## tolerations\n  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\n  tolerations: []\n  ## affinity\n  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity\n  affinity: {}\n\n## ----------------------------------------------------------------------------\n## gateway configuration\n## ref: https://www.eclipse.org/ditto/architecture-services-gateway.html\ngateway:\n  ## enabled controls whether gateway related resources should be created\n  enabled: true\n  ## devopsSecureStatus is used as value for DEVOPS_SECURE_STATUS environment var\n  ## this controls whether /status resource is secured or not\n  devopsSecureStatus: false\n  ## enableDummyAuth is used as value for ENABLE_DUMMY_AUTH environment var\n  enableDummyAuth: true\n  ## devopsPassword will be used for accessing /devops resource (username: devops)\n  ## if not set a random password will be set\n  devopsPassword:\n  ## statusPassword will be used for accessing /status resource (username: devops)\n  ## if not set a random password will be set\n  statusPassword:\n  ## replicaCount for gateway service\n  replicaCount: 1\n  ## updateStrategy for gateway service\n  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy\n  updateStrategy:\n    type: RollingUpdate\n    rollingUpdate:\n      maxSurge: 1\n      maxUnavailable: 0\n  ## additionalLabels on gateway pods\n  additionalLabels: {}\n  ## additionalAnnotations on gateway pods\n  additionalAnnotations: {}\n  image:\n    ## repository for the gateway docker image\n    repository: docker.io/eclipse/ditto-gateway\n    ## tag for the gateway docker image\n    tag: 1.0.0-M3\n    ## pullPolicy for the gateway docker image\n    pullPolicy: IfNotPresent\n  ## systemProps used to define arbritrary system properties for gateway service\n  ## ref: https://www.eclipse.org/ditto/installation-operating.html#configuration\n  systemProps: []\n  ## extraEnv to add arbritrary environment variabled to gateway container\n  extraEnv: []\n    # - name: LOG_LEVEL_APPLICATION\n    #   value: \"DEBUG\"\n  ## resources for the gateway container\n  resources: {}\n    # requests:\n    #   memory: 512Mi\n    # limits:\n    #   ## no cpu limit to avoid CFS scheduler limits\n    #   ## ref: https://doc.akka.io/docs/akka/snapshot/additional/deploy.html#in-kubernetes\n    #   ## cpu: \"\"\n    #   memory: 1Gi\n  ## readinessProbe configuration for gateway\n  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes\n  readinessProbe:\n    initialDelaySeconds: 45\n    periodSeconds: 10\n    timeoutSeconds: 1\n    failureThreshold: 3\n  ## livenessProbe configuration for gateway\n  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes\n  livenessProbe:\n    initialDelaySeconds: 180\n    periodSeconds: 10\n    timeoutSeconds: 3\n    failureThreshold: 4\n  service:\n    ## port number for gateway service\n    port: 8080\n    ## annotations to add arbritrary annotations to nginx service\n    annotations: {}\n  networkPolicy:\n    ## enabled controls whether gateway related NetworkPolicy should be created\n    enabled: true\n  podDisruptionBudget:\n    ## enabled controls whether gateway related PodDisruptionBudget should be created\n    enabled: true\n    ## minAvailable number of replicas during voluntary disruptions\n    minAvailable: 1\n  ## nodeSelector\n  ## https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector\n  nodeSelector: {}\n  ## tolerations\n  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\n  tolerations: []\n  ## affinity\n  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity\n  affinity: {}\n\n\n## ----------------------------------------------------------------------------\n## nginx configuration\nnginx:\n  ## enabled controls whether nginx related resources should be created\n  enabled: true\n  ## replicaCount for nginx\n  replicaCount: 1\n  ## updateStrategy for nginx\n  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy\n  updateStrategy:\n    type: RollingUpdate\n    rollingUpdate:\n      maxSurge: 1\n      maxUnavailable: 0\n  ## additionalLabels on nginx pods\n  additionalLabels: {}\n  ## additionalAnnotations on nginx pods\n  additionalAnnotations: {}\n  image:\n    ## repository for the nginx docker image\n    repository: docker.io/nginx\n    ## tag for the nginx docker image\n    tag: 1.17.5-alpine\n    ## pullPolicy for the nginx docker image\n    pullPolicy: IfNotPresent\n  ## extraEnv to add arbritrary environment variables to nginx container\n  extraEnv: []\n  ## resources for the nginx container\n  resources: {}\n  ## readinessProbe configuration for nginx\n  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes\n  readinessProbe: {}\n  ## livenessProbe configuration for nginx\n  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes\n  livenessProbe: {}\n  # rootAccess to control securityContext (necessary when running on Openshift for writing in pod)\n  rootAccess: false\n  service:\n    ## type of the nginx service\n    type: ClusterIP\n    ## port of the nginx service\n    port: 8080\n    ## annotations to add arbritrary annotations to nginx service\n    annotations: {}\n  ## nodeSelector\n  ## https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector\n  nodeSelector: {}\n  ## tolerations\n  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\n  tolerations: []\n  ## affinity\n  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity\n  affinity: {}\n\n\n## ----------------------------------------------------------------------------\n## policies configuration\n## ref: https://www.eclipse.org/ditto/architecture-services-policies.html\npolicies:\n  ## enabled controls whether policies related resources should be created\n  enabled: true\n  ## replicaCount for policies service\n  replicaCount: 1\n  ## updateStrategy for policies service\n  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy\n  updateStrategy:\n    type: RollingUpdate\n    rollingUpdate:\n      maxSurge: 1\n      maxUnavailable: 0\n  ## additionalLabels on policies pods\n  additionalLabels: {}\n  ## additionalAnnotations on policies pods\n  additionalAnnotations: {}\n  image:\n    ## repository for the policies docker image\n    repository: docker.io/eclipse/ditto-policies\n    ## tag for the policies docker image\n    tag: 1.0.0-M3\n    ## pullPolicy for the policies docker image\n    pullPolicy: IfNotPresent\n  ## systemProps used to define arbritrary system properties for policies service\n  ## ref: https://www.eclipse.org/ditto/installation-operating.html#configuration\n  systemProps: []\n  ## extraEnv to add arbritrary environment variable to policies container\n  extraEnv: []\n  ## resources for the policies container\n  resources: {}\n    # requests:\n    #   memory: 512Mi\n    # limits:\n    #   ## no cpu limit to avoid CFS scheduler limits\n    #   ## ref: https://doc.akka.io/docs/akka/snapshot/additional/deploy.html#in-kubernetes\n    #   ## cpu: \"\"\n    #   memory: 1Gi\n  ## readinessProbe configuration for policies\n  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes\n  readinessProbe:\n    initialDelaySeconds: 45\n    periodSeconds: 10\n    timeoutSeconds: 1\n    failureThreshold: 3\n  ## livenessProbe configuration for policies\n  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes\n  livenessProbe:\n    initialDelaySeconds: 180\n    periodSeconds: 10\n    timeoutSeconds: 3\n    failureThreshold: 4\n  networkPolicy:\n    ## enabled controls whether policies related NetworkPolicy should be created\n    enabled: true\n  podDisruptionBudget:\n    ## enabled controls whether policies related PodDisruptionBudget should be created\n    enabled: true\n    ## minAvailable number of replicas during voluntary disruptions\n    minAvailable: 1\n  ## nodeSelector\n  ## https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector\n  nodeSelector: {}\n  ## tolerations\n  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\n  tolerations: []\n  ## affinity\n  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity\n  affinity: {}\n\n\n## ----------------------------------------------------------------------------\n## swaggerui configuration\nswaggerui:\n  ## enabled controls whether swagger ui related resources should be created\n  enabled: true\n  ## replicaCount for swagger ui service\n  replicaCount: 1\n  ## updateStrategy for swagger ui service\n  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy\n  updateStrategy:\n    type: RollingUpdate\n    rollingUpdate:\n      maxSurge: 1\n      maxUnavailable: 0\n  ## additionalLabels on swagger ui pods\n  additionalLabels: {}\n  ## additionalAnnotations on swagger ui pods\n  additionalAnnotations: {}\n  image:\n    ## repository for the swagger ui docker image\n    repository: docker.io/swaggerapi/swagger-ui\n    ## tag for the swagger ui docker image\n    tag: 3.17.4\n    ## pullPolicy for the swagger ui docker image\n    pullPolicy: IfNotPresent\n  ## extraEnv to add arbritrary environment variable to swagger ui container\n  extraEnv: []\n  ## resources for the swagger ui container\n  resources: {}\n  networkPolicy:\n    ## enabled controls whether swagger ui related NetworkPolicy should be created\n    enabled: true\n  podDisruptionBudget:\n    ## enabled controls whether swagger ui related PodDisruptionBudget should be created\n    enabled: true\n    ## minAvailable number of replicas during voluntary disruptions\n    minAvailable: 1\n  # rootAccess to control securityContext (necessary when running on Openshift for writing in pod)\n  rootAccess: false\n  service:\n    ## port of the swaggerui service\n    port: 8080\n    ## annotations to add arbritrary annotations to swaggerui service\n    annotations: {}\n\n\n## ----------------------------------------------------------------------------\n## things configuration\n## ref: https://www.eclipse.org/ditto/architecture-services-things.html\nthings:\n  ## enabled controls whether things related resources should be created\n  enabled: true\n  ## replicaCount for things service\n  replicaCount: 1\n  ## updateStrategy for things service\n  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy\n  updateStrategy:\n    type: RollingUpdate\n    rollingUpdate:\n      maxSurge: 1\n      maxUnavailable: 0\n  ## additionalLabels on things pods\n  additionalLabels: {}\n  ## additionalAnnotations on things pods\n  additionalAnnotations: {}\n  image:\n    ## repository for the things docker image\n    repository: docker.io/eclipse/ditto-things\n    ## tag for the things docker image\n    tag: 1.0.0-M3\n    ## pullPolicy for the things docker image\n    pullPolicy: IfNotPresent\n  ## systemProps used to define arbritrary system properties for things service\n  ## ref: https://www.eclipse.org/ditto/installation-operating.html#configuration\n  systemProps: []\n  ## extraEnv to add arbritrary environment variable to things container\n  extraEnv: []\n  ## resources for the things container\n  resources: {}\n    # requests:\n    #   memory: 512Mi\n    # limits:\n    #   ## no cpu limit to avoid CFS scheduler limits\n    #   ## ref: https://doc.akka.io/docs/akka/snapshot/additional/deploy.html#in-kubernetes\n    #   ## cpu: \"\"\n    #   memory: 1Gi\n  ## readinessProbe configuration for things\n  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes\n  readinessProbe:\n    initialDelaySeconds: 45\n    periodSeconds: 10\n    timeoutSeconds: 1\n    failureThreshold: 3\n  ## livenessProbe configuration for things\n  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes\n  livenessProbe:\n    initialDelaySeconds: 180\n    periodSeconds: 10\n    timeoutSeconds: 3\n    failureThreshold: 4\n  networkPolicy:\n    ## enabled controls whether things related NetworkPolicy should be created\n    enabled: true\n  podDisruptionBudget:\n    ## enabled controls whether things related PodDisruptionBudget should be created\n    enabled: true\n    ## minAvailable number of replicas during voluntary disruptions\n    minAvailable: 1\n  ## nodeSelector\n  ## https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector\n  nodeSelector: {}\n  ## tolerations\n  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\n  tolerations: []\n  ## affinity\n  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity\n  affinity: {}\n\n\n## ----------------------------------------------------------------------------\n## things-search configuration\n## ref: https://www.eclipse.org/ditto/architecture-services-things-search.html\nthingsSearch:\n  ## enabled controls whether things-search related resources should be created\n  enabled: true\n  ## replicaCount for things-search service\n  replicaCount: 1\n  ## updateStrategy for things-search service\n  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy\n  updateStrategy:\n    type: RollingUpdate\n    rollingUpdate:\n      maxSurge: 1\n      maxUnavailable: 0\n  ## additionalLabels on things-search pods\n  additionalLabels: {}\n  ## additionalAnnotations on things-search pods\n  additionalAnnotations: {}\n  image:\n    ## repository for the things-search docker image\n    repository: docker.io/eclipse/ditto-things-search\n    ## tag for the things-search docker image\n    tag: 1.0.0-M3\n    ## pullPolicy for the things-search docker image\n    pullPolicy: IfNotPresent\n  ## systemProps used to define arbritrary system properties for things-search service\n  ## ref: https://www.eclipse.org/ditto/installation-operating.html#configuration\n  systemProps: []\n  ## extraEnv to add arbritrary environment variable to things-search container\n  extraEnv: []\n  ## resources for the things-search container\n  resources: {}\n    # requests:\n    #   memory: 512Mi\n    # limits:\n    #   ## no cpu limit to avoid CFS scheduler limits\n    #   ## ref: https://doc.akka.io/docs/akka/snapshot/additional/deploy.html#in-kubernetes\n    #   ## cpu: \"\"\n    #   memory: 1Gi\n  ## readinessProbe configuration for things-search\n  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes\n  readinessProbe:\n    initialDelaySeconds: 45\n    periodSeconds: 10\n    timeoutSeconds: 1\n    failureThreshold: 3\n  ## livenessProbe configuration for things-search\n  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes\n  livenessProbe:\n    initialDelaySeconds: 180\n    periodSeconds: 10\n    timeoutSeconds: 3\n    failureThreshold: 4\n  networkPolicy:\n    ## enabled controls whether things-search related NetworkPolicy should be created\n    enabled: true\n  podDisruptionBudget:\n    ## enabled controls whether things-search related PodDisruptionBudget should be created\n    enabled: true\n    ## minAvailable number of replicas during voluntary disruptions\n    minAvailable: 1\n  ## nodeSelector\n  ## https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector\n  nodeSelector: {}\n  ## tolerations\n  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\n  tolerations: []\n  ## affinity\n  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity\n  affinity: {}\n\n\n## ----------------------------------------------------------------------------\n## mongodb dependency chart configuration\nmongodb:\n  ## enabled controls usage of dependency chart\n  enabled: true\n  fullnameOverride: ditto-mongodb\n  usePassword: false\n  persistence:\n    enabled: false\n"
  },
  {
    "path": "charts/enmasse/.helmignore",
    "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n.vscode/\n"
  },
  {
    "path": "charts/enmasse/Chart.yaml",
    "content": "apiVersion: v1\nappVersion: \"0.30.1\"\ndescription: A Helm chart for enmasse\nname: enmasse\nversion: 0.1.0\nhome: https://enmasse.io/\nsources:\n- https://github.com/EnMasseProject/enmasse\n- https://github.com/kiwigrid/helm-charts/tree/master/charts/enmasse\nmaintainers:\n- name: rpahli\n  email: rico.pahlisch@kiwigrid.com\n"
  },
  {
    "path": "charts/enmasse/ci/test-values.yaml",
    "content": "enmasse-crd:\n  enabled: true\n"
  },
  {
    "path": "charts/enmasse/requirements.yaml",
    "content": "dependencies:\n- name: enmasse-crd\n  version: 0.1.0\n  repository: https://kiwigrid.github.io/\n  condition: enmasse-crd.enabled"
  },
  {
    "path": "charts/enmasse/templates/NOTES.txt",
    "content": ""
  },
  {
    "path": "charts/enmasse/templates/_helpers.tpl",
    "content": "{{/* vim: set filetype=mustache: */}}\n{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"enmasse.name\" -}}\n{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCreate a default fully qualified app name.\nWe truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).\nIf release name contains chart name it will be used as a full name.\n*/}}\n{{- define \"enmasse.fullname\" -}}\n{{- if .Values.fullnameOverride -}}\n{{- .Values.fullnameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- $name := default .Chart.Name .Values.nameOverride -}}\n{{- if contains $name .Release.Name -}}\n{{- .Release.Name | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- printf \"%s-%s\" .Release.Name $name | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n{{- end -}}\n{{- end -}}\n\n{{/*\nCreate chart name and version as used by the chart label.\n*/}}\n{{- define \"enmasse.chart\" -}}\n{{- printf \"%s-%s\" .Chart.Name .Chart.Version | replace \"+\" \"_\" | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCommon labels\n*/}}\n{{- define \"enmasse.labels\" -}}\napp.kubernetes.io/name: {{ include \"enmasse.name\" . }}\nhelm.sh/chart: {{ include \"enmasse.chart\" . }}\napp.kubernetes.io/instance: {{ .Release.Name }}\n{{- if .Chart.AppVersion }}\napp.kubernetes.io/version: {{ .Chart.AppVersion | quote }}\n{{- end }}\napp.kubernetes.io/managed-by: {{ .Release.Service }}\n{{- end -}}\n\n{{/*\nCreate the name of the service account to use\n*/}}\n{{- define \"enmasse.serviceAccountName\" -}}\n{{- if .Values.serviceAccount.create -}}\n    {{ default (include \"enmasse.fullname\" .) .Values.serviceAccount.name }}\n{{- else -}}\n    {{ default \"default\" .Values.serviceAccount.name }}\n{{- end -}}\n{{- end -}}\n"
  },
  {
    "path": "charts/enmasse/templates/api-server-cert-secret.yaml",
    "content": "{{- $cn := printf \"%s.%s.svc.cluster.local\" ( include \"enmasse.fullname\" . ) .Release.Namespace }}\n{{- $ca := genCA \"enmasse\" 3650 -}}\n{{- $cert := genSignedCert $cn nil nil 3650 $ca }}\nkind: Secret\napiVersion: v1\nmetadata:\n  name: {{ include \"enmasse.fullname\" . }}-api-server-cert\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\ntype: kubernetes.io/tls\ndata:\n  tls.crt: {{ b64enc $cert.Cert }}\n  tls.key: {{ b64enc $cert.Key }}"
  },
  {
    "path": "charts/enmasse/templates/api-service-v1alpha1-enmasse-io.yaml",
    "content": "apiVersion: apiregistration.k8s.io/v1beta1\nkind: APIService\nmetadata:\n  name: v1alpha1.enmasse.io\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\n  name: v1alpha1.enmasse.io\nspec:\n  group: enmasse.io\n  groupPriorityMinimum: 1000\n  insecureSkipTLSVerify: true\n  service:\n    name: {{ include \"enmasse.fullname\" . }}-api-server\n    namespace: {{.Release.Namespace}}\n  version: v1alpha1\n  versionPriority: 15\n"
  },
  {
    "path": "charts/enmasse/templates/api-service-v1alpha1-user-enmasse-io.yaml",
    "content": "apiVersion: apiregistration.k8s.io/v1beta1\nkind: APIService\nmetadata:\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\n  name: v1alpha1.user.enmasse.io\nspec:\n  group: user.enmasse.io\n  groupPriorityMinimum: 1000\n  insecureSkipTLSVerify: true\n  service:\n    name: {{ include \"enmasse.fullname\" . }}-api-server\n    namespace: {{.Release.Namespace}}\n  version: v1alpha1\n  versionPriority: 15\n"
  },
  {
    "path": "charts/enmasse/templates/api-service-v1beta1-enmasse-io.yaml",
    "content": "apiVersion: apiregistration.k8s.io/v1beta1\nkind: APIService\nmetadata:\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\n  name: v1beta1.enmasse.io\nspec:\n  group: enmasse.io\n  groupPriorityMinimum: 1000\n  insecureSkipTLSVerify: true\n  service:\n    name: {{ include \"enmasse.fullname\" . }}-api-server\n    namespace: {{.Release.Namespace}}\n  version: v1beta1\n  versionPriority: 15\n"
  },
  {
    "path": "charts/enmasse/templates/api-service-v1beta1-user-enmasse-io.yaml",
    "content": "apiVersion: apiregistration.k8s.io/v1beta1\nkind: APIService\nmetadata:\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\n  name: v1beta1.user.enmasse.io\nspec:\n  group: user.enmasse.io\n  groupPriorityMinimum: 1000\n  insecureSkipTLSVerify: true\n  service:\n    name: {{ include \"enmasse.fullname\" . }}-api-server\n    namespace: {{.Release.Namespace}}\n  version: v1beta1\n  versionPriority: 15\n"
  },
  {
    "path": "charts/enmasse/templates/cluster-role-api-server.yaml",
    "content": "{{- if .Values.rbac.enabled }}\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n  name: {{ include \"enmasse.fullname\" . }}-api-server\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\nrules:\n  - apiGroups: [ \"authentication.k8s.io\" ]\n    resources: [ \"tokenreviews\" ]\n    verbs: [ \"create\" ]\n  - apiGroups: [ \"authorization.k8s.io\" ]\n    resources: [ \"subjectaccessreviews\" ]\n    verbs: [ \"create\" ]\n  - apiGroups: [ \"\" ]\n    resources: [ \"configmaps\" ]\n    resourceNames: [ \"extension-apiserver-authentication\" ]\n    verbs: [ \"get\" ]\n{{- end }}"
  },
  {
    "path": "charts/enmasse/templates/cluster-role-binding-api-server.yaml",
    "content": "{{- if .Values.rbac.enabled }}\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  name: {{ include \"enmasse.fullname\" . }}-api-server\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: {{ include \"enmasse.fullname\" . }}-api-server\nsubjects:\n- kind: ServiceAccount\n  name: {{ include \"enmasse.fullname\" . }}-api-server\n  namespace: {{.Release.Namespace}}\n{{- end }}"
  },
  {
    "path": "charts/enmasse/templates/cluster-role-binding-enmasse-operator.yaml",
    "content": "{{- if .Values.rbac.enabled }}\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  name: {{ include \"enmasse.fullname\" . }}-operator\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: {{ include \"enmasse.fullname\" . }}-operator\nsubjects:\n- kind: ServiceAccount\n  name: {{ include \"enmasse.fullname\" . }}-operator\n  namespace: {{.Release.Namespace}}\n{{- end }}"
  },
  {
    "path": "charts/enmasse/templates/cluster-role-binding-standard-authservice.yaml",
    "content": "{{- if .Values.rbac.enabled }}\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  name: {{ include \"enmasse.fullname\" . }}-standard-authservice\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: {{ include \"enmasse.fullname\" . }}-standard-authservice\nsubjects:\n- kind: ServiceAccount\n  name: {{ include \"enmasse.fullname\" . }}-standard-authservice\n  namespace: {{.Release.Namespace}}\n{{- end }}"
  },
  {
    "path": "charts/enmasse/templates/cluster-role-enmasse-operator.yaml",
    "content": "{{- if .Values.rbac.enabled }}\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n  name: {{ include \"enmasse.fullname\" . }}-operator\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\nrules:\n  - apiGroups: [ \"oauth.openshift.io\" ]\n    resources: [ \"oauthclients\" ]\n    verbs: [ \"create\", \"get\", \"update\", \"list\", \"watch\" ]\n{{- end }}"
  },
  {
    "path": "charts/enmasse/templates/cluster-role-standard-authservice.yaml",
    "content": "{{- if .Values.rbac.enabled }}\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n  name: {{ include \"enmasse.fullname\" . }}-standard-authservice\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\nrules:\n  - apiGroups: [ \"authentication.k8s.io\" ]\n    resources: [ \"tokenreviews\" ]\n    verbs: [ \"create\" ]\n{{- end }}"
  },
  {
    "path": "charts/enmasse/templates/deployment-address-space-controller.yaml",
    "content": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\n  name: {{ include \"enmasse.fullname\" . }}-address-space-controller\nspec:\n  replicas: {{ .Values.addressSpaceController.replicaCount }}\n  strategy:\n    type: Recreate\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"enmasse.fullname\" . }}-address-space-controller\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"enmasse.fullname\" . }}-address-space-controller\n        app.kubernetes.io/instance: {{ .Release.Name }}\n{{- with .Values.addressSpaceController.annotations }}\n      annotations:\n{{ toYaml . | indent 8 }}\n{{- end }}\n    spec:\n      affinity:\n        nodeAffinity:\n          preferredDuringSchedulingIgnoredDuringExecution:\n            - weight: 1\n              preference:\n                matchExpressions:\n                  - key: node-role.enmasse.io/operator-infra\n                    operator: In\n                    values:\n                      - \"true\"\n      containers:\n      - env:\n        - name: EXPOSE_ENDPOINTS_BY_DEFAULT\n          valueFrom:\n            configMapKeyRef:\n              key: exposeEndpointsByDefault\n              name: address-space-controller-config\n              optional: true\n        - name: ENVIRONMENT\n          valueFrom:\n            configMapKeyRef:\n              key: environment\n              name: address-space-controller-config\n              optional: true\n        - name: TEMPLATE_DIR\n          value: /opt/templates\n        - name: RESOURCES_DIR\n          value: /opt\n        - name: STANDARD_AUTHSERVICE_CONFIG_NAME\n          value: keycloak-config\n        - name: STANDARD_AUTHSERVICE_CREDENTIALS_SECRET_NAME\n          value: keycloak-credentials\n        - name: STANDARD_AUTHSERVICE_CERT_SECRET_NAME\n          value: standard-authservice-cert\n        - name: WILDCARD_ENDPOINT_CERT_SECRET\n          valueFrom:\n            configMapKeyRef:\n              key: wildcardEndpointCertSecret\n              name: address-space-controller-config\n              optional: true\n        - name: RESYNC_INTERVAL\n          valueFrom:\n            configMapKeyRef:\n              key: resyncInterval\n              name: address-space-controller-config\n              optional: true\n        - name: RECHECK_INTERVAL\n          valueFrom:\n            configMapKeyRef:\n              key: recheckInterval\n              name: address-space-controller-config\n              optional: true\n          {{- if .Values.addressSpaceController.configEnv }}\n            {{- toYaml .Values.addressSpaceController.configEnv | nindent 8 }}\n          {{- end }}\n        image: \"{{ .Values.addressSpaceController.image.repository }}:{{ .Values.addressSpaceController.image.tag }}\"\n        imagePullPolicy: {{ .Values.addressSpaceController.image.pullPolicy }}\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: http\n            scheme: HTTP\n        name: address-space-controller\n        ports:\n        - containerPort: 8080\n          name: http\n        readinessProbe:\n          httpGet:\n            path: /healthz\n            port: http\n            scheme: HTTP\n        resources:\n{{ toYaml .Values.addressSpaceController.resources | indent 10 }}\n{{- if .Values.rbac.enabled }}\n      serviceAccountName: {{ include \"enmasse.fullname\" . }}-address-space-controller\n{{- end }}\n"
  },
  {
    "path": "charts/enmasse/templates/deployment-api-server.yaml",
    "content": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\n  name: {{ include \"enmasse.fullname\" . }}-api-server\nspec:\n  replicas: {{ .Values.apiServer.replicaCount }}\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"enmasse.fullname\" . }}-api-server\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"enmasse.fullname\" . }}-api-server\n        app.kubernetes.io/instance: {{ .Release.Name }}\n{{- with .Values.apiServer.annotations }}\n      annotations:\n{{ toYaml . | indent 8 }}\n{{- end }}\n    spec:\n      affinity:\n        nodeAffinity:\n          preferredDuringSchedulingIgnoredDuringExecution:\n            - weight: 1\n              preference:\n                matchExpressions:\n                  - key: node-role.enmasse.io/operator-infra\n                    operator: In\n                    values:\n                      - \"true\"\n      containers:\n      - env:\n        - name: JAVA_OPTS\n          value: -verbose:gc -Xlog:gc*\n        - name: CERT_DIR\n          value: /api-server-cert\n        - name: ENABLE_RBAC\n          value: \"true\"\n        - name: APISERVER_CLIENT_CA_CONFIG_NAME\n          value: extension-apiserver-authentication\n        - name: APISERVER_CLIENT_CA_CONFIG_NAMESPACE\n          value: kube-system\n        - name: APISERVER_ROUTE_NAME\n          value: restapi\n        image: \"{{ .Values.apiServer.image.repository }}:{{ .Values.apiServer.image.tag }}\"\n        imagePullPolicy: {{ .Values.apiServer.image.pullPolicy }}\n        livenessProbe:\n          httpGet:\n            path: /healthz\n            port: http\n            scheme: HTTP\n          initialDelaySeconds: 60\n        name: api-server\n        ports:\n        - containerPort: 8080\n          name: http\n        - containerPort: 8443\n          name: https\n        readinessProbe:\n          httpGet:\n            path: /healthz\n            port: http\n            scheme: HTTP\n        resources:\n{{ toYaml .Values.apiServer.resources | indent 10 }}\n        volumeMounts:\n        - mountPath: /api-server-cert\n          name: api-server-cert\n          readOnly: true\n{{- if .Values.rbac.enabled }}\n      serviceAccountName: {{ include \"enmasse.fullname\" . }}-api-server\n{{- end }}\n      volumes:\n      - name: api-server-cert\n        secret:\n          secretName: {{ include \"enmasse.fullname\" . }}-api-server-cert\n"
  },
  {
    "path": "charts/enmasse/templates/deployment-enmasse-operator.yaml",
    "content": "kind: Deployment\napiVersion: apps/v1\nmetadata:\n  name: {{ include \"enmasse.fullname\" . }}-operator\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\nspec:\n  replicas: {{ .Values.operator.replicaCount }}\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"enmasse.fullname\" . }}-operator\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  template:\n    metadata:\n      labels:        \n        app.kubernetes.io/name: {{ include \"enmasse.fullname\" . }}-operator\n        app.kubernetes.io/instance: {{ .Release.Name }}\n{{- with .Values.operator.annotations }}\n      annotations:\n{{ toYaml . | indent 8 }}\n{{- end }}\n    spec:\n      affinity:\n        nodeAffinity:\n          preferredDuringSchedulingIgnoredDuringExecution:\n            - weight: 1\n              preference:\n                matchExpressions:\n                  - key: node-role.enmasse.io/operator-infra\n                    operator: In\n                    values:\n                      - \"true\"\n{{- if .Values.rbac.enabled }}\n      serviceAccountName: {{ include \"enmasse.fullname\" . }}-operator\n{{- end }}\n      containers:\n      - name: controller        \n        image: \"{{ .Values.operator.image.repository }}:{{ .Values.operator.image.tag }}\"\n        imagePullPolicy: {{ .Values.operator.image.pullPolicy }}\n        env:\n        - name: POD_NAME\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.name\n        - name: NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n          {{- if .Values.operator.configEnv }}\n            {{- toYaml .Values.operator.configEnv | nindent 8 }}\n          {{- end }}\n        resources:\n{{ toYaml .Values.operator.resources | indent 10 }}"
  },
  {
    "path": "charts/enmasse/templates/role-address-space-admin.yaml",
    "content": "{{- if .Values.rbac.enabled }}\napiVersion: rbac.authorization.k8s.io/v1\nkind: Role\nmetadata:\n  name: {{ include \"enmasse.fullname\" . }}-address-space-admin\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\nrules:\n  - apiGroups: [ \"admin.enmasse.io\" ]\n    resources: [ \"addressplans\", \"addressspaceplans\", \"brokeredinfraconfigs\", \"standardinfraconfigs\", \"authenticationservices\", \"consoleservices\"]\n    verbs: [ \"get\", \"list\", \"watch\" ]\n  - apiGroups: [ \"\" ]\n    resources: [ \"pods\", \"secrets\" ]\n    verbs: [ \"get\", \"list\", \"watch\" ]\n  - apiGroups: [ \"\" ]\n    resources: [ \"configmaps\", \"configmaps/finalizers\" ]\n    verbs: [ \"create\", \"update\", \"patch\", \"get\", \"list\", \"watch\", \"delete\" ]\n  - apiGroups: [ \"\" ]\n    resources: [ \"events\" ]\n    verbs: [ \"create\", \"update\", \"patch\", \"get\", \"list\" ]\n  - apiGroups: [ \"\" ]\n    resources: [ \"persistentvolumeclaims\", \"services\" ]\n    verbs: [ \"create\", \"update\", \"patch\", \"get\", \"list\", \"delete\" ]\n  - apiGroups: [ \"apps\" ]\n    resources: [ \"statefulsets\", \"deployments\" ]\n    verbs: [ \"create\", \"update\", \"patch\", \"get\", \"list\", \"delete\" ]\n{{- end }}"
  },
  {
    "path": "charts/enmasse/templates/role-address-space-controller.yaml",
    "content": "{{- if .Values.rbac.enabled }}\napiVersion: rbac.authorization.k8s.io/v1\nkind: Role\nmetadata:\n  name: {{ include \"enmasse.fullname\" . }}-address-space-controller\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\nrules:\n  - apiGroups: [ \"admin.enmasse.io\" ]\n    resources: [ \"addressplans\", \"addressspaceplans\", \"brokeredinfraconfigs\", \"standardinfraconfigs\", \"authenticationservices\", \"consoleservices\"]\n    verbs: [ \"get\", \"list\", \"watch\" ]\n  - apiGroups: [ \"\" ]\n    resources: [ \"pods\" ]\n    verbs: [ \"get\", \"list\", \"patch\", \"update\" ]\n  - apiGroups: [ \"\" ]\n    resources: [ \"configmaps\", \"configmaps/finalizers\" ]\n    verbs: [ \"create\", \"update\", \"patch\", \"get\", \"list\", \"watch\", \"delete\" ]\n  - apiGroups: [ \"\" ]\n    resources: [ \"events\" ]\n    verbs: [ \"create\", \"update\", \"patch\", \"get\", \"list\" ]\n  - apiGroups: [ \"\" ]\n    resources: [ \"services\", \"secrets\", \"persistentvolumeclaims\" ]\n    verbs: [ \"create\", \"update\", \"patch\", \"get\", \"list\", \"delete\" ]\n  - apiGroups: [ \"networking.k8s.io\", \"extensions\" ]\n    resources: [ \"networkpolicies\" ]\n    verbs: [ \"create\", \"update\", \"patch\", \"get\", \"list\", \"delete\" ]\n  - apiGroups: [ \"route.openshift.io\", \"\" ]\n    resources: [ \"routes\", \"routes/custom-host\", \"routes/status\" ]\n    verbs: [ \"create\", \"update\", \"patch\", \"get\", \"list\", \"delete\" ]\n  - apiGroups: [ \"apps\", \"extensions\" ]\n    resources: [ \"statefulsets\", \"deployments\", \"replicasets\" ]\n    verbs: [ \"create\", \"update\", \"patch\", \"get\", \"list\", \"delete\" ]\n{{- end }}"
  },
  {
    "path": "charts/enmasse/templates/role-api-server.yaml",
    "content": "{{- if .Values.rbac.enabled }}\napiVersion: rbac.authorization.k8s.io/v1\nkind: Role\nmetadata:\n  name: {{ include \"enmasse.fullname\" . }}-api-server\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\nrules:\n  - apiGroups: [ \"\" ]\n    resources: [ \"services\", \"secrets\" ]\n    verbs: [ \"get\", \"list\", \"watch\" ]\n  - apiGroups: [ \"\" ]\n    resources: [ \"configmaps\", \"configmaps/finalizers\" ]\n    verbs: [ \"create\", \"update\", \"patch\", \"get\", \"list\", \"watch\", \"delete\" ]\n  - apiGroups: [ \"admin.enmasse.io\" ]\n    resources: [ \"addressspaceplans\", \"addressplans\", \"standardinfraconfigs\", \"brokeredinfraconfigs\", \"authenticationservices\", \"consoleservices\"]\n    verbs: [ \"get\", \"list\", \"watch\" ]\n{{- end }}"
  },
  {
    "path": "charts/enmasse/templates/role-binding-address-space-admin.yaml",
    "content": "{{- if .Values.rbac.enabled }}\napiVersion: rbac.authorization.k8s.io/v1\nkind: RoleBinding\nmetadata:\n  name: {{ include \"enmasse.fullname\" . }}-address-space-admin\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: Role\n  name: {{ include \"enmasse.fullname\" . }}-address-space-admin\nsubjects:\n- kind: ServiceAccount\n  name: address-space-admin\n  namespace: {{.Release.Namespace}}\n{{- end }}"
  },
  {
    "path": "charts/enmasse/templates/role-binding-address-space-controller.yaml",
    "content": "{{- if .Values.rbac.enabled }}\napiVersion: rbac.authorization.k8s.io/v1\nkind: RoleBinding\nmetadata:\n  name: {{ include \"enmasse.fullname\" . }}-address-space-controller\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: Role\n  name: {{ include \"enmasse.fullname\" . }}-address-space-controller\nsubjects:\n- kind: ServiceAccount\n  name: {{ include \"enmasse.fullname\" . }}-address-space-controller\n  namespace: {{.Release.Namespace}}\n{{- end }}"
  },
  {
    "path": "charts/enmasse/templates/role-binding-api-server.yaml",
    "content": "{{- if .Values.rbac.enabled }}\napiVersion: rbac.authorization.k8s.io/v1\nkind: RoleBinding\nmetadata:\n  name: {{ include \"enmasse.fullname\" . }}-api-server\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: Role\n  name: {{ include \"enmasse.fullname\" . }}-api-server\nsubjects:\n- kind: ServiceAccount\n  name: {{ include \"enmasse.fullname\" . }}-api-server\n  namespace: {{.Release.Namespace}}\n{{- end }}"
  },
  {
    "path": "charts/enmasse/templates/role-binding-enmasse-operator.yaml",
    "content": "{{- if .Values.rbac.enabled }}\napiVersion: rbac.authorization.k8s.io/v1\nkind: RoleBinding\nmetadata:\n  name: {{ include \"enmasse.fullname\" . }}-operator\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: Role\n  name: {{ include \"enmasse.fullname\" . }}-operator\nsubjects:\n- kind: ServiceAccount\n  name: {{ include \"enmasse.fullname\" . }}-operator\n  namespace: {{.Release.Namespace}}\n{{- end }}"
  },
  {
    "path": "charts/enmasse/templates/role-enmasse-operator.yaml",
    "content": "{{- if .Values.rbac.enabled }}\napiVersion: rbac.authorization.k8s.io/v1\nkind: Role\nmetadata:\n  name: {{ include \"enmasse.fullname\" . }}-operator\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\nrules:\n  - apiGroups: [ \"apps\" ]\n    resources: [ \"deployments\" ]\n    verbs: [ \"get\", \"list\", \"watch\", \"update\", \"create\", \"patch\", \"delete\" ]\n  - apiGroups: [ \"\" ]\n    resources: [ \"configmaps\", \"secrets\", \"persistentvolumeclaims\", \"services\" ]\n    verbs: [ \"get\", \"list\", \"watch\", \"update\", \"create\", \"patch\", \"delete\" ]\n  - apiGroups: [ \"\", \"route.openshift.io\" ]\n    resources: [ \"routes\", \"routes/custom-host\", \"routes/status\"]\n    verbs: [ \"create\", \"update\", \"patch\", \"get\", \"list\", \"watch\", \"delete\" ]\n  - apiGroups: [ \"apps.openshift.io\" ]\n    resources: [ \"deploymentconfigs\"]\n    verbs: [  \"get\", \"list\", \"watch\" ]\n  - apiGroups: [ \"admin.enmasse.io\" ]\n    resources: [ \"authenticationservices\", \"authenticationservices/finalizers\", \"consoleservices\", \"consoleservices/finalizers\" ]\n    verbs: [ \"get\", \"list\", \"watch\", \"update\", \"create\", \"patch\" ]\n  - apiGroups: [ \"iot.enmasse.io\" ]\n    resources: [ \"iotconfigs\", \"iotconfigs/finalizers\", \"iotconfigs/status\" ]\n    verbs: [ \"get\", \"list\", \"watch\", \"update\", \"create\", \"patch\" ]\n{{- end }}"
  },
  {
    "path": "charts/enmasse/templates/service-account-address-space-admin.yaml",
    "content": "{{- if .Values.rbac.enabled }}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: address-space-admin\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\n{{- end }}"
  },
  {
    "path": "charts/enmasse/templates/service-account-address-space-controller.yaml",
    "content": "{{- if .Values.rbac.enabled }}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: {{ include \"enmasse.fullname\" . }}-address-space-controller\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\n{{- end }}"
  },
  {
    "path": "charts/enmasse/templates/service-account-api-server.yaml",
    "content": "{{- if .Values.rbac.enabled }}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: {{ include \"enmasse.fullname\" . }}-api-server\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\n{{- end }}"
  },
  {
    "path": "charts/enmasse/templates/service-account-enmasse-operator.yaml",
    "content": "{{- if .Values.rbac.enabled }}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: {{ include \"enmasse.fullname\" . }}-operator\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\n{{- end }}"
  },
  {
    "path": "charts/enmasse/templates/service-account-standard-authservice.yaml",
    "content": "{{- if .Values.rbac.enabled }}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: {{ include \"enmasse.fullname\" . }}-standard-authservice\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\n{{- end }}"
  },
  {
    "path": "charts/enmasse/templates/service-address-space-controller.yaml",
    "content": "apiVersion: v1\nkind: Service\nmetadata:\n  name: {{ include \"enmasse.fullname\" . }}-address-space-controller\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\n{{- with .Values.addressSpaceController.service.annotations }}\n  annotations:\n{{ toYaml . | indent 4 }}\n{{- end }}\nspec:\n  ports:\n  - name: health\n    port: 8080\n    protocol: TCP\n    targetPort: http\n  selector:\n    app.kubernetes.io/name: {{ include \"enmasse.fullname\" . }}-address-space-controller\n    app.kubernetes.io/instance: {{ .Release.Name }}\n  type: ClusterIP\n"
  },
  {
    "path": "charts/enmasse/templates/service-api-server.yaml",
    "content": "apiVersion: v1\nkind: Service\nmetadata:\n  name: {{ include \"enmasse.fullname\" . }}-api-server\n  labels:\n{{ include \"enmasse.labels\" . | indent 4 }}\n  annotations:\n    service.alpha.openshift.io/serving-cert-secret-name: {{ include \"enmasse.fullname\" . }}-api-server-cert\n    {{- with .Values.apiServer.service.annotations }}\n    {{ toYaml .Values.apiServer.service.annotations | nindent 4 }}\n    {{- end }}\nspec:\n  ports:\n  - name: https\n    port: 443\n    protocol: TCP\n    targetPort: https\n  - name: health\n    port: 8080\n    protocol: TCP\n    targetPort: http\n  selector:\n    app.kubernetes.io/name: {{ include \"enmasse.fullname\" . }}-api-server\n    app.kubernetes.io/instance: {{ .Release.Name }}\n  type: ClusterIP\n"
  },
  {
    "path": "charts/enmasse/values.yaml",
    "content": "# Default values for enmasse.\n# This is a YAML-formatted file.\n# Declare variables to be passed into your templates.\n\nenmasse-crd:\n  enabled: false\n\nrbac:\n  enabled: true\n\noperator:\n  replicaCount: 1\n  image:\n    repository: quay.io/enmasse/controller-manager\n    tag: 0.30.1\n    pullPolicy: IfNotPresent\n  annotations:\n  configEnv:\n    - name: OPERATOR_NAME\n      value: \"enmasse-operator\"\n    - name: IMAGE_PULL_POLICY\n      value: \"IfNotPresent\"\n    - name: CONTROLLER_DISABLE_ALL\n      value: \"true\"\n    - name: CONTROLLER_ENABLE_IOT_CONFIG\n      value: \"true\"\n    - name: CONTROLLER_ENABLE_AUTHENTICATION_SERVICE\n      value: \"true\"\n    - name: CONTROLLER_MANAGER_IMAGE\n      value: quay.io/enmasse/controller-manager:0.30.1\n    - name: IOT_AUTH_SERVICE_IMAGE\n      value: quay.io/enmasse/iot-auth-service:0.30.1\n    - name: IOT_DEVICE_REGISTRY_FILE_IMAGE\n      value: quay.io/enmasse/iot-device-registry-file:0.30.1\n    - name: IOT_DEVICE_REGISTRY_INFINISPAN_IMAGE\n      value: quay.io/enmasse/iot-device-registry-infinispan:0.30.1\n    - name: IOT_GC_IMAGE\n      value:\n    - name: IOT_HTTP_ADAPTER_IMAGE\n      value: quay.io/enmasse/iot-http-adapter:0.30.1\n    - name: IOT_MQTT_ADAPTER_IMAGE\n      value: quay.io/enmasse/iot-mqtt-adapter:0.30.1\n    - name: IOT_LORAWAN_ADAPTER_IMAGE\n      value: quay.io/enmasse/iot-lorawan-adapter:0.30.1\n    - name: IOT_SIGFOX_ADAPTER_IMAGE\n      value: quay.io/enmasse/iot-sigfox-adapter:0.30.1\n    - name: IOT_TENANT_SERVICE_IMAGE\n      value: quay.io/enmasse/iot-tenant-service:0.30.1\n    - name: IOT_PROXY_CONFIGURATOR_IMAGE\n      value: quay.io/enmasse/iot-proxy-configurator:0.30.1\n    - name: ROUTER_IMAGE\n      value: quay.io/interconnectedcloud/qdrouterd:1.9.0\n    - name: NONE_AUTHSERVICE_IMAGE\n      value: quay.io/enmasse/none-authservice:0.30.1\n    - name: KEYCLOAK_IMAGE\n      value: quay.io/enmasse/keycloak-openshift:4.8.3.Final\n    - name: KEYCLOAK_PLUGIN_IMAGE\n      value: quay.io/enmasse/keycloak-plugin:0.30.1\n    - name: CONTROLLER_ENABLE_CONSOLE_SERVICE\n      value: \"true\"\n    - name: CONSOLE_INIT_IMAGE\n      value: \"quay.io/enmasse/console-init:0.30.1\"\n    - name: CONSOLE_PROXY_OPENSHIFT_IMAGE\n      value: \"openshift/oauth-proxy:latest\"\n    - name: CONSOLE_PROXY_KUBERNETES_IMAGE\n      value: \"quay.io/pusher/oauth2_proxy:latest\"\n    - name: CONSOLE_HTTPD_IMAGE\n      value: \"quay.io/enmasse/console-httpd:0.30.1\"\n  resources: {}\n\napiServer:\n  replicaCount: 1\n  image:\n    repository: quay.io/enmasse/api-server\n    tag: 0.30.1\n    pullPolicy: IfNotPresent\n  annotations:\n  service:\n    annotations: {}\n  resources: {}\n\naddressSpaceController:\n  replicaCount: 1\n  image:\n    repository: quay.io/enmasse/address-space-controller\n    tag: 0.30.1\n    pullPolicy: IfNotPresent\n  annotations:\n  service:\n    annotations: {}\n  configEnv:\n    - name: JAVA_OPTS\n      value: -verbose:gc\n    - name: ENABLE_EVENT_LOGGER\n      value: \"true\"\n    - name: IMAGE_PULL_POLICY\n      value: IfNotPresent\n    - name: ROUTER_IMAGE\n      value: quay.io/interconnectedcloud/qdrouterd:1.9.0\n    - name: STANDARD_CONTROLLER_IMAGE\n      value: quay.io/enmasse/standard-controller:0.30.1\n    - name: AGENT_IMAGE\n      value: quay.io/enmasse/agent:0.30.1\n    - name: BROKER_IMAGE\n      value: quay.io/enmasse/artemis-base:2.10.1\n    - name: BROKER_PLUGIN_IMAGE\n      value: quay.io/enmasse/broker-plugin:0.30.1\n    - name: TOPIC_FORWARDER_IMAGE\n      value: quay.io/enmasse/topic-forwarder:0.30.1\n    - name: MQTT_GATEWAY_IMAGE\n      value: quay.io/enmasse/mqtt-gateway:0.30.1\n    - name: MQTT_LWT_IMAGE\n      value: quay.io/enmasse/mqtt-lwt:0.30.1\n  resources: {}\n\nimagePullSecrets: []\nnameOverride: \"\"\nfullnameOverride: \"\"\n"
  },
  {
    "path": "charts/enmasse-crd/.helmignore",
    "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n.vscode/\n"
  },
  {
    "path": "charts/enmasse-crd/Chart.yaml",
    "content": "apiVersion: v1\nappVersion: \"0.30.1\"\ndescription: A Helm chart for enmasse CRD's\nname: enmasse-crd\nversion: 0.1.0\nhome: https://enmasse.io/\nsources:\n- https://github.com/EnMasseProject/enmasse\n- https://github.com/kiwigrid/helm-charts/tree/master/charts/enmasse-crd\nmaintainers:\n- name: rpahli\n  email: rico.pahlisch@kiwigrid.com\n"
  },
  {
    "path": "charts/enmasse-crd/templates/NOTES.txt",
    "content": "Enmasse CRD's successful installed"
  },
  {
    "path": "charts/enmasse-crd/templates/_helpers.tpl",
    "content": "{{/* vim: set filetype=mustache: */}}\n{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"enmasse-crd.name\" -}}\n{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCreate a default fully qualified app name.\nWe truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).\nIf release name contains chart name it will be used as a full name.\n*/}}\n{{- define \"enmasse-crd.fullname\" -}}\n{{- if .Values.fullnameOverride -}}\n{{- .Values.fullnameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- $name := default .Chart.Name .Values.nameOverride -}}\n{{- if contains $name .Release.Name -}}\n{{- .Release.Name | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- printf \"%s-%s\" .Release.Name $name | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n{{- end -}}\n{{- end -}}\n\n{{/*\nCreate chart name and version as used by the chart label.\n*/}}\n{{- define \"enmasse-crd.chart\" -}}\n{{- printf \"%s-%s\" .Chart.Name .Chart.Version | replace \"+\" \"_\" | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCommon labels\n*/}}\n{{- define \"enmasse-crd.labels\" -}}\napp.kubernetes.io/name: {{ include \"enmasse-crd.name\" . }}\nhelm.sh/chart: {{ include \"enmasse-crd.chart\" . }}\napp.kubernetes.io/instance: {{ .Release.Name }}\n{{- if .Chart.AppVersion }}\napp.kubernetes.io/version: {{ .Chart.AppVersion | quote }}\n{{- end }}\napp.kubernetes.io/managed-by: {{ .Release.Service }}\n{{- end -}}\n\n{{/*\nCreate the name of the service account to use\n*/}}\n{{- define \"enmasse-crd.serviceAccountName\" -}}\n{{- if .Values.serviceAccount.create -}}\n    {{ default (include \"enmasse-crd.fullname\" .) .Values.serviceAccount.name }}\n{{- else -}}\n    {{ default \"default\" .Values.serviceAccount.name }}\n{{- end -}}\n{{- end -}}\n"
  },
  {
    "path": "charts/enmasse-crd/templates/addressplans.crd.yaml",
    "content": "apiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n  name: addressplans.admin.enmasse.io  \n  labels:\n{{ include \"enmasse-crd.labels\" . | indent 4 }}\nspec:\n  group: admin.enmasse.io\n  version: v1beta2\n  scope: Namespaced\n  names:\n    kind: AddressPlan\n    listKind: AddressPlanList\n    singular: addressplan\n    plural: addressplans\n  versions:\n    - name: v1beta2\n      served: true\n      storage: true\n    - name: v1beta1\n      served: true\n      storage: false\n    - name: v1alpha1\n      served: true\n      storage: false\n  validation:\n    openAPIV3Schema:\n      properties:\n        spec:\n          type: object\n          required:\n            - addressType\n            - resources\n          properties:\n            displayName:\n              type: string\n            displayOrder:\n              type: integer\n            shortDescription:\n              type: string\n            longDescription:\n              type: string\n            addressType:\n              type: string\n            partitions:\n              type: integer\n            resources:\n              type: object\n              properties:\n                router:\n                  type: number\n                broker:\n                  type: number\n        displayName:\n          type: string\n        displayOrder:\n          type: integer\n        shortDescription:\n          type: string\n        longDescription:\n          type: string\n        uuid:\n          type: string\n        addressType:\n          type: string\n        requiredResources:\n          type: array\n          items:\n            type: object\n            required:\n            - name\n            - credit\n            properties:\n              name:\n                type: string\n              credit:\n                type: number\n"
  },
  {
    "path": "charts/enmasse-crd/templates/addressspaceplans.crd.yaml",
    "content": "apiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n  name: addressspaceplans.admin.enmasse.io\n  labels:\n{{ include \"enmasse-crd.labels\" . | indent 4 }}\nspec:\n  group: admin.enmasse.io\n  version: v1beta2\n  scope: Namespaced\n  names:\n    kind: AddressSpacePlan\n    listKind: AddressSpacePlanList\n    singular: addressspaceplan\n    plural: addressspaceplans\n  versions:\n    - name: v1beta2\n      served: true\n      storage: true\n    - name: v1beta1\n      served: true\n      storage: false\n    - name: v1alpha1\n      served: true\n      storage: false\n  validation:\n    openAPIV3Schema:\n      properties:\n        spec:\n          type: object\n          required:\n            - addressSpaceType\n            - resourceLimits \n            - addressPlans\n            - infraConfigRef\n          properties:\n            displayName:\n              type: string\n            displayOrder:\n              type: integer\n            shortDescription:\n              type: string\n            longDescription:\n              type: string\n            addressSpaceType:\n              type: string\n            infraConfigRef:\n              type: string\n            resourceLimits:\n              type: object\n              properties:\n                aggregate:\n                  type: number\n                router:\n                  type: number\n                broker:\n                  type: number\n            addressPlans:\n              type: array\n              items:\n                type: string\n        displayName:\n          type: string\n        displayOrder:\n          type: integer\n        shortDescription:\n          type: string\n        longDescription:\n          type: string\n        uuid:\n          type: string\n        addressSpaceType:\n          type: string\n        resources:\n          type: array\n          items:\n            type: object\n            required:\n            - name\n            - max\n            properties:\n              name:\n                type: string\n              max:\n                type: number\n        addressPlans:\n          type: array\n          items:\n            type: string\n"
  },
  {
    "path": "charts/enmasse-crd/templates/authenticationservices.crd.yaml",
    "content": "apiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n  name: authenticationservices.admin.enmasse.io\n  labels:\n{{ include \"enmasse-crd.labels\" . | indent 4 }}\nspec:\n  group: admin.enmasse.io\n  version: v1beta1\n  scope: Namespaced\n  names:\n    kind: AuthenticationService\n    listKind: AuthenticationServiceList\n    singular: authenticationservice\n    plural: authenticationservices\n  validation:\n    openAPIV3Schema:\n      properties:\n        spec:\n          type: object\n          properties:\n            type:\n              type: string\n              enum:\n              - none\n              - standard\n              - external\n            realm:\n              type: string\n            none:\n              type: object\n              properties:\n                certificateSecret:\n                  type: object\n                  properties:\n                    name:\n                      type: string\n                    namespace:\n                      type: string\n                image:\n                  type: object\n                  properties:\n                    name:\n                      type: string\n                    pullPolicy:\n                      type: string\n                resources:\n                  type: object\n                  properties:\n                    requests:\n                      type: object\n                      properties:\n                        cpu:\n                          type: string\n                        memory:\n                          type: string\n                    limits:\n                      type: object\n                      properties:\n                        cpu:\n                          type: string\n                        memory:\n                          type: string\n            standard:\n              type: object\n              properties:\n                certificateSecret:\n                  type: object\n                  properties:\n                    name:\n                      type: string\n                    namespace:\n                      type: string\n                credentialsSecret:\n                  type: object\n                  properties:\n                    name:\n                      type: string\n                    namespace:\n                      type: string\n                initImage:\n                  type: object\n                  properties:\n                    name:\n                      type: string\n                    pullPolicy:\n                      type: string\n                jvmOptions:\n                  type: string\n                image:\n                  type: object\n                  properties:\n                    name:\n                      type: string\n                    pullPolicy:\n                      type: string\n                deploymentName:\n                  type: string\n                serviceName:\n                  type: string\n                routeName:\n                  type: string\n                storage:\n                  type: object\n                  required:\n                  - type\n                  properties:\n                    type:\n                      type: string\n                      enum:\n                      - ephemeral\n                      - persistent-claim\n                    class:\n                      type: string\n                    size:\n                      type: string\n                    claimName:\n                      type: string\n                    deleteClaim:\n                      type: boolean\n                resources:\n                  type: object\n                  properties:\n                    requests:\n                      type: object\n                      properties:\n                        cpu:\n                          type: string\n                        memory:\n                          type: string\n                    limits:\n                      type: object\n                      properties:\n                        cpu:\n                          type: string\n                        memory:\n                          type: string\n                datasource:\n                  type: object\n                  required:\n                  - type\n                  properties:\n                    type:\n                      type: string\n                    host:\n                      type: string\n                    port:\n                      type: integer\n                    database:\n                      type: string\n                    credentialsSecret:\n                      type: object\n                      properties:\n                        name:\n                          type: string\n                        namespace:\n                          type: string\n            external:\n              type: object\n              required:\n              - host\n              - port\n              properties:\n                allowOverride:\n                  type: boolean\n                host:\n                  type: string\n                port:\n                  type: integer\n                caCertSecret:\n                  type: object\n                  properties:\n                    name:\n                      type: string\n                    namespace:\n                      type: string\n                clientCertSecret:\n                  type: object\n                  properties:\n                    name:\n                      type: string\n                    namespace:\n                      type: string\n        status:\n          type: object\n          properties:\n            host:\n              type: string\n            port:\n              type: integer\n"
  },
  {
    "path": "charts/enmasse-crd/templates/brokeredinfraconfigs.crd.yaml",
    "content": "apiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n  name: brokeredinfraconfigs.admin.enmasse.io\n  labels:\n{{ include \"enmasse-crd.labels\" . | indent 4 }}\nspec:\n  group: admin.enmasse.io\n  version: v1beta1\n  scope: Namespaced\n  names:\n    kind: BrokeredInfraConfig\n    listKind: BrokeredInfraConfigList\n    singular: brokeredinfraconfig\n    plural: brokeredinfraconfigs\n  versions:\n    - name: v1beta1\n      served: true\n      storage: true\n    - name: v1alpha1\n      served: true\n      storage: false\n  validation:\n    openAPIV3Schema:\n      properties:\n        spec:\n          type: object\n          properties:\n            version:\n              type: string\n            networkPolicy:\n              type: object\n              properties:\n                ingress:\n                  type: array\n                egress:\n                  type: array\n            admin:\n              type: object\n              properties:\n                podTemplate:\n                  type: object\n                  properties:\n                    metadata:\n                      type: object\n                      properties:\n                        labels:\n                          type: object\n                    spec:\n                      type: object\n                      properties:\n                        affinity:\n                          type: object\n                        tolerations:\n                          type: array\n                          items:\n                            type: object\n                        priorityClassName:\n                          type: string\n                        containers:\n                          type: array\n                          items:\n                            type: object\n                            properties:\n                              resources:\n                                type: object\n                resources:\n                  type: object\n                  properties:\n                    memory:\n                      type: string\n            broker:\n              type: object\n              properties:\n                podTemplate:\n                  type: object\n                  properties:\n                    metadata:\n                      type: object\n                      properties:\n                        labels:\n                          type: object\n                    spec:\n                      type: object\n                      properties:\n                        affinity:\n                          type: object\n                        tolerations:\n                          type: array\n                        priorityClassName:\n                          type: string\n                        resources:\n                          type: object\n                resources:\n                  type: object\n                  properties:\n                    memory:\n                      type: string\n                    storage:\n                      type: string\n                addressFullPolicy:\n                  type: string\n                  enum:\n                  - PAGE\n                  - BLOCK\n                  - FAIL\n                  - DROP\n                storageClassName:\n                  type: string\n                updatePersistentVolumeClaim:\n                  type: boolean\n"
  },
  {
    "path": "charts/enmasse-crd/templates/consoleservices.crd.yaml",
    "content": "apiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n  name: consoleservices.admin.enmasse.io\n  labels:\n{{ include \"enmasse-crd.labels\" . | indent 4 }}\nspec:\n  group: admin.enmasse.io\n  version: v1beta1\n  scope: Namespaced\n  names:\n    kind: ConsoleService\n    listKind: ConsoleServiceList\n    singular: consoleservice\n    plural: consoleservices\n  validation:\n    openAPIV3Schema:\n      properties:\n        spec:\n          type: object\n          properties:\n            discoveryMetadataURL:\n              type: string\n            certificateSecret:\n              type: object\n              properties:\n                name:\n                  type: string\n                namespace:\n                  type: string\n            oauthClientSecret:\n              type: object\n              properties:\n                name:\n                  type: string\n                namespace:\n                  type: string\n            ssoCookieSecret:\n              type: object\n              properties:\n                name:\n                  type: string\n                namespace:\n                  type: string\n            ssoCookieDomain:\n              type: string\n            scope:\n              type: string\n            host:\n              type: string\n        status:\n          type: object\n          properties:\n            host:\n              type: string\n            port:\n              type: integer\n            caCertSecret:\n              type: object\n              properties:\n                name:\n                  type: string\n\n"
  },
  {
    "path": "charts/enmasse-crd/templates/iotconfigs.crd.yaml",
    "content": "apiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n  name: iotconfigs.iot.enmasse.io\n  labels:\n{{ include \"enmasse-crd.labels\" . | indent 4 }}\nspec:\n  group: iot.enmasse.io\n  version: v1alpha1\n  scope: Namespaced\n  names:\n    kind: IoTConfig\n    plural: iotconfigs\n    singular: iotconfig\n    shortNames:\n    - icfg\n  additionalPrinterColumns:\n  - name: Phase\n    type: string\n    description: Phase of the IoT config\n    JSONPath: .status.phase\n  subresources:\n    status: {}\n"
  },
  {
    "path": "charts/enmasse-crd/templates/iotprojects.crd.yaml",
    "content": "apiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n  name: iotprojects.iot.enmasse.io\n  labels:\n{{ include \"enmasse-crd.labels\" . | indent 4 }}\n    enmasse-component: iot\nspec:\n  group: iot.enmasse.io\n  version: v1alpha1\n  scope: Namespaced\n  names:\n    kind: IoTProject\n    plural: iotprojects\n    singular: iotproject\n    shortNames:\n    - itp\n  additionalPrinterColumns:\n  - name: IoT tenant\n    type: string\n    description: The name of the IoT tenant\n    JSONPath: .status.tenantName\n  - name: Downstream Host\n    type: string\n    description: The endpoint host name\n    JSONPath: .status.downstreamEndpoint.host\n  - name: Downstream Port\n    type: integer\n    description: The endpoint port number\n    JSONPath: .status.downstreamEndpoint.port\n  - name: TLS\n    type: boolean\n    description: If TLS is enabled\n    JSONPath: .status.downstreamEndpoint.tls\n  - name: Phase\n    type: string\n    description: Phase of the IoT project\n    JSONPath: .status.phase\n  subresources:\n    status: {}\n"
  },
  {
    "path": "charts/enmasse-crd/templates/standardinfraconfigs.crd.yaml",
    "content": "apiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n  name: standardinfraconfigs.admin.enmasse.io\n  labels:\n{{ include \"enmasse-crd.labels\" . | indent 4 }}\nspec:\n  group: admin.enmasse.io\n  version: v1beta1\n  scope: Namespaced\n  names:\n    kind: StandardInfraConfig\n    listKind: StandardInfraConfigList\n    singular: standardinfraconfig\n    plural: standardinfraconfigs\n  versions:\n    - name: v1beta1\n      served: true\n      storage: true\n    - name: v1alpha1\n      served: true\n      storage: false\n  validation:\n    openAPIV3Schema:\n      properties:\n        spec:\n          type: object\n          properties:\n            version:\n              type: string\n            networkPolicy:\n              type: object\n              properties:\n                ingress:\n                  type: array\n                egress:\n                  type: array\n            admin:\n              type: object\n              properties:\n                resources:\n                  type: object\n                  properties:\n                    memory:\n                      type: string\n                podTemplate:\n                  type: object\n                  properties:\n                    metadata:\n                      type: object\n                      properties:\n                        labels:\n                          type: object\n                    spec:\n                      type: object\n                      properties:\n                        affinity:\n                          type: object\n                        tolerations:\n                          type: array\n                          items:\n                            type: object\n                        priorityClassName:\n                          type: string\n                        containers:\n                          type: array\n                          items:\n                            type: object\n                            properties:\n                              resources:\n                                type: object\n            broker:\n              type: object\n              properties:\n                podTemplate:\n                  type: object\n                  properties:\n                    metadata:\n                      type: object\n                      properties:\n                        labels:\n                          type: object\n                    spec:\n                      type: object\n                      properties:\n                        affinity:\n                          type: object\n                        tolerations:\n                          type: array\n                        priorityClassName:\n                          type: string\n                        resources:\n                          type: object\n                resources:\n                  type: object\n                  properties:\n                    memory:\n                      type: string\n                    storage:\n                      type: string\n                addressFullPolicy:\n                  type: string\n                  enum:\n                  - PAGE\n                  - BLOCK\n                  - FAIL\n                  - DROP\n                storageClassName:\n                  type: string\n                updatePersistentVolumeClaim:\n                  type: boolean\n                connectorIdleTimeout:\n                  type: integer\n                connectorWorkerThreads:\n                  type: integer\n            router:\n              type: object\n              properties:\n                podTemplate:\n                  type: object\n                  properties:\n                    metadata:\n                      type: object\n                      properties:\n                        labels:\n                          type: object\n                    spec:\n                      type: object\n                      properties:\n                        affinity:\n                          type: object\n                        tolerations:\n                          type: array\n                        priorityClassName:\n                          type: string\n                        resources:\n                          type: object\n                resources:\n                  type: object\n                  properties:\n                    memory:\n                      type: string\n                minReplicas:\n                  type: integer\n                linkCapacity:\n                  type: integer\n                idleTimeout:\n                  type: integer\n                workerThreads:\n                  type: integer\n                policy:\n                  type: object\n                  properties:\n                    maxConnections:\n                      type: integer\n                    maxConnectionsPerUser:\n                      type: integer\n                    maxConnectionsPerHost:\n                      type: integer\n                    maxSessionsPerConnection:\n                      type: integer\n                    maxSendersPerConnection:\n                      type: integer\n                    maxReceiversPerConnection:\n                      type: integer\n"
  },
  {
    "path": "charts/enmasse-crd/values.yaml",
    "content": ""
  },
  {
    "path": "charts/error-pages/.helmignore",
    "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n.vscode/\n"
  },
  {
    "path": "charts/error-pages/Chart.yaml",
    "content": "apiVersion: v1\nappVersion: \"1.0\"\ndescription: A Helm chart for Kubernetes error pages for traefik\nname: error-pages\nversion: 1.0.0\nhome: https://github.com/kiwigrid/helm-charts\nsources:\n- https://github.com/kiwigrid/helm-charts\nmaintainers:\n- name: rpahli\n  email: rico.pahlisch@kiwigrid.com\n"
  },
  {
    "path": "charts/error-pages/README.md",
    "content": "# Global Error Pages\n\n## Introduction\n\nThis chart installs a controller for [Traefik](https://traefik.io/) global [error pages](https://docs.traefik.io/configuration/backends/kubernetes/#global-default-backend-ingresses). This service creates a global ingress rule which match all unmatched ingress rules. You can use any container you want. The container must expose the error page at the `/` path. The only error which is handled by traefik over this service by default is the `404` error.\n\n\n## Prerequisites\n\n-   Has been tested on Kubernetes 1.11+\n\n## Installing the Chart\n\nTo install the chart with the release name `error-pages`, run the following command:\n\n```bash\n$ helm install kiwigrid/error-pages --name error-pages --values=my-values.yaml\n```\n\n## Uninstalling the Chart\n\nTo uninstall/delete the `error-pages` deployment:\n\n```bash\n$ helm delete error-pages\n```\n\nThe command removes all the Kubernetes components associated with the chart and deletes the release.\n\n> **Tip**: To completely remove the release, run `helm delete --purge error-pages`\n\n## Configuration\n\nThe following table lists the configurable parameters of the error-pages chart and their default values.\n\n| Parameter                                  | Description                               | Default                            |\n| ------------------------------------------ | ----------------------------------------- | ---------------------------------- |\n| `replicaCount` | replica count | `1`|\n| `updateStrategy` | Deployment update strategy | `type: RollingUpdate` |\n| `image.repository` | Docker image repo | `guillaumebriday/traefik-custom-error-pages`|\n| `image.tag` | Docker image tag | `latest`|\n| `image.pullPolicy` | Docker image pull policy| `IfNotPresent`|\n| `resources` | Resources | `{}`|\n| `nodeSelector` | NodeSelector | `{}`|\n| `tolerations` | Tolerations | `[]`|\n| `affinity` | Affinity | `{}`|\n\nSpecify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example:\n\n```bash\n$ helm install --name error-pages --set ingress.enabled=false kiwigrid/error-pages\n```\n\nAlternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart.\n"
  },
  {
    "path": "charts/error-pages/templates/NOTES.txt",
    "content": "Your error page service is up and running"
  },
  {
    "path": "charts/error-pages/templates/_helpers.tpl",
    "content": "{{/* vim: set filetype=mustache: */}}\n{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"error-pages.name\" -}}\n{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCreate a default fully qualified app name.\nWe truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).\nIf release name contains chart name it will be used as a full name.\n*/}}\n{{- define \"error-pages.fullname\" -}}\n{{- if .Values.fullnameOverride -}}\n{{- .Values.fullnameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- $name := default .Chart.Name .Values.nameOverride -}}\n{{- if contains $name .Release.Name -}}\n{{- .Release.Name | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- printf \"%s-%s\" .Release.Name $name | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n{{- end -}}\n{{- end -}}\n\n{{/*\nCreate chart name and version as used by the chart label.\n*/}}\n{{- define \"error-pages.chart\" -}}\n{{- printf \"%s-%s\" .Chart.Name .Chart.Version | replace \"+\" \"_\" | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n"
  },
  {
    "path": "charts/error-pages/templates/deployment.yaml",
    "content": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: {{ include \"error-pages.fullname\" . }}\n  labels:\n    app.kubernetes.io/name: {{ include \"error-pages.name\" . }}\n    helm.sh/chart: {{ include \"error-pages.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  replicas: {{ .Values.replicaCount }}\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"error-pages.name\" . }}\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"error-pages.name\" . }}\n        app.kubernetes.io/instance: {{ .Release.Name }}\n    spec:\n      containers:\n        - name: {{ .Chart.Name }}\n          image: \"{{ .Values.image.repository }}:{{ .Values.image.tag }}\"\n          imagePullPolicy: {{ .Values.image.pullPolicy }}\n          ports:\n            - name: http\n              containerPort: 80\n              protocol: TCP\n          resources:\n            {{- toYaml .Values.resources | nindent 12 }}\n      {{- with .Values.nodeSelector }}\n      nodeSelector:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n    {{- with .Values.affinity }}\n      affinity:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- with .Values.tolerations }}\n      tolerations:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n"
  },
  {
    "path": "charts/error-pages/templates/ingress.yaml",
    "content": "{{- if .Values.ingress.enabled -}}\n{{- $fullName := include \"error-pages.fullname\" . -}}\napiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n  name: {{ $fullName }}\n  labels:\n    app.kubernetes.io/name: {{ include \"error-pages.name\" . }}\n    helm.sh/chart: {{ include \"error-pages.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\n  annotations:\n    traefik.ingress.kubernetes.io/error-pages: |-\n      foo:\n        status:\n        - \"404\"\n        - \"503\"\n        backend: global-default-backend\n        query: \"/{status}.html\"\n  {{- with .Values.ingress.annotations }}\n    {{- toYaml . | nindent 4 }}\n  {{- end }}\nspec:\n  backend:\n    serviceName: {{ $fullName }}\n    servicePort: http\n{{- end }}\n"
  },
  {
    "path": "charts/error-pages/templates/service.yaml",
    "content": "apiVersion: v1\nkind: Service\nmetadata:\n  name: {{ include \"error-pages.fullname\" . }}\n  labels:\n    app.kubernetes.io/name: {{ include \"error-pages.name\" . }}\n    helm.sh/chart: {{ include \"error-pages.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  type: {{ .Values.service.type }}\n  ports:\n    - port: {{ .Values.service.port }}\n      targetPort: http\n      protocol: TCP\n      name: http\n  selector:\n    app.kubernetes.io/name: {{ include \"error-pages.name\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n"
  },
  {
    "path": "charts/error-pages/values.yaml",
    "content": "# Default values for error-pages.\n# This is a YAML-formatted file.\n# Declare variables to be passed into your templates.\n\nreplicaCount: 1\n\nimage:\n  repository: guillaumebriday/traefik-custom-error-pages\n  tag: latest\n  pullPolicy: IfNotPresent\n\nnameOverride: \"\"\nfullnameOverride: \"\"\n\nservice:\n  type: ClusterIP\n  port: 80\n\ningress:\n  enabled: false\n  annotations: {}\n\nresources: {}\n  # We usually recommend not to specify default resources and to leave this as a conscious\n  # choice for the user. This also increases chances charts run on environments with little\n  # resources, such as Minikube. If you do want to specify resources, uncomment the following\n  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.\n  # limits:\n  #   cpu: 100m\n  #   memory: 128Mi\n  # requests:\n  #   cpu: 100m\n  #   memory: 128Mi\n\nnodeSelector: {}\n\ntolerations: []\n\naffinity: {}\n"
  },
  {
    "path": "charts/fluentd-elasticsearch/Chart.yaml",
    "content": "apiVersion: v1\nname: fluentd-elasticsearch\nversion: 9.6.2\nappVersion: 3.0.4\nhome: https://www.fluentd.org/\ndescription: A Fluentd Helm chart for Kubernetes with Elasticsearch output\nicon: https://raw.githubusercontent.com/fluent/fluentd-docs/master/public/logo/Fluentd_square.png\nkeywords:\n- fluentd\n- elasticsearch\n- multiline\n- detect-exceptions\n- logging\nsources:\n- https://github.com/kiwigrid/helm-charts/tree/master/charts/fluentd-elasticsearch\n- https://github.com/fluent/fluentd-kubernetes-daemonset\n- https://github.com/GoogleCloudPlatform/fluent-plugin-detect-exceptions\n- https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/fluentd-elasticsearch/fluentd-es-image\nengine: gotpl\ndeprecated: true\n"
  },
  {
    "path": "charts/fluentd-elasticsearch/OWNERS",
    "content": "approvers:\n- axdotl\n- monotek\nreviewers:\n- axdotl\n- monotek\n"
  },
  {
    "path": "charts/fluentd-elasticsearch/README.md",
    "content": "# !DEPRECATED! - Fluentd Elasticsearch\n\n**!! Chart has been deprecated and moved to <https://github.com/kokuwaio/helm-charts/tree/main/charts/fluentd-elasticsearch> !!**\n\n\n- Installs [Fluentd](https://www.fluentd.org/) log forwarder.\n\n## TL;DR\n\n```console\nhelm install kiwigrid/fluentd-elasticsearch\n```\n\n## Introduction\n\nThis chart bootstraps a [Fluentd](https://www.fluentd.org/) daemonset on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.\nIt's meant to be a drop in replacement for fluentd-gcp on GKE which sends logs to Google's Stackdriver service, but can also be used in other places where logging to ElasticSearch is required.\nThe used Docker image also contains Google's detect exceptions (for Java multiline stacktraces), Prometheus exporter, Kubernetes metadata filter & Systemd plugins.\n\n## Prerequisites\n\n- Kubernetes 1.8+ with Beta APIs enabled\n\n## Installing the Chart\n\nTo install the chart with the release name `my-release`:\n\n```console\nhelm install --name my-release kiwigrid/fluentd-elasticsearch\n```\n\nThe command deploys fluentd-elasticsearch on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.\n\n## Uninstalling the Chart\n\nTo uninstall/delete the `my-release` deployment:\n\n```console\nhelm delete my-release\n```\n\nThe command removes all the Kubernetes components associated with the chart and deletes the release.\n\n## Configuration\n\nThe following table lists the configurable parameters of the Fluentd elasticsearch chart and their default values.\n\n| Parameter                                            | Description                                                                    | Default                                            |\n| ---------------------------------------------------- | ------------------------------------------------------------------------------ | -------------------------------------------------- |\n| `affinity`                                           | Optional daemonset affinity                                                    | `{}`                                               |\n| `annotations`                                        | Optional daemonset annotations                                                 | `NULL`                                             |\n| `podAnnotations`                                     | Optional daemonset's pods annotations                                          | `NULL`                                             |\n| `configMaps.useDefaults.systemConf`                  | Use default system.conf                                                        | true                                               |\n| `configMaps.useDefaults.containersInputConf`         | Use default containers.input.conf                                              | true                                               |\n| `configMaps.useDefaults.systemInputConf`             | Use default system.input.conf                                                  | true                                               |\n| `configMaps.useDefaults.forwardInputConf`            | Use default forward.input.conf                                                 | true                                               |\n| `configMaps.useDefaults.monitoringConf`              | Use default monitoring.conf                                                    | true                                               |\n| `configMaps.useDefaults.outputConf`                  | Use default output.conf                                                        | true                                               |\n| `extraConfigMaps`                                    | Add additional Configmap or overwrite disabled default                         | `{}`                                               |\n| `awsSigningSidecar.enabled`                          | Enable AWS request signing sidecar                                             | `false`                                            |\n| `awsSigningSidecar.resources`                        | AWS Sidecar resources                                                          | `{}`                                               |\n| `awsSigningSidecar.network.port`                     | AWS Sidecar exposure port                                                      | `8080`                                             |\n| `awsSigningSidecar.network.address`                  | AWS Sidecar listen address                                                     | `localhost`                                        |\n| `awsSigningSidecar.network.remoteReadTimeoutSeconds` | AWS Sidecar socket read timeout when talking to ElasticSearch                  | `15`                                               |\n| `awsSigningSidecar.image.repository`                 | AWS signing sidecar repository image                                           | `abutaha/aws-es-proxy`                             |\n| `awsSigningSidecar.image.tag`                        | AWS signing sidecar repository tag                                             | `v1.0`                                             |\n| `elasticsearch.auth.enabled`                         | Elasticsearch Auth enabled                                                     | `false`                                            |\n| `elasticsearch.auth.user`                            | Elasticsearch Auth User                                                        | `\"\"`                                               |\n| `elasticsearch.auth.password`                        | Elasticsearch Auth Password                                                    | `\"\"`                                               |\n| `elasticsearch.setOutputHostEnvVar`                  | Use `elasticsearch.hosts` (Disable this to manually configure hosts)           | `true`                                             |\n| `elasticsearch.hosts`                                | Elasticsearch Hosts List (host and port)                                       | `[\"elasticsearch-client:9200\"]`                    |\n| `elasticsearch.includeTagKey`                        | Elasticsearch Including of Tag key                                             | `true`                                             |\n| `elasticsearch.logstash.enabled`                     | Elasticsearch Logstash enabled (supersedes indexName)                          | `true`                                             |\n| `elasticsearch.logstash.prefix`                      | Elasticsearch Logstash prefix                                                  | `logstash`                                         |\n| `elasticsearch.logstash.prefixSeparator`             | Elasticsearch Logstash prefix separator                                        | `-`                                                |\n| `elasticsearch.logstash.dateformat`                  | Elasticsearch Logstash strftime format to generate index target index name     | `%Y.%m.%d`                                         |\n| `elasticsearch.ilm.enabled`                      |   | Elasticsearch Index Lifecycle Management enabled                               | `false`\n| `elasticsearch.ilm.policy_id`                    |   | Elasticsearch ILM policy ID                                                    | `logstash-policy`\n| `elasticsearch.ilm.policy`                       |   | Elasticsearch ILM policy to create                                       | `{}`\n| `elasticsearch.ilm.policies`                     |   | Elasticsearch ILM policies to create, map of policy IDs and policies                                        | `{}`\n| `elasticsearch.ilm.policy_overwrite`             |   | Elastichsarch ILM policy overwrite                                             | `false`\n| `elasticsearch.indexName`                            | Elasticsearch Index Name                                                       | `fluentd`                                          |\n| `elasticsearch.path`                                 | Elasticsearch Path                                                             | `\"\"`                                               |\n| `elasticsearch.scheme`                               | Elasticsearch scheme setting                                                   | `http`                                             |\n| `elasticsearch.sslVerify`                            | Elasticsearch Auth SSL verify                                                  | `true`                                             |\n| `elasticsearch.sslVersion`                           | Elasticsearch tls version setting                                              | `TLSv1_2`                                          |\n| `elasticsearch.outputType`                           | Elasticsearch output type                                                      | `elasticsearch`                                    |\n| `elasticsearch.typeName`                             | Elasticsearch type name                                                        | `_doc`                                             |\n| `elasticsearch.logLevel`                             | Elasticsearch global log level                                                 | `info`                                             |\n| `elasticsearch.reconnectOnError`                     | Elasticsearch Reconnect on error                                               | `true`                                             |\n| `elasticsearch.reloadOnFailure`                      | Elasticsearch Reload on failure                                                | `false`                                            |\n| `elasticsearch.reloadConnections`                    | Elasticsearch reload connections                                               | `false`                                            |\n| `elasticsearch.requestTimeout`                       | Elasticsearch request timeout                                                  | `5s`                                               |\n| `elasticsearch.suppressTypeName                      | Elasticsearch type name suppression (for ES >= 7)                              | `false`                                               |\n| `elasticsearch.buffer.enabled`                       | Elasticsearch Buffer enabled                                                   | `true`                                             |\n| `elasticsearch.buffer.type`                          | Elasticsearch Buffer type                                                      | `file`                                             |\n| `elasticsearch.buffer.path`                          | Elasticsearch Buffer path                                                      | `/var/log/fluentd-buffers/kubernetes.system.buffer`|\n| `elasticsearch.buffer.flushMode`                     | Elasticsearch Buffer flush mode                                                | `interval`                                         |\n| `elasticsearch.buffer.retryType`                     | Elasticsearch Buffer retry type                                                | `exponential_backoff`                              |\n| `elasticsearch.buffer.flushThreadCount`              | Elasticsearch Buffer flush thread count                                        | `2`                                                |\n| `elasticsearch.buffer.flushInterval`                 | Elasticsearch Buffer flush interval                                            | `5s`                                               |\n| `elasticsearch.buffer.retryForever`                  | Elasticsearch Buffer retry forever                                             | `true`                                             |\n| `elasticsearch.buffer.retryMaxInterval`              | Elasticsearch Buffer retry max interval                                        | `30`                                               |\n| `elasticsearch.buffer.chunkLimitSize`                | Elasticsearch Buffer chunk limit size                                          | `2M`                                               |\n| `elasticsearch.buffer.queueLimitLength`              | Elasticsearch Buffer queue limit size                                          | `8`                                                |\n| `elasticsearch.buffer.overflowAction`                | Elasticsearch Buffer over flow action                                          | `block`                                            |\n| `env`                                                | List of env vars that are added to the fluentd pods                            | `{}`                                               |\n| `fluentdArgs`                                        | Fluentd args                                                                   | `--no-supervisor -q`                               |\n| `secret`                                             | List of env vars that are set from secrets and added to the fluentd pods       | `[]`                                               |\n| `extraVolumeMounts`                                  | Mount extra volume, required to mount ssl certificates when ES has tls enabled | `[]`                                               |\n| `extraVolume`                                        | Extra volume                                                                   | `[]`                                               |\n| `hostLogDir.varLog`                                  | Specify where fluentd can find var log                                         | `/var/log`                                         |\n| `hostLogDir.dockerContainers`                        | Specify where fluentd can find logs for docker container                       | `/var/lib/docker/containers`                       |\n| `hostLogDir.libSystemdDir`                           | Specify where fluentd can find logs for lib Systemd                            | `/usr/lib64`                                       |\n| `image.repository`                                   | Image                                                                          | `quay.io/fluentd_elasticsearch/fluentd`            |\n| `image.tag`                                          | Image tag                                                                      | `v3.0.2`                                           |\n| `image.pullPolicy`                                   | Image pull policy                                                              | `IfNotPresent`                                     |\n| `image.pullSecrets`                                  | Image pull secrets                                                             | ``                                                 |\n| `livenessProbe.enabled`                              | Whether to enable livenessProbe                                                | `true`                                             |\n| `livenessProbe.initialDelaySeconds`                  | livenessProbe initial delay seconds                                            | `600`                                              |\n| `livenessProbe.periodSeconds`                        | livenessProbe period seconds                                                   | `60`                                               |\n| `livenessProbe.kind`                                 | livenessProbe kind                                                             | `Set to a Linux compatible command`                |\n| `nodeSelector`                                       | Optional daemonset nodeSelector                                                | `{}`                                               |\n| `podSecurityPolicy.annotations`                      | Specify pod annotations in the pod security policy                             | `{}`                                               |\n| `podSecurityPolicy.enabled`                          | Specify if a pod security policy must be created                               | `false`                                            |\n| `priorityClassName`                                  | Optional PriorityClass for pods                                                | `\"\"`                                               |\n| `prometheusRule.enabled`                             | Whether to enable Prometheus prometheusRule                                    | `false`                                            |\n| `prometheusRule.prometheusNamespace`                 | Namespace for prometheusRule                                                   | `monitoring`                                       |\n| `prometheusRule.labels`                              | Optional labels for prometheusRule                                             | `{}`                                               |\n| `rbac.create`                                        | RBAC                                                                           | `true`                                             |\n| `resources.limits.cpu`                               | CPU limit                                                                      | `100m`                                             |\n| `resources.limits.memory`                            | Memory limit                                                                   | `500Mi`                                            |\n| `resources.requests.cpu`                             | CPU request                                                                    | `100m`                                             |\n| `resources.requests.memory`                          | Memory request                                                                 | `200Mi`                                            |\n| `service`                                            | Service definition                                                             | `{}`                                               |\n| `service.ports`                                      | List of service ports dict [{name:...}...]                                     | Not Set                                            |\n| `service.ports[].type`                               | Service type (ClusterIP/NodePort)                                              | `ClusterIP`                                        |\n| `service.ports[].name`                               | One of service ports name                                                      | Not Set                                            |\n| `service.ports[].port`                               | Service port                                                                   | Not Set                                            |\n| `service.ports[].nodePort`                           | NodePort port (when service.type is NodePort)                                  | Not Set                                            |\n| `service.ports[].protocol`                           | Service protocol(optional, can be TCP/UDP)                                     | Not Set                                            |\n| `serviceAccount.create`                              | Specifies whether a service account should be created.                         | `true`                                             |\n| `serviceAccount.name`                                | Name of the service account.                                                   | `\"\"`                                               |\n| `serviceAccount.annotations`                         | Specify annotations in the pod service account                                 | `{}`                                               |\n| `serviceMetric.enabled`                              | Generate the metric service regardless of whether serviceMonitor is enabled.   | `false`                                            |\n| `serviceMonitor.enabled`                             | Whether to enable Prometheus serviceMonitor                                    | `false`                                            |\n| `serviceMonitor.port`                                | Define on which port the ServiceMonitor should scrape                          | `24231`                                            |\n| `serviceMonitor.interval`                            | Interval at which metrics should be scraped                                    | `10s`                                              |\n| `serviceMonitor.path`                                | Path for Metrics                                                               | `/metrics`                                         |\n| `serviceMonitor.labels`                              | Optional labels for serviceMonitor                                             | `{}`                                               |\n| `serviceMonitor.metricRelabelings`                   | Optional metric relabel configs to apply to samples before ingestion           | `[]`                                               |\n| `serviceMonitor.relabelings`                         | Optional relabel configs to apply to samples before scraping                   | `[]`                                               |\n| `serviceMonitor.jobLabel`                            | Label whose value will define the job name                                     | `app.kubernetes.io/instance`                       |\n| `serviceMonitor.type`                                | Optional the type of the metrics service                                       | `ClusterIP`                                        |\n| `tolerations`                                        | Optional daemonset tolerations                                                 | `[]`                                               |\n| `updateStrategy`                                     | Optional daemonset update strategy                                             | `type: RollingUpdate`                              |\n\nSpecify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,\n\n```console\nhelm install --name my-release kiwigrid/fluentd-elasticsearch\n```\n\nAlternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,\n\n```console\nhelm install --name my-release -f values.yaml kiwigrid/fluentd-elasticsearch\n```\n\n## Installation\n\n### IBM IKS\n\nFor IBM IKS path `/var/log/pods` must be mounted, otherwise only kubelet logs would be available\n\n```yaml\nextraVolumeMounts: |\n    - name: pods\n      mountPath: /var/log/pods\n      readOnly: true\n\nextraVolumes: |\n    - name: pods\n      hostPath:\n        path: \"/var/log/pods\"\n        type: Directory\n```\n\n### AWS Elasticsearch Domains\n\nAWS Elasticsearch requires requests to upload data to be signed using [AWS Signature V4](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). In order to support this, you can add `awsSigningSidecar: {enabled: true}` to your configuration. This results in a sidecar container being deployed that proxies all requests to your Elasticsearch domain and signs them appropriately.\n\n## Upgrading\n\n### From a version < 2.0.0\n\nWhen you upgrade this chart you have to add the \"--force\" parameter to your helm upgrade command as there have been changes to the lables which makes a normal upgrade impossible.\n\n### From a version &ge; 4.9.3 to version &ge; 5.0.0\n\nWhen upgrading this chart you need to rename `livenessProbe.command` parameter to `livenessProbe.kind.exec.command` (only applicable if `livenessProbe.command` parameter was used).\n\n### From a version &lt; 6.0.0 to version &ge; 6.0.0\n\nWhen upgrading this chart  you have to perform updates for any system that\nuses fluentd output from systemd logs, because now:\n\n- field names have removed leading underscores (`_pid` becomes `pid`)\n- field names from systemd are now lowercase (`PROCESS` becomes `process`)\n\nThis means any system that uses fluend output needs to be updated,\nespecially:\n\n- in Kibana go to `Management > Index Patterns`, for each index click on\n   `Refresh field list` icon\n- fix renamed fields in other places - such as Kibana or Grafana, in items\n  such as dashboards queries/vars/annotations\n\nIt is strongly suggested to set up temporarily new fluentd instance with output\nto another elasticsearch index prefix to see the differences and then apply changes. The amount of fields altered can be noticeable and hard to list them all in this document.\n\nSome dashboards can be easily fixed with sed:\n\n```bash\ncat dashboard.json | sed -e 's/_PID/pid/g'\n```\n\nBelow list of most commonly used systemd fields:\n\n```text\n__MONOTONIC_TIMESTAMP\n__REALTIME_TIMESTAMP\n_BOOT_ID\n_CAP_EFFECTIVE\n_CMDLINE\n_COMM\n_EXE\n_GID\n_HOSTNAME\n_MACHINE_ID\n_PID\n_SOURCE_REALTIME_TIMESTAMP\n_SYSTEMD_CGROUP\n_SYSTEMD_SLICE\n_SYSTEMD_UNIT\n_TRANSPORT\n_UID\nCODE_FILE\nCODE_FUNC\nCODE_FUNCTION\nCODE_LINE\nMESSAGE\nMESSAGE_ID\nNM_LOG_DOMAINS\nNM_LOG_LEVEL\nPRIORITY\nSYSLOG_FACILITY\nSYSLOG_IDENTIFIER\nSYSLOG_PID\nTIMESTAMP_BOOTTIME\nTIMESTAMP_MONOTONIC\nUNIT\n```\n\n### From a version <= 6.3.0 to version => 7.0.0\n\nThe additional plugins option has been removed as the used container image does not longer contains the build tools needed to build the plugins. Please use an own container image containing the plugins you want to use.\n\n### From a version < 8.0.0 to version => 8.0.0\n\n> Both `elasticsearch.host` and `elasticsearch.port` are removed in favor of `elasticsearch.hosts`\n\nYou can now [configure multiple elasticsearch hosts](https://docs.fluentd.org/output/elasticsearch#hosts-optional) as target for fluentd.\n\nThe following parameters are deprecated and will be replaced by `elasticsearch.hosts` with a default value of `[\"elasticsearch-client:9200\"]`\n```yaml\nelasticsearch:\n  host: elasticsearch-client\n  port: 9200\n```\n\nYou can use any yaml array syntax:\n```yaml\nelasticsearch:\n  hosts: [\"elasticsearch-node-1:9200\", \"elasticsearch-node-2:9200\"]\n```\n```yaml\nelasticsearch:\n  hosts:\n    - \"elasticsearch-node-1:9200\"\n    - \"elasticsearch-node-2:9200\"\n```\n\nIf were using `--set elasticsearch.host=elasticsearch-client --set elasticsearch.port=9200` previously, you will need to pass those values as an array as in `--set elasticsearch.host=\"{elasticsearch-client:9200}\"`. The quotes around the curly brackets are important in order to make sure your shell passes the string through without processing it.\n\nNote:\n> If you are using the AWS Sidecar, only the first host in the array is used. [Aws-es-proxy](https://github.com/abutaha/aws-es-proxy) is limited to one endpoint.\n\n### From a version < 8.0.0 to version => 9.0.0\nIn this version elasticsearch template in `output.conf` configmap was expanded to be fully configured from `values.yaml`\n - decide if to add a `logstash` - toggle `logstash.enabled`\n - decide if to add a `buffer` - toggle `buffer.enabled`\n#### The following fields were removed from the elasticsearch block in vlaues.yaml\n - `bufferChunkLimit` in favor of `buffer.chunkLimitSize`\n - `bufferQueueLimit` in favor of `buffer.queueLimitLength`\n - `logstashPrefix` in favor of `logstash.enabled` and `logstash.prefix`\n#### The following fields were added\n - `reconnectOnError`\n - `reloadOnFailure`\n - `reloadConnections`\n - `buffer.enabled`\n - `buffer.type`\n - `buffer.path`\n - `buffer.flushMode`\n - `buffer.retryType`\n - `buffer.flushThreadCount`\n - `buffer.flushInterval`\n - `buffer.retryForever`\n - `buffer.retryMaxInterval`\n - `buffer.chunkLimitSize`\n - `buffer.queueLimitLength`\n - `buffer.overflowAction`\n"
  },
  {
    "path": "charts/fluentd-elasticsearch/templates/NOTES.txt",
    "content": "1. To verify that Fluentd has started, run:\n\n  kubectl --namespace={{ .Release.Namespace }} get pods -l \"app.kubernetes.io/name={{ include \"fluentd-elasticsearch.name\" . }},app.kubernetes.io/instance={{ .Release.Name }}\"\n\nTHIS APPLICATION CAPTURES ALL CONSOLE OUTPUT AND FORWARDS IT TO elasticsearch . Anything that might be identifying,\nincluding things like IP addresses, container images, and object names will NOT be anonymized.\n\n{{- if .Values.service }}\n2. Get the application URL by running these commands:\n{{- range $port := .Values.service.ports }}\n{{- $service_type := $port.type | default \"ClusterIP\" -}}\n{{- if contains \"NodePort\" $service_type }}\n  export NODE_PORT=$(kubectl get --namespace {{ $.Release.Namespace }} -o jsonpath=\"{.spec.ports[0].nodePort}\" services {{ include \"fluentd-elasticsearch.fullname\" $ }})\n  export NODE_IP=$(kubectl get nodes --namespace {{ $.Release.Namespace }} -o jsonpath=\"{.items[0].status.addresses[0].address}\")\n  echo http://$NODE_IP:$NODE_PORT\n{{- else if contains \"LoadBalancer\" $service_type }}\n     NOTE: It may take a few minutes for the LoadBalancer IP to be available.\n           You can watch the status of by running 'kubectl get svc -w {{ include \"fluentd-elasticsearch.fullname\" $ }}'\n  export SERVICE_IP=$(kubectl get svc --namespace {{ $.Release.Namespace }} {{ include \"fluentd-elasticsearch.fullname\" $ }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')\n  echo http://$SERVICE_IP:{{ $port.port }}\n{{- else if contains \"ClusterIP\" $service_type }}\n  export POD_NAME=$(kubectl get pods --namespace {{ $.Release.Namespace }} -l \"app.kubernetes.io/name={{ include \"fluentd-elasticsearch.name\" $ }},app.kubernetes.io/instance={{ $.Release.Name }}\" -o jsonpath=\"{.items[0].metadata.name}\")\n  echo \"Visit http://127.0.0.1:8080 to use your application\"\n  kubectl port-forward $POD_NAME 8080:80\n{{- end }}\n{{- end }}\n{{- end }}\n"
  },
  {
    "path": "charts/fluentd-elasticsearch/templates/_helpers.tpl",
    "content": "{{/* vim: set filetype=mustache: */}}\n{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"fluentd-elasticsearch.name\" -}}\n{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCreate a default fully qualified app name.\nWe truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).\nIf release name contains chart name it will be used as a full name.\n*/}}\n{{- define \"fluentd-elasticsearch.fullname\" -}}\n{{- if .Values.fullnameOverride -}}\n{{- .Values.fullnameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- $name := default .Chart.Name .Values.nameOverride -}}\n{{- if contains $name .Release.Name -}}\n{{- .Release.Name | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- printf \"%s-%s\" .Release.Name $name | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n{{- end -}}\n{{- end -}}\n{{/*\nCreate chart name and version as used by the chart label.\n*/}}\n{{- define \"fluentd-elasticsearch.chart\" -}}\n{{- printf \"%s-%s\" .Chart.Name .Chart.Version | replace \"+\" \"_\" | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCreate the name of the service account to use\n*/}}\n{{- define \"fluentd-elasticsearch.serviceAccountName\" -}}\n{{- if .Values.serviceAccount.create -}}\n    {{ default (include \"fluentd-elasticsearch.fullname\" .) .Values.serviceAccount.name }}\n{{- else -}}\n    {{ default \"default\" .Values.serviceAccount.name }}\n{{- end -}}\n{{- end -}}\n\n{{/*\nCommon labels\n*/}}\n{{- define \"fluentd-elasticsearch.labels\" -}}\napp.kubernetes.io/name: {{ include \"fluentd-elasticsearch.name\" . }}\nhelm.sh/chart: {{ include \"fluentd-elasticsearch.chart\" . }}\napp.kubernetes.io/instance: {{ .Release.Name }}\n{{- if .Chart.AppVersion }}\napp.kubernetes.io/version: {{ .Chart.AppVersion | quote }}\n{{- end }}\napp.kubernetes.io/managed-by: {{ .Release.Service }}\n{{- end -}}\n"
  },
  {
    "path": "charts/fluentd-elasticsearch/templates/clusterrole.yaml",
    "content": "{{- if .Values.rbac.create -}}\n{{- $striped_version := (split \"-\" .Capabilities.KubeVersion.GitVersion)._0 -}}\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n  name: {{ include \"fluentd-elasticsearch.fullname\" . }}\n  labels:\n{{ include \"fluentd-elasticsearch.labels\" . | indent 4 }}\n    {{- if semverCompare \"< 1.6\" $striped_version }}\n    kubernetes.io/cluster-service: \"true\"\n    {{- end }}\n    addonmanager.kubernetes.io/mode: Reconcile\nrules:\n- apiGroups:\n  - \"\"\n  resources:\n  - \"namespaces\"\n  - \"pods\"\n  verbs:\n  - \"get\"\n  - \"watch\"\n  - \"list\"\n{{- end -}}\n"
  },
  {
    "path": "charts/fluentd-elasticsearch/templates/clusterrolebinding.yaml",
    "content": "{{- if .Values.rbac.create -}}\n{{- $striped_version := (split \"-\" .Capabilities.KubeVersion.GitVersion)._0 -}}\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n  name: {{ include \"fluentd-elasticsearch.fullname\" . }}\n  labels:\n{{ include \"fluentd-elasticsearch.labels\" . | indent 4 }}\n    {{- if semverCompare \"< 1.6\" $striped_version }}\n    kubernetes.io/cluster-service: \"true\"\n    {{- end }}\n    addonmanager.kubernetes.io/mode: Reconcile\nsubjects:\n- kind: ServiceAccount\n  name: {{ if .Values.serviceAccount.name }}{{ .Values.serviceAccount.name }}{{ else }}{{ include \"fluentd-elasticsearch.fullname\" . }}{{ end }}\n  namespace: {{ .Release.Namespace }}\nroleRef:\n  kind: ClusterRole\n  name: {{ include \"fluentd-elasticsearch.fullname\" . }}\n  apiGroup: rbac.authorization.k8s.io\n{{- end -}}\n"
  },
  {
    "path": "charts/fluentd-elasticsearch/templates/configmaps.yaml",
    "content": "\n{{- $striped_version := (split \"-\" .Capabilities.KubeVersion.GitVersion)._0 -}}\napiVersion: v1\nkind: ConfigMap\nmetadata:\n  name: {{ include \"fluentd-elasticsearch.fullname\" . }}\n  labels:\n{{ include \"fluentd-elasticsearch.labels\" . | indent 4 }}\n    {{- if semverCompare \"< 1.6\" $striped_version }}\n    kubernetes.io/cluster-service: \"true\"\n    {{- end }}\n    addonmanager.kubernetes.io/mode: Reconcile\ndata:\n{{- if .Values.configMaps.useDefaults.systemConf }}\n  system.conf: |-\n    <system>\n      root_dir /tmp/fluentd-buffers/\n    </system>\n{{- end }}\n\n{{- if .Values.configMaps.useDefaults.containersInputConf }}\n  containers.input.conf: |-\n    # This configuration file for Fluentd / td-agent is used\n    # to watch changes to Docker log files. The kubelet creates symlinks that\n    # capture the pod name, namespace, container name & Docker container ID\n    # to the docker logs for pods in the /var/log/containers directory on the host.\n    # If running this fluentd configuration in a Docker container, the /var/log\n    # directory should be mounted in the container.\n    #\n    # These logs are then submitted to Elasticsearch which assumes the\n    # installation of the fluent-plugin-elasticsearch & the\n    # fluent-plugin-kubernetes_metadata_filter plugins.\n    # See https://github.com/uken/fluent-plugin-elasticsearch &\n    # https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter for\n    # more information about the plugins.\n    #\n    # Example\n    # =======\n    # A line in the Docker log file might look like this JSON:\n    #\n    # {\"log\":\"2014/09/25 21:15:03 Got request with path wombat\\n\",\n    #  \"stream\":\"stderr\",\n    #   \"time\":\"2014-09-25T21:15:03.499185026Z\"}\n    #\n    # The time_format specification below makes sure we properly\n    # parse the time format produced by Docker. This will be\n    # submitted to Elasticsearch and should appear like:\n    # $ curl 'http://elasticsearch-logging:9200/_search?pretty'\n    # ...\n    # {\n    #      \"_index\" : \"logstash-2014.09.25\",\n    #      \"_type\" : \"fluentd\",\n    #      \"_id\" : \"VBrbor2QTuGpsQyTCdfzqA\",\n    #      \"_score\" : 1.0,\n    #      \"_source\":{\"log\":\"2014/09/25 22:45:50 Got request with path wombat\\n\",\n    #                 \"stream\":\"stderr\",\"tag\":\"docker.container.all\",\n    #                 \"@timestamp\":\"2014-09-25T22:45:50+00:00\"}\n    #    },\n    # ...\n    #\n    # The Kubernetes fluentd plugin is used to write the Kubernetes metadata to the log\n    # record & add labels to the log record if properly configured. This enables users\n    # to filter & search logs on any metadata.\n    # For example a Docker container's logs might be in the directory:\n    #\n    #  /var/lib/docker/containers/997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b\n    #\n    # and in the file:\n    #\n    #  997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b-json.log\n    #\n    # where 997599971ee6... is the Docker ID of the running container.\n    # The Kubernetes kubelet makes a symbolic link to this file on the host machine\n    # in the /var/log/containers directory which includes the pod name and the Kubernetes\n    # container name:\n    #\n    #    synthetic-logger-0.25lps-pod_default_synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log\n    #    ->\n    #    /var/lib/docker/containers/997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b/997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b-json.log\n    #\n    # The /var/log directory on the host is mapped to the /var/log directory in the container\n    # running this instance of Fluentd and we end up collecting the file:\n    #\n    #   /var/log/containers/synthetic-logger-0.25lps-pod_default_synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log\n    #\n    # This results in the tag:\n    #\n    #  var.log.containers.synthetic-logger-0.25lps-pod_default_synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log\n    #\n    # The Kubernetes fluentd plugin is used to extract the namespace, pod name & container name\n    # which are added to the log message as a kubernetes field object & the Docker container ID\n    # is also added under the docker field object.\n    # The final tag is:\n    #\n    #   kubernetes.var.log.containers.synthetic-logger-0.25lps-pod_default_synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log\n    #\n    # And the final log record look like:\n    #\n    # {\n    #   \"log\":\"2014/09/25 21:15:03 Got request with path wombat\\n\",\n    #   \"stream\":\"stderr\",\n    #   \"time\":\"2014-09-25T21:15:03.499185026Z\",\n    #   \"kubernetes\": {\n    #     \"namespace\": \"default\",\n    #     \"pod_name\": \"synthetic-logger-0.25lps-pod\",\n    #     \"container_name\": \"synth-lgr\"\n    #   },\n    #   \"docker\": {\n    #     \"container_id\": \"997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b\"\n    #   }\n    # }\n    #\n    # This makes it easier for users to search for logs by pod name or by\n    # the name of the Kubernetes container regardless of how many times the\n    # Kubernetes pod has been restarted (resulting in a several Docker container IDs).\n    # Json Log Example:\n    # {\"log\":\"[info:2016-02-16T16:04:05.930-08:00] Some log text here\\n\",\"stream\":\"stdout\",\"time\":\"2016-02-17T00:04:05.931087621Z\"}\n    # CRI Log Example:\n    # 2016-02-17T00:04:05.931087621Z stdout F [info:2016-02-16T16:04:05.930-08:00] Some log text here\n    <source>\n      @id fluentd-containers.log\n      @type tail\n      path /var/log/containers/*.log\n      pos_file /var/log/containers.log.pos\n      tag raw.kubernetes.*\n      read_from_head true\n      <parse>\n        @type multi_format\n        <pattern>\n          format json\n          time_key time\n          time_format %Y-%m-%dT%H:%M:%S.%NZ\n        </pattern>\n        <pattern>\n          format /^(?<time>.+) (?<stream>stdout|stderr) [^ ]* (?<log>.*)$/\n          time_format %Y-%m-%dT%H:%M:%S.%N%:z\n        </pattern>\n      </parse>\n    </source>\n\n    # Detect exceptions in the log output and forward them as one log entry.\n    <match raw.kubernetes.**>\n      @id raw.kubernetes\n      @type detect_exceptions\n      remove_tag_prefix raw\n      message log\n      stream stream\n      multiline_flush_interval 5\n      max_bytes 500000\n      max_lines 1000\n    </match>\n\n    # Concatenate multi-line logs\n    <filter **>\n      @id filter_concat\n      @type concat\n      key message\n      multiline_end_regexp /\\n$/\n      separator \"\"\n      timeout_label @NORMAL\n      flush_interval 5\n    </filter>\n\n    # Enriches records with Kubernetes metadata\n    <filter kubernetes.**>\n      @id filter_kubernetes_metadata\n      @type kubernetes_metadata\n    </filter>\n\n    # Fixes json fields in Elasticsearch\n    <filter kubernetes.**>\n      @id filter_parser\n      @type parser\n      key_name log\n      reserve_time true\n      reserve_data true\n      remove_key_name_field true\n      <parse>\n        @type multi_format\n        <pattern>\n          format json\n        </pattern>\n        <pattern>\n          format none\n        </pattern>\n      </parse>\n    </filter>\n{{- end }}\n\n{{- if .Values.configMaps.useDefaults.systemInputConf }}\n  system.input.conf: |-\n    # Example:\n    # 2015-12-21 23:17:22,066 [salt.state       ][INFO    ] Completed state [net.ipv4.ip_forward] at time 23:17:22.066081\n    <source>\n      @id minion\n      @type tail\n      format /^(?<time>[^ ]* [^ ,]*)[^\\[]*\\[[^\\]]*\\]\\[(?<severity>[^ \\]]*) *\\] (?<message>.*)$/\n      time_format %Y-%m-%d %H:%M:%S\n      path /var/log/salt/minion\n      pos_file /var/log/salt.pos\n      tag salt\n    </source>\n\n    # Example:\n    # Dec 21 23:17:22 gke-foo-1-1-4b5cbd14-node-4eoj startupscript: Finished running startup script /var/run/google.startup.script\n    <source>\n      @id startupscript.log\n      @type tail\n      format syslog\n      path /var/log/startupscript.log\n      pos_file /var/log/startupscript.log.pos\n      tag startupscript\n    </source>\n\n    # Examples:\n    # time=\"2016-02-04T06:51:03.053580605Z\" level=info msg=\"GET /containers/json\"\n    # time=\"2016-02-04T07:53:57.505612354Z\" level=error msg=\"HTTP Error\" err=\"No such image: -f\" statusCode=404\n    # TODO(random-liu): Remove this after cri container runtime rolls out.\n    <source>\n      @id docker.log\n      @type tail\n      format /time=\"(?<time>[^)]*)\" level=(?<severity>[^ ]*) msg=\"(?<message>[^\"]*)\"( err=\"(?<error>[^\"]*)\")?( statusCode=($<status_code>\\d+))?/\n      path /var/log/docker.log\n      pos_file /var/log/docker.log.pos\n      tag docker\n    </source>\n\n    # Example:\n    # 2016/02/04 06:52:38 filePurge: successfully removed file /var/etcd/data/member/wal/00000000000006d0-00000000010a23d1.wal\n    <source>\n      @id etcd.log\n      @type tail\n      # Not parsing this, because it doesn't have anything particularly useful to\n      # parse out of it (like severities).\n      format none\n      path /var/log/etcd.log\n      pos_file /var/log/etcd.log.pos\n      tag etcd\n    </source>\n\n    # Multi-line parsing is required for all the kube logs because very large log\n    # statements, such as those that include entire object bodies, get split into\n    # multiple lines by glog.\n    # Example:\n    # I0204 07:32:30.020537    3368 server.go:1048] POST /stats/container/: (13.972191ms) 200 [[Go-http-client/1.1] 10.244.1.3:40537]\n    <source>\n      @id kubelet.log\n      @type tail\n      format multiline\n      multiline_flush_interval 5s\n      format_firstline /^\\w\\d{4}/\n      format1 /^(?<severity>\\w)(?<time>\\d{4} [^\\s]*)\\s+(?<pid>\\d+)\\s+(?<source>[^ \\]]+)\\] (?<message>.*)/\n      time_format %m%d %H:%M:%S.%N\n      path /var/log/kubelet.log\n      pos_file /var/log/kubelet.log.pos\n      tag kubelet\n    </source>\n\n    # Example:\n    # I1118 21:26:53.975789       6 proxier.go:1096] Port \"nodePort for kube-system/default-http-backend:http\" (:31429/tcp) was open before and is still needed\n    <source>\n      @id kube-proxy.log\n      @type tail\n      format multiline\n      multiline_flush_interval 5s\n      format_firstline /^\\w\\d{4}/\n      format1 /^(?<severity>\\w)(?<time>\\d{4} [^\\s]*)\\s+(?<pid>\\d+)\\s+(?<source>[^ \\]]+)\\] (?<message>.*)/\n      time_format %m%d %H:%M:%S.%N\n      path /var/log/kube-proxy.log\n      pos_file /var/log/kube-proxy.log.pos\n      tag kube-proxy\n    </source>\n\n    # Example:\n    # I0204 07:00:19.604280       5 handlers.go:131] GET /api/v1/nodes: (1.624207ms) 200 [[kube-controller-manager/v1.1.3 (linux/amd64) kubernetes/6a81b50] 127.0.0.1:38266]\n    <source>\n      @id kube-apiserver.log\n      @type tail\n      format multiline\n      multiline_flush_interval 5s\n      format_firstline /^\\w\\d{4}/\n      format1 /^(?<severity>\\w)(?<time>\\d{4} [^\\s]*)\\s+(?<pid>\\d+)\\s+(?<source>[^ \\]]+)\\] (?<message>.*)/\n      time_format %m%d %H:%M:%S.%N\n      path /var/log/kube-apiserver.log\n      pos_file /var/log/kube-apiserver.log.pos\n      tag kube-apiserver\n    </source>\n\n    # Example:\n    # I0204 06:55:31.872680       5 servicecontroller.go:277] LB already exists and doesn't need update for service kube-system/kube-ui\n    <source>\n      @id kube-controller-manager.log\n      @type tail\n      format multiline\n      multiline_flush_interval 5s\n      format_firstline /^\\w\\d{4}/\n      format1 /^(?<severity>\\w)(?<time>\\d{4} [^\\s]*)\\s+(?<pid>\\d+)\\s+(?<source>[^ \\]]+)\\] (?<message>.*)/\n      time_format %m%d %H:%M:%S.%N\n      path /var/log/kube-controller-manager.log\n      pos_file /var/log/kube-controller-manager.log.pos\n      tag kube-controller-manager\n    </source>\n\n    # Example:\n    # W0204 06:49:18.239674       7 reflector.go:245] pkg/scheduler/factory/factory.go:193: watch of *api.Service ended with: 401: The event in requested index is outdated and cleared (the requested history has been cleared [2578313/2577886]) [2579312]\n    <source>\n      @id kube-scheduler.log\n      @type tail\n      format multiline\n      multiline_flush_interval 5s\n      format_firstline /^\\w\\d{4}/\n      format1 /^(?<severity>\\w)(?<time>\\d{4} [^\\s]*)\\s+(?<pid>\\d+)\\s+(?<source>[^ \\]]+)\\] (?<message>.*)/\n      time_format %m%d %H:%M:%S.%N\n      path /var/log/kube-scheduler.log\n      pos_file /var/log/kube-scheduler.log.pos\n      tag kube-scheduler\n    </source>\n\n    # Example:\n    # I0603 15:31:05.793605       6 cluster_manager.go:230] Reading config from path /etc/gce.conf\n    <source>\n      @id glbc.log\n      @type tail\n      format multiline\n      multiline_flush_interval 5s\n      format_firstline /^\\w\\d{4}/\n      format1 /^(?<severity>\\w)(?<time>\\d{4} [^\\s]*)\\s+(?<pid>\\d+)\\s+(?<source>[^ \\]]+)\\] (?<message>.*)/\n      time_format %m%d %H:%M:%S.%N\n      path /var/log/glbc.log\n      pos_file /var/log/glbc.log.pos\n      tag glbc\n    </source>\n\n    # Example:\n    # TODO Add a proper example here.\n    <source>\n      @id cluster-autoscaler.log\n      @type tail\n      format multiline\n      multiline_flush_interval 5s\n      format_firstline /^\\w\\d{4}/\n      format1 /^(?<severity>\\w)(?<time>\\d{4} [^\\s]*)\\s+(?<pid>\\d+)\\s+(?<source>[^ \\]]+)\\] (?<message>.*)/\n      time_format %m%d %H:%M:%S.%N\n      path /var/log/cluster-autoscaler.log\n      pos_file /var/log/cluster-autoscaler.log.pos\n      tag cluster-autoscaler\n    </source>\n\n    # Logs from systemd-journal for interesting services.\n    # TODO(random-liu): Remove this after cri container runtime rolls out.\n    <source>\n      @id journald-docker\n      @type systemd\n      matches [{ \"_SYSTEMD_UNIT\": \"docker.service\" }]\n      <storage>\n        @type local\n        persistent true\n        path /var/log/journald-docker.pos\n      </storage>\n      <entry>\n        fields_strip_underscores true\n        fields_lowercase true\n      </entry>\n      read_from_head true\n      tag docker\n    </source>\n\n    <source>\n      @id journald-container-runtime\n      @type systemd\n      matches [{ \"_SYSTEMD_UNIT\": \"{{\"{{ fluentd_container_runtime_service }}\"}}.service\" }]\n      <storage>\n        @type local\n        persistent true\n        path /var/log/journald-container-runtime.pos\n      </storage>\n      <entry>\n        fields_strip_underscores true\n        fields_lowercase true\n      </entry>\n      read_from_head true\n      tag container-runtime\n    </source>\n\n    <source>\n      @id journald-kubelet\n      @type systemd\n      matches [{ \"_SYSTEMD_UNIT\": \"kubelet.service\" }]\n      <storage>\n        @type local\n        persistent true\n        path /var/log/journald-kubelet.pos\n      </storage>\n      <entry>\n        fields_strip_underscores true\n        fields_lowercase true\n      </entry>\n      read_from_head true\n      tag kubelet\n    </source>\n\n    <source>\n      @id journald-node-problem-detector\n      @type systemd\n      matches [{ \"_SYSTEMD_UNIT\": \"node-problem-detector.service\" }]\n      <storage>\n        @type local\n        persistent true\n        path /var/log/journald-node-problem-detector.pos\n      </storage>\n      <entry>\n        fields_strip_underscores true\n        fields_lowercase true\n      </entry>\n      read_from_head true\n      tag node-problem-detector\n    </source>\n\n    <source>\n      @id kernel\n      @type systemd\n      matches [{ \"_TRANSPORT\": \"kernel\" }]\n      <storage>\n        @type local\n        persistent true\n        path /var/log/kernel.pos\n      </storage>\n      <entry>\n        fields_strip_underscores true\n        fields_lowercase true\n      </entry>\n      read_from_head true\n      tag kernel\n    </source>\n{{- end }}\n\n{{- if .Values.configMaps.useDefaults.forwardInputConf }}\n  forward.input.conf: |-\n    # Takes the messages sent over TCP\n    <source>\n      @id forward\n      @type forward\n    </source>\n{{- end }}\n\n{{- if .Values.configMaps.useDefaults.monitoringConf }}\n  monitoring.conf: |-\n    # Prometheus Exporter Plugin\n    # input plugin that exports metrics\n    <source>\n      @id prometheus\n      @type prometheus\n    </source>\n\n    <source>\n      @id monitor_agent\n      @type monitor_agent\n    </source>\n\n    # input plugin that collects metrics from MonitorAgent\n    <source>\n      @id prometheus_monitor\n      @type prometheus_monitor\n      <labels>\n        host ${hostname}\n      </labels>\n    </source>\n\n    # input plugin that collects metrics for output plugin\n    <source>\n      @id prometheus_output_monitor\n      @type prometheus_output_monitor\n      <labels>\n        host ${hostname}\n      </labels>\n    </source>\n\n    # input plugin that collects metrics for in_tail plugin\n    <source>\n      @id prometheus_tail_monitor\n      @type prometheus_tail_monitor\n      <labels>\n        host ${hostname}\n      </labels>\n    </source>\n{{- end }}\n\n{{- if .Values.configMaps.useDefaults.outputConf }}\n  output.conf: |-\n    # handle timeout log lines from concat plugin\n    <match **>\n      @type relabel\n      @label @NORMAL\n    </match>\n\n    <label @NORMAL>\n    <match **>\n      @id elasticsearch\n      @type \"#{ENV['OUTPUT_TYPE']}\"\n      @log_level \"#{ENV['OUTPUT_LOG_LEVEL']}\"\n      include_tag_key \"#{ENV['OUTPUT_INCLUDE_TAG_KEY']}\"\n      hosts \"#{ENV['OUTPUT_HOSTS']}\"\n      path \"#{ENV['OUTPUT_PATH']}\"\n      scheme \"#{ENV['OUTPUT_SCHEME']}\"\n      ssl_verify \"#{ENV['OUTPUT_SSL_VERIFY']}\"\n      ssl_version \"#{ENV['OUTPUT_SSL_VERSION']}\"\n{{- if (ne .Values.elasticsearch.typeName \"\") }}\n      type_name \"#{ENV['OUTPUT_TYPE_NAME']}\"\n{{- end }}\n{{- if .Values.elasticsearch.auth.enabled }}\n      user \"#{ENV['OUTPUT_USER']}\"\n      password \"#{ENV['OUTPUT_PASSWORD']}\"\n{{- end }}\n{{- if .Values.elasticsearch.logstash.enabled }}\n      logstash_format \"#{ENV['LOGSTASH_FORMAT']}\"\n      logstash_dateformat \"#{ENV['LOGSTASH_DATEFORMAT']}\"\n      logstash_prefix \"#{ENV['LOGSTASH_PREFIX']}\"\n      logstash_prefix_separator \"#{ENV['LOGSTASH_PREFIX_SEPARATOR']}\"\n{{- else }}\n      logstash_format \"#{ENV['LOGSTASH_FORMAT']}\"\n      index_name \"#{ENV['INDEX_NAME']}\"\n{{- end }}\n{{- if .Values.elasticsearch.ilm.enabled }}\n      enable_ilm \"#{ENV['ENABLE_ILM']}\"\n      ilm_policy_id \"#{ENV['ILM_POLICY_ID']}\"\n      ilm_policy \"#{ENV['ILM_POLICY']}\"\n      ilm_policies \"#{ENV['ILM_POLICIES']}\"\n      ilm_policy_overwrite \"#{ENV['ILM_POLICY_OVERWRITE']}\"\n{{- end }}\n      reconnect_on_error \"#{ENV['OUTPUT_RECONNECT_ON_ERROR']}\"\n      reload_on_failure \"#{ENV['OUTPUT_RELOAD_ON_FAILURE']}\"\n      reload_connections \"#{ENV['OUTPUT_RELOAD_CONNECTIONS']}\"\n      request_timeout \"#{ENV['OUTPUT_REQUEST_TIMEOUT']}\"\n{{- if .Values.elasticsearch.suppressTypeName }}\n      suppress_type_name \"#{ENV['OUTPUT_SUPPRESS_TYPE_NAME']}\"\n{{- end }}\n{{- if .Values.elasticsearch.buffer.enabled }}\n      <buffer>\n        @type \"#{ENV['OUTPUT_BUFFER_TYPE']}\"\n        path \"#{ENV['OUTPUT_BUFFER_PATH']}\"\n        flush_mode \"#{ENV['OUTPUT_BUFFER_FLUSH_MODE']}\"\n        retry_type \"#{ENV['OUTPUT_BUFFER_RETRY_TYPE']}\"\n        flush_thread_count \"#{ENV['OUTPUT_BUFFER_FLUSH_THREAD_TYPE']}\"\n        flush_interval \"#{ENV['OUTPUT_BUFFER_FLUSH_INTERVAL']}\"\n        retry_forever \"#{ENV['OUTPUT_BUFFER_RETRY_FOREVER']}\"\n        retry_max_interval \"#{ENV['OUTPUT_BUFFER_RETRY_MAX_INTERVAL']}\"\n        chunk_limit_size \"#{ENV['OUTPUT_BUFFER_CHUNK_LIMIT']}\"\n        queue_limit_length \"#{ENV['OUTPUT_BUFFER_QUEUE_LIMIT']}\"\n        overflow_action \"#{ENV['OUTPUT_BUFFER_OVERFLOW_ACTION']}\"\n      </buffer>\n{{- end }}\n    </match>\n    </label>\n{{- end }}\n\n{{- range $key, $value := .Values.extraConfigMaps }}\n  {{ $key }}: |-\n{{ $value | indent 4 }}\n{{- end }}\n"
  },
  {
    "path": "charts/fluentd-elasticsearch/templates/daemonset.yaml",
    "content": "\n{{- $striped_version := (split \"-\" .Capabilities.KubeVersion.GitVersion)._0 -}}\n{{- if semverCompare \">= 1.9\" $striped_version -}}\napiVersion: apps/v1\n{{- else -}}\napiVersion: extensions/v1beta1\n{{- end }}\nkind: DaemonSet\nmetadata:\n  name: {{ include \"fluentd-elasticsearch.fullname\" . }}\n  labels:\n{{ include \"fluentd-elasticsearch.labels\" . | indent 4 }}\n    {{- if semverCompare \"< 1.6\" $striped_version }}\n    kubernetes.io/cluster-service: \"true\"\n    {{- end }}\n    addonmanager.kubernetes.io/mode: Reconcile\n{{- if .Values.annotations }}\n  annotations:\n{{ toYaml .Values.annotations | indent 4 }}\n{{- end }}\nspec:\n  updateStrategy:\n{{ toYaml .Values.updateStrategy | indent 4 }}\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"fluentd-elasticsearch.name\" . }}\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  template:\n    metadata:\n      labels:\n{{ include \"fluentd-elasticsearch.labels\" . | indent 8 }}\n        {{- if semverCompare \"< 1.6\" $striped_version }}\n        kubernetes.io/cluster-service: \"true\"\n        {{- end }}\n      annotations:\n        {{- if semverCompare \"< 1.13\" $striped_version }}\n        # This annotation ensures that fluentd does not get evicted if the node\n        # supports critical pod annotation based priority scheme.\n        # Note that this does not guarantee admission on the nodes (#40573).\n        # NB! this annotation is deprecated as of version 1.13 and will be removed in 1.14.\n        # ref: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/\n        scheduler.alpha.kubernetes.io/critical-pod: ''\n        {{- end }}\n        checksum/config: {{ include (print $.Template.BasePath \"/configmaps.yaml\") . | sha256sum }}\n{{- if .Values.podAnnotations }}\n{{ toYaml .Values.podAnnotations | indent 8 }}\n{{- end }}\n    spec:\n      serviceAccountName: {{ include \"fluentd-elasticsearch.fullname\" . }}\n      {{- if .Values.priorityClassName }}\n      priorityClassName: {{ .Values.priorityClassName | quote }}\n      {{- end }}\n      {{- if .Values.image.pullSecrets }}\n      imagePullSecrets:\n      {{- range .Values.image.pullSecrets }}\n        - name: {{ . }}\n      {{- end }}\n      {{- end }}\n      containers:\n      - name: {{ include \"fluentd-elasticsearch.fullname\" . }}\n        image:  \"{{ .Values.image.repository }}:{{ .Values.image.tag }}\"\n        imagePullPolicy: {{ .Values.image.pullPolicy | quote }}\n        env:\n        - name: FLUENTD_ARGS\n          value: {{ .Values.fluentdArgs | quote }}\n        {{- if .Values.elasticsearch.setOutputHostEnvVar }}\n        - name: OUTPUT_HOSTS\n          {{- if .Values.awsSigningSidecar.enabled }}\n          value: \"{{ .Values.awsSigningSidecar.network.address }}:{{ .Values.awsSigningSidecar.network.port }}\"\n          {{- else }}\n          value: \"{{- join \",\" .Values.elasticsearch.hosts }}\"\n          {{- end }}\n        {{- end }}\n        - name: OUTPUT_PATH\n          value: {{ .Values.elasticsearch.path | quote }}\n{{- if .Values.elasticsearch.auth.enabled }}\n        - name: OUTPUT_USER\n          value: {{ .Values.elasticsearch.auth.user | quote }}\n{{- if .Values.elasticsearch.auth.password }}\n        - name: OUTPUT_PASSWORD\n          value: {{ .Values.elasticsearch.auth.password | quote }}\n{{- end }}\n{{- end }}\n        - name: LOGSTASH_FORMAT\n          value: {{ .Values.elasticsearch.logstash.enabled | quote }}\n        - name: LOGSTASH_DATEFORMAT\n          value: {{ .Values.elasticsearch.logstash.dateformat | quote }}\n        - name: LOGSTASH_PREFIX\n          value: {{ .Values.elasticsearch.logstash.prefix | quote }}\n        - name: LOGSTASH_PREFIX_SEPARATOR\n          value: {{ .Values.elasticsearch.logstash.prefixSeparator | quote }}\n        - name: INDEX_NAME\n          value: {{ .Values.elasticsearch.indexName | quote }}\n{{- if .Values.elasticsearch.ilm.enabled }}          \n        - name: ENABLE_ILM\n          value: {{ .Values.elasticsearch.ilm.enabled | quote }}\n        - name: ILM_POLICY_ID\n          value: {{ .Values.elasticsearch.ilm.policy_id | quote }}\n        - name: ILM_POLICY \n          value: {{ toJson .Values.elasticsearch.ilm.policy | quote }}\n        - name: ILM_POLICIES\n          value: {{ toJson .Values.elasticsearch.ilm.policies | quote }}\n        - name: ILM_POLICY_OVERWRITE\n          value: {{ .Values.elasticsearch.ilm.policy_overwrite | quote }}\n{{- end }}          \n        - name: OUTPUT_SCHEME\n          {{- if .Values.awsSigningSidecar.enabled }}\n          value: 'http'\n          {{- else }}\n          value: {{ .Values.elasticsearch.scheme | quote }}\n          {{- end }}\n        - name: OUTPUT_TYPE\n          value: {{ .Values.elasticsearch.outputType | quote }}\n        - name: OUTPUT_SSL_VERIFY\n          value: {{ .Values.elasticsearch.sslVerify | quote }}\n        - name: OUTPUT_SSL_VERSION\n          value: {{ .Values.elasticsearch.sslVersion | quote }}\n        - name: OUTPUT_TYPE_NAME\n          value: {{ .Values.elasticsearch.typeName | quote }}\n        - name: OUTPUT_BUFFER_CHUNK_LIMIT\n          value: {{ .Values.elasticsearch.buffer.chunkLimitSize | quote }}\n        - name: OUTPUT_BUFFER_QUEUE_LIMIT\n          value: {{ .Values.elasticsearch.buffer.queueLimitLength | quote }}\n        - name: OUTPUT_BUFFER_TYPE\n          value: {{ .Values.elasticsearch.buffer.type | quote }}\n        - name: OUTPUT_BUFFER_PATH\n          value: {{ .Values.elasticsearch.buffer.path | quote }}\n        - name: OUTPUT_BUFFER_FLUSH_MODE\n          value: {{ .Values.elasticsearch.buffer.flushMode | quote }}\n        - name: OUTPUT_BUFFER_RETRY_TYPE\n          value: {{ .Values.elasticsearch.buffer.retryType | quote }}\n        - name: OUTPUT_BUFFER_FLUSH_THREAD_TYPE\n          value: {{ .Values.elasticsearch.buffer.flushThreadCount | quote }}\n        - name: OUTPUT_BUFFER_FLUSH_INTERVAL\n          value: {{ .Values.elasticsearch.buffer.flushInterval | quote }}\n        - name: OUTPUT_BUFFER_RETRY_FOREVER\n          value: {{ .Values.elasticsearch.buffer.retryForever | quote }}\n        - name: OUTPUT_BUFFER_RETRY_MAX_INTERVAL\n          value: {{ .Values.elasticsearch.buffer.retryMaxInterval | quote }}\n        - name: OUTPUT_BUFFER_OVERFLOW_ACTION\n          value: {{ .Values.elasticsearch.buffer.overflowAction | quote }}\n        - name: OUTPUT_LOG_LEVEL\n          value: {{ .Values.elasticsearch.logLevel | quote }}\n        - name: OUTPUT_INCLUDE_TAG_KEY\n          value: {{ .Values.elasticsearch.includeTagKey | quote }}\n        - name: OUTPUT_RECONNECT_ON_ERROR\n          value: {{ .Values.elasticsearch.reconnectOnError | quote }}\n        - name: OUTPUT_RELOAD_ON_FAILURE\n          value: {{ .Values.elasticsearch.reloadOnFailure | quote }}\n        - name: OUTPUT_RELOAD_CONNECTIONS\n          value: {{ .Values.elasticsearch.reloadConnections | quote }}\n        - name: OUTPUT_REQUEST_TIMEOUT\n          value: {{ .Values.elasticsearch.requestTimeout | quote }}\n{{- if .Values.elasticsearch.suppressTypeName }}\n        - name: OUTPUT_SUPPRESS_TYPE_NAME\n          value: {{ .Values.elasticsearch.suppressTypeName | quote }}\n{{- end }}\n        {{- if .Values.env }}\n        {{- range $key, $value := .Values.env }}\n        - name: {{ $key }}\n          value: {{ $value | quote }}\n        {{- end }}\n        {{- end }}\n        {{- if .Values.secret }}\n        {{- range $key, $value := .Values.secret }}\n        - name: {{ .name }}\n          valueFrom:\n            secretKeyRef:\n              name: {{ $value.secret_name }}\n              key: {{ $value.secret_key | quote }}\n        {{- end }}\n        {{- end }}\n        - name: K8S_NODE_NAME\n          valueFrom:\n            fieldRef:\n              {{- if semverCompare \">= 1.9\" $striped_version }}\n              apiVersion: v1\n              {{- end }}\n              fieldPath: spec.nodeName\n        resources:\n{{ toYaml .Values.resources | indent 10 }}\n        volumeMounts:\n        - name: varlog\n          mountPath: {{ .Values.hostLogDir.varLog }}\n        - name: varlibdockercontainers\n          mountPath: {{ .Values.hostLogDir.dockerContainers }}\n          readOnly: true\n        - name: libsystemddir\n          mountPath: {{ .Values.hostLogDir.libSystemdDir }}\n          readOnly: true\n        - name: config-volume\n          mountPath: /etc/fluent/config.d\n{{- if .Values.extraVolumeMounts }}\n{{ toYaml .Values.extraVolumeMounts | indent 8 }}\n{{- end }}\n      {{- if .Values.livenessProbe.enabled }}  #pointing to fluentd Dockerfile\n        livenessProbe:\n          initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}\n          periodSeconds: {{ .Values.livenessProbe.periodSeconds }}\n{{ toYaml .Values.livenessProbe.kind | indent 10 }}\n{{- end }}\n        ports:\n{{- range $port := .Values.service.ports }}\n          - name: {{ $port.name }}\n            containerPort: {{ $port.port }}\n{{- if $port.protocol }}\n            protocol: {{ $port.protocol }}\n{{- end }}\n{{- end }}\n      {{- if .Values.awsSigningSidecar.enabled }}\n      - name: {{ include \"fluentd-elasticsearch.fullname\" . }}-aws-es-proxy\n        image: {{ .Values.awsSigningSidecar.image.repository }}:{{ .Values.awsSigningSidecar.image.tag }}\n        imagePullPolicy: {{ .Values.image.pullPolicy | quote }}\n        args: [\"-endpoint\", \"{{ .Values.elasticsearch.scheme }}://{{ index .Values.elasticsearch.hosts 0 }}\",\n               \"-listen\",   \"{{ .Values.awsSigningSidecar.network.address }}:{{ .Values.awsSigningSidecar.network.port }}\",\n               \"-timeout\",  \"{{ .Values.awsSigningSidecar.network.remoteReadTimeoutSeconds }}\"]\n        env:\n        - name: PORT_NUM\n          value: {{ .Values.awsSigningSidecar.network.port | quote }}\n        resources:\n{{ toYaml .Values.awsSigningSidecar.resources | indent 10 }}\n        volumeMounts:\n      {{- end }}\n      terminationGracePeriodSeconds: 30\n      volumes:\n      - name: varlog\n        hostPath:\n          path: {{ .Values.hostLogDir.varLog }}\n      - name: varlibdockercontainers\n        hostPath:\n          path: {{ .Values.hostLogDir.dockerContainers }}\n      # It is needed to copy systemd library to decompress journals\n      - name: libsystemddir\n        hostPath:\n          path: {{ .Values.hostLogDir.libSystemdDir }}\n      - name: config-volume\n        configMap:\n          name: {{ include \"fluentd-elasticsearch.fullname\" . }}\n{{- if .Values.extraVolumes }}\n{{ toYaml .Values.extraVolumes | indent 6 }}\n{{- end }}\n{{- if .Values.affinity }}\n      affinity:\n{{ toYaml .Values.affinity | indent 8 }}\n{{- end }}\n{{- if .Values.nodeSelector }}\n      nodeSelector:\n{{ toYaml .Values.nodeSelector | indent 8 }}\n{{- end }}\n{{- if .Values.tolerations }}\n      tolerations:\n{{ toYaml .Values.tolerations | indent 6 }}\n{{- end }}\n"
  },
  {
    "path": "charts/fluentd-elasticsearch/templates/metrics-service.yaml",
    "content": "{{- if or (.Values.serviceMonitor.enabled) (.Values.serviceMetric.enabled) }}\n{{- $striped_version := (split \"-\" .Capabilities.KubeVersion.GitVersion)._0 -}}\n---\napiVersion: v1\nkind: Service\nmetadata:\n  name: {{ include \"fluentd-elasticsearch.fullname\" $ }}-metrics\n  labels:\n{{ include \"fluentd-elasticsearch.labels\" . | indent 4 }}\n    {{- if semverCompare \"< 1.6\" $striped_version }}\n    kubernetes.io/cluster-service: \"true\"\n    {{- end }}\n    addonmanager.kubernetes.io/mode: Reconcile\nspec:\n  type: {{ .Values.serviceMonitor.type }}\n  ports:\n    - name: metrics\n      port: {{ .Values.serviceMonitor.port }}\n      targetPort: {{ .Values.serviceMonitor.port }}\n  selector:\n    app.kubernetes.io/name: {{ include \"fluentd-elasticsearch.name\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n{{- end }}\n"
  },
  {
    "path": "charts/fluentd-elasticsearch/templates/pod-security-policy.yaml",
    "content": "{{- if .Values.podSecurityPolicy.enabled }}\n{{- $striped_version := (split \"-\" .Capabilities.KubeVersion.GitVersion)._0 -}}\n{{- if semverCompare \"> 1.15\" $striped_version -}}\napiVersion: policy/v1beta1\n{{- else -}}\napiVersion: extensions/v1beta1\n{{- end }}\nkind: PodSecurityPolicy\nmetadata:\n  name: {{ template \"fluentd-elasticsearch.fullname\" . }}\n  labels:\n{{ include \"fluentd-elasticsearch.labels\" . | indent 4 }}\n    {{- if semverCompare \"< 1.6\" $striped_version }}\n    kubernetes.io/cluster-service: \"true\"\n    {{- end }}\n    addonmanager.kubernetes.io/mode: Reconcile\n  annotations:\n{{- if .Values.podSecurityPolicy.annotations }}\n{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }}\n{{- end }}\nspec:\n  privileged: false\n  allowPrivilegeEscalation: true\n  volumes:\n    - 'configMap'\n    - 'emptyDir'\n    - 'hostPath'\n    - 'secret'\n  allowedHostPaths:\n    - pathPrefix: {{ .Values.hostLogDir.varLog}}\n      readOnly: false\n    - pathPrefix: {{ .Values.hostLogDir.dockerContainers}}\n      readOnly: true\n    - pathPrefix: {{ .Values.hostLogDir.libSystemdDir}}\n      readOnly: true\n  hostNetwork: false\n  hostPID: false\n  hostIPC: false\n  runAsUser:\n    rule: 'RunAsAny'\n  runAsGroup:\n    rule: 'RunAsAny'\n  seLinux:\n    rule: 'RunAsAny'\n  supplementalGroups:\n    rule: 'RunAsAny'\n  fsGroup:\n    rule: 'MustRunAs'\n    ranges:\n      - min: 1\n        max: 65535\n  readOnlyRootFilesystem: false\n  hostPorts:\n    - min: 1\n      max: 65535\n{{- end }}\n"
  },
  {
    "path": "charts/fluentd-elasticsearch/templates/prometheusrule.yaml",
    "content": "{{- if .Values.prometheusRule.enabled }}\n{{- $striped_version := (split \"-\" .Capabilities.KubeVersion.GitVersion)._0 -}}\napiVersion: monitoring.coreos.com/v1\nkind: PrometheusRule\nmetadata:\n  name: {{ template \"fluentd-elasticsearch.fullname\" . }}\n  labels:\n{{ include \"fluentd-elasticsearch.labels\" . | indent 4 }}\n    {{- if semverCompare \"< 1.6\" $striped_version }}\n    kubernetes.io/cluster-service: \"true\"\n    {{- end }}\n    addonmanager.kubernetes.io/mode: Reconcile\n    {{- if .Values.prometheusRule.labels }}\n    {{- toYaml .Values.prometheusRule.labels | nindent 4 }}\n    {{- end }}\n  namespace: {{ .Values.prometheusRule.prometheusNamespace }}\nspec:\n  groups:\n  - name: fluentd\n    rules:\n    - alert: FluentdNodeDown\n      expr: up{job=\"{{ include \"fluentd-elasticsearch.fullname\" . }}\"} == 0\n      for: 10m\n      labels:\n        service: fluentd\n        severity: warning\n      annotations:\n        summary: fluentd cannot be scraped\n        description: Prometheus could not scrape {{ \"{{ $labels.job }}\" }} for more than 10 minutes\n  \n    - alert: FluentdNodeDown\n      expr: up{job=\"{{ include \"fluentd-elasticsearch.fullname\" . }}\"} == 0\n      for: 30m\n      labels:\n        service: fluentd\n        severity: critical\n      annotations:\n        summary: fluentd cannot be scraped\n        description: Prometheus could not scrape {{ \"{{ $labels.job }}\" }} for more than 30 minutes\n  \n    - alert: FluentdQueueLength\n      expr: rate(fluentd_status_buffer_queue_length[5m]) > 0.3\n      for: 1m\n      labels:\n        service: fluentd\n        severity: warning\n      annotations:\n        summary: fluentd node are failing\n        description: In the last 5 minutes, fluentd queues increased 30%. Current value is {{ \"{{ $value }}\" }}\n\n    - alert: FluentdQueueLength\n      expr: rate(fluentd_status_buffer_queue_length[5m]) > 0.5\n      for: 1m\n      labels:\n        service: fluentd\n        severity: critical\n      annotations:\n        summary: fluentd node are critical\n        description: In the last 5 minutes, fluentd queues increased 50%. Current value is {{ \"{{ $value }}\" }}\n\n    - alert: FluentdRecordsCountsHigh\n      expr: sum(rate(fluentd_output_status_emit_records{job=\"{{ .Release.Name }}\"}[5m])) BY (instance) >  (3 * sum(rate(fluentd_output_status_emit_records{job=\"{{ .Release.Name }}\"}[15m])) BY (instance))\n      for: 1m\n      labels:\n        service: fluentd\n        severity: critical\n      annotations:\n        summary: fluentd records count are critical\n        description: In the last 5m, records counts increased 3 times, comparing to the latest 15 min.\n\n{{- end }}\n"
  },
  {
    "path": "charts/fluentd-elasticsearch/templates/role.yaml",
    "content": "{{- if .Values.podSecurityPolicy.enabled }}\n{{- $striped_version := (split \"-\" .Capabilities.KubeVersion.GitVersion)._0 -}}\napiVersion: rbac.authorization.k8s.io/v1\nkind: Role\nmetadata:\n  name: {{ template \"fluentd-elasticsearch.fullname\" . }}\n  labels:\n{{ include \"fluentd-elasticsearch.labels\" . | indent 4 }}\n    {{- if semverCompare \"< 1.6\" $striped_version }}\n    kubernetes.io/cluster-service: \"true\"\n    {{- end }}\n    addonmanager.kubernetes.io/mode: Reconcile\nrules:\n{{- if semverCompare \"> 1.15\" $striped_version }}\n- apiGroups: ['policy']\n{{- else }}\n- apiGroups: ['extensions']\n{{- end }}\n  resources: ['podsecuritypolicies']\n  verbs:     ['use']\n  resourceNames:\n  - {{ template \"fluentd-elasticsearch.fullname\" . }}\n{{- end }}\n"
  },
  {
    "path": "charts/fluentd-elasticsearch/templates/rolebinding.yaml",
    "content": "\n{{- if .Values.podSecurityPolicy.enabled }}\n{{- $striped_version := (split \"-\" .Capabilities.KubeVersion.GitVersion)._0 -}}\napiVersion: rbac.authorization.k8s.io/v1\nkind: RoleBinding\nmetadata:\n  name: {{ template \"fluentd-elasticsearch.fullname\" . }}\n  labels:\n{{ include \"fluentd-elasticsearch.labels\" . | indent 4 }}\n    {{- if semverCompare \"< 1.6\" $striped_version }}\n    kubernetes.io/cluster-service: \"true\"\n    {{- end }}\n    addonmanager.kubernetes.io/mode: Reconcile\nroleRef:\n  kind: Role\n  name: {{ template \"fluentd-elasticsearch.fullname\" . }}\n  apiGroup: rbac.authorization.k8s.io\nsubjects:\n- kind: ServiceAccount\n  name: {{ template \"fluentd-elasticsearch.fullname\" . }}\n  namespace: {{ .Release.Namespace }}\n{{- end }}\n"
  },
  {
    "path": "charts/fluentd-elasticsearch/templates/service-account.yaml",
    "content": "{{- if .Values.serviceAccount.create -}}\n{{- $striped_version := (split \"-\" .Capabilities.KubeVersion.GitVersion)._0 -}}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: {{ if .Values.serviceAccount.name }}{{ .Values.serviceAccount.name }}{{ else }}{{ include \"fluentd-elasticsearch.fullname\" . }}{{ end }}\n  labels:\n    app.kubernetes.io/name: {{ include \"fluentd-elasticsearch.name\" . }}\n    helm.sh/chart: {{ include \"fluentd-elasticsearch.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\n    {{- if semverCompare \"< 1.6\" $striped_version }}\n    kubernetes.io/cluster-service: \"true\"\n    {{- end }}\n    addonmanager.kubernetes.io/mode: Reconcile\n  annotations:\n{{- if .Values.serviceAccount.annotations }}\n{{ toYaml .Values.serviceAccount.annotations | indent 4 }}\n{{- end }}\n{{- end -}}\n"
  },
  {
    "path": "charts/fluentd-elasticsearch/templates/service.yaml",
    "content": "{{- if .Values.service }}\n{{- range $port := .Values.service.ports  }}\n{{- $service_type := $port.type | default \"ClusterIP\" }}\n{{- $striped_version := (split \"-\" $.Capabilities.KubeVersion.GitVersion)._0 -}}\n---\napiVersion: v1\nkind: Service\nmetadata:\n  name: {{ include \"fluentd-elasticsearch.fullname\" $ | trunc 50 }}-{{ $port.name | trunc 12 }}\n  labels:\n{{ include \"fluentd-elasticsearch.labels\" $ | indent 4 }}\n    {{- if semverCompare \"< 1.6\" $striped_version }}\n    kubernetes.io/cluster-service: \"true\"\n    {{- end }}\n    addonmanager.kubernetes.io/mode: Reconcile\nspec:\n  type: {{ $service_type }}\n  ports:\n    - name: {{ $port.name }}\n      port: {{ $port.port }}\n      targetPort: {{ $port.port }}\n      {{- if and ($port.nodePort) (eq $service_type \"NodePort\") }}\n      nodePort: {{ $port.nodePort }}\n      {{- end }}\n      {{- if $port.protocol }}\n      protocol: {{ $port.protocol }}\n      {{- end }}\n  selector:\n    app.kubernetes.io/name: {{ include \"fluentd-elasticsearch.name\" $ }}\n    app.kubernetes.io/instance: {{ $.Release.Name }}\n{{- end }}\n{{- end }}\n"
  },
  {
    "path": "charts/fluentd-elasticsearch/templates/servicemonitor.yaml",
    "content": "{{- if .Values.serviceMonitor.enabled }}\n{{- $striped_version := (split \"-\" .Capabilities.KubeVersion.GitVersion)._0 -}}\napiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n  name: {{ template \"fluentd-elasticsearch.fullname\" . }}\n  labels:\n{{ include \"fluentd-elasticsearch.labels\" . | indent 4 }}\n    {{- if semverCompare \"< 1.6\" $striped_version }}\n    kubernetes.io/cluster-service: \"true\"\n    {{- end }}\n    addonmanager.kubernetes.io/mode: Reconcile\n    {{- if .Values.serviceMonitor.labels }}\n    {{- toYaml .Values.serviceMonitor.labels | nindent 4 }}\n    {{- end }}\nspec:\n  endpoints:\n  - interval: {{ .Values.serviceMonitor.interval }}\n    honorLabels: true\n    port: metrics\n    path: {{ .Values.serviceMonitor.path }}\n    {{- if .Values.serviceMonitor.metricRelabelings }}\n    metricRelabelings:\n    {{- toYaml .Values.serviceMonitor.metricRelabelings | nindent 4 }}\n    {{- end }}\n    {{- if .Values.serviceMonitor.relabelings }}\n    relabelings:\n    {{- toYaml .Values.serviceMonitor.relabelings | nindent 4 }}\n    {{- end }}\n  jobLabel: {{ .Values.serviceMonitor.jobLabel }}\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ template \"fluentd-elasticsearch.name\" . }}\n      app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n  namespaceSelector:\n    matchNames:\n      - {{ .Release.Namespace }}\n{{- end }}\n"
  },
  {
    "path": "charts/fluentd-elasticsearch/values.yaml",
    "content": "image:\n  repository: quay.io/fluentd_elasticsearch/fluentd\n## Specify an imagePullPolicy (Required)\n## It's recommended to change this to 'Always' if the image tag is 'latest'\n## ref: http://kubernetes.io/docs/user-guide/images/#updating-images\n  tag: v3.0.4\n  pullPolicy: IfNotPresent\n  ## Optionally specify an array of imagePullSecrets.\n  ## Secrets must be manually created in the namespace.\n  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/\n  ##\n  # pullSecrets:\n  #   - myRegistrKeySecretName\n\n## If using AWS Elasticsearch, all requests to ES need to be signed regardless of whether\n## one is using Cognito or not. By setting this to true, this chart will install a sidecar\n## proxy that takes care of signing all requests being sent to the AWS ES Domain.\nawsSigningSidecar:\n  enabled: false\n  resources: {}\n  # limits:\n  #   cpu: 100m\n  #   memory: 500Mi\n  # requests:\n  #   cpu: 100m\n  #   memory: 200Mi\n  network:\n    port: 8080\n    address: localhost\n    remoteReadTimeoutSeconds: 15\n  image:\n    repository: abutaha/aws-es-proxy\n    tag: v1.0\n\n# Specify to use specific priorityClass for pods\n# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/\n# If a Pod cannot be scheduled, the scheduler tries to preempt (evict) lower priority\n# Pods to make scheduling of the pending Pod possible.\npriorityClassName: \"\"\n\n# Specify where fluentd can find logs\nhostLogDir:\n  varLog: /var/log\n  dockerContainers: /var/lib/docker/containers\n  libSystemdDir: /usr/lib64\n\n## Configure resource requests and limits\n## ref: http://kubernetes.io/docs/user-guide/compute-resources/\n##\nresources: {}\n  # limits:\n  #   cpu: 100m\n  #   memory: 500Mi\n  # requests:\n  #   cpu: 100m\n  #   memory: 200Mi\n\nelasticsearch:\n  auth:\n    enabled: false\n    user: \"yourUser\"\n    password: \"yourPass\"\n  includeTagKey: true\n  setOutputHostEnvVar: true\n  # If setOutputHostEnvVar is false this value is ignored\n  hosts: [\"elasticsearch-client:9200\"]\n  indexName: \"fluentd\"\n  logstash:\n    enabled: true\n    prefix: \"logstash\"\n    prefixSeparator: \"-\"\n    dateformat: \"%Y.%m.%d\"\n  ilm:\n    enabled: false\n    policy_id: logstash-policy\n    policy: {}\n      # example for ilm policy config\n      # phases:\n      #   hot:\n      #     min_age: 0ms\n      #     actions:\n      #       rollover:\n      #         max_age: 30d\n      #         max_size: 20gb\n      #       set_priority:\n      #           priority: 100\n      #   delete:\n      #     min_age: 60d\n      #     actions:\n      #       delete:\n    policies: {}\n      # example for ilm policies config\n      # ilm_policy_id1: {}\n      # ilm_policy_id2: {}\n    policy_overwrite: false\n  path: \"\"\n  scheme: \"http\"\n  sslVerify: true\n  sslVersion: \"TLSv1_2\"\n  outputType: \"elasticsearch\"\n  typeName: \"_doc\"\n  logLevel: \"info\"\n  reconnectOnError: true\n  reloadOnFailure: false\n  reloadConnections: false\n  requestTimeout: \"5s\"\n  suppressTypeName: false\n  buffer:\n    enabled: true\n    type: \"file\"\n    path: \"/var/log/fluentd-buffers/kubernetes.system.buffer\"\n    flushMode: \"interval\"\n    retryType: \"exponential_backoff\"\n    flushThreadCount: 2\n    flushInterval: \"5s\"\n    retryForever: true\n    retryMaxInterval: 30\n    chunkLimitSize: \"2M\"\n    queueLimitLength: 8\n    overflowAction: \"block\"\n\n# If you want to change args of fluentd process\n# by example you can add -vv to launch with trace log\nfluentdArgs: \"--no-supervisor -q\"\n\n# If you want to add custom environment variables, use the env dict\n# You can then reference these in your config file e.g.:\n#     user \"#{ENV['OUTPUT_USER']}\"\nenv: {}\n  # OUTPUT_USER: my_user\n  # LIVENESS_THRESHOLD_SECONDS: 300\n  # STUCK_THRESHOLD_SECONDS: 900\n\n# If you want to add custom environment variables from secrets, use the secret list\nsecret: []\n# - name: ELASTICSEARCH_PASSWORD\n#   secret_name: elasticsearch\n#   secret_key: password\n\nrbac:\n  create: true\n\nserviceAccount:\n  # Specifies whether a ServiceAccount should be created\n  create: true\n  # The name of the ServiceAccount to use.\n  # If not set and create is true, a name is generated using the fullname template\n  name: \"\"\n  annotations: {}\n\n## Specify if a Pod Security Policy for node-exporter must be created\n## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/\n##\npodSecurityPolicy:\n  enabled: false\n  annotations: {}\n    ## Specify pod annotations\n    ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor\n    ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp\n    ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl\n    ##\n    # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'\n    # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'\n    # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'\n\nlivenessProbe:\n  enabled: true\n  initialDelaySeconds: 600\n  periodSeconds: 60\n  kind:\n    exec:\n      command:\n      # Liveness probe is aimed to help in situations where fluentd\n      # silently hangs for no apparent reasons until manual restart.\n      # The idea of this probe is that if fluentd is not queueing or\n      # flushing chunks for 5 minutes, something is not right. If\n      # you want to change the fluentd configuration, reducing amount of\n      # logs fluentd collects, consider changing the threshold or turning\n      # liveness probe off completely.\n      - '/bin/sh'\n      - '-c'\n      - >\n        LIVENESS_THRESHOLD_SECONDS=${LIVENESS_THRESHOLD_SECONDS:-300};\n        STUCK_THRESHOLD_SECONDS=${STUCK_THRESHOLD_SECONDS:-900};\n        if [ ! -e /var/log/fluentd-buffers ];\n        then\n          exit 1;\n        fi;\n        touch -d \"${STUCK_THRESHOLD_SECONDS} seconds ago\" /tmp/marker-stuck;\n        if [ -z \"$(find /var/log/fluentd-buffers -type d -newer /tmp/marker-stuck -print -quit)\" ];\n        then\n          rm -rf /var/log/fluentd-buffers;\n          exit 1;\n        fi;\n        touch -d \"${LIVENESS_THRESHOLD_SECONDS} seconds ago\" /tmp/marker-liveness;\n        if [ -z \"$(find /var/log/fluentd-buffers -type d -newer /tmp/marker-liveness -print -quit)\" ];\n        then\n          exit 1;\n        fi;\n\nannotations: {}\n\npodAnnotations: {}\n  # prometheus.io/scrape: \"true\"\n  # prometheus.io/port: \"24231\"\n\n## DaemonSet update strategy\n## Ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/\nupdateStrategy:\n  type: RollingUpdate\n\ntolerations: []\n  # - key: node-role.kubernetes.io/master\n  #   operator: Exists\n  #   effect: NoSchedule\n\naffinity: {}\n  # nodeAffinity:\n  #   requiredDuringSchedulingIgnoredDuringExecution:\n  #     nodeSelectorTerms:\n  #     - matchExpressions:\n  #       - key: node-role.kubernetes.io/master\n  #         operator: DoesNotExist\n\nnodeSelector: {}\n\nservice: {}\n  # ports:\n  #   - name: \"monitor-agent\"\n  #     type: ClusterIP\n  #     port: 24231\n\nserviceMonitor:\n  ## If true, a ServiceMonitor CRD is created for a prometheus operator\n  ## https://github.com/coreos/prometheus-operator\n  ##\n  enabled: false\n  interval: 10s\n  path: /metrics\n  port: 24231\n  labels: {}\n  metricRelabelings: []\n  relabelings: []\n  jobLabel: \"app.kubernetes.io/instance\"\n  type: ClusterIP\n\nserviceMetric:\n  ## If true, the metrics service will be created\n  ## Alternative to implicit creation through serviceMonitor.enabled\n  ##\n  enabled: false\n\nprometheusRule:\n  ## If true, a PrometheusRule CRD is created for a prometheus operator\n  ## https://github.com/coreos/prometheus-operator\n  ##\n  enabled: false\n  prometheusNamespace: monitoring\n  labels: {}\n  #  role: alert-rules\n\nconfigMaps:\n  useDefaults:\n    systemConf: true\n    containersInputConf: true\n    systemInputConf: true\n    forwardInputConf: true\n    monitoringConf: true\n    outputConf: true\n\n# can be used to add new config or overwrite the default configmaps completely after the configmaps default has been disabled above\nextraConfigMaps: {}\n  # system.conf: |-\n  #   <system>\n  #     root_dir /tmp/fluentd-buffers/\n  #   </system>\n\nextraVolumes: []\n#   - name: es-certs\n#     secret:\n#       defaultMode: 420\n#       secretName: es-certs\n\nextraVolumeMounts: []\n#   - name: es-certs\n#     mountPath: /certs\n#     readOnly: true\n"
  },
  {
    "path": "charts/gcp-serviceaccount-controller/Chart.yaml",
    "content": "apiVersion: v1\nappVersion: \"0.3.0\"\ndescription: A Helm chart for a Kubernetes Controller to create secrets for GCP Service Accounts\nname: gcp-serviceaccount-controller\nversion: 0.3.2\nhome: https://github.com/kiwigrid/gcp-serviceaccount-controller\nsources:\n- https://github.com/kiwigrid/gcp-serviceaccount-controller\nmaintainers:\n- name: rpahli\n  email: rico.pahlisch@kiwigrid.com\n"
  },
  {
    "path": "charts/gcp-serviceaccount-controller/README.md",
    "content": "# Gcp Service Account Controller\n\n- **Source:** https://github.com/kiwigrid/gcp-serviceaccount-controller\n\n[gcp-serviceaccount-controller](https://github.com/kiwigrid/gcp-serviceaccount-controller) The Gcp service account controller creates services accounts and handles the roles and the secrets for kubernetes.\n\n## Introduction\n\nThis chart creates a kubernetes controller deployment on a Kubernetes cluster using the Helm package manager.\n\nSee also the docs for [service account mangement](https://cloud.google.com/iam/docs/creating-managing-service-accounts)\nand [key management](https://cloud.google.com/iam/docs/creating-managing-service-account-keys).\n\n## Installing the Chart\n\nInstall from remote URL with the release name `gcp-account-controller` into namespace `infra`:\n\n```console\n$ helm upgrade -i gcp-account-controller kiwigrid/gcp-serviceaccount-controller --namespace infra \\\n    --set gcpCredentials=\"$(cat service-account.json | base64)\"\n```\n\n## Uninstalling the Chart\n\nTo uninstall/delete the `my-release-name` deployment:\n\n```console\n$ helm delete my-release-name --purge\n```\n\nThe command removes all the Kubernetes components associated with the chart and deletes the release.\n\n## Configuration\n\nThe following table lists the configurable parameters of the GCP serviceaccount chart and their default values.\n\n| Parameter                 | Description                              | Default                                                                                                                                       |\n| ------------------------- | -----------------------------------------| --------------------------------------------------------------------------------------------------------------------------------------------- |\n| `image.repository`        | gcp service account controller image     | `kiwigrid/gcp-serviceaccount-controller`                                                                                                      |\n| `image.tag`               | gcp service account controller image tag | `0.2.4`                                                                                                                                       |\n| `image.pullPolicy`        | Image pull policy                        | `IfNotPresent`                                                                                                                                |\n| `gcpCredentials`          | Service account key JSON file            | Should be provided and base64 encoded when installing the chart and no existing secret is used, in this case a new secret will be created holding this service account |\n| `existingSecret`          | Existing secret containing the service account key JSON file | null|\n| `existingSecretKey`       | The key to use within the existing secret            | \"credentials.json\" |\n| `disableRestrictionCheck` | Disables namespace restriction           | `false`                                                                                                                                       |\n| `resources`               | Resources                                | `{}`                                                                                                                                          |\n| `nodeSelector`            | NodeSelector                             | `{}`                                                                                                                                          |\n| `tolerations`             | Tolerations                              | `[]`                                                                                                                                          |\n| `affinity`                | Affinity                                 | `{}`                                                                                                                                          |\n\n\nSpecify each parameter using the `--set key=value[,key=value]` argument to `helm install`.\n\nAlternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,\n\n```console\n$ helm install --name my-release -f values.yaml kiwigrid/gcp-serviceaccount-controller\n```\n\n> **Tip**: You can use the default [values.yaml](values.yaml)\n"
  },
  {
    "path": "charts/gcp-serviceaccount-controller/templates/NOTES.txt",
    "content": "{{- if and (eq \"\" .Values.gcpCredentials) (not .Values.existingSecret)}}\nNo Service Account key or existing secret defined for this release. Please provide either a base64 encoded service account key or an existing secret containing one.\nBash:\n  $ gcloud iam service-accounts keys create ~/key.json --iam-account SA-NAME@PROJECT-ID.iam.gserviceaccount.com\n  $ base64 ~/key.json | tr -d '\\n'\n{{- else}}\n{{ .Chart.Name }} successfully installed as {{ .Release.Name }} in {{ .Release.Namespace }}\n{{- end}}\n"
  },
  {
    "path": "charts/gcp-serviceaccount-controller/templates/_helpers.tpl",
    "content": "{{/* vim: set filetype=mustache: */}}\n{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"gcp-serviceaccount-controller.name\" -}}\n{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCreate a default fully qualified app name.\nWe truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).\nIf release name contains chart name it will be used as a full name.\n*/}}\n{{- define \"gcp-serviceaccount-controller.fullname\" -}}\n{{- if .Values.fullnameOverride -}}\n{{- .Values.fullnameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- $name := default .Chart.Name .Values.nameOverride -}}\n{{- if contains $name .Release.Name -}}\n{{- .Release.Name | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- printf \"%s-%s\" .Release.Name $name | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n{{- end -}}\n{{- end -}}\n\n{{/*\nCreate chart name and version as used by the chart label.\n*/}}\n{{- define \"gcp-serviceaccount-controller.chart\" -}}\n{{- printf \"%s-%s\" .Chart.Name .Chart.Version | replace \"+\" \"_\" | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n"
  },
  {
    "path": "charts/gcp-serviceaccount-controller/templates/gcpnamespacerestriction_crd.yaml",
    "content": "apiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.2.5\n  creationTimestamp: null\n  name: gcpnamespacerestrictions.gcp.kiwigrid.com\n  labels:\t\n    app.kubernetes.io/name: {{ include \"gcp-serviceaccount-controller.name\" . }}\t\n    helm.sh/chart: {{ include \"gcp-serviceaccount-controller.chart\" . }}\t\n    app.kubernetes.io/instance: {{ .Release.Name }}\t\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  group: gcp.kiwigrid.com\n  names:\n    kind: GcpNamespaceRestriction\n    listKind: GcpNamespaceRestrictionList\n    plural: gcpnamespacerestrictions\n    singular: gcpnamespacerestriction\n  scope: Cluster\n  validation:\n    openAPIV3Schema:\n      description: GcpNamespaceRestriction is the Schema for the gcpnamespacerestrictions\n        API\n      properties:\n        apiVersion:\n          description: 'APIVersion defines the versioned schema of this representation\n            of an object. Servers should convert recognized schemas to the latest\n            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n          type: string\n        kind:\n          description: 'Kind is a string value representing the REST resource this\n            object represents. Servers may infer this from the endpoint the client\n            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n          type: string\n        metadata:\n          type: object\n        spec:\n          description: GcpNamespaceRestrictionSpec defines the desired state of GcpNamespaceRestriction\n          properties:\n            namespace:\n              type: string\n            regex:\n              type: boolean\n            restrictions:\n              items:\n                description: GcpRestrictionRoleBinding defines a restriction all string\n                  files can be regex\n                properties:\n                  resource:\n                    type: string\n                  roles:\n                    items:\n                      type: string\n                    type: array\n                required:\n                - resource\n                - roles\n                type: object\n              type: array\n          required:\n          - namespace\n          - regex\n          type: object\n        status:\n          description: GcpNamespaceRestrictionStatus defines the observed state of\n            GcpNamespaceRestriction\n          type: object\n      type: object\n  version: v1beta1\n  versions:\n  - name: v1beta1\n    served: true\n    storage: true\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []"
  },
  {
    "path": "charts/gcp-serviceaccount-controller/templates/gcpserviceaccount_crd.yaml",
    "content": "apiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n  annotations:\n    controller-gen.kubebuilder.io/version: v0.2.5\n  creationTimestamp: null\n  name: gcpserviceaccounts.gcp.kiwigrid.com\n  labels:\t\n    app.kubernetes.io/name: {{ include \"gcp-serviceaccount-controller.name\" . }}\t\n    helm.sh/chart: {{ include \"gcp-serviceaccount-controller.chart\" . }}\t\n    app.kubernetes.io/instance: {{ .Release.Name }}\t\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  group: gcp.kiwigrid.com\n  names:\n    kind: GcpServiceAccount\n    listKind: GcpServiceAccountList\n    plural: gcpserviceaccounts\n    singular: gcpserviceaccount\n  scope: Namespaced\n  validation:\n    openAPIV3Schema:\n      description: GcpServiceAccount is the Schema for the gcpserviceaccounts API\n      properties:\n        apiVersion:\n          description: 'APIVersion defines the versioned schema of this representation\n            of an object. Servers should convert recognized schemas to the latest\n            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n          type: string\n        kind:\n          description: 'Kind is a string value representing the REST resource this\n            object represents. Servers may infer this from the endpoint the client\n            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n          type: string\n        metadata:\n          type: object\n        spec:\n          description: GcpServiceAccountSpec defines the desired state of GcpServiceAccount\n          properties:\n            bindings:\n              items:\n                description: GcpRoleBindings defines the desired role bindings of\n                  GcpServiceAccount\n                properties:\n                  resource:\n                    type: string\n                  roles:\n                    items:\n                      type: string\n                    type: array\n                required:\n                - resource\n                - roles\n                type: object\n              type: array\n            secretKey:\n              type: string\n            secretName:\n              type: string\n            serviceAccountDescription:\n              type: string\n            serviceAccountIdentifier:\n              type: string\n          required:\n          - bindings\n          - secretName\n          - serviceAccountIdentifier\n          type: object\n        status:\n          description: GcpServiceAccountStatus defines the observed state of GcpServiceAccount\n          properties:\n            appliedBindings:\n              items:\n                description: GcpRoleBindings defines the desired role bindings of\n                  GcpServiceAccount\n                properties:\n                  resource:\n                    type: string\n                  roles:\n                    items:\n                      type: string\n                    type: array\n                required:\n                - resource\n                - roles\n                type: object\n              type: array\n            credentialKey:\n              type: string\n            serviceAccountMail:\n              type: string\n            serviceAccountPath:\n              type: string\n          type: object\n      type: object\n  version: v1beta1\n  versions:\n  - name: v1beta1\n    served: true\n    storage: true\nstatus:\n  acceptedNames:\n    kind: \"\"\n    plural: \"\"\n  conditions: []\n  storedVersions: []"
  },
  {
    "path": "charts/gcp-serviceaccount-controller/templates/rbac_role.yaml",
    "content": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n  labels:\n    app.kubernetes.io/name: {{ include \"gcp-serviceaccount-controller.name\" . }}\n    helm.sh/chart: {{ include \"gcp-serviceaccount-controller.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\n  name: manager-role\nrules:\n- apiGroups:\n  - apps\n  resources:\n  - secrets\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete\n- apiGroups:\n  - gcp.kiwigrid.com\n  resources:\n  - gcpserviceaccounts\n  - gcpnamespacerestrictions\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete\n- apiGroups:\n  - admissionregistration.k8s.io\n  resources:\n  - mutatingwebhookconfigurations\n  - validatingwebhookconfigurations\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete\n- apiGroups:\n  - \"\"\n  resources:\n  - secrets\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete\n- apiGroups:\n  - \"\"\n  resources:\n  - services\n  verbs:\n  - get\n  - list\n  - watch\n  - create\n  - update\n  - patch\n  - delete\n"
  },
  {
    "path": "charts/gcp-serviceaccount-controller/templates/rbac_role_binding.yaml",
    "content": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  name: manager-rolebinding\n  labels:\n    app.kubernetes.io/name: {{ include \"gcp-serviceaccount-controller.name\" . }}\n    helm.sh/chart: {{ include \"gcp-serviceaccount-controller.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: manager-role\nsubjects:\n- kind: ServiceAccount\n  name: default\n  namespace: {{ .Release.Namespace }}\n"
  },
  {
    "path": "charts/gcp-serviceaccount-controller/templates/secret.yaml",
    "content": "{{- if not .Values.existingSecret }}\napiVersion: v1\nkind: Secret\nmetadata:\n  name: {{ include \"gcp-serviceaccount-controller.fullname\" . }}\n  labels:\n    app.kubernetes.io/name: {{ include \"gcp-serviceaccount-controller.name\" . }}\n    helm.sh/chart: {{ include \"gcp-serviceaccount-controller.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}    \ndata:\n  credentials.json: \"{{ .Values.gcpCredentials }}\"\n{{- end -}}"
  },
  {
    "path": "charts/gcp-serviceaccount-controller/templates/service.yaml",
    "content": "apiVersion: v1\nkind: Service\nmetadata:\n  name: {{ include \"gcp-serviceaccount-controller.fullname\" . }}\n  labels:\n    app.kubernetes.io/name: {{ include \"gcp-serviceaccount-controller.name\" . }}\n    helm.sh/chart: {{ include \"gcp-serviceaccount-controller.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  type: {{ .Values.service.type }}\n  ports:\n  - port: {{ .Values.service.port }}\n    targetPort: http\n    protocol: TCP\n    name: http\n  selector:\n    app.kubernetes.io/name: {{ include \"gcp-serviceaccount-controller.name\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n"
  },
  {
    "path": "charts/gcp-serviceaccount-controller/templates/stateful_set.yaml",
    "content": "apiVersion: apps/v1\nkind: StatefulSet\nmetadata:\n  name: {{ include \"gcp-serviceaccount-controller.fullname\" . }}\n  labels:\n    app.kubernetes.io/name: {{ include \"gcp-serviceaccount-controller.name\" . }}\n    helm.sh/chart: {{ include \"gcp-serviceaccount-controller.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"gcp-serviceaccount-controller.name\" . }}\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  serviceName: controller-manager-service\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"gcp-serviceaccount-controller.name\" . }}\n        app.kubernetes.io/instance: {{ .Release.Name }}\n    spec:\n      containers:\n      - name: {{ .Chart.Name }}\n        image: \"{{ .Values.image.repository }}:{{ .Values.image.tag }}\"\n        imagePullPolicy: {{ .Values.image.pullPolicy }}\n        env:\n        - name: POD_NAMESPACE\n          valueFrom:\n            fieldRef:\n              fieldPath: metadata.namespace\n        - name: SECRET_NAME\n          value: $(WEBHOOK_SECRET_NAME)\n        - name: GOOGLE_APPLICATION_CREDENTIALS\n          value: /var/secrets/credentials.json\n{{- if .Values.disableRestrictionCheck }}\n        - name: DISABLE_RESTRICTION_CHECK\n          value: \"true\"\n{{- end }}\n        ports:\n        - containerPort: 9876\n          name: webhook-server\n          protocol: TCP\n        volumeMounts:\n        - name: secrets\n          readOnly: true\n        {{- if not .Values.existingSecret }}\n          mountPath: /var/secrets\n        {{- else }}\n          mountPath: /var/secrets/{{ .Values.existingSecretKey }}\n          subPath: {{ .Values.existingSecretKey }}\n        {{- end }}\n        resources:\n{{ toYaml .Values.resources | indent 10 }}\n    {{- with .Values.nodeSelector }}\n      nodeSelector:\n{{ toYaml . | indent 8 }}\n    {{- end }}\n    {{- with .Values.affinity }}\n      affinity:\n{{ toYaml . | indent 8 }}\n    {{- end }}\n    {{- with .Values.tolerations }}\n      tolerations:\n{{ toYaml . | indent 8 }}\n  {{- end }}\n      terminationGracePeriodSeconds: 10\n      volumes:\n      - name: secrets\n        secret:\n          defaultMode: 420\n          {{- if not .Values.existingSecret }}\n          secretName: {{ include \"gcp-serviceaccount-controller.fullname\" . }}\n          {{- else }}\n          secretName: {{ .Values.existingSecret }}\n          {{- end }}"
  },
  {
    "path": "charts/gcp-serviceaccount-controller/values.yaml",
    "content": "image:\n  repository: kiwigrid/gcp-serviceaccount-controller\n  tag: 0.3.0\n  pullPolicy: IfNotPresent\n\nnameOverride: \"\"\nfullnameOverride: \"\"\n\ngcpCredentials: \"\"\n\n# Use a pre-existing secret (ignores gcpCredentials)\n# existingSecret:\n# The key to use within the existing secret\nexistingSecretKey: \"credentials.json\"\n\ndisableRestrictionCheck: false\nservice:\n  type: ClusterIP\n  port: 80\n\nresources: {}\n#  limits:\n#    cpu: 100m\n#    memory: 30Mi\n#  requests:\n#    cpu: 100m\n#    memory: 20Mi\n\nnodeSelector: {}\n\ntolerations: []\n\naffinity: {}\n"
  },
  {
    "path": "charts/grafana-dashboards/.helmignore",
    "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*.orig\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n.vscode/\n"
  },
  {
    "path": "charts/grafana-dashboards/Chart.yaml",
    "content": "apiVersion: v1\nname: grafana-dashboards\ndescription: A Helm chart to import Grafana Dashboards\nversion: 0.2.0\nicon: https://grafana.com/blog/assets/img/blog/timeshift/grafana_release_icon.png\nhome: https://github.com/kiwigrid/helm-charts\nsources:\n  - https://github.com/kiwigrid/helm-charts/tree/master/charts/grafana-dashboards\nmaintainers:\n- name: monotek\n  email: andre.bauer@kiwigrid.com\n"
  },
  {
    "path": "charts/grafana-dashboards/README.md",
    "content": "# grafana-dashboards\n\nThis charts will convert all Grafana dashboards saved as json file in the dashboards directory to a Kubernetes configmap, which can be consumed AUTOMATICALLY by the Grafana dashboard import sidecar.\n\nSee: <https://github.com/helm/charts/tree/master/stable/grafana#sidecar-for-dashboards>\n\n| Parameter                  | Description                                                          | Default |\n|----------------------------|----------------------------------------------------------------------|---------|\n| `labels.grafana_dashboard` | set grafana_dashboard label                                          | `\"1\"`   |\n| `importFromValue`          | import dashboard form value string instead from dashboards directory | `{}`    |\n"
  },
  {
    "path": "charts/grafana-dashboards/dashboards/grafana-dummy-dashboard.json",
    "content": "{\n    \"annotations\": {\n      \"list\": [\n        {\n          \"builtIn\": 1,\n          \"datasource\": \"-- Grafana --\",\n          \"enable\": true,\n          \"hide\": true,\n          \"iconColor\": \"rgba(0, 211, 255, 1)\",\n          \"name\": \"Annotations & Alerts\",\n          \"type\": \"dashboard\"\n        }\n      ]\n    },\n    \"editable\": true,\n    \"gnetId\": null,\n    \"graphTooltip\": 0,\n    \"id\": 15,\n    \"links\": [],\n    \"panels\": [\n      {\n        \"aliasColors\": {},\n        \"bars\": false,\n        \"dashLength\": 10,\n        \"dashes\": false,\n        \"datasource\": \"-- Grafana --\",\n        \"fieldConfig\": {\n          \"defaults\": {\n            \"custom\": {}\n          },\n          \"overrides\": []\n        },\n        \"fill\": 1,\n        \"fillGradient\": 0,\n        \"gridPos\": {\n          \"h\": 19,\n          \"w\": 24,\n          \"x\": 0,\n          \"y\": 0\n        },\n        \"hiddenSeries\": false,\n        \"id\": 2,\n        \"legend\": {\n          \"avg\": false,\n          \"current\": false,\n          \"max\": false,\n          \"min\": false,\n          \"show\": true,\n          \"total\": false,\n          \"values\": false\n        },\n        \"lines\": true,\n        \"linewidth\": 1,\n        \"nullPointMode\": \"null\",\n        \"options\": {\n          \"dataLinks\": []\n        },\n        \"percentage\": false,\n        \"pointradius\": 2,\n        \"points\": false,\n        \"renderer\": \"flot\",\n        \"seriesOverrides\": [],\n        \"spaceLength\": 10,\n        \"stack\": false,\n        \"steppedLine\": false,\n        \"thresholds\": [],\n        \"timeFrom\": null,\n        \"timeRegions\": [],\n        \"timeShift\": null,\n        \"title\": \"Grafana Fake Data\",\n        \"tooltip\": {\n          \"shared\": true,\n          \"sort\": 0,\n          \"value_type\": \"individual\"\n        },\n        \"type\": \"graph\",\n        \"xaxis\": {\n          \"buckets\": null,\n          \"mode\": \"time\",\n          \"name\": null,\n          \"show\": true,\n          \"values\": []\n        },\n        \"yaxes\": [\n          {\n            \"format\": \"short\",\n            \"label\": null,\n            \"logBase\": 1,\n            \"max\": null,\n            \"min\": null,\n            \"show\": true\n          },\n          {\n            \"format\": \"short\",\n            \"label\": null,\n            \"logBase\": 1,\n            \"max\": null,\n            \"min\": null,\n            \"show\": true\n          }\n        ],\n        \"yaxis\": {\n          \"align\": false,\n          \"alignLevel\": null\n        }\n      }\n    ],\n    \"schemaVersion\": 25,\n    \"style\": \"dark\",\n    \"tags\": [],\n    \"templating\": {\n      \"list\": []\n    },\n    \"time\": {\n      \"from\": \"now-6h\",\n      \"to\": \"now\"\n    },\n    \"timepicker\": {\n      \"refresh_intervals\": [\n        \"10s\",\n        \"30s\",\n        \"1m\",\n        \"5m\",\n        \"15m\",\n        \"30m\",\n        \"1h\",\n        \"2h\",\n        \"1d\"\n      ]\n    },\n    \"timezone\": \"\",\n    \"title\": \"Grafana dummy dashboard\",\n    \"uid\": \"UlxCrx4Gk\",\n    \"version\": 2\n  }"
  },
  {
    "path": "charts/grafana-dashboards/templates/NOTES.txt",
    "content": "Following dahsboards will be imported to Grafana (if sidecar import enabled):\n\n{{- $root := . }}\n{{ range $path, $bytes := .Files.Glob \"dashboards/**.json\" }}\n* {{ $path | replace \"dashboards/\" \"\"}}\n{{- end }}\n"
  },
  {
    "path": "charts/grafana-dashboards/templates/_helpers.tpl",
    "content": "{{/* vim: set filetype=mustache: */}}\n{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"grafana-dashboards.name\" -}}\n{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix \"-\" }}\n{{- end }}\n\n{{/*\nCreate a default fully qualified app name.\nWe truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).\nIf release name contains chart name it will be used as a full name.\n*/}}\n{{- define \"grafana-dashboards.fullname\" -}}\n{{- if .Values.fullnameOverride }}\n{{- .Values.fullnameOverride | trunc 63 | trimSuffix \"-\" }}\n{{- else }}\n{{- $name := default .Chart.Name .Values.nameOverride }}\n{{- if contains $name .Release.Name }}\n{{- .Release.Name | trunc 63 | trimSuffix \"-\" }}\n{{- else }}\n{{- printf \"%s-%s\" .Release.Name $name | trunc 63 | trimSuffix \"-\" }}\n{{- end }}\n{{- end }}\n{{- end }}\n\n{{/*\nCreate chart name and version as used by the chart label.\n*/}}\n{{- define \"grafana-dashboards.chart\" -}}\n{{- printf \"%s-%s\" .Chart.Name .Chart.Version | replace \"+\" \"_\" | trunc 63 | trimSuffix \"-\" }}\n{{- end }}\n\n{{/*\nCommon labels\n*/}}\n{{- define \"grafana-dashboards.labels\" -}}\nhelm.sh/chart: {{ include \"grafana-dashboards.chart\" . }}\n{{ include \"grafana-dashboards.selectorLabels\" . }}\n{{- if .Chart.AppVersion }}\napp.kubernetes.io/version: {{ .Chart.AppVersion | quote }}\n{{- end }}\napp.kubernetes.io/managed-by: {{ .Release.Service }}\n{{- end }}\n\n{{/*\nSelector labels\n*/}}\n{{- define \"grafana-dashboards.selectorLabels\" -}}\napp.kubernetes.io/name: {{ include \"grafana-dashboards.name\" . }}\napp.kubernetes.io/instance: {{ .Release.Name }}\n{{- end }}\n\n"
  },
  {
    "path": "charts/grafana-dashboards/templates/configmap.yaml",
    "content": "{{ $root := . }}\n{{ range $path, $_ :=  .Files.Glob  \"dashboards/**.json\" }}\n{{- with $root }}\napiVersion: v1\nkind: ConfigMap\nmetadata:\n  name: {{ $path | replace \"dashboards/\" \"\" | replace \".json\" \"\" }}\n  labels:\n    {{- include \"grafana-dashboards.labels\" . | nindent 4 }}\n{{ toYaml $.Values.labels | indent 4 }}\ndata:\n  {{ $path | replace \"dashboards/\" \"\"}}: |-\n{{ .Files.Get $path | indent 4 }}\n---\n{{- end -}}\n{{- end -}}\n{{- range $key, $value := .Values.importFromValue }}\napiVersion: v1\nkind: ConfigMap\nmetadata:\n  name: {{ $key }}\n  labels:\n    {{- include \"grafana-dashboards.labels\" $ | nindent 4 }}\n{{ toYaml $.Values.labels | indent 4 }}\ndata:\n  {{ $key }}.json: |-\n    {{ $value }}\n---\n{{- end }}\n\n"
  },
  {
    "path": "charts/grafana-dashboards/values.yaml",
    "content": "## labels to be added to the config maps\nlabels:\n  ## grafana_dashboard Enables dashboard import via Grafana sidecar\n  ## ref: https://github.com/helm/charts/tree/master/stable/grafana#sidecar-for-dashboards\n  grafana_dashboard: \"1\"\n\nimportFromValue:\n  # dashboardName: |-\n  #   {\n  #     dashboard json\n  #   }\n"
  },
  {
    "path": "charts/graphite/.helmignore",
    "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n"
  },
  {
    "path": "charts/graphite/Chart.yaml",
    "content": "apiVersion: v2\nversion: 2.0.0\nappVersion: \"1.1.10-3\"\ndescription: Graphite metrics server\nname: graphite\nhome: https://graphiteapp.org/\nkeywords:\n- metrics\nsources:\n- https://github.com/graphite-project\n- https://github.com/graphite-project/docker-graphite-statsd\nmaintainers:\n- name: fabian-schlegel\n  email: fabian.schlegel@kiwigrid.com\n- name: monotek\n  email: andre.bauer@kiwigrid.com\nicon: https://graphiteapp.org/img/graphite-logo_color.png\n"
  },
  {
    "path": "charts/graphite/OWNERS",
    "content": "approvers:\n- fabian-schlegel\n- monotek\nreviewers:\n- fabian-schlegel\n- monotek\n"
  },
  {
    "path": "charts/graphite/README.md",
    "content": "# Graphite\n\n[Graphite](https://graphiteapp.org/) is a monitoring tool.\n\n## Introduction\n\nThis chart uses graphiteapp/graphite-statsd container to run Graphite inside Kubernetes.\n\n## Prerequisites\n\n- Has been tested on Kubernetes 1.9+\n\n## Installing the Chart\n\nTo install the chart with the release name `graphite`, run the following command:\n\n```bash\n$ helm install kiwigrid/graphite --name graphite\n```\n\n## Uninstalling the Chart\n\nTo uninstall/delete the `graphite` deployment:\n\n```bash\n$ helm delete graphite\n```\n\nThe command removes all the Kubernetes components associated with the chart and deletes the release.\n\n> **Tip**: To completely remove the release, run `helm delete --purge graphite`\n\n## Configuration\n\nThe following table lists the configurable parameters of the Graphite chart and their default values.\n\n|             Parameter          |            Description                       |                  Default               |\n|--------------------------------|----------------------------------------------|----------------------------------------|\n| `image.repository`             | Docker image repo                            | `graphiteapp/graphite-statsd`          |\n| `image.tag`                    | Docker image                                 | `1.1.5-4`                                |\n| `image.pullPolicy`             | Docker image pull policy                     | `IfNotPresent`                         |\n| `service.type`                 | Service type                                 | `ClusterIP`                            |\n| `service.port`                 | Service port of Graphite UI                  | `8080`                                 |\n| `service.annotations`          | Service annotations                          | `{}`                                   |\n| `service.labels`               | Service labels                               | `{}`                                   |\n| `persistence.enabled`          | Enable config persistence using PVC          | `true`                                 |\n| `persistence.storageClass`     | PVC Storage Class for config volume          | `nil`                                  |\n| `persistence.existingClaim`    | Name of an existing PVC to use for config    | `nil`                                  |\n| `persistence.accessMode`       | PVC Access Mode for config volume            | `ReadWriteOnce`                        |\n| `persistence.size`             | PVC Storage Request for config volume        | `10Gi`                                 |\n| `resources`                    | Resource limits for Graphite pod             | `{}`                                   |\n| `ingress.enabled`              | Ingress enabled                              | `false`                                |\n| `ingress.annotations`          | Ingress annotations                          | `{}`                                   |\n| `ingress.path`                 | Ingress path                                 | `/`                                    |\n| `ingress.hosts`                | Ingress hosts                                | `[]`                                   |\n| `ingress.tls`                  | Ingress TLS                                  | `[]`                                   |\n| `resources`                    | Resources                                    | `{}`                                   |\n| `nodeSelector`                 | NodeSelector                                 | `{}`                                   |\n| `tolerations`                  | Tolerations                                  | `[]`                                   |\n| `affinity`                     | Affinity                                     | `{}`                                   |\n| `env`                          | Environment Values Passed to Pod             | `{}`                                   |\n| `timeZone`                     | Timezone                                     | `Etc/UTC`                              |\n| `initContainers`               | Init Containers                              | `[]`                                   |\n| `configMaps`                   | Graphite Config files                        | see values.yaml                        |\n| `statsdConfigMaps`             | StatsD Config files                          | see values.yaml                        |\n| `statsd.interface`             | StatsD server interface, `TCP` or `UDP`      | `UDP`                                  |\n| `configMaps`                   | Graphite Config files                        | see values.yaml                        |\n| `statsdConfigMaps`             | StatsD Config files                          | see values.yaml                        |\n| `statsd.interface`             | StatsD server interface, `TCP` or `UDP`      | `UDP`                                  |\n| `serviceAccount.accountName`   | Define the service account name              | `graphite`                             |\n| `serviceAccount.enabled`| Enable service account (Note: Service Account will only be automatically created if `serviceAccount.create` is not set.  |`false`|\n| `serviceAccount.create`| create service account with the template |`false`|\n| `rbac.create`| Enable RBAC rules |`false`|\n| `psp.create`| Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1. |\n\nSpecify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example:\n\n```bash\n$ helm install --name graphite --set ingress.enabled=false kiwigrid/graphite\n```\n\nAlternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart.\n\n### Storage persistence\n\nGraphite itself is a stateful application that stores all related data in its own database. Therefore it uses a PVC to store data.\n\n### Help\n\nFor more information about Graphite visit the official [website](https://graphiteapp.org/) and the [docs](http://graphite.readthedocs.io/en/latest/).\n\nTo find infos about the Docker container visit [Github](https://github.com/graphite-project/docker-graphite-statsd) or [Dockerhub](https://hub.docker.com/r/graphiteapp/graphite-statsd/).\n"
  },
  {
    "path": "charts/graphite/templates/NOTES.txt",
    "content": "1. Get the application URL by running these commands:\n{{- if .Values.ingress.enabled }}\n{{- range .Values.ingress.hosts }}\n  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}\n{{- end }}\n{{- else if contains \"NodePort\" .Values.service.type }}\n  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath=\"{.spec.ports[0].nodePort}\" services {{ template \"graphite.fullname\" . }})\n  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath=\"{.items[0].status.addresses[0].address}\")\n  echo http://$NODE_IP:$NODE_PORT\n{{- else if contains \"LoadBalancer\" .Values.service.type }}\n     NOTE: It may take a few minutes for the LoadBalancer IP to be available.\n           You can watch the status of by running 'kubectl get svc -w {{ template \"graphite.fullname\" . }}'\n  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template \"graphite.fullname\" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')\n  echo http://$SERVICE_IP:{{ .Values.service.port }}\n{{- else if contains \"ClusterIP\" .Values.service.type }}\n  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l \"app.kubernetes.io/name={{ include \"graphite.name\" . }},app.kubernetes.io/instance={{ .Release.Name }}\" -o jsonpath=\"{.items[0].metadata.name}\")\n  echo \"Visit http://127.0.0.1:8080 to use your application\"\n  kubectl port-forward $POD_NAME 8080:80\n{{- end }}\n"
  },
  {
    "path": "charts/graphite/templates/_helpers.tpl",
    "content": "{{/* vim: set filetype=mustache: */}}\n{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"graphite.name\" -}}\n{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCreate a default fully qualified app name.\nWe truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).\nIf release name contains chart name it will be used as a full name.\n*/}}\n{{- define \"graphite.fullname\" -}}\n{{- if .Values.fullnameOverride -}}\n{{- .Values.fullnameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- $name := default .Chart.Name .Values.nameOverride -}}\n{{- if contains $name .Release.Name -}}\n{{- .Release.Name | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- printf \"%s-%s\" .Release.Name $name | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n{{- end -}}\n{{- end -}}\n\n{{/*\nCreate chart name and version as used by the chart label.\n*/}}\n{{- define \"graphite.chart\" -}}\n{{- printf \"%s-%s\" .Chart.Name .Chart.Version | replace \"+\" \"_\" | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nDefine the service Account name\n*/}}\n{{- define \"graphite.serviceAccount.name\" -}}\n{{ default \"graphite\" .Values.serviceAccount.accountName }}\n{{- end -}}"
  },
  {
    "path": "charts/graphite/templates/configmap-statsd.yaml",
    "content": "apiVersion: v1\nkind: ConfigMap\nmetadata:\n  name: {{ template \"graphite.fullname\" . }}-statsd-configmap\n  labels:\n    app.kubernetes.io/name: {{ include \"graphite.name\" . }}\n    helm.sh/chart: {{ include \"graphite.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\ndata:\n{{- range $key, $value := .Values.statsdConfigMaps }}\n  {{ $key }}: |-\n{{ $value | indent 4 }}\n{{- end }}\n"
  },
  {
    "path": "charts/graphite/templates/configmap.yaml",
    "content": "apiVersion: v1\nkind: ConfigMap\nmetadata:\n  name: {{ template \"graphite.fullname\" . }}-configmap\n  labels:\n    app: {{ template \"graphite.name\" . }}\n    chart: {{ template \"graphite.chart\" . }}\n    release: {{ .Release.Name }}\n    heritage: {{ .Release.Service }}\ndata:\n{{- range $key, $value := .Values.configMaps }}\n  {{ $key }}: |-\n{{ $value | indent 4 }}\n{{- end }}\n"
  },
  {
    "path": "charts/graphite/templates/ingress.yaml",
    "content": "{{- if .Values.ingress.enabled -}}\n{{- $fullName := include \"graphite.fullname\" . -}}\n{{- $ingressPath := .Values.ingress.path -}}\napiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n  name: {{ $fullName }}\n  labels:\n    app.kubernetes.io/name: {{ include \"graphite.name\" . }}\n    helm.sh/chart: {{ include \"graphite.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\n{{- with .Values.ingress.annotations }}\n  annotations:\n{{ toYaml . | indent 4 }}\n{{- end }}\nspec:\n{{- if .Values.ingress.tls }}\n  tls:\n  {{- range .Values.ingress.tls }}\n    - hosts:\n      {{- range .hosts }}\n        - {{ . }}\n      {{- end }}\n      secretName: {{ .secretName }}\n  {{- end }}\n{{- end }}\n  rules:\n  {{- range .Values.ingress.hosts }}\n    - host: {{ . }}\n      http:\n        paths:\n          - path: {{ $ingressPath }}\n            pathType: Prefix\n            backend:\n              service:\n                name: {{ $fullName }}\n                port:\n                  number: {{ $.Values.service.port }}\n  {{- end }}\n{{- end }}\n"
  },
  {
    "path": "charts/graphite/templates/pvc.yaml",
    "content": "{{- if .Values.persistence.enabled -}}\n{{- if not .Values.persistence.existingClaim -}}\nkind: PersistentVolumeClaim\napiVersion: v1\nmetadata:\n  name: {{ template \"graphite.fullname\" . }}-pvc\n  labels:\n    app.kubernetes.io/name: {{ include \"graphite.name\" . }}\n    helm.sh/chart: {{ include \"graphite.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  accessModes:\n    - {{ .Values.persistence.accessMode | quote }}\n  resources:\n    requests:\n      storage: {{ .Values.persistence.size | quote }}\n{{- if .Values.persistence.storageClass }}\n{{- if (eq \"-\" .Values.persistence.storageClass) }}\n  storageClassName: \"\"\n{{- else }}\n  storageClassName: \"{{ .Values.persistence.storageClass }}\"\n{{- end }}\n{{- end }}\n{{- end }}\n{{- end -}}\n"
  },
  {
    "path": "charts/graphite/templates/role.yaml",
    "content": "---\n{{- if .Values.rbac.create }}\nkind: Role\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n  name: {{ include \"graphite.serviceAccount.name\" . }}-role\n  namespace: {{ .Release.Namespace }}\n  labels:\n    app.kubernetes.io/name: {{ include \"graphite.name\" . }}\n    helm.sh/chart: {{ include \"graphite.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nrules:\n  {{- if .Values.psp.create }}\n  - apiGroups: [\"extensions\"]\n    resources: [\"podsecuritypolicies\"]\n    verbs: [\"use\"]\n    resourceNames:\n      - pks-privileged\n  {{- end }}\n{{- end }}"
  },
  {
    "path": "charts/graphite/templates/rolebinding.yaml",
    "content": "---\n{{- if .Values.rbac.create }}\nkind: RoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n  name: {{ include \"graphite.serviceAccount.name\" . }}-rb\n  namespace: {{ .Release.Namespace }}\n  labels:\n    app.kubernetes.io/name: {{ include \"graphite.name\" . }}\n    helm.sh/chart: {{ include \"graphite.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: Role\n  name: {{ default \"graphite\" .Values.serviceAccount.accountName }}-role\nsubjects:\n  - kind: ServiceAccount\n    name: {{ default \"graphite\" .Values.serviceAccount.accountName }}\n    namespace: {{ .Release.Namespace }}\n{{- end }}"
  },
  {
    "path": "charts/graphite/templates/service.yaml",
    "content": "apiVersion: v1\nkind: Service\nmetadata:\n  name: {{ template \"graphite.fullname\" . }}\n  labels:\n    app.kubernetes.io/name: {{ include \"graphite.name\" . }}\n    helm.sh/chart: {{ include \"graphite.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\n{{- if .Values.service.labels }}\n{{ toYaml .Values.service.labels | indent 4 }}\n{{- end }}\n{{- with .Values.service.annotations }}\n  annotations:\n{{ toYaml . | indent 4 }}\n{{- end }}\nspec:\n  type: {{ .Values.service.type }}\n  ports:\n    - name: graphite-pickle\n      port: 2004\n      protocol: TCP\n    - name: graphite-plain\n      port: 2003\n      protocol: TCP\n    - name: graphite-udp\n      port: 2003\n      protocol: UDP\n    - name: graphite-gui\n      port: {{ .Values.service.port }}\n      protocol: TCP\n    - name: aggregate-plain\n      port: 2023\n      protocol: TCP\n    - name: aggregate-pickl\n      port: 2024\n      protocol: TCP\n    - name: statsd\n      port: 8125\n      protocol: {{ .Values.statsd.interface }}\n    - name: statsd-admin\n      port: 8126\n      protocol: TCP\n  selector:\n    app.kubernetes.io/name: {{ include \"graphite.name\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n"
  },
  {
    "path": "charts/graphite/templates/serviceaccount.yaml",
    "content": "{{- if and (.Values.serviceAccount.enabled) (.Values.serviceAccount.create) }}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: {{ include \"graphite.serviceAccount.name\" . }}\n  namespace: {{ .Release.Namespace }}\n  labels:\n    app.kubernetes.io/name: {{ include \"graphite.name\" . }}\n    helm.sh/chart: {{ include \"graphite.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\n{{- end }}\n"
  },
  {
    "path": "charts/graphite/templates/statefulset.yaml",
    "content": "apiVersion: apps/v1\nkind: StatefulSet\nmetadata:\n  name: {{ template \"graphite.fullname\" . }}\n  labels:\n    app.kubernetes.io/name: {{ include \"graphite.name\" . }}\n    helm.sh/chart: {{ include \"graphite.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  updateStrategy:\n    type: RollingUpdate\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"graphite.name\" . }}\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  serviceName: {{ template \"graphite.name\" . }}\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"graphite.name\" . }}\n        app.kubernetes.io/instance: {{ .Release.Name }}\n    spec:\n{{- if .Values.serviceAccount.enabled }}\n      serviceAccountName: {{ include \"graphite.serviceAccount.name\" . }}\n{{- end }}\n{{- if .Values.initContainers }}\n      initContainers:\n{{ toYaml .Values.initContainers | indent 8 }}\n{{- end }}\n      containers:\n      - image: {{ .Values.image.repository }}:{{ .Values.image.tag }}\n        name: {{ .Chart.Name }}\n        ports:\n        - name: graphite-gui\n          containerPort: {{ .Values.service.port }}\n        - name: graphite-plain\n          containerPort: 2003\n        - name: graphite-udp\n          containerPort: 2003\n          protocol: UDP\n        - name: graphite-pickle\n          containerPort: 2004\n        - name: aggregate-plain\n          containerPort: 2023\n        - name: aggregate-pickl\n          containerPort: 2024\n        - name: statsd\n          protocol: {{ .Values.statsd.interface }}\n          containerPort: 8125\n        - name: statsd-admin\n          containerPort: 8126\n        env:\n        - name: \"STATSD_INTERFACE\"\n          value: {{ .Values.statsd.interface | lower }}\n        - name: \"GRAPHITE_TIME_ZONE\"\n          value: {{ .Values.timeZone }}\n        {{- if .Values.env }}\n        {{- range $key, $value := .Values.env }}\n        - name: {{ $value.name }}\n          value: {{ $value.value | quote }}\n        {{- end }}\n        {{- end }}\n        livenessProbe:\n          httpGet:\n            path: /\n            port: graphite-gui\n        readinessProbe:\n          httpGet:\n            path: /\n            port: graphite-gui\n        resources:\n{{ toYaml .Values.resources | indent 10 }}\n        volumeMounts:\n          - name: {{ template \"graphite.fullname\" . }}-configmap\n            mountPath: /opt/graphite/conf/\n          - name: {{ template \"graphite.fullname\" . }}-statsd-configmap\n            subPath: config_tcp.js\n            mountPath: /opt/statsd/config/tcp.js\n          - name: {{ template \"graphite.fullname\" . }}-statsd-configmap\n            subPath: config_udp.js\n            mountPath: /opt/statsd/config/udp.js\n          - name: {{ template \"graphite.fullname\" . }}-pvc\n            mountPath: /opt/graphite/storage/\n      volumes:\n        - name: {{ template \"graphite.fullname\" . }}-configmap\n          configMap:\n            name: {{ template \"graphite.fullname\" . }}-configmap\n        - name: {{ template \"graphite.fullname\" . }}-statsd-configmap\n          configMap:\n            name: {{ template \"graphite.fullname\" . }}-statsd-configmap\n        - name: {{ template \"graphite.fullname\" . }}-pvc\n{{- if .Values.persistence.enabled }}\n          persistentVolumeClaim:\n            claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template \"graphite.fullname\" . }}-pvc{{- end }}\n{{- else }}\n          emptyDir: {}\n{{- end }}\n    {{- with .Values.nodeSelector }}\n      nodeSelector:\n{{ toYaml . | indent 8 }}\n    {{- end }}\n    {{- with .Values.affinity }}\n      affinity:\n{{ toYaml . | indent 8 }}\n    {{- end }}\n    {{- with .Values.tolerations }}\n      tolerations:\n{{ toYaml . | indent 8 }}\n    {{- end }}\n"
  },
  {
    "path": "charts/graphite/values.yaml",
    "content": "# Default values for graphite.\n\nimage:\n  repository: graphiteapp/graphite-statsd\n  tag: 1.1.7-6\n  pullPolicy: IfNotPresent\n\nservice:\n  type: ClusterIP\n  port: 8080\n  annotations: {}\n  labels: {}\n\ningress:\n  enabled: false\n  annotations: {}\n    # kubernetes.io/ingress.class: nginx\n    # kubernetes.io/tls-acme: \"true\"\n  path: /\n  hosts:\n    - chart-example.local\n  tls: []\n  #  - secretName: chart-example-tls\n  #    hosts:\n  #      - chart-example.local\n\nenv: {}\n# - name: example-name\n#   value: example-value\n\npersistence:\n  ## Enable storage persistence using Persistent Volume Claims.\n  ##\n  enabled: true\n  ## Persistent Volume Storage Class\n  ## If defined, storageClassName: <storageClass>\n  ## If set to \"-\", storageClassName: \"\", which disables dynamic provisioning\n  ## If undefined (the default) or set to null, no storageClassName spec is\n  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on\n  ##   GKE, AWS & OpenStack)\n  ##\n  # storageClass: \"-\"\n\n  ## A manually managed Persistent Volume and Claim\n  ## Requires persistence.enabled: true\n  ## If defined, PVC must be created manually before volume will be bound\n  # existingClaim:\n  accessMode: ReadWriteOnce\n  size: 10Gi\n\nresources: {}\n  # limits:\n  #  cpu: 500m\n  #  memory: 1024Mi\n  # requests:\n  #  cpu: 200m\n  #  memory: 512Mi\n\nnodeSelector: {}\n\ntolerations: []\n\naffinity: {}\n\ntimeZone: Etc/UTC\n\nserviceAccount:\n  accountName: \"graphite\"\n  enabled: false\n  create: false\n\nrbac:\n  create: false\n\ninitContainers: []\n#  - name: init-sysctl\n#    image: busybox\n#    command:\n#      - sysctl\n#      - -w\n#      - net.core.somaxconn=65535\n#    securityContext:\n#      privileged: true\n\nconfigMaps:\n  aggregation-rules.conf: |-\n    # The form of each line in this file should be as follows:\n    #\n    #   output_template (frequency) = method input_pattern\n    #\n    # This will capture any received metrics that match 'input_pattern'\n    # for calculating an aggregate metric. The calculation will occur\n    # every 'frequency' seconds and the 'method' can specify 'sum' or\n    # 'avg'. The name of the aggregate metric will be derived from\n    # 'output_template' filling in any captured fields from 'input_pattern'.\n    #\n    # For example, if you're metric naming scheme is:\n    #\n    #   <env>.applications.<app>.<server>.<metric>\n    #\n    # You could configure some aggregations like so:\n    #\n    #   <env>.applications.<app>.all.requests (60) = sum <env>.applications.<app>.*.requests\n    #   <env>.applications.<app>.all.latency (60) = avg <env>.applications.<app>.*.latency\n    #\n    # As an example, if the following metrics are received:\n    #\n    #   prod.applications.apache.www01.requests\n    #   prod.applications.apache.www01.requests\n    #\n    # They would all go into the same aggregation buffer and after 60 seconds the\n    # aggregate metric 'prod.applications.apache.all.requests' would be calculated\n    # by summing their values.\n    #\n    # Template components such as <env> will match everything up to the next dot.\n    # To match metric multiple components including the dots, use <<metric>> in the\n    # input template:\n    #\n    #   <env>.applications.<app>.all.<app_metric> (60) = sum <env>.applications.<app>.*.<<app_metric>>\n    #\n    # Note that any time this file is modified, it will be re-read automatically.\n  blacklist.conf: |-\n    # This file takes a single regular expression per line\n    # If USE_WHITELIST is set to True in carbon.conf, any metrics received which\n    # match one of these expressions will be dropped\n    # This file is reloaded automatically when changes are made\n    ^some\\.noisy\\.metric\\.prefix\\..*\n  carbon.conf: |-\n    [cache]\n    # Configure carbon directories.\n    #\n    # OS environment variables can be used to tell carbon where graphite is\n    # installed, where to read configuration from and where to write data.\n    #\n    #   GRAPHITE_ROOT        - Root directory of the graphite installation.\n    #                          Defaults to ../\n    #   GRAPHITE_CONF_DIR    - Configuration directory (where this file lives).\n    #                          Defaults to $GRAPHITE_ROOT/conf/\n    #   GRAPHITE_STORAGE_DIR - Storage directory for whisper/rrd/log/pid files.\n    #                          Defaults to $GRAPHITE_ROOT/storage/\n    #\n    # To change other directory paths, add settings to this file. The following\n    # configuration variables are available with these default values:\n    #\n    #   STORAGE_DIR    = $GRAPHITE_STORAGE_DIR\n    #   LOCAL_DATA_DIR = %(STORAGE_DIR)s/whisper/\n    #   WHITELISTS_DIR = %(STORAGE_DIR)s/lists/\n    #   CONF_DIR       = %(STORAGE_DIR)s/conf/\n    #   LOG_DIR        = %(STORAGE_DIR)s/log/\n    #   PID_DIR        = %(STORAGE_DIR)s/\n    #\n    # For FHS style directory structures, use:\n    #\n    #   STORAGE_DIR    = /var/lib/carbon/\n    #   CONF_DIR       = /etc/carbon/\n    #   LOG_DIR        = /var/log/carbon/\n    #   PID_DIR        = /var/run/\n    #\n    #LOCAL_DATA_DIR = /opt/graphite/storage/whisper/\n\n    # Specify the database library used to store metric data on disk. Each database\n    # may have configurable options to change the behaviour of how it writes to\n    # persistent storage.\n    #\n    # whisper - Fixed-size database, similar in design and purpose to RRD. This is\n    # the default storage backend for carbon and the most rigorously tested.\n    #\n    # ceres - Experimental alternative database that supports storing data in sparse\n    # files of arbitrary fixed-size resolutions.\n    DATABASE = whisper\n\n    # Enable daily log rotation. If disabled, a new file will be opened whenever the log file path no\n    # longer exists (i.e. it is removed or renamed)\n    ENABLE_LOGROTATION = True\n\n    # Specify the user to drop privileges to\n    # If this is blank carbon-cache runs as the user that invokes it\n    # This user must have write access to the local data directory\n    USER =\n\n    # Limit the size of the cache to avoid swapping or becoming CPU bound.\n    # Sorts and serving cache queries gets more expensive as the cache grows.\n    # Use the value \"inf\" (infinity) for an unlimited cache size.\n    # value should be an integer number of metric datapoints.\n    MAX_CACHE_SIZE = inf\n\n    # Limits the number of whisper update_many() calls per second, which effectively\n    # means the number of write requests sent to the disk. This is intended to\n    # prevent over-utilizing the disk and thus starving the rest of the system.\n    # When the rate of required updates exceeds this, then carbon's caching will\n    # take effect and increase the overall throughput accordingly.\n    MAX_UPDATES_PER_SECOND = 500\n\n    # If defined, this changes the MAX_UPDATES_PER_SECOND in Carbon when a\n    # stop/shutdown is initiated.  This helps when MAX_UPDATES_PER_SECOND is\n    # relatively low and carbon has cached a lot of updates; it enables the carbon\n    # daemon to shutdown more quickly.\n    # MAX_UPDATES_PER_SECOND_ON_SHUTDOWN = 1000\n\n    # Softly limits the number of whisper files that get created each minute.\n    # Setting this value low (e.g. 50) is a good way to ensure that your carbon\n    # system will not be adversely impacted when a bunch of new metrics are\n    # sent to it. The trade off is that any metrics received in excess of this\n    # value will be silently dropped, and the whisper file will not be created\n    # until such point as a subsequent metric is received and fits within the\n    # defined rate limit. Setting this value high (like \"inf\" for infinity) will\n    # cause carbon to create the files quickly but at the risk of increased I/O.\n    MAX_CREATES_PER_MINUTE = 50\n\n    # Set the minimum timestamp resolution supported by this instance. This allows\n    # internal optimisations by overwriting points with equal truncated timestamps\n    # in order to limit the number of updates to the database. It defaults to one\n    # second.\n    MIN_TIMESTAMP_RESOLUTION = 1\n\n    # Set the minimum lag in seconds for a point to be written to the database\n    # in order to optimize batching. This means that each point will wait at least\n    # the duration of this lag before being written. Setting this to 0 disable the feature.\n    # This currently only works when using the timesorted write strategy.\n    # MIN_TIMESTAMP_LAG = 0\n\n    # Set the interface and port for the line (plain text) listener.  Setting the\n    # interface to 0.0.0.0 listens on all interfaces.  Port can be set to 0 to\n    # disable this listener if it is not required.\n    LINE_RECEIVER_INTERFACE = 0.0.0.0\n    LINE_RECEIVER_PORT = 2003\n\n    # Set this to True to enable the UDP listener. By default this is off\n    # because it is very common to run multiple carbon daemons and managing\n    # another (rarely used) port for every carbon instance is not fun.\n    ENABLE_UDP_LISTENER = False\n    UDP_RECEIVER_INTERFACE = 0.0.0.0\n    UDP_RECEIVER_PORT = 2003\n\n    # Set the interface and port for the pickle listener.  Setting the interface to\n    # 0.0.0.0 listens on all interfaces.  Port can be set to 0 to disable this\n    # listener if it is not required.\n    PICKLE_RECEIVER_INTERFACE = 0.0.0.0\n    PICKLE_RECEIVER_PORT = 2004\n\n    # Set the interface and port for the protobuf listener.  Setting the interface to\n    # 0.0.0.0 listens on all interfaces.  Port can be set to 0 to disable this\n    # listener if it is not required.\n    # PROTOBUF_RECEIVER_INTERFACE = 0.0.0.0\n    # PROTOBUF_RECEIVER_PORT = 2005\n\n    # Limit the number of open connections the receiver can handle as any time.\n    # Default is no limit. Setting up a limit for sites handling high volume\n    # traffic may be recommended to avoid running out of TCP memory or having\n    # thousands of TCP connections reduce the throughput of the service.\n    #MAX_RECEIVER_CONNECTIONS = inf\n\n    # Per security concerns outlined in Bug #817247 the pickle receiver\n    # will use a more secure and slightly less efficient unpickler.\n    # Set this to True to revert to the old-fashioned insecure unpickler.\n    USE_INSECURE_UNPICKLER = False\n\n    CACHE_QUERY_INTERFACE = 0.0.0.0\n    CACHE_QUERY_PORT = 7002\n\n    # Set this to False to drop datapoints received after the cache\n    # reaches MAX_CACHE_SIZE. If this is True (the default) then sockets\n    # over which metrics are received will temporarily stop accepting\n    # data until the cache size falls below 95% MAX_CACHE_SIZE.\n    USE_FLOW_CONTROL = True\n\n    # If enabled this setting is used to timeout metric client connection if no\n    # metrics have been sent in specified time in seconds\n    #METRIC_CLIENT_IDLE_TIMEOUT = None\n\n    # By default, carbon-cache will log every whisper update and cache hit.\n    # This can be excessive and degrade performance if logging on the same\n    # volume as the whisper data is stored.\n    LOG_UPDATES = False\n    LOG_CREATES = False\n    LOG_CACHE_HITS = False\n    LOG_CACHE_QUEUE_SORTS = False\n\n    # The thread that writes metrics to disk can use one of the following strategies\n    # determining the order in which metrics are removed from cache and flushed to\n    # disk. The default option preserves the same behavior as has been historically\n    # available in version 0.9.10.\n    #\n    # sorted - All metrics in the cache will be counted and an ordered list of\n    # them will be sorted according to the number of datapoints in the cache at the\n    # moment of the list's creation. Metrics will then be flushed from the cache to\n    # disk in that order.\n    #\n    # timesorted - All metrics in the list will be looked at and sorted according\n    # to the timestamp of there datapoints. The metric that were the least recently\n    # written will be written first. This is an hybrid strategy between max and\n    # sorted which is particularly adapted to sets of metrics with non-uniform\n    # resolutions.\n    #\n    # max - The writer thread will always pop and flush the metric from cache\n    # that has the most datapoints. This will give a strong flush preference to\n    # frequently updated metrics and will also reduce random file-io. Infrequently\n    # updated metrics may only ever be persisted to disk at daemon shutdown if\n    # there are a large number of metrics which receive very frequent updates OR if\n    # disk i/o is very slow.\n    #\n    # naive - Metrics will be flushed from the cache to disk in an unordered\n    # fashion. This strategy may be desirable in situations where the storage for\n    # whisper files is solid state, CPU resources are very limited or deference to\n    # the OS's i/o scheduler is expected to compensate for the random write\n    # pattern.\n    #\n    CACHE_WRITE_STRATEGY = sorted\n\n    # On some systems it is desirable for whisper to write synchronously.\n    # Set this option to True if you'd like to try this. Basically it will\n    # shift the onus of buffering writes from the kernel into carbon's cache.\n    WHISPER_AUTOFLUSH = False\n\n    # By default new Whisper files are created pre-allocated with the data region\n    # filled with zeros to prevent fragmentation and speed up contiguous reads and\n    # writes (which are common). Enabling this option will cause Whisper to create\n    # the file sparsely instead. Enabling this option may allow a large increase of\n    # MAX_CREATES_PER_MINUTE but may have longer term performance implications\n    # depending on the underlying storage configuration.\n    # WHISPER_SPARSE_CREATE = False\n\n    # Only beneficial on linux filesystems that support the fallocate system call.\n    # It maintains the benefits of contiguous reads/writes, but with a potentially\n    # much faster creation speed, by allowing the kernel to handle the block\n    # allocation and zero-ing. Enabling this option may allow a large increase of\n    # MAX_CREATES_PER_MINUTE. If enabled on an OS or filesystem that is unsupported\n    # this option will gracefully fallback to standard POSIX file access methods.\n    WHISPER_FALLOCATE_CREATE = True\n\n    # Enabling this option will cause Whisper to lock each Whisper file it writes\n    # to with an exclusive lock (LOCK_EX, see: man 2 flock). This is useful when\n    # multiple carbon-cache daemons are writing to the same files.\n    # WHISPER_LOCK_WRITES = False\n\n    # On systems which has a large number of metrics, an amount of Whisper write(2)'s\n    # pageback sometimes cause disk thrashing due to memory shortage, so that abnormal\n    # disk reads occur. Enabling this option makes it possible to decrease useless\n    # page cache memory by posix_fadvise(2) with POSIX_FADVISE_RANDOM option.\n    # WHISPER_FADVISE_RANDOM = False\n\n    # By default all nodes stored in Ceres are cached in memory to improve the\n    # throughput of reads and writes to underlying slices. Turning this off will\n    # greatly reduce memory consumption for databases with millions of metrics, at\n    # the cost of a steep increase in disk i/o, approximately an extra two os.stat\n    # calls for every read and write. Reasons to do this are if the underlying\n    # storage can handle stat() with practically zero cost (SSD, NVMe, zRAM).\n    # Valid values are:\n    #       all - all nodes are cached\n    #      none - node caching is disabled\n    # CERES_NODE_CACHING_BEHAVIOR = all\n\n    # Ceres nodes can have many slices and caching the right ones can improve\n    # performance dramatically. Note that there are many trade-offs to tinkering\n    # with this, and unless you are a ceres developer you *really* should not\n    # mess with this. Valid values are:\n    #    latest - only the most recent slice is cached\n    #       all - all slices are cached\n    #      none - slice caching is disabled\n    # CERES_SLICE_CACHING_BEHAVIOR = latest\n\n    # If a Ceres node accumulates too many slices, performance can suffer.\n    # This can be caused by intermittently reported data. To mitigate\n    # slice fragmentation there is a tolerance for how much space can be\n    # wasted within a slice file to avoid creating a new one. That tolerance\n    # level is determined by MAX_SLICE_GAP, which is the number of consecutive\n    # null datapoints allowed in a slice file.\n    # If you set this very low, you will waste less of the *tiny* bit disk space\n    # that this feature wastes, and you will be prone to performance problems\n    # caused by slice fragmentation, which can be pretty severe.\n    # If you set this really high, you will waste a bit more disk space (each\n    # null datapoint wastes 8 bytes, but keep in mind your filesystem's block\n    # size). If you suffer slice fragmentation issues, you should increase this or\n    # run the ceres-maintenance defrag plugin more often. However you should not\n    # set it to be huge because then if a large but allowed gap occurs it has to\n    # get filled in, which means instead of a simple 8-byte write to a new file we\n    # could end up doing an (8 * MAX_SLICE_GAP)-byte write to the latest slice.\n    # CERES_MAX_SLICE_GAP = 80\n\n    # Enabling this option will cause Ceres to lock each Ceres file it writes to\n    # to with an exclusive lock (LOCK_EX, see: man 2 flock). This is useful when\n    # multiple carbon-cache daemons are writing to the same files.\n    # CERES_LOCK_WRITES = False\n\n    # Set this to True to enable whitelisting and blacklisting of metrics in\n    # CONF_DIR/whitelist.conf and CONF_DIR/blacklist.conf. If the whitelist is\n    # missing or empty, all metrics will pass through\n    # USE_WHITELIST = False\n\n    # By default, carbon itself will log statistics (such as a count,\n    # metricsReceived) with the top level prefix of 'carbon' at an interval of 60\n    # seconds. Set CARBON_METRIC_INTERVAL to 0 to disable instrumentation\n    # CARBON_METRIC_PREFIX = carbon\n    CARBON_METRIC_INTERVAL = 10\n\n    # Enable AMQP if you want to receve metrics using an amqp broker\n    # ENABLE_AMQP = False\n\n    # Verbose means a line will be logged for every metric received\n    # useful for testing\n    # AMQP_VERBOSE = False\n\n    # AMQP_HOST = localhost\n    # AMQP_PORT = 5672\n    # AMQP_VHOST = /\n    # AMQP_USER = guest\n    # AMQP_PASSWORD = guest\n    # AMQP_EXCHANGE = graphite\n    # AMQP_METRIC_NAME_IN_BODY = False\n\n    # The manhole interface allows you to SSH into the carbon daemon\n    # and get a python interpreter. BE CAREFUL WITH THIS! If you do\n    # something like time.sleep() in the interpreter, the whole process\n    # will sleep! This is *extremely* helpful in debugging, assuming\n    # you are familiar with the code. If you are not, please don't\n    # mess with this, you are asking for trouble :)\n    #\n    # ENABLE_MANHOLE = False\n    # MANHOLE_INTERFACE = 127.0.0.1\n    # MANHOLE_PORT = 7222\n    # MANHOLE_USER = admin\n    # MANHOLE_PUBLIC_KEY = ssh-rsa AAAAB3NzaC1yc2EAAAABiwAaAIEAoxN0sv/e4eZCPpi3N3KYvyzRaBaMeS2RsOQ/cDuKv11dlNzVeiyc3RFmCv5Rjwn/lQ79y0zyHxw67qLyhQ/kDzINc4cY41ivuQXm2tPmgvexdrBv5nsfEpjs3gLZfJnyvlcVyWK/lId8WUvEWSWHTzsbtmXAF2raJMdgLTbQ8wE=\n\n    # Patterns for all of the metrics this machine will store. Read more at\n    # http://en.wikipedia.org/wiki/Advanced_Message_Queuing_Protocol#Bindings\n    #\n    # Example: store all sales, linux servers, and utilization metrics\n    # BIND_PATTERNS = sales.#, servers.linux.#, #.utilization\n    #\n    # Example: store everything\n    # BIND_PATTERNS = #\n\n    # URL of graphite-web instance, this is used to add incoming series to the tag database\n    GRAPHITE_URL = http://127.0.0.1:8080\n\n    # Tag update interval, this specifies how frequently updates to existing series will trigger\n    # an update to the tag index, the default setting is once every 100 updates\n    # TAG_UPDATE_INTERVAL = 100\n\n    # To configure special settings for the carbon-cache instance 'b', uncomment this:\n    #[cache:b]\n    #LINE_RECEIVER_PORT = 2103\n    #PICKLE_RECEIVER_PORT = 2104\n    #CACHE_QUERY_PORT = 7102\n    # and any other settings you want to customize, defaults are inherited\n    # from the [cache] section.\n    # You can then specify the --instance=b option to manage this instance\n    #\n    # In order to turn off logging of successful connections for the line\n    # receiver, set this to False\n    # LOG_LISTENER_CONN_SUCCESS = True\n\n    [relay]\n    LINE_RECEIVER_INTERFACE = 0.0.0.0\n    LINE_RECEIVER_PORT = 2013\n    PICKLE_RECEIVER_INTERFACE = 0.0.0.0\n    PICKLE_RECEIVER_PORT = 2014\n\n    # Carbon-relay has several options for metric routing controlled by RELAY_METHOD\n    #\n    # Use relay-rules.conf to route metrics to destinations based on pattern rules\n    #RELAY_METHOD = rules\n    #\n    # Use consistent-hashing for even distribution of metrics between destinations\n    #RELAY_METHOD = consistent-hashing\n    #\n    # Use consistent-hashing but take into account an aggregation-rules.conf shared\n    # by downstream carbon-aggregator daemons. This will ensure that all metrics\n    # that map to a given aggregation rule are sent to the same carbon-aggregator\n    # instance.\n    # Enable this for carbon-relays that send to a group of carbon-aggregators\n    #RELAY_METHOD = aggregated-consistent-hashing\n    #\n    # You can also use fast-hashing and fast-aggregated-hashing which are in O(1)\n    # and will always redirect the metrics to the same destination but do not try\n    # to minimize rebalancing when the list of destinations is changing.\n    RELAY_METHOD = rules\n\n    # If you use consistent-hashing you can add redundancy by replicating every\n    # datapoint to more than one machine.\n    REPLICATION_FACTOR = 1\n\n    # For REPLICATION_FACTOR >=2, set DIVERSE_REPLICAS to True to guarantee replicas\n    # across distributed hosts. With this setting disabled, it's possible that replicas\n    # may be sent to different caches on the same host. This has been the default\n    # behavior since introduction of 'consistent-hashing' relay method.\n    # Note that enabling this on an existing pre-0.9.14 cluster will require rebalancing\n    # your metrics across the cluster nodes using a tool like Carbonate.\n    #DIVERSE_REPLICAS = True\n\n    # This is a list of carbon daemons we will send any relayed or\n    # generated metrics to. The default provided would send to a single\n    # carbon-cache instance on the default port. However if you\n    # use multiple carbon-cache instances then it would look like this:\n    #\n    # DESTINATIONS = 127.0.0.1:2004:a, 127.0.0.1:2104:b\n    #\n    # The general form is IP:PORT:INSTANCE where the :INSTANCE part is\n    # optional and refers to the \"None\" instance if omitted.\n    #\n    # Note that if the destinations are all carbon-caches then this should\n    # exactly match the webapp's CARBONLINK_HOSTS setting in terms of\n    # instances listed (order matters!).\n    #\n    # If using RELAY_METHOD = rules, all destinations used in relay-rules.conf\n    # must be defined in this list\n    DESTINATIONS = 127.0.0.1:2004\n\n    # This define the protocol to use to contact the destination. It can be\n    # set to one of \"line\", \"pickle\", \"udp\" and \"protobuf\". This list can be\n    # extended with CarbonClientFactory plugins and defaults to \"pickle\".\n    # DESTINATION_PROTOCOL = pickle\n\n    # When using consistent hashing it sometime makes sense to make\n    # the ring dynamic when you don't want to loose points when a\n    # single destination is down. Replication is an answer to that\n    # but it can be quite expensive.\n    # DYNAMIC_ROUTER = False\n\n    # Controls the number of connection attempts before marking a\n    # destination as down. We usually do one connection attempt per\n    # second.\n    # DYNAMIC_ROUTER_MAX_RETRIES = 5\n\n    # This is the maximum number of datapoints that can be queued up\n    # for a single destination. Once this limit is hit, we will\n    # stop accepting new data if USE_FLOW_CONTROL is True, otherwise\n    # we will drop any subsequently received datapoints.\n    MAX_QUEUE_SIZE = 10000\n\n    # This defines the maximum \"message size\" between carbon daemons.  If\n    # your queue is large, setting this to a lower number will cause the\n    # relay to forward smaller discrete chunks of stats, which may prevent\n    # overloading on the receiving side after a disconnect.\n    MAX_DATAPOINTS_PER_MESSAGE = 500\n\n    # Limit the number of open connections the receiver can handle as any time.\n    # Default is no limit. Setting up a limit for sites handling high volume\n    # traffic may be recommended to avoid running out of TCP memory or having\n    # thousands of TCP connections reduce the throughput of the service.\n    #MAX_RECEIVER_CONNECTIONS = inf\n\n    # Specify the user to drop privileges to\n    # If this is blank carbon-relay runs as the user that invokes it\n    # USER =\n\n    # This is the percentage that the queue must be empty before it will accept\n    # more messages.  For a larger site, if the queue is very large it makes sense\n    # to tune this to allow for incoming stats.  So if you have an average\n    # flow of 100k stats/minute, and a MAX_QUEUE_SIZE of 3,000,000, it makes sense\n    # to allow stats to start flowing when you've cleared the queue to 95% since\n    # you should have space to accommodate the next minute's worth of stats\n    # even before the relay incrementally clears more of the queue\n    QUEUE_LOW_WATERMARK_PCT = 0.8\n\n    # To allow for batch efficiency from the pickle protocol and to benefit from\n    # other batching advantages, all writes are deferred by putting them into a queue,\n    # and then the queue is flushed and sent a small fraction of a second later.\n    TIME_TO_DEFER_SENDING = 0.0001\n\n    # Set this to False to drop datapoints when any send queue (sending datapoints\n    # to a downstream carbon daemon) hits MAX_QUEUE_SIZE. If this is True (the\n    # default) then sockets over which metrics are received will temporarily stop accepting\n    # data until the send queues fall below QUEUE_LOW_WATERMARK_PCT * MAX_QUEUE_SIZE.\n    USE_FLOW_CONTROL = True\n\n    # If enabled this setting is used to timeout metric client connection if no\n    # metrics have been sent in specified time in seconds\n    #METRIC_CLIENT_IDLE_TIMEOUT = None\n\n    # Set this to True to enable whitelisting and blacklisting of metrics in\n    # CONF_DIR/whitelist.conf and CONF_DIR/blacklist.conf. If the whitelist is\n    # missing or empty, all metrics will pass through\n    # USE_WHITELIST = False\n\n    # By default, carbon itself will log statistics (such as a count,\n    # metricsReceived) with the top level prefix of 'carbon' at an interval of 60\n    # seconds. Set CARBON_METRIC_INTERVAL to 0 to disable instrumentation\n    # CARBON_METRIC_PREFIX = carbon\n    CARBON_METRIC_INTERVAL = 10\n    #\n    # In order to turn off logging of successful connections for the line\n    # receiver, set this to False\n    # LOG_LISTENER_CONN_SUCCESS = True\n\n    # If you're connecting from the relay to a destination that's over the\n    # internet or similarly iffy connection, a backlog can develop because\n    # of internet weather conditions, e.g. acks getting lost or similar issues.\n    # To deal with that, you can enable USE_RATIO_RESET which will let you\n    # re-set the connection to an individual destination.  Defaults to being off.\n    USE_RATIO_RESET=False\n\n    # When there is a small number of stats flowing, it's not desirable to\n    # perform any actions based on percentages - it's just too \"twitchy\".\n    MIN_RESET_STAT_FLOW=1000\n\n    # When the ratio of stats being sent in a reporting interval is far\n    # enough from 1.0, we will disconnect the socket and reconnecto to\n    # clear out queued stats.  The default ratio of 0.9 indicates that 10%\n    # of stats aren't being delivered within one CARBON_METRIC_INTERVAL\n    # (default of 60 seconds), which can lead to a queue backup.  Under\n    # some circumstances re-setting the connection can fix this, so\n    # set this according to your tolerance, and look in the logs for\n    # \"resetConnectionForQualityReasons\" to observe whether this is kicking\n    # in when your sent queue is building up.\n    MIN_RESET_RATIO=0.9\n\n    # The minimum time between resets.  When a connection is re-set, we\n    # need to wait before another reset is performed.\n    # (2*CARBON_METRIC_INTERVAL) + 1 second is the minimum time needed\n    # before stats for the new connection will be available.  Setting this\n    # below (2*CARBON_METRIC_INTERVAL) + 1 second will result in a lot of\n    # reset connections for no good reason.\n    MIN_RESET_INTERVAL=121\n\n    [aggregator]\n    LINE_RECEIVER_INTERFACE = 0.0.0.0\n    LINE_RECEIVER_PORT = 2023\n\n    PICKLE_RECEIVER_INTERFACE = 0.0.0.0\n    PICKLE_RECEIVER_PORT = 2024\n\n    # If set true, metric received will be forwarded to DESTINATIONS in addition to\n    # the output of the aggregation rules. If set false the carbon-aggregator will\n    # only ever send the output of aggregation.\n    FORWARD_ALL = True\n\n    # Filenames of the configuration files to use for this instance of aggregator.\n    # Filenames are relative to CONF_DIR.\n    #\n    # AGGREGATION_RULES = aggregation-rules.conf\n    # REWRITE_RULES = rewrite-rules.conf\n\n    # This is a list of carbon daemons we will send any relayed or\n    # generated metrics to. The default provided would send to a single\n    # carbon-cache instance on the default port. However if you\n    # use multiple carbon-cache instances then it would look like this:\n    #\n    # DESTINATIONS = 127.0.0.1:2004:a, 127.0.0.1:2104:b\n    #\n    # The format is comma-delimited IP:PORT:INSTANCE where the :INSTANCE part is\n    # optional and refers to the \"None\" instance if omitted.\n    #\n    # Note that if the destinations are all carbon-caches then this should\n    # exactly match the webapp's CARBONLINK_HOSTS setting in terms of\n    # instances listed (order matters!).\n    DESTINATIONS = 127.0.0.1:2004\n\n    # If you want to add redundancy to your data by replicating every\n    # datapoint to more than one machine, increase this.\n    REPLICATION_FACTOR = 1\n\n    # This is the maximum number of datapoints that can be queued up\n    # for a single destination. Once this limit is hit, we will\n    # stop accepting new data if USE_FLOW_CONTROL is True, otherwise\n    # we will drop any subsequently received datapoints.\n    MAX_QUEUE_SIZE = 10000\n\n    # Set this to False to drop datapoints when any send queue (sending datapoints\n    # to a downstream carbon daemon) hits MAX_QUEUE_SIZE. If this is True (the\n    # default) then sockets over which metrics are received will temporarily stop accepting\n    # data until the send queues fall below 80% MAX_QUEUE_SIZE.\n    USE_FLOW_CONTROL = True\n\n    # If enabled this setting is used to timeout metric client connection if no\n    # metrics have been sent in specified time in seconds\n    #METRIC_CLIENT_IDLE_TIMEOUT = None\n\n    # This defines the maximum \"message size\" between carbon daemons.\n    # You shouldn't need to tune this unless you really know what you're doing.\n    MAX_DATAPOINTS_PER_MESSAGE = 500\n\n    # This defines how many datapoints the aggregator remembers for\n    # each metric. Aggregation only happens for datapoints that fall in\n    # the past MAX_AGGREGATION_INTERVALS * intervalSize seconds.\n    MAX_AGGREGATION_INTERVALS = 5\n\n    # Limit the number of open connections the receiver can handle as any time.\n    # Default is no limit. Setting up a limit for sites handling high volume\n    # traffic may be recommended to avoid running out of TCP memory or having\n    # thousands of TCP connections reduce the throughput of the service.\n    #MAX_RECEIVER_CONNECTIONS = inf\n\n    # By default (WRITE_BACK_FREQUENCY = 0), carbon-aggregator will write back\n    # aggregated data points once every rule.frequency seconds, on a per-rule basis.\n    # Set this (WRITE_BACK_FREQUENCY = N) to write back all aggregated data points\n    # every N seconds, independent of rule frequency. This is useful, for example,\n    # to be able to query partially aggregated metrics from carbon-cache without\n    # having to first wait rule.frequency seconds.\n    # WRITE_BACK_FREQUENCY = 0\n\n    # Set this to True to enable whitelisting and blacklisting of metrics in\n    # CONF_DIR/whitelist.conf and CONF_DIR/blacklist.conf. If the whitelist is\n    # missing or empty, all metrics will pass through\n    # USE_WHITELIST = False\n\n    # By default, carbon itself will log statistics (such as a count,\n    # metricsReceived) with the top level prefix of 'carbon' at an interval of 60\n    # seconds. Set CARBON_METRIC_INTERVAL to 0 to disable instrumentation\n    # CARBON_METRIC_PREFIX = carbon\n    CARBON_METRIC_INTERVAL = 10\n\n    # In order to turn off logging of successful connections for the line\n    # receiver, set this to False\n    # LOG_LISTENER_CONN_SUCCESS = True\n\n    # In order to turn off logging of metrics with no corresponding\n    # aggregation rules receiver, set this to False\n    # LOG_AGGREGATOR_MISSES = False\n\n    # Specify the user to drop privileges to\n    # If this is blank carbon-aggregator runs as the user that invokes it\n    # USER =\n\n    # Part of the code, and particularly aggregator rules, need\n    # to cache metric names. To avoid leaking too much memory you\n    # can tweak the size of this cache. The default allow for 1M\n    # different metrics per rule (~200MiB).\n    # CACHE_METRIC_NAMES_MAX=1000000\n\n    # You can optionally set a ttl to this cache.\n    # CACHE_METRIC_NAMES_TTL=600\n  carbon.amqp.conf: |-\n    # This is a configuration file with AMQP enabled\n\n    [cache]\n    LOCAL_DATA_DIR =\n\n    # Specify the user to drop privileges to\n    # If this is blank carbon runs as the user that invokes it\n    # This user must have write access to the local data directory\n    USER =\n\n    # Limit the size of the cache to avoid swapping or becoming CPU bound.\n    # Sorts and serving cache queries gets more expensive as the cache grows.\n    # Use the value \"inf\" (infinity) for an unlimited cache size.\n    MAX_CACHE_SIZE = inf\n\n    # Limits the number of whisper update_many() calls per second, which effectively\n    # means the number of write requests sent to the disk. This is intended to\n    # prevent over-utilizing the disk and thus starving the rest of the system.\n    # When the rate of required updates exceeds this, then carbon's caching will\n    # take effect and increase the overall throughput accordingly.\n    MAX_UPDATES_PER_SECOND = 1000\n\n    # Softly limits the number of whisper files that get created each minute.\n    # Setting this value low (like at 50) is a good way to ensure your graphite\n    # system will not be adversely impacted when a bunch of new metrics are\n    # sent to it. The trade off is that it will take much longer for those metrics'\n    # database files to all get created and thus longer until the data becomes usable.\n    # Setting this value high (like \"inf\" for infinity) will cause graphite to create\n    # the files quickly but at the risk of slowing I/O down considerably for a while.\n    MAX_CREATES_PER_MINUTE = inf\n\n    LINE_RECEIVER_INTERFACE = 0.0.0.0\n    LINE_RECEIVER_PORT = 2003\n\n    UDP_RECEIVER_INTERFACE = 0.0.0.0\n    UDP_RECEIVER_PORT = 2003\n\n    PICKLE_RECEIVER_INTERFACE = 0.0.0.0\n    PICKLE_RECEIVER_PORT = 2004\n\n    CACHE_QUERY_INTERFACE = 0.0.0.0\n    CACHE_QUERY_PORT = 7002\n\n    # Enable AMQP if you want to receve metrics using you amqp broker\n    ENABLE_AMQP = True\n\n    # Verbose means a line will be logged for every metric received\n    # useful for testing\n    AMQP_VERBOSE = True\n\n    # your credentials for the amqp server\n    # AMQP_USER = guest\n    # AMQP_PASSWORD = guest\n\n    # the network settings for the amqp server\n    # AMQP_HOST = localhost\n    # AMQP_PORT = 5672\n\n    # if you want to include the metric name as part of the message body\n    # instead of as the routing key, set this to True\n    # AMQP_METRIC_NAME_IN_BODY = False\n\n    # NOTE: you cannot run both a cache and a relay on the same server\n    # with the default configuration, you have to specify a distinict\n    # interfaces and ports for the listeners.\n\n    [relay]\n    LINE_RECEIVER_INTERFACE = 0.0.0.0\n    LINE_RECEIVER_PORT = 2003\n\n    PICKLE_RECEIVER_INTERFACE = 0.0.0.0\n    PICKLE_RECEIVER_PORT = 2004\n\n    CACHE_SERVERS = server1, server2, server3\n    MAX_QUEUE_SIZE = 10000\n  dashboard.conf: |-\n    # This configuration file controls the behavior of the Dashboard UI, available\n    # at http://my-graphite-server/dashboard/.\n    #\n    # This file must contain a [ui] section that defines values for all of the\n    # following settings.\n    [ui]\n    default_graph_width = 400\n    default_graph_height = 250\n    automatic_variants = true\n    refresh_interval = 60\n    autocomplete_delay = 375\n    merge_hover_delay = 750\n\n    # You can set this 'default', 'white', or a custom theme name.\n    # To create a custom theme, copy the dashboard-default.css file\n    # to dashboard-myThemeName.css in the content/css directory and\n    # modify it to your liking.\n    theme = default\n\n    [keyboard-shortcuts]\n    toggle_toolbar = ctrl-z\n    toggle_metrics_panel = ctrl-space\n    erase_all_graphs = alt-x\n    save_dashboard = alt-s\n    completer_add_metrics = alt-enter\n    completer_del_metrics = alt-backspace\n    give_completer_focus = shift-space\n\n    # These settings apply to the UI as a whole, all other sections in this file\n    # pertain only to specific metric types.\n    #\n    # The dashboard presents only metrics that fall into specified naming schemes\n    # defined in this file. This creates a simpler, more targetted view of the\n    # data. The general form for defining a naming scheme is as follows:\n    #\n    #[Metric Type]\n    #scheme = basis.path.<field1>.<field2>.<fieldN>\n    #field1.label = Foo\n    #field2.label = Bar\n    #\n    #\n    # Where each <field> will be displayed as a dropdown box\n    # in the UI and the remaining portion of the namespace\n    # shown in the Metric Selector panel. The .label options set the labels\n    # displayed for each dropdown.\n    #\n    # For example:\n    #\n    #[Sales]\n    #scheme = sales.<channel>.<type>.<brand>\n    #channel.label = Channel\n    #type.label = Product Type\n    #brand.label = Brand\n    #\n    # This defines a 'Sales' metric type that uses 3 dropdowns in the Context Selector\n    # (the upper-left panel) while any deeper metrics (per-product counts or revenue, etc)\n    # will be available in the Metric Selector (upper-right panel).\n  graphite.wsgi.example: |-\n    import sys\n    sys.path.append('/opt/graphite/webapp')\n\n    from graphite.wsgi import application\n  graphTemplates.conf: |-\n    [default]\n    background = black\n    foreground = white\n    majorLine = white\n    minorLine = grey\n    lineColors = blue,green,red,purple,brown,yellow,aqua,grey,magenta,pink,gold,rose\n    fontName = Sans\n    fontSize = 10\n    fontBold = False\n    fontItalic = False\n\n    [noc]\n    background = black\n    foreground = white\n    majorLine = white\n    minorLine = grey\n    lineColors = blue,green,red,yellow,purple,brown,aqua,grey,magenta,pink,gold,rose\n    fontName = Sans\n    fontSize = 10\n    fontBold = False\n    fontItalic = False\n\n    [plain]\n    background = white\n    foreground = black\n    minorLine = grey\n    majorLine = rose\n\n    [summary]\n    background = black\n    lineColors = #6666ff, #66ff66, #ff6666\n\n    [alphas]\n    background = white\n    foreground = black\n    majorLine = grey\n    minorLine = rose\n    lineColors = 00ff00aa,ff000077,00337799\n  relay-rules.conf: |-\n    # Relay destination rules for carbon-relay. Entries are scanned in order,\n    # and the first pattern a metric matches will cause processing to cease after sending\n    # unless `continue` is set to true\n    #\n    #  [name]\n    #  pattern = <regex>\n    #  destinations = <list of destination addresses>\n    #  continue = <boolean>  # default: False\n    #\n    #  name: Arbitrary unique name to identify the rule\n    #  pattern: Regex pattern to match against the metric name\n    #  destinations: Comma-separated list of destinations.\n    #    ex: 127.0.0.1, 10.1.2.3:2004, 10.1.2.4:2004:a, myserver.mydomain.com\n    #  continue: Continue processing rules if this rule matches (default: False)\n\n    # You must have exactly one section with 'default = true'\n    # Note that all destinations listed must also exist in carbon.conf\n    # in the DESTINATIONS setting in the [relay] section\n    [default]\n    default = true\n    destinations = 0.0.0.0:2004\n  rewrite-rules.conf: |-\n    # This file defines regular expression patterns that can be used to\n    # rewrite metric names in a search & replace fashion. It consists of two\n    # sections, [pre] and [post]. The rules in the pre section are applied to\n    # metric names as soon as they are received. The post rules are applied\n    # after aggregation has taken place.\n    #\n    # The general form of each rule is as follows:\n    #\n    # regex-pattern = replacement-text\n    #\n    # For example:\n    #\n    # [post]\n    # _sum$ =\n    # _avg$ =\n    #\n    # These rules would strip off a suffix of _sum or _avg from any metric names\n    # after aggregation.\n  storage-aggregation.conf: |-\n    # Aggregation methods for whisper files. Entries are scanned in order,\n    # and first match wins. This file is scanned for changes every 60 seconds\n    #\n    #  [name]\n    #  pattern = <regex>\n    #  xFilesFactor = <float between 0 and 1>\n    #  aggregationMethod = <average|sum|last|max|min>\n    #\n    #  name: Arbitrary unique name for the rule\n    #  pattern: Regex pattern to match against the metric name\n    #  xFilesFactor: Ratio of valid data points required for aggregation to the next retention to occur\n    #  aggregationMethod: function to apply to data points for aggregation\n    #\n    [min]\n    pattern = \\.lower$\n    xFilesFactor = 0.1\n    aggregationMethod = min\n\n    [max]\n    pattern = \\.upper(_\\d+)?$\n    xFilesFactor = 0.1\n    aggregationMethod = max\n\n    [sum]\n    pattern = \\.sum$\n    xFilesFactor = 0\n    aggregationMethod = sum\n\n    [count]\n    pattern = \\.count$\n    xFilesFactor = 0\n    aggregationMethod = sum\n\n    [count_legacy]\n    pattern = ^stats_counts.*\n    xFilesFactor = 0\n    aggregationMethod = sum\n\n    [default_average]\n    pattern = .*\n    xFilesFactor = 0.3\n    aggregationMethod = average\n  storage-schemas.conf: |-\n    # Schema definitions for Whisper files. Entries are scanned in order,\n    # and first match wins. This file is scanned for changes every 60 seconds.\n    #\n    # Definition Syntax:\n    #\n    #    [name]\n    #    pattern = regex\n    #    retentions = timePerPoint:timeToStore, timePerPoint:timeToStore, ...\n    #\n    # Remember: To support accurate aggregation from higher to lower resolution\n    #           archives, the precision of a longer retention archive must be\n    #           cleanly divisible by precision of next lower retention archive.\n    #\n    #           Valid:    60s:7d,300s:30d (300/60 = 5)\n    #           Invalid:  180s:7d,300s:30d (300/180 = 3.333)\n    #\n\n    # Carbon's internal metrics. This entry should match what is specified in\n    # CARBON_METRIC_PREFIX and CARBON_METRIC_INTERVAL settings\n    [carbon]\n    pattern = ^carbon\\.\n    retentions = 10s:6h,1m:90d\n\n    [default_1min_for_1day]\n    pattern = .*\n    retentions = 10s:6h,1m:6d,10m:1800d\n  whitelist.conf: |-\n    # This file takes a single regular expression per line\n    # If USE_WHITELIST is set to True in carbon.conf, only metrics received which\n    # match one of these expressions will be persisted. If this file is empty or\n    # missing, all metrics will pass through.\n    # This file is reloaded automatically when changes are made\n    .*\n\nstatsdConfigMaps:\n  config_tcp.js: |-\n    {\n      \"graphiteHost\": \"127.0.0.1\",\n      \"graphitePort\": 2003,\n      \"port\": 8125,\n      \"flushInterval\": 10000,\n      \"servers\": [{\n        \"server\": \"./servers/tcp\",\n        \"address\": \"0.0.0.0\",\n        \"port\": 8125\n      }]\n    }\n  config_udp.js: |-\n    {\n      \"graphiteHost\": \"127.0.0.1\",\n      \"graphitePort\": 2003,\n      \"port\": 8125,\n      \"flushInterval\": 10000,\n      \"servers\": [{\n        \"server\": \"./servers/udp\",\n        \"address\": \"0.0.0.0\",\n        \"port\": 8125\n      }]\n    }\n\nstatsd:\n  interface: UDP\n"
  },
  {
    "path": "charts/hawkbit-update-server/.helmignore",
    "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n.vscode/\n"
  },
  {
    "path": "charts/hawkbit-update-server/Chart.yaml",
    "content": "apiVersion: v1\nversion: 2.1.2\nappVersion: \"0.3.0M5-mysql\"\ndescription: A Helm chart for hawkbit update server\nname: hawkbit-update-server\nhome: https://www.eclipse.org/hawkbit/\nsources:\n- https://github.com/eclipse/hawkbit\n- https://github.com/kiwigrid/helm-charts/tree/master/charts/hawkbit-update-server\nicon: https://www.eclipse.org/hawkbit/images/hawkbit_icon.png\ndeprecated: true\n"
  },
  {
    "path": "charts/hawkbit-update-server/README.md",
    "content": "# Hawkbit update server (DEPRECATED!)\n\n## THIS CHART IS DEPRECATED AS WAS MOVED TO:\n* https://github.com/eclipse/packages/tree/master/charts/hawkbit\n\n## Introduction\n\n[Eclipse hawkBit™](https://www.eclipse.org/hawkbit/) is a domain independent back-end framework for rolling out software updates to constrained edge devices as well as more powerful controllers and gateways connected to IP based networking infrastructure.\n\nThis chart uses hawkbit/hawkbit-update-server container to run Hawkbit update server inside Kubernetes.\n\n## Prerequisites\n\n- Has been tested on Kubernetes 1.11+\n\n## Installing the Chart\n\nTo install the chart with the release name `hawkbit-update-server`, run the following command:\n\n```bash\nhelm install kiwigrid/hawkbit-update-server --name hawkbit-update-server\n```\n\n## Uninstalling the Chart\n\nTo uninstall/delete the `hawkbit-update-server` deployment:\n\n```bash\nhelm delete hawkbit-update-server\n```\n\nThe command removes all the Kubernetes components associated with the chart and deletes the release.\n\n> **Tip**: To completely remove the release, run `helm delete --purge hawkbit-update-server`\n\n## Configuration\n\nThe following table lists the configurable parameters of the hawkbit-update-server chart and their default values.\n\n| Parameter                                  | Description                               | Default                            |\n| ------------------------------------------ | ----------------------------------------- | ---------------------------------- |\n| `image.repository`                         | Docker image repo                         | `hawkbit/hawkbit-update-server`    |\n| `image.tag`                                | Docker image                              | `0.3.0M5-mysql`                    |\n| `image.pullPolicy`                         | Docker image pull policy                  | `IfNotPresent`                     |\n| `image.pullSecrets`                        | Docker image pull secrets                 | `{}`                               |\n| `service.annotations`                      | Service annotations                       | `{}`                               |\n| `service.type`                             | Service type                              | `ClusterIP`                        |\n| `service.port`                             | Service port of hawkbit-update-server UI  | `80`                               |\n| `resources`                                | Resource limits for the pod               | `{}`                               |\n| `podTemplate.annotations`                  | pod annotations                           | `{}`                               |\n| `ingress.enabled`                          | Ingress enabled                           | `false`                            |\n| `ingress.annotations`                      | Ingress annotations                       | `{}`                               |\n| `ingress.path`                             | Ingress path                              | `/`                                |\n| `ingress.hosts`                            | Ingress hosts                             | `[]`                               |\n| `ingress.tls`                              | Ingress TLS                               | `[]`                               |\n| `resources`                                | Resources                                 | `{}`                               |\n| `nodeSelector`                             | NodeSelector                              | `{}`                               |\n| `tolerations`                              | Tolerations                               | `[]`                               |\n| `affinity`                                 | Affinity                                  | `{}`                               |\n| `useActuatorCheck`                         | use actuator for health checks            | `false`                            |\n| `livenessProbe.initialDelaySeconds`        | livenessProbe initialDelaySeconds         | `240`                              |\n| `livenessProbe.timeoutSeconds`             | livenessProbe timeoutSeconds              | `5`                                |\n| `readinessProbe.initialDelaySeconds`       | readinessProbe timeoutSeconds             | `120`                              |\n| `readinessProbe.timeoutSeconds`            | readinessProbe timeoutSeconds             | `5`                                |\n| `env.springDatasourceHost`                 | MySQL host                                | `\"hawkbit-update-server-mysql\"`    |\n| `env.springDatasourceDb`                   | MySQL db                                  | `\"hawkbit\"`                        |\n| `env.springRabbitmqHost`                   | RabbitMq host                             | `\"hawkbit-update-server-rabbitmq\"` |\n| `env.springRabbitmqUsername`               | RabbitMq user                             | `\"hawkbit\"`                        |\n| `env.springRabbitmqPassword`               | RabbitMq pass                             | `\"hawkbit\"`                        |\n| `oidc.enabled`                             | enable OpenID Connect authentication      | `false`                            |\n| `oidc.clientId`                            | OpenID Connect client ID                  | `\"\"`                               |\n| `oidc.clientSecret`                        | OpenID Connect client secret              | `\"\"`                               |\n| `oidc.issuerUri`                           | OpenID Connect issuer URI                 | `\"\"`                               |\n| `oidc.authorizationUri`                    | OpenID Connect authorization URI          | `\"\"`                               |\n| `oidc.tokenUri`                            | OpenID Connect token URI                  | `\"\"`                               |\n| `oidc.userInfoUri`                         | OpenID Connect user info URI              | `\"\"`                               |\n| `oidc.jwkSetUri`                           | OpenID Connect JWK set URI                | `\"\"`                               |\n| `extraEnv`                                 | Optional environment variables            | `{}`                               |\n| `extraVolumes`                             | list of extra volumes                     | `[]`                               |\n| `extraVolumeMounts`                        | list of extra volume mounts               | `[]`                               |\n| `config.application`                       | yaml formated config for spring           | `see values file`                  |\n| `config.secrets`                           | yaml formated config for spring secrets   | `see values file`                  |\n| `configMap.mountPath`                      | config map mount path (should by application path inside docker +) | `{}`      |\n| `spring.profiles`                          | Spring profile                            | `\"mysql\"`                          |\n| `config.application.hawkbit.dmf.hono.enabled` | Enable Hono                           | `false`                             |\n| `config.application.hawkbit.dmf.hono.tenant-list-uri` | tenant list uri | `\"http://[DEVICE_REGISTRY_HOST]:8080/admin/tenants\"` |\n| `config.application.hawkbit.dmf.hono.device-list-uri` | device list uri  | `\"http://[DEVICE_REGISTRY_HOST]:8080/admin/$$tenantId/devices\"` |\n| `config.application.hawkbit.dmf.hono.credentials-list-uri` | credentials list uri | `\"http://[DEVICE_REGISTRY_HOST]:8080/v1/credentials/$$tenantId/$$deviceId\"` |\n| `config.application.hawkbit.dmf.hono.authentication-method` | auth method              | `\"oidc\"`                           |\n| `config.application.hawkbit.dmf.hono.username` | hono username                         | `\"[KEYCLOAK_HAWKBIT_USERNAME]\"`    |\n| `config.application.hawkbit.dmf.hono.oidc-token-uri` | oidc token uri |  `\"http://[KEYCLOAK_HOST]:8080/auth/realms/kiwigrid/protocol/openid-connect/token\"` |\n| `config.application.hawkbit.dmf.hono.oidc-client-id` | oidc client id                  | `\"[KEYCLOAK_DEVICE_REGISTRY_CLIENT_ID]\"` |\n| `config.application.spring.cloud.stream.bindings.default.group` | bindings default group | `\"hawkbit\"`                      |\n| `config.application.spring.cloud.stream.bindings.device-created.destination` | device created destination | `\"device-registry.device-created\"` |\n| `config.application.spring.cloud.stream.bindings.device-updated.destination` | device updated destination | `\"device-registry.device-updated\"` |\n| `config.application.spring.cloud.stream.bindings.device-deleted.destination` | device deleted destination | `\"device-registry.device-deleted\"` |\n| `config.application.spring.security.user.name` | Hawkbit login username                | `admin`                            |\n| `secrets.hawkbit.dmf.hono.password`        | Hono password                             | `\"[KEYCLOAK_HAWKBIT_USER_PASSWORD]\"` |  \n| `secrets.spring.security.user.password`    | Hawkbit login password (the \"{noop}\" prefix is needed!) | `\"{noop}admin\"`      |\n| `secrets.spring.datasource.username`       | Mysql user                                | `hawkbit`                          |\n| `secrets.spring.datasource.password`       | MySql password                            | `hawkbit`                          |\n| `mysql.enabled`                            | use MySQL dependency chart                | `true`                             |\n| `mysql.mysqlUser`                          | MySQL User                                | `hawkbit`                          |\n| `mysql.mysqlPassword`                      | MySQL password                            | `hawkbit`                          |\n| `mysql.mysqlDatabase`                      | MySQL db                                  | `hawkbit`                          |\n| `mysql.metrics.enabled`                    | use MySQL Prometheus metrics              | `true`                             |\n| `rabbitmq.enabled`                         | use Rabbitmq dependency chart             | `true`                             |\n| `rabbitmq.rabbitmq.username`               | Rabbitmq username                         | `hawkbit`                          |\n| `rabbitmq.rabbitmq.password`               | Rabbitmq password                         | `hawkbit`                          |\n| `rabbitmq.rabbitmq.metrics.enabled`        | use Rabbitmq Prometheus metrics           | `true`                             |  \n| `podDisruptionBudget.enabled`              | PodDisruptionBudget enabled               | `false`                            |\n| `podDisruptionBudget.minAvailable`         | PodDisruptionBudget min. available pods   | `1`                                |\n| `updateStrategy`                           | Deployment strategy to replace old pods   | `type: Recreate`                   |\n\nSpecify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example:\n\n```bash\nhelm install --name hawkbit-update-server --set ingress.enabled=false kiwigrid/hawkbit-update-server\n```\n\nAlternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart.\n"
  },
  {
    "path": "charts/hawkbit-update-server/requirements.yaml",
    "content": "dependencies:\n  - name: mysql\n    version: 1.3.2\n    repository: https://kubernetes-charts.storage.googleapis.com/\n    condition: mysql.enabled\n  - name: rabbitmq\n    repository: https://kubernetes-charts.storage.googleapis.com/\n    version: 6.7.4\n    condition: rabbitmq.enabled\n"
  },
  {
    "path": "charts/hawkbit-update-server/templates/NOTES.txt",
    "content": "1. Get the application URL by running these commands:\n{{- if .Values.ingress.enabled }}\n{{- range $host := .Values.ingress.hosts }}\n  {{- range .paths }}\n  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}\n  {{- end }}\n{{- end }}\n{{- else if contains \"NodePort\" .Values.service.type }}\n  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath=\"{.spec.ports[0].nodePort}\" services {{ include \"hawkbit-update-server.fullname\" . }})\n  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath=\"{.items[0].status.addresses[0].address}\")\n  echo http://$NODE_IP:$NODE_PORT\n{{- else if contains \"LoadBalancer\" .Values.service.type }}\n     NOTE: It may take a few minutes for the LoadBalancer IP to be available.\n           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include \"hawkbit-update-server.fullname\" . }}'\n  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include \"hawkbit-update-server.fullname\" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')\n  echo http://$SERVICE_IP:{{ .Values.service.port }}\n{{- else if contains \"ClusterIP\" .Values.service.type }}\n  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l \"app.kubernetes.io/name={{ include \"hawkbit-update-server.name\" . }},app.kubernetes.io/instance={{ .Release.Name }}\" -o jsonpath=\"{.items[0].metadata.name}\")\n  echo \"Visit http://127.0.0.1:8080 to use your application\"\n  kubectl port-forward $POD_NAME 8080:{{ .Values.service.port}}\n{{- end }}\n"
  },
  {
    "path": "charts/hawkbit-update-server/templates/_helpers.tpl",
    "content": "{{/* vim: set filetype=mustache: */}}\n{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"hawkbit-update-server.name\" -}}\n{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCreate a default fully qualified app name.\nWe truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).\nIf release name contains chart name it will be used as a full name.\n*/}}\n{{- define \"hawkbit-update-server.fullname\" -}}\n{{- if .Values.fullnameOverride -}}\n{{- .Values.fullnameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- $name := default .Chart.Name .Values.nameOverride -}}\n{{- if contains $name .Release.Name -}}\n{{- .Release.Name | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- printf \"%s-%s\" .Release.Name $name | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n{{- end -}}\n{{- end -}}\n\n{{/*\nCreate chart name and version as used by the chart label.\n*/}}\n{{- define \"hawkbit-update-server.chart\" -}}\n{{- printf \"%s-%s\" .Chart.Name .Chart.Version | replace \"+\" \"_\" | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCommon labels\n*/}}\n{{- define \"hawkbit-update-server.labels\" -}}\napp.kubernetes.io/name: {{ include \"hawkbit-update-server.name\" . }}\nhelm.sh/chart: {{ include \"hawkbit-update-server.chart\" . }}\napp.kubernetes.io/instance: {{ .Release.Name }}\n{{- if .Chart.AppVersion }}\napp.kubernetes.io/version: {{ .Chart.AppVersion | quote }}\n{{- end }}\napp.kubernetes.io/managed-by: {{ .Release.Service }}\n{{- end -}}\n"
  },
  {
    "path": "charts/hawkbit-update-server/templates/configmap.yaml",
    "content": "kind: ConfigMap\napiVersion: v1\nmetadata:\n  name: {{ include \"hawkbit-update-server.fullname\" . }}\n  labels:\n{{ include \"hawkbit-update-server.labels\" . | indent 4 }}  \ndata:\n  application.yaml: |-\n{{ toYaml .Values.config.application | indent 4}}\n"
  },
  {
    "path": "charts/hawkbit-update-server/templates/deployment.yaml",
    "content": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: {{ include \"hawkbit-update-server.fullname\" . }}\n  labels:\n{{ include \"hawkbit-update-server.labels\" . | indent 4 }}\nspec:\n  replicas: {{ .Values.replicaCount }}\n  strategy:\n    {{- with .Values.updateStrategy }}\n    {{- toYaml . | nindent 4 }}\n    {{- end }}\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"hawkbit-update-server.name\" . }}\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"hawkbit-update-server.name\" . }}\n        app.kubernetes.io/instance: {{ .Release.Name }}\n      annotations:\n        checksum/config: {{ include (print .Template.BasePath \"/secrets.yaml\") . | sha256sum }}\n        {{- with .Values.podTemplate.annotations }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n    spec:\n    {{- with .Values.image.pullSecrets }}\n      imagePullSecrets:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n      containers:\n        - name: {{ .Chart.Name }}\n          image: \"{{ .Values.image.repository }}:{{ .Values.image.tag }}\"\n          imagePullPolicy: {{ .Values.image.pullPolicy }}\n          env:\n            - name: SPRING_PROFILES_ACTIVE\n              value: \"{{ .Values.spring.profiles }}\"\n            - name: MANAGEMENT_SERVER_PORT\n              value: \"9090\"\n            - name: \"SPRING_DATASOURCE_URL\"\n              value: \"jdbc:mysql://{{ if .Values.mysql.enabled }}{{ .Release.Name }}-mysql{{ else }}{{ .Values.env.springDatasourceHost }}{{ end }}:3306/{{ .Values.env.springDatasourceDb }}\"\n            - name: \"SPRING_APPLICATION_JSON\"\n              valueFrom:\n                secretKeyRef:\n                  name: {{ include \"hawkbit-update-server.fullname\" . }}\n                  key: \"SPRING_APPLICATION_JSON\"\n            - name: \"SPRING_RABBITMQ_HOST\"\n              value: \"{{ if .Values.rabbitmq.enabled }}{{ .Release.Name }}-rabbitmq{{ else }}{{ .Values.env.springRabbitmqHost }}{{ end }}\"\n            - name: \"SPRING_RABBITMQ_USERNAME\"\n              value: \"{{ .Values.env.springRabbitmqUsername }}\"\n            - name: \"SPRING_RABBITMQ_PASSWORD\"\n              valueFrom:\n                secretKeyRef:\n                  name: \"{{ template \"hawkbit-update-server.fullname\" . }}-rabbitmq-pass\"\n                  key: \"rabbitmq-pass\"\n            {{- range $key, $value := .Values.extraEnv }}\n            - name: \"{{ $key }}\"\n              value: \"{{ $value }}\"\n            {{- end }}\n          ports:\n            - name: http\n              containerPort: 8080\n              protocol: TCP\n            - name: management\n              containerPort: 9090\n              protocol: TCP\n          livenessProbe:\n            httpGet:\n              {{- if .Values.useActuatorCheck }}\n              path: /actuator/health\n              port: management\n              {{- else }}\n              path: /VAADIN/themes/hawkbit/favicon.ico\n              port: http\n              {{- end }}\n            initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}\n            timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}\n          readinessProbe:\n            httpGet:\n              {{- if .Values.useActuatorCheck }}\n              path: /actuator/health\n              port: management\n              {{- else }}\n              path: /VAADIN/themes/hawkbit/favicon.ico\n              port: http\n              {{- end }}  \n            initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}\n            timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}\n          volumeMounts:\n            - name: configmap\n              mountPath: {{ .Values.configMap.mountPath }}\n            {{- if .Values.extraVolumeMounts }}\n            {{ toYaml .Values.extraVolumeMounts | nindent 12 }}\n            {{- end }}\n          resources:\n{{ toYaml .Values.resources | indent 12 }}\n      {{- with .Values.nodeSelector }}\n      nodeSelector:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n    {{- with .Values.affinity }}\n      affinity:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- with .Values.tolerations }}\n      tolerations:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n      volumes:\n      - name: configmap\n        configMap:\n          name: {{ include \"hawkbit-update-server.fullname\" . }}\n      {{- if .Values.extraVolumes }}\n      {{ toYaml .Values.extraVolumes | nindent 6 }}\n      {{- end }}\n"
  },
  {
    "path": "charts/hawkbit-update-server/templates/ingress.yaml",
    "content": "{{- if .Values.ingress.enabled -}}\n{{- $fullName := include \"hawkbit-update-server.fullname\" . -}}\napiVersion: extensions/v1beta1\nkind: Ingress\nmetadata:\n  name: {{ $fullName }}\n  labels:\n{{ include \"hawkbit-update-server.labels\" . | indent 4 }}\n  {{- with .Values.ingress.annotations }}\n  annotations:\n    {{- toYaml . | nindent 4 }}\n  {{- end }}\nspec:\n{{- if .Values.ingress.tls }}\n  tls:\n  {{- range .Values.ingress.tls }}\n    - hosts:\n      {{- range .hosts }}\n        - {{ . | quote }}\n      {{- end }}\n      secretName: {{ .secretName }}\n  {{- end }}\n{{- end }}\n  rules:\n  {{- range .Values.ingress.hosts }}\n    - host: {{ .host | quote }}\n      http:\n        paths:\n        {{- range .paths }}\n          - path: {{ . }}\n            backend:\n              serviceName: {{ $fullName }}\n              servicePort: http\n        {{- end }}\n  {{- end }}\n{{- end }}\n"
  },
  {
    "path": "charts/hawkbit-update-server/templates/poddisruptionbudget.yaml",
    "content": "{{- if and .Values.podDisruptionBudget.enabled (gt .Values.replicaCount 1.0) -}}\napiVersion: policy/v1beta1\nkind: PodDisruptionBudget\nmetadata:\n  name: {{ include \"hawkbit-update-server.fullname\" . }}\n  labels:\n{{ include \"hawkbit-update-server.labels\" . | indent 4 }}\nspec:\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"hawkbit-update-server.name\" . }}\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}\n{{- end }}\n"
  },
  {
    "path": "charts/hawkbit-update-server/templates/secrets.yaml",
    "content": "apiVersion: v1\nkind: Secret\nmetadata:\n  name: {{ template \"hawkbit-update-server.fullname\" . }}\n  labels:\n{{ include \"hawkbit-update-server.labels\" . | indent 4 }}  \ntype: Opaque\ndata:\n  SPRING_APPLICATION_JSON: {{ .Values.config.secrets | toJson | b64enc }}\n---\napiVersion: v1\nkind: Secret\nmetadata:\n  name: {{ template \"hawkbit-update-server.fullname\" . }}-rabbitmq-pass\n  labels:\n    app.kubernetes.io/name: {{ include \"hawkbit-update-server.name\" . }}\n    helm.sh/chart: {{ include \"hawkbit-update-server.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\ntype: Opaque\ndata:\n  rabbitmq-pass: {{ .Values.env.springRabbitmqPassword | b64enc | quote }}\n"
  },
  {
    "path": "charts/hawkbit-update-server/templates/service.yaml",
    "content": "apiVersion: v1\nkind: Service\nmetadata:\n  name: {{ include \"hawkbit-update-server.fullname\" . }}\n  labels:\n{{ include \"hawkbit-update-server.labels\" . | indent 4 }}\n  {{- with .Values.service.annotations }}\n  annotations:\n    {{- toYaml . | nindent 4 }}\n  {{- end }}\nspec:\n  type: {{ .Values.service.type }}\n  ports:\n    - port: {{ .Values.service.port }}\n      targetPort: http\n      protocol: TCP\n      name: http\n  selector:\n    app.kubernetes.io/name: {{ include \"hawkbit-update-server.name\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n"
  },
  {
    "path": "charts/hawkbit-update-server/templates/tests/test-connection.yaml",
    "content": "apiVersion: v1\nkind: Pod\nmetadata:\n  name: \"{{ include \"hawkbit-update-server.fullname\" . }}-test-connection\"\n  labels:\n    app.kubernetes.io/name: {{ include \"hawkbit-update-server.name\" . }}\n    helm.sh/chart: {{ include \"hawkbit-update-server.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\n  annotations:\n    \"helm.sh/hook\": test-success\nspec:\n  containers:\n    - name: wget\n      image: busybox\n      command: ['wget']\n      args:  ['{{ include \"hawkbit-update-server.fullname\" . }}:{{ .Values.service.port }}']\n  restartPolicy: Never\n"
  },
  {
    "path": "charts/hawkbit-update-server/values.yaml",
    "content": "image:\n  repository: \"hawkbit/hawkbit-update-server\"\n  tag: 0.3.0M5-mysql\n  pullPolicy: IfNotPresent\n\nreplicaCount: 1\n\n## podDisruptionBudget configuration\npodDisruptionBudget:\n  enabled: false\n  minAvailable: 1\n\n## strategy used to replace old Pods by new ones\n## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy\nupdateStrategy:\n  ## default is re-create, because of possible database migrations\n  type: Recreate\n\nnameOverride: \"\"\nfullnameOverride: \"\"\n\nservice:\n  type: ClusterIP\n  port: 80\n  annotations: {}\n    # traefik.ingress.kubernetes.io/affinity: \"true\"\n\nlivenessProbe:\n  initialDelaySeconds: 240\n  timeoutSeconds: 5\nreadinessProbe:\n  initialDelaySeconds: 120\n  timeoutSeconds: 5\n\nuseActuatorCheck: false\n\ningress:\n  enabled: false\n  annotations: {}\n    # kubernetes.io/ingress.class: nginx\n    # nginx.ingress.kubernetes.io/proxy-body-size: 200m\n    # kubernetes.io/tls-acme: \"true\"\n  hosts:\n    - host: hawkbit-update-server.local\n      paths: []\n  tls: []\n  #  - secretName: hawkbit-tls\n  #    hosts:\n  #      - hawkbit-update-server.local\n\n# env vars for configuration\nenv:\n  springDatasourceHost: \"hawkbit-update-server-mysql\"\n  springDatasourceDb: \"hawkbit\"\n  springRabbitmqHost: \"hawkbit-update-server-rabbitmq\"\n  springRabbitmqUsername: \"hawkbit\"\n  springRabbitmqPassword: \"hawkbit\"\n\n# optional env vars\nextraEnv: {}\n  # JAVA_TOOL_OPTIONS: \"-Xms1024m -Xmx1024m\"\n\nresources: {}\n  # We usually recommend not to specify default resources and to leave this as a conscious\n  # choice for the user. This also increases chances charts run on environments with little\n  # resources, such as Minikube. If you do want to specify resources, uncomment the following\n  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.\n  # limits:\n  #  cpu: 500m\n  #  memory: 1536Mi\n  # requests:\n  #  cpu: 100m\n  #  memory: 1024Mi\n\nnodeSelector: {}\n\ntolerations: []\n\naffinity: {}\n\npodTemplate:\n  annotations: {}\n\nextraVolumes: []\nextraVolumeMounts: []\n\nconfigMap:\n  mountPath: \"/opt/hawkbit/config\"\n\nspring:\n  profiles: \"mysql\"\n\nconfig:\n  application:\n    hawkbit:\n      dmf:\n        hono:\n          enabled: false\n          tenant-list-uri: \"http://[DEVICE_REGISTRY_HOST]:8080/admin/tenants\"\n          device-list-uri: \"http://[DEVICE_REGISTRY_HOST]:8080/admin/$$tenantId/devices\"\n          credentials-list-uri: \"http://[DEVICE_REGISTRY_HOST]:8080/v1/credentials/$$tenantId/$$deviceId\"\n          authentication-method: \"oidc\"\n          username: \"[KEYCLOAK_HAWKBIT_USERNAME]\"\n          oidc-token-uri: \"http://[KEYCLOAK_HOST]:8080/auth/realms/kiwigrid/protocol/openid-connect/token\"\n          oidc-client-id: \"[KEYCLOAK_DEVICE_REGISTRY_CLIENT_ID]\"\n    spring:\n      cloud:\n        stream:\n          bindings:\n            default:\n              group: \"hawkbit\"\n            device-created:\n              destination: \"device-registry.device-created\"\n            device-updated:\n              destination: \"device-registry.device-updated\"\n            device-deleted:\n              destination: \"device-registry.device-deleted\"\n      security:\n        user:\n          name: admin\n  secrets:\n    hawkbit:\n      dmf:\n        hono:\n          password: \"[KEYCLOAK_HAWKBIT_USER_PASSWORD]\"\n    spring:\n      security:\n        user:\n          # the \"{noop}\" prefix is needed!\n          password: \"{noop}admin\"\n      datasource:\n        username: hawkbit\n        password: hawkbit\n\n\n# dependency charts config\nmysql:\n  enabled: true\n  mysqlUser: hawkbit\n  mysqlPassword: hawkbit\n  mysqlDatabase: hawkbit\n  metrics:\n    enabled: true\n\nrabbitmq:\n  enabled: true\n  volumePermissions:\n    enabled: true\n  rabbitmq:\n    username: hawkbit\n    password: hawkbit\n    metrics:\n      enabled: true\n"
  },
  {
    "path": "charts/influxdb-backup/.helmignore",
    "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*.orig\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n.vscode/\n"
  },
  {
    "path": "charts/influxdb-backup/Chart.yaml",
    "content": "apiVersion: v1\nversion: 0.2.0\nappVersion: 1.7.10\nname: influxdb-backup\ndescription: InfluxDB backup Helm chart for Kubernetes\nhome: https://www.influxdata.com\nsources:\n  - https://github.com/kiwigrid/helm-charts\n  - https://github.com/influxdata/influxdb\nicon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c6/Influxdb_logo.svg/512px-Influxdb_logo.svg.png\nmaintainers:\n- name: monotek\n  email: andre.bauer@kiwigrid.com\n"
  },
  {
    "path": "charts/influxdb-backup/README.md",
    "content": "# InfluxDB-Backup\n\n## Introduction\n\nThis Helm chart is able to backup multiple InfluxDB instances and upload it to a storage provider like Google or Azure storage.\nIt's influenced by backup function of the [official InfluxDB chart](https://github.com/influxdata/helm-charts/tree/master/charts/influxdb).\nParts of this Readme are copied from there.\n\n## InfluxDB is an Open-Source Time Series Database\n\n[InfluxDB](https://github.com/influxdata/influxdb) is an open source time series database built by the folks over at [InfluxData](https://influxdata.com) with no external dependencies. It's useful for recording metrics, events, and performing analytics.\n\n## QuickStart\n\n```bash\nhelm repo add kiwigrid https://kiwigrid.github.io\nhelm upgrade --install influxdb-backup kiwigrid/influxdb-backup --namespace influxdb-backup\n```\n\n## Prerequisites\n\n- Kubernetes 1.4+\n- PV provisioner support in the underlying infrastructure (optional)\n\n## Installing the Chart\n\nTo install the chart with the release name `influxdb-backup`:\n\n```bash\nhelm upgrade --install influxdb-backup kiwigrid/influxdb-backup\n```\n\nThe command deploys InfluxDB-backup on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.\n\n## Uninstalling the Chart\n\nTo uninstall/delete the `influxdb-backup` cronjob:\n\n```bash\nhelm uninstall influxdb-backup\n```\n\nThe command removes all the Kubernetes components associated with the chart and deletes the release.\n\n## Configuration\n\n| Parameter | Description | Default |\n|---|---|---|\n| image.repository | Image repository url | influxdb |\n| image.tag | Image tag | 1.7.10-alpine |\n| image.pullPolicy | Image pull policy | IfNotPresent |\n| image.pullSecrets | It will store the repository's credentials to pull image | nil |\n| persistence.enabled | Boolean to enable and disable persistance | true |\n| persistence.existingClaim | An existing PersistentVolumeClaim, ignored if enterprise.enabled=true | nil |\n| persistence.storageClass | If set to \"-\", storageClassName: \"\", which disables dynamic provisioning. If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.  (gp2 on AWS, standard on GKE, AWS & OpenStack |  |\n| persistence.annotations | Annotations for volumeClaimTemplates | nil |\n| persistence.accessMode | Access mode for the volume | ReadWriteOnce |\n| persistence.size | Storage size | 8Gi |\n| `backup.instances`                                | InfluxDB instances to backup                                                                                                                                                     | `[]`                                            |\n| `backup.directory`                                | directory where backups are stored in                                                                                                                                                     | `\"/backups\"`                                            |\n| `backup.retentionDays`                            | retention time in days for backups (older backups are deleted)                                                                                                                            | `10`                                                    |\n| `backup.cronjob.schedule`                         | crontab style time schedule for backup execution                                                                                                                                          | `\"0 2 * * *\"`                                           |\n| `backup.cronjob.historyLimit`                     | cronjob historylimit                                                                                                                                                                      | `3`                                                     |\n| `backup.cronjob.annotations`                      | backup pod annotations                                                                                                                                                                    | `{}`                                                    |\n| `backup.uploadProviders.google.enabled`           | enable upload to google storage bucket                                                                                                                                                    | `false`                                                 |\n| `backup.uploadProviders.google.secret`            | json secret whith serviceaccount data to access Google storage bucket                                                                                                                     | `\"\"`                                                    |\n| `backup.uploadProviders.google.secretKey`         | service account secret key name                                                                                                                                                           | `\"key.json\"`                                            |\n| `backup.uploadProviders.google.existingSecret`    | Name of existing secret object with Google serviceaccount json credentials                                                                                                                | `\"\"`                                                    |\n| `backup.uploadProviders.google.bucketName`        | google storage bucket name name                                                                                                                                                           | `\"gs://bucket/influxdb\"`                                |\n| `backup.uploadProviders.google.image.registry`    | Google Cloud SDK image registry                                                                                                                                                           | `docker.io`                                             |\n| `backup.uploadProviders.google.image.repository`  | Google Cloud SDK image name                                                                                                                                                               | `google/cloud-sdk`                              |\n| `backup.uploadProviders.google.image.tag`         | Google Cloud SDK image tag                                                                                                                                                                | `291.0.0-alpine`                                            |\n| `backup.uploadProviders.azure.enabled`            | enable upload to azure storage container                                                                                                                                                  | `false`                                                 |\n| `backup.uploadProviders.azure.secret`             | secret whith credentials to access Azure storage                                                                                                                                          | `\"\"`                                                    |\n| `backup.uploadProviders.azure.secretKey`          | service account secret key name                                                                                                                                                           | `\"connection-string\"`                                   |\n| `backup.uploadProviders.azure.existingSecret`     | Name of existing secret object                                                                                                                                                            | `\"\"`                                                    |\n| `backup.uploadProviders.azure.containerName`      | destination container                                                                                                                                                                     | `\"influxdb-container\"`                                  |\n| `backup.uploadProviders.azure.image.registry`     | Azure CLI image registry                                                                                                                                                                  | `docker.io`                                             |\n| `backup.uploadProviders.azure.image.repository`   | Azure CLI image name                                                                                                                                                                      | `microsoft/azure-cli`                                     |\n| `backup.uploadProviders.azure.image.tag`          | Azure CLI image tag                                                                                                                                                                       | `2.0.24`                                            |\n| `backup.restore.enabled` | Enables restore (disables backup) | `false` |\n| `backup.restore.download` | Enabled download of backups from configured storage provider  | `false` |\n| `backup.restore.db` | Name of the database which should be restored | `\"database\"` |\n| `backup.restore.directory` | Directory in the backup container from which the backup is restored  | `\"/backups/instancename/dbname/20200530_020027\"` |\n| `backup.restore.host` | InfluxDB host to restore to | `\"influxdb.influxdb.svc.cluster.local\"` |\n\nThe [full image documentation](https://hub.docker.com/_/influxdb/) contains more information about running InfluxDB in docker.\n\nSpecify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,\n\n```bash\nhelm upgrade --install my-release --set persistence.enabled=true,persistence.size=200Gi kiwigrid/influxdb-backup\n```\n\nThe above command enables persistence and changes the size of the requested data volume to 200GB.\n\nAlternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,\n\n```bash\nhelm upgrade --install influxdb-backuOne can create a job from the backup cronjob on demand as follows:p -f values.yaml kiwigrid/influxdb-backup\n```\n\n## Persistence\n\nThe image stores data in the `/backup` directory in the container.\n\nIf persistence is enabled, a [Persistent Volume](http://kubernetes.io/docs/user-guide/persistent-volumes/) associated with the Cronjob will be provisioned. The volume is created using dynamic volume provisioning. In case of a disruption e.g. a node drain, kubernetes ensures that the same volume will be reatached to the Pod, preventing any data loss. Althought, when persistence is not enabled, influxdb-backup data will be stored in an empty directory thus, in a Pod restart, data will be lost.\n\n## Backing up and restoring\n\nBefore proceeding, please read [Backing up and restoring in InfluxDB OSS](https://docs.influxdata.com/influxdb/v1.7/administration/backup_and_restore/). While the chart offers backups by means of the [`cronjob`](./templates/cronjob.yaml), restores do not fall under the chart's scope today but can be achieved by one-off kubernetes jobs.\n\n### Backups\n\nWhen enabled, the[`backup-cronjob`](./templates/cronjob-backup.yaml) runs on the configured schedule. One can create a job from the backup cronjob on demand as follows:\n\n```sh\nkubectl create job --from=cronjobs/influxdb-backup influxdb-backup-$(date +%Y%m%d%H%M%S)\n```\n\n### Restores\n\nWhen enabled, the [`restore-cronjob`](./templates/cronjob-backup.yaml) runs on the configured schedule. One can create a job from the backup cronjob on demand as follows:\n\n```sh\nkubectl -n influxdb create job --from=cronjobs/influxdb-backup influxdb-restore-$(date +%Y%m%d%H%M%S)\n```\n\nBe aware that if the restore is enabled the backup is disabled, so you can only restore OR backup. Therefore after a restore you have to redeploy the chart with restore option disabled to create backups again.\n\nThe database which you want to restore must not exist otherwise the restore fails."
  },
  {
    "path": "charts/influxdb-backup/ci/test-values.yaml",
    "content": "backup:\n  schedule: \"* * * * *\"\n"
  },
  {
    "path": "charts/influxdb-backup/templates/NOTES.txt",
    "content": "{{- if not .Values.backup.restore.enabled }}\n{{- if .Values.backup.instances}}\nThe following InfluxDB Backups are set up: \n{{ range $instances := .Values.backup.instances }}\n- {{ $instances.host }}\n{{- end }}\n\nCronjob will run at: {{ .Values.backup.schedule }}\n\nIf you want to execute a backup run now use this command:\n\nkubectl -n {{ .Release.Namespace }} create job --from=cronjobs/{{ .Release.Name }} influxdb-backup-$(date +%Y%m%d%H%M%S)\n\n{{ else }}\nInfluxDB backup chart installed but no instances defined for backup!\nWithout an configured instance housekeeping is still executet with the configured retention of {{ .Values.backup.retentionDays }} days !\n{{- end }}\n{{- end }}\n\n{{- if .Values.backup.restore.enabled }}\nWARNING! RESTORE IS ENABLED! BACKUPS ARE THEREFORE DISABLED AT THE MOMENT!\n\nThe {{ .Values.backup.restore.db }} database will be restored or recreated from {{ .Values.backup.restore.directory }} on next cronjob run which is set to: {{ .Values.backup.schedule }}!\nYou can execute the restore now by using the following command:\n\nkubectl -n {{ .Release.Namespace }} create job --from=cronjobs/{{ .Release.Name }} influxdb-restore-$(date +%Y%m%d%H%M%S)\n\nPlease disable restore afterwards and redeploy this chart.\n\n{{ end }}\n"
  },
  {
    "path": "charts/influxdb-backup/templates/_helpers.tpl",
    "content": "{{/* vim: set filetype=mustache: */}}\n{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"influxdb-backup.name\" -}}\n{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix \"-\" }}\n{{- end }}\n\n{{/*\nCreate a default fully qualified app name.\nWe truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).\nIf release name contains chart name it will be used as a full name.\n*/}}\n{{- define \"influxdb-backup.fullname\" -}}\n{{- if .Values.fullnameOverride }}\n{{- .Values.fullnameOverride | trunc 63 | trimSuffix \"-\" }}\n{{- else }}\n{{- $name := default .Chart.Name .Values.nameOverride }}\n{{- if contains $name .Release.Name }}\n{{- .Release.Name | trunc 63 | trimSuffix \"-\" }}\n{{- else }}\n{{- printf \"%s-%s\" .Release.Name $name | trunc 63 | trimSuffix \"-\" }}\n{{- end }}\n{{- end }}\n{{- end }}\n\n{{/*\nCreate chart name and version as used by the chart label.\n*/}}\n{{- define \"influxdb-backup.chart\" -}}\n{{- printf \"%s-%s\" .Chart.Name .Chart.Version | replace \"+\" \"_\" | trunc 63 | trimSuffix \"-\" }}\n{{- end }}\n\n{{/*\nCommon labels\n*/}}\n{{- define \"influxdb-backup.labels\" -}}\nhelm.sh/chart: {{ include \"influxdb-backup.chart\" . }}\n{{ include \"influxdb-backup.selectorLabels\" . }}\n{{- if .Chart.AppVersion }}\napp.kubernetes.io/version: {{ .Chart.AppVersion | quote }}\n{{- end }}\napp.kubernetes.io/managed-by: {{ .Release.Service }}\n{{- end }}\n\n{{/*\nSelector labels\n*/}}\n{{- define \"influxdb-backup.selectorLabels\" -}}\napp.kubernetes.io/name: {{ include \"influxdb-backup.name\" . }}\napp.kubernetes.io/instance: {{ .Release.Name }}\n{{- end }}\n"
  },
  {
    "path": "charts/influxdb-backup/templates/configmap.yaml",
    "content": "apiVersion: v1\nkind: ConfigMap\nmetadata:\n  name: {{ include \"influxdb-backup.fullname\" . }}\n  labels:\n    {{- include \"influxdb-backup.labels\" . | nindent 4 }}\ndata:\n  backup.sh: |-\n    #!/bin/bash\n\n    set -e\n\n    DATE=\"$(date +%Y%m%d_%H%M%S)\"\n\n    {{ range $instances := .Values.backup.instances -}}\n    for DATABASE in $(influx -username {{ $instances.user }} -password \"${{ $instances.name | upper }}_ADMIN_PASSWORD\" -host {{ $instances.host }} -port {{ $instances.bindPort | default 8086 }} -execute 'SHOW DATABASES' | sed -e '1,3d'); do\n        echo \"backuping ${DATABASE} db to {{ $.Values.backup.directory }}/{{ $instances.name }}/${DATABASE}\"\n        mkdir -p {{ $.Values.backup.directory }}/{{ $instances.name }}/${DATABASE}\n        influxd backup -host {{ $instances.host }}:{{ $instances.rpcPort | default 8088 }} -portable -db ${DATABASE} {{ $.Values.backup.directory }}/{{ $instances.name }}/\"${DATABASE}/${DATE}\"\n    done\n    {{ end }}\n\n    echo \"deleting old backups\"\n    find {{ .Values.backup.directory }} -not -name \".snapshot\" -not -name \"lost+found\" -mindepth 3 -maxdepth 3 -type d -mtime +{{ .Values.backup.retentionDays }} -exec rm -r {} \\;\n  restore.sh: |-\n    #!/bin/bash\n\n    set -e\n\n    echo \"restoring or creating {{ .Values.backup.restore.db }} db from directory {{ .Values.backup.restore.directory }}\"\n    influxd restore -host {{ .Values.backup.restore.host }}:{{ .Values.backup.restore.rpcPort | default 8088 }} -portable -db {{ .Values.backup.restore.db }} {{ .Values.backup.restore.directory }}\n  upload-azure.sh: |-\n    #!/bin/bash\n\n    set -ex\n\n    az storage blob sync --source {{ .Values.backup.directory }} --container {{ .Values.backup.uploadProviders.azure.containerName }}\n  upload-google.sh: |-\n    #!/bin/bash\n\n    set -ex\n    {{ if or .Values.backup.uploadProviders.google.secret .Values.backup.uploadProviders.google.existingSecret}}\n    gcloud auth activate-service-account --key-file /var/secrets/google/{{ .Values.backup.uploadProviders.google.secretKey }}\n    {{- end }}\n    gsutil -m rsync -d -r {{ .Values.backup.directory }} {{ .Values.backup.uploadProviders.google.bucketName }}\n  download-azure.sh: |-\n    #!/bin/bash\n\n    set -ex\n\n    az storage blob download-batch -d . -s {{ .Values.backup.uploadProviders.azure.containerName }} --pattern {{ .Values.backup.directory }}\n  download-google.sh: |-\n    #!/bin/bash\n\n    set -ex\n\n    {{ if or .Values.backup.uploadProviders.google.secret .Values.backup.uploadProviders.google.existingSecret}}\n    gcloud auth activate-service-account --key-file /var/secrets/google/{{ .Values.backup.uploadProviders.google.secretKey }}\n    {{- end }}\n    gsutil -m rsync -r -d {{ .Values.backup.uploadProviders.google.bucketName }}/ {{ .Values.backup.directory }}\n\n"
  },
  {
    "path": "charts/influxdb-backup/templates/cronjob.yaml",
    "content": "apiVersion: batch/v1beta1\nkind: CronJob\nmetadata:\n  name: {{ include \"influxdb-backup.fullname\" . }}\n  labels:\n    {{- include \"influxdb-backup.labels\" . | nindent 4 }}\nspec:\n  schedule: {{.Values.backup.schedule | quote }}\n  concurrencyPolicy: Forbid\n  successfulJobsHistoryLimit: {{ .Values.backup.historyLimit }}\n  failedJobsHistoryLimit: {{ .Values.backup.historyLimit }}\n  jobTemplate:\n    spec:\n      template:\n        metadata:\n          labels:\n            {{- include \"influxdb-backup.selectorLabels\" . | nindent 12 }}\n          annotations:\n            {{- toYaml .Values.backup.Podannotations | nindent 12 }}\n        spec:\n          restartPolicy: OnFailure\n          volumes:\n            - name: backup-scripts\n              configMap:\n                name: {{ include \"influxdb-backup.fullname\" . }}\n                defaultMode: 0755\n            {{- if .Values.backup.uploadProviders.google.enabled }}\n            - name: google-cloud-key\n              secret:\n            {{- if .Values.backup.uploadProviders.google.existingSecret }}\n                secretName: {{ .Values.backup.uploadProviders.google.existingSecret | quote }}\n            {{- else }}\n                secretName: {{ include \"influxdb-backup.fullname\" . }}\n            {{- end }}\n            {{- end }}\n            - name: {{ include \"influxdb-backup.fullname\" . }}\n            {{- if .Values.persistence.enabled }}\n              persistentVolumeClaim:\n                claimName: {{ include \"influxdb-backup.fullname\" . }}\n            {{- else }}\n                emptyDir: {}\n            {{- end }}\n          initContainers:\n            {{- if and (.Values.backup.restore.enabled) (.Values.backup.restore.download) }} \n            {{- if .Values.backup.uploadProviders.google.enabled }}\n            - name: gsutil-download\n              image: {{ .Values.backup.uploadProviders.google.image.registry }}/{{ .Values.backup.uploadProviders.google.image.repository }}:{{ .Values.backup.uploadProviders.google.image.tag }}\n              resources:\n                {{- toYaml .Values.resources | nindent 16 }} \n              command:\n                - \"/tmp/download-google.sh\"\n              volumeMounts:\n                - name: {{ include \"influxdb-backup.fullname\" . }}\n                  mountPath: {{ .Values.backup.directory | quote }}\n                - name: backup-scripts\n                  mountPath: /tmp/download-google.sh\n                  subPath: download-google.sh\n                - name: google-cloud-key\n                  mountPath: /var/secrets/google/\n            {{- end }}\n            {{- if .Values.backup.uploadProviders.azure.enabled }}\n            - name: azure-download\n              image: {{ .Values.backup.uploadProviders.azure.image.registry }}/{{ .Values.backup.uploadProviders.azure.image.repository }}:{{ .Values.backup.uploadProviders.azure.image.tag }}\n              resources:\n                {{- toYaml .Values.resources | nindent 16 }}              \n              command:\n              - \"/tmp/download-azure.sh\"\n              env:\n                - name: AZURE_STORAGE_CONNECTION_STRING\n                  valueFrom:\n                    secretKeyRef:\n                      {{- if .Values.backup.uploadProviders.azure.existingSecret }}\n                      name: {{ .Values.backup.uploadProviders.azure.existingSecret | quote }}\n                      {{- else }}\n                      name: {{ include \"influxdb-backup.fullname\" . }}\n                      {{- end }}\n                      key: {{ .Values.backup.uploadProviders.azure.secretKey }}\n              volumeMounts:\n                - name: {{ include \"influxdb-backup.fullname\" . }}\n                  mountPath: {{ .Values.backup.directory | quote }}\n                - name: backup-scripts\n                  mountPath: /tmp/download-azure.sh\n                  subPath: download-azure.sh\n            {{- end }}\n            {{- end }}\n            {{- if not .Values.backup.restore.enabled }}\n            - name: influxdb-backup\n              image: \"{{ .Values.image.repository }}:{{ .Values.image.tag }}\"\n              resources:\n                {{- toYaml .Values.resources | nindent 16 }}\n              env:\n                {{- range $instances := .Values.backup.instances }}\n                - name: {{ $instances.name | upper }}_ADMIN_PASSWORD\n                  valueFrom:\n                    secretKeyRef:\n                      {{- if $instances.existingSecret }}\n                      name: {{ $instances.existingSecret }}\n                      {{- else }}\n                      name: {{ include \"influxdb-backup.fullname\" $ }}\n                      {{- end }}\n                      {{- if $instances.existingSecretKey }}\n                      key: {{ $instances.existingSecretKey }}\n                      {{- else }}\n                      key: {{ $instances.name }}-admin-password\n                      {{- end }}\n                {{- end }}\n              command:\n                - \"/tmp/backup.sh\"\n              volumeMounts:\n                - name: {{ include \"influxdb-backup.fullname\" . }}\n                  mountPath: {{ .Values.backup.directory | quote }}\n                - name: backup-scripts\n                  mountPath: /tmp/backup.sh\n                  subPath: backup.sh\n            {{- end }}\n          containers:\n            {{- if not .Values.backup.restore.enabled }}\n            - name: influxdb-backup-no-upload-dummy\n              image: \"{{ .Values.image.repository }}:{{ .Values.image.tag }}\"\n              resources:\n                {{- toYaml .Values.resources | nindent 16 }}\n              command:\n                - \"/bin/true\"\n            {{- end }}\n            {{- if .Values.backup.restore.enabled }}\n            - name: influxdb-restore\n              image: \"{{ .Values.image.repository }}:{{ .Values.image.tag }}\"\n              resources:\n                {{- toYaml .Values.resources | nindent 16 }}\n              command:\n                - \"/tmp/restore.sh\"\n              volumeMounts:\n                - name: {{ include \"influxdb-backup.fullname\" . }}\n                  mountPath: {{ .Values.backup.directory | quote }}\n                - name: backup-scripts\n                  mountPath: /tmp/restore.sh\n                  subPath: restore.sh\n            {{- end }}\n            {{- if and (.Values.backup.uploadProviders.google.enabled) (not .Values.backup.restore.enabled) }}\n            - name: gsutil-sync\n              image: {{ .Values.backup.uploadProviders.google.image.registry }}/{{ .Values.backup.uploadProviders.google.image.repository }}:{{ .Values.backup.uploadProviders.google.image.tag }}\n              resources:\n                {{- toYaml .Values.resources | nindent 16 }}\n              command:\n                - \"/tmp/upload-google.sh\"\n              volumeMounts:\n                - name: {{ include \"influxdb-backup.fullname\" . }}\n                  mountPath: {{ .Values.backup.directory | quote }}\n                - name: backup-scripts\n                  mountPath: /tmp/upload-google.sh\n                  subPath: upload-google.sh\n                - name: google-cloud-key\n                  mountPath: /var/secrets/google/\n            {{- end }}\n            {{- if and (.Values.backup.uploadProviders.azure.enabled) (not .Values.backup.restore.enabled) }}\n            - name: azure-sync\n              image: {{ .Values.backup.uploadProviders.azure.image.registry }}/{{ .Values.backup.uploadProviders.azure.image.repository }}:{{ .Values.backup.uploadProviders.azure.image.tag }}\n              resources:\n                {{- toYaml .Values.resources | nindent 16 }}              \n              command:\n              - \"/tmp/upload-azure.sh\"\n              env:\n                - name: AZURE_STORAGE_CONNECTION_STRING\n                  valueFrom:\n                    secretKeyRef:\n                      {{- if .Values.backup.uploadProviders.azure.existingSecret }}\n                      name: {{ .Values.backup.uploadProviders.azure.existingSecret | quote }}\n                      {{- else }}\n                      name: {{ include \"influxdb-backup.fullname\" . }}\n                      {{- end }}\n                      key: {{ .Values.backup.uploadProviders.azure.secretKey }}\n              volumeMounts:\n                - name: {{ include \"influxdb-backup.fullname\" . }}\n                  mountPath: {{ .Values.backup.directory | quote }}\n                - name: backup-scripts\n                  mountPath: /tmp/upload-azure.sh\n                  subPath: upload-azure.sh\n            {{- end }}\n"
  },
  {
    "path": "charts/influxdb-backup/templates/pvc.yaml",
    "content": "{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}\nkind: PersistentVolumeClaim\napiVersion: v1\nmetadata:\n  name: \"{{ template \"influxdb-backup.fullname\" . }}\"\n  labels:\n    {{- include \"influxdb-backup.labels\" . | nindent 4 }}\nspec:\n  accessModes:\n    - {{ .Values.persistence.accessMode | quote }}\n  resources:\n    requests:\n      storage: {{ .Values.persistence.size | quote }}\n{{- if .Values.persistence.storageClass }}\n{{- if (eq \"-\" .Values.persistence.storageClass) }}\n  storageClassName: \"\"\n{{- else }}\n  storageClassName: \"{{ .Values.persistence.storageClass }}\"\n{{- end }}\n{{- end }}\n{{- end }}\n"
  },
  {
    "path": "charts/influxdb-backup/templates/secrets.yaml",
    "content": "apiVersion: v1\nkind: Secret\nmetadata:\n  name: {{ include \"influxdb-backup.fullname\" . }}\n  labels:\n    {{- include \"influxdb-backup.labels\" . | nindent 4 }}\ntype: Opaque\ndata:\n  {{ range $instances := .Values.backup.instances }}\n  {{- if (not $instances.existingSecret) }}\n  {{ $instances.name }}-admin-password: {{ $instances.pass | b64enc | quote }}\n  {{ end }}  \n  {{- end }}\n  {{- if and (.Values.backup.uploadProviders.google.enabled) (not .Values.backup.uploadProviders.google.existingSecret) -}}\n  {{ .Values.backup.uploadProviders.google.secretKey }}: {{ .Values.backup.uploadProviders.google.secret | b64enc | quote }}\n  {{- end }}\n  {{ if and (.Values.backup.uploadProviders.azure.enabled) (not .Values.backup.uploadProviders.azure.existingSecret) -}}\n  {{ .Values.backup.uploadProviders.azure.secretKey }}: {{ .Values.backup.uploadProviders.azure.secret | b64enc | quote }}\n  {{- end }}\n "
  },
  {
    "path": "charts/influxdb-backup/values.yaml",
    "content": "# Default values for influxdb-backup.\n# This is a YAML-formatted file.\n# Declare variables to be passed into your templates.\n\n## influxdb image version\n## ref: https://hub.docker.com/r/library/influxdb/tags/\nimage:\n  repository: \"influxdb\"\n  tag: \"1.7.10-alpine\"\n  pullPolicy: IfNotPresent\n  ## If specified, use these secrets to access the images\n  # pullSecrets:\n  #   - registry-secret\n\nnameOverride: \"\"\nfullnameOverride: \"\"\n\nresources: {}\n  # We usually recommend not to specify default resources and to leave this as a conscious\n  # choice for the user. This also increases chances charts run on environments with little\n  # resources, such as Minikube. If you do want to specify resources, uncomment the following\n  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.\n  # limits:\n  #   cpu: 2\n  #   memory: 8Gi\n  # requests:\n  #   cpu: 1\n  #   memory: 4Gi\n\n## Persist data to a persistent volume\n##\npersistence:\n  enabled: true\n  ## A manually managed Persistent Volume and Claim\n  ## Requires persistence.enabled: true\n  ## If defined, PVC must be created manually before volume will be bound\n  # existingClaim:\n  ## influxdb data Persistent Volume Storage Class\n  ## If defined, storageClassName: <storageClass>\n  ## If set to \"-\", storageClassName: \"\", which disables dynamic provisioning\n  ## If undefined (the default) or set to null, no storageClassName spec is\n  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on\n  ##   GKE, AWS & OpenStack)\n  ##\n  # storageClass: \"-\"\n  annotations:\n  accessMode: ReadWriteOnce\n  size: 10Gi\n\n## InfluxDB backup parameters\n##\nbackup:\n  ## Instances which should be backuped\n  ##\n  instances: []\n    # - name: \"influxdb\"\n    #   host: \"influxdb.influxdb.svc.cluster.local\"\n    #   user: \"admin\"\n    #   pass: \"secret\"\n    #  # # optional values\n    #  # bindPort: 8086\n    #  # rpcPort: 8088\n    #  # # if existing secret is used 'pass' var is ignored\n    #  # existingSecret: \"influxdb-auth\"\n    #  # existingSecretKey: \"influxdb-password\"\n\n  ## Directory where backups are stored in a PVC in the container\n  ##\n  directory: \"/backups\"\n  ## Retention time in days for backups\n  ##\n  retentionDays: 10\n  ## Schedule in Cron format to save snapshots\n  ## See https://en.wikipedia.org/wiki/Cron\n  ##\n  schedule: \"0 2 * * *\"\n  ## Number of successful finished jobs to retain\n  ##\n  historyLimit: 3\n  ## Pod annotations\n  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/\n  ##\n  podAnnotations: {}\n  ## Storage providers where to upload backups\n  ##\n  uploadProviders:\n    ## Google Storage Bucket configuration\n    ##\n    google:\n      enabled: false\n      secret: \"\"\n      secretKey: \"keyfile.json\"\n      existingSecret: \"\"\n      bucketName: \"gs://bucket/influxdb\"\n      image:\n        registry: docker.io\n        repository: google/cloud-sdk\n        tag: 296.0.0-alpine\n    ## Azure Storage Container configuration\n    ##\n    azure:\n      enabled: false\n      secret: \"\"\n      secretKey: \"connection-string\"\n      existingSecret: \"\"\n      containerName: \"influxdb-container\"\n      image:\n        registry: docker.io\n        repository: microsoft/azure-cli\n        tag: 2.0.24\n  restore:\n    enabled: false\n    download: false\n    db: \"database\"\n    directory: \"/backups/instancename/dbname/20200530_020027\"\n    host: \"influxdb.influxdb.svc.cluster.local\"\n"
  },
  {
    "path": "charts/ingress-annotator/.helmignore",
    "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n.vscode/\n"
  },
  {
    "path": "charts/ingress-annotator/Chart.yaml",
    "content": "apiVersion: v1\nappVersion: \"0.1.0\"\ndescription: A Helm chart for ingress annotator controller\nname: ingress-annotator\nversion: 0.2.0\nhome: https://github.com/kiwigrid/ingress-annotator\nsources:\n- https://github.com/kiwigrid/ingress-annotator\nmaintainers:\n- name: rpahli\n  email: rico.pahlisch@kiwigrid.com\n"
  },
  {
    "path": "charts/ingress-annotator/README.md",
    "content": "# Ingress Annotator\n\n## Introduction\n\n[Ingress Annotator](https://github.com/kiwigrid/ingress-annotator/) supports annotating ingresses globaly or per namespace. This can be used for example for [traefik error pages](https://docs.traefik.io/configuration/commons/#custom-error-pages).\n\n## Prerequisites\n\n-   Has been tested on Kubernetes 1.11+\n\n## Installing the Chart\n\nTo install the chart with the release name `ingress-annotator`, run the following command:\n\n```bash\n$ helm install kiwigrid/ingress-annotator --name ingress-annotator --values=my-values.yaml\n```\n\n## Uninstalling the Chart\n\nTo uninstall/delete the `ingress-annotator` deployment:\n\n```bash\n$ helm delete ingress-annotator\n```\n\nThe command removes all the Kubernetes components associated with the chart and deletes the release.\n\n> **Tip**: To completely remove the release, run `helm delete --purge ingress-annotator`\n\n## Configuration\n\nThe following table lists the configurable parameters of the ingress-annotator chart and their default values.\n\n| Parameter                                  | Description                               | Default                            |\n| ------------------------------------------ | ----------------------------------------- | ---------------------------------- |\n| `image.repository` | Docker image repo | `kiwigrid/ingress-annotator`|\n| `image.tag` | Docker image tag | `0.1.0`|\n| `image.pullPolicy` | Docker image pull policy | `IfNotPresent`|\n| `resources` | Resources | `{}`|\n| `nodeSelector` | NodeSelector | `{}`|\n| `tolerations` | Tolerations | `[]`|\n| `affinity` | Affinity | `{}`|\n| `config` | configuration [see](https://github.com/kiwigrid/ingress-annotator/) for more infos | `{}`|\n\n\nSpecify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example:\n\n```bash\n$ helm install --name ingress-annotator --set ingress.enabled=false kiwigrid/ingress-annotator\n```\n\nAlternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart.\n"
  },
  {
    "path": "charts/ingress-annotator/templates/NOTES.txt",
    "content": "The ingress annotator is now running.\n"
  },
  {
    "path": "charts/ingress-annotator/templates/_helpers.tpl",
    "content": "{{/* vim: set filetype=mustache: */}}\n{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"ingress-annotator.name\" -}}\n{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCreate a default fully qualified app name.\nWe truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).\nIf release name contains chart name it will be used as a full name.\n*/}}\n{{- define \"ingress-annotator.fullname\" -}}\n{{- if .Values.fullnameOverride -}}\n{{- .Values.fullnameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- $name := default .Chart.Name .Values.nameOverride -}}\n{{- if contains $name .Release.Name -}}\n{{- .Release.Name | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- printf \"%s-%s\" .Release.Name $name | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n{{- end -}}\n{{- end -}}\n\n{{/*\nCreate chart name and version as used by the chart label.\n*/}}\n{{- define \"ingress-annotator.chart\" -}}\n{{- printf \"%s-%s\" .Chart.Name .Chart.Version | replace \"+\" \"_\" | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n"
  },
  {
    "path": "charts/ingress-annotator/templates/configmap.yaml",
    "content": "apiVersion: v1\nkind: ConfigMap\nmetadata:\n  name: {{ include \"ingress-annotator.fullname\" . }}\n  labels:\n    app.kubernetes.io/name: {{ include \"ingress-annotator.name\" . }}\n    helm.sh/chart: {{ include \"ingress-annotator.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\ndata:\n  config.yaml: |-\n    annotations:\n{{- range $key, $val := .Values.config }}\n      {{ $key }}:\n{{ toYaml $val | indent 8 }}\n{{- end}}\n"
  },
  {
    "path": "charts/ingress-annotator/templates/deployment.yaml",
    "content": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: {{ include \"ingress-annotator.fullname\" . }}\n  labels:\n    app.kubernetes.io/name: {{ include \"ingress-annotator.name\" . }}\n    helm.sh/chart: {{ include \"ingress-annotator.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"ingress-annotator.name\" . }}\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"ingress-annotator.name\" . }}\n        app.kubernetes.io/instance: {{ .Release.Name }}\n    spec:\n      serviceAccountName: {{ include \"ingress-annotator.fullname\" . }}\n      containers:\n        - name: {{ .Chart.Name }}\n          image: \"{{ .Values.image.repository }}:{{ .Values.image.tag }}\"\n          imagePullPolicy: {{ .Values.image.pullPolicy }}\n          env:\n          - name: CONFIG_PATH\n            value: /etc/config/config.yaml\n          volumeMounts:\n          - mountPath: /etc/config\n            name: config-volume\n          resources:\n            {{- toYaml .Values.resources | nindent 12 }}\n      {{- with .Values.nodeSelector }}\n      nodeSelector:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n    {{- with .Values.affinity }}\n      affinity:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- with .Values.tolerations }}\n      tolerations:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n      volumes:\n      - configMap:\n          name: {{ include \"ingress-annotator.fullname\" . }}\n        name: config-volume"
  },
  {
    "path": "charts/ingress-annotator/templates/rbac_role.yaml",
    "content": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n  name: {{ include \"ingress-annotator.fullname\" . }}\n  labels:\n    app.kubernetes.io/name: {{ include \"ingress-annotator.name\" . }}\n    helm.sh/chart: {{ include \"ingress-annotator.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nrules:\n- apiGroups:\n  - extensions\n  resources:\n  - ingresses\n  verbs:\n  - get\n  - list\n  - watch\n  - update\n  - patch\n\n"
  },
  {
    "path": "charts/ingress-annotator/templates/rbac_role_binding.yaml",
    "content": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  name: {{ include \"ingress-annotator.fullname\" . }}\n  labels:\n    app.kubernetes.io/name: {{ include \"ingress-annotator.name\" . }}\n    helm.sh/chart: {{ include \"ingress-annotator.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: {{ include \"ingress-annotator.fullname\" . }}\nsubjects:\n- kind: ServiceAccount\n  name: {{ include \"ingress-annotator.fullname\" . }}\n  namespace: {{ .Release.Namespace }}\n"
  },
  {
    "path": "charts/ingress-annotator/templates/serviceaccount.yaml",
    "content": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: {{ include \"ingress-annotator.fullname\" . }}\n  labels:\n    app.kubernetes.io/name: {{ include \"ingress-annotator.name\" . }}\n    helm.sh/chart: {{ include \"ingress-annotator.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\n"
  },
  {
    "path": "charts/ingress-annotator/values.yaml",
    "content": "# Default values for ingress-annotator.\n# This is a YAML-formatted file.\n# Declare variables to be passed into your templates.\n\nimage:\n  repository: kiwigrid/ingress-annotator\n  tag: latest\n  pullPolicy: IfNotPresent\n\nnameOverride: \"\"\nfullnameOverride: \"\"\n\nresources: {}\n  # We usually recommend not to specify default resources and to leave this as a conscious\n  # choice for the user. This also increases chances charts run on environments with little\n  # resources, such as Minikube. If you do want to specify resources, uncomment the following\n  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.\n  # limits:\n  #   cpu: 100m\n  #   memory: 128Mi\n  # requests:\n  #   cpu: 100m\n  #   memory: 128Mi\n\nnodeSelector: {}\n\ntolerations: []\n\naffinity: {}\n\nconfig: {}\n  # global: {}\n  # namespaced: {}\n"
  },
  {
    "path": "charts/keycloak-controller/.helmignore",
    "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n.vscode/\n"
  },
  {
    "path": "charts/keycloak-controller/Chart.yaml",
    "content": "apiVersion: v1\nappVersion: \"2.0.0\"\ndescription: A Helm chart for a Kubernetes controller to manage Keycloak clients and realms.\nname: keycloak-controller\nversion: 0.6.1\nhome: https://github.com/kiwigrid/keycloak-controller\nsources:\n- https://github.com/kiwigrid/keycloak-controller\n- https://github.com/kiwigrid/helm-charts/tree/master/charts/keycloak-controller\nmaintainers:\n- name: axdotl\n  email: axel.koehler@kiwigrid.com\n- name: sschnabe\n  email: stephan.schnabel@kiwigrid.com\n"
  },
  {
    "path": "charts/keycloak-controller/README.md",
    "content": "# Keycloak Client Controller\n\nThe [Keycloak Controller](https://github.com/kiwigrid/keycloak-controller) manages clients and realms in one\nor more [Keycloak](https://www.keycloak.org) instances via Kubernetes resources.\n\n## Configuration\n\nThe following table lists the configurable parameters of the chart and their default values.\n\n| Parameter                 | Description                                                | Default                               |\n| ------------------------- | ---------------------------------------------------------- | ------------------------------------- |\n| `replicaCount`            | Number of replicas                                         | 1                                     |\n| `image.repository`        | keycloak-controller image                                  | `kiwigrid/keycloak-controller`        |\n| `image.tag`               | keycloak-controller image tag                              | `2.0.0`                               |\n| `image.pullPolicy`        | Image pull policy                                          | `IfNotPresent`                        |\n| `rbac.enabled`            | Controls RBAC usage                                        | `true`                                |\n| `retryRate`               | Configure retry interval for failed resources              | `60s`                                 |\n| `prometheus.enabled`      | Enables Prometheus scrape configuration                    | `true`                                |\n| `prometheus.path`         | Metric endpoint                                            | `/endpoints/prometheus`               |\n| `prometheus.port`         | Scrape port                                                | `8080`                                |\n| `prometheus.step`         | How frequently to report metrics                           | `PT5s`                                |\n| `prometheus.descriptions` | If meter descriptions should be sent to Prometheus         | `true`                                |\n| `javaToolOptions`         | Allows to specify the initialization of tools              | see `values.yaml`                     |\n| `gcpLogging`              | Enables Stackdriver conform logging                        | `true`                                |\n| `namespaced`              | Controls whether watching only for events in its namespace | `true`                                |\n| `resources`               | Resources                                                  | `{}`                                  |\n| `nodeSelector`            | NodeSelector                                               | `{}`                                  |\n| `tolerations`             | Tolerations                                                | `[]`                                  |\n| `affinity`                | Affinity                                                   | `{}`                                  |\n\nSpecify each parameter using the `--set key=value[,key=value]` argument to `helm install`.\n\nAlternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,\n\n```console\nhelm install --name my-release -f values.yaml kiwigrid/keycloak-controller\n```\n\n> **Tip**: You can use the default [values.yaml](values.yaml)\n"
  },
  {
    "path": "charts/keycloak-controller/templates/NOTES.txt",
    "content": "keycloak-controller installed.\n\nFor usage instructions, visit: https://github.com/kiwigrid/keycloak-controller\n"
  },
  {
    "path": "charts/keycloak-controller/templates/_helpers.tpl",
    "content": "{{/* vim: set filetype=mustache: */}}\n{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"keycloak-controller.name\" -}}\n{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCreate a default fully qualified app name.\nWe truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).\nIf release name contains chart name it will be used as a full name.\n*/}}\n{{- define \"keycloak-controller.fullname\" -}}\n{{- if .Values.fullnameOverride -}}\n{{- .Values.fullnameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- $name := default .Chart.Name .Values.nameOverride -}}\n{{- if contains $name .Release.Name -}}\n{{- .Release.Name | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- printf \"%s-%s\" .Release.Name $name | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n{{- end -}}\n{{- end -}}\n\n{{/*\nCreate chart name and version as used by the chart label.\n*/}}\n{{- define \"keycloak-controller.chart\" -}}\n{{- printf \"%s-%s\" .Chart.Name .Chart.Version | replace \"+\" \"_\" | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCommon labels\n*/}}\n{{- define \"keycloak-controller.labels\" -}}\nhelm.sh/chart: {{ include \"keycloak-controller.chart\" . }}\napp.kubernetes.io/name: {{ include \"keycloak-controller.name\" . }}\napp.kubernetes.io/instance: {{ .Release.Name }}\n{{- if .Chart.AppVersion }}\napp.kubernetes.io/version: {{ .Chart.AppVersion | quote }}\n{{- end }}\napp.kubernetes.io/managed-by: {{ .Release.Service }}\n{{- end -}}\n"
  },
  {
    "path": "charts/keycloak-controller/templates/configmap.yaml",
    "content": "apiVersion: v1\nkind: ConfigMap\nmetadata:\n  name: {{ include \"keycloak-controller.fullname\" . }}\n  labels:\n{{ include \"keycloak-controller.labels\" . | indent 4 }}\ndata:\n  application-k8s.yaml: |-\n    micronaut:\n      metrics:\n        export:\n          prometheus:\n            enabled: {{ .Values.prometheus.enabled }}\n            step: {{ .Values.prometheus.step }}\n            descriptions: {{ .Values.prometheus.descriptions }}\n    endpoints:\n      prometheus:\n        enabled: {{ .Values.prometheus.enabled }}\n    retry-rate: {{ .Values.retryRate }}\n"
  },
  {
    "path": "charts/keycloak-controller/templates/deployment.yaml",
    "content": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: {{ include \"keycloak-controller.fullname\" . }}\n  labels:\n{{ include \"keycloak-controller.labels\" . | indent 4 }}\nspec:\n  replicas: {{ .Values.replicaCount }}\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"keycloak-controller.name\" . }}\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"keycloak-controller.name\" . }}\n        app.kubernetes.io/instance: {{ .Release.Name }}\n      annotations:\n        checksum/config: {{ include (print $.Template.BasePath \"/configmap.yaml\") . | sha256sum }}\n        {{- if .Values.prometheus.enabled }}\n        prometheus.io/scrape: \"{{ .Values.prometheus.enabled }}\"\n        prometheus.io/path: \"{{ .Values.prometheus.path }}\"\n        prometheus.io/port: \"{{ .Values.prometheus.port }}\"\n        {{- end }}\n    spec:\n      volumes:\n      - name: config-volume\n        configMap:\n          name: {{ include \"keycloak-controller.fullname\" . }}\n      {{- if .Values.rbac.enabled }}\n      serviceAccountName: {{ include \"keycloak-controller.fullname\" . }}\n      {{- end }}\n      containers:\n      - name: {{ .Chart.Name }}\n        image: \"{{ .Values.image.repository }}:{{ .Values.image.tag }}\"\n        imagePullPolicy: {{ .Values.image.pullPolicy }}\n        ports:\n        - name: http\n          containerPort: 80\n          protocol: TCP\n        readinessProbe:\n          httpGet:\n            path: /endpoints/health\n            port: 8080\n          initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}\n          timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}\n          periodSeconds: {{ .Values.readinessProbe.periodSeconds }}\n          failureThreshold: {{ .Values.readinessProbe.failureThreshold }}\n        livenessProbe:\n          httpGet:\n            path: /endpoints/health\n            port: 8080\n          initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}\n          timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}\n          periodSeconds: {{ .Values.livenessProbe.periodSeconds }}\n          failureThreshold: {{ .Values.livenessProbe.failureThreshold }}\n        env:\n        - name: JAVA_TOOL_OPTIONS\n          value: {{ .Values.javaToolOptions }}\n        - name: MICRONAUT_CONFIG_FILES\n          value: /kiwigrid/application-k8s.yaml\n        {{- if .Values.gcpLogging }}\n        - name: GCP_LOGGING\n          value: \"true\"\n        {{- end }}\n        - name: CONTROLLER_NAMESPACED\n          value: {{ .Values.namespaced | quote }}\n        volumeMounts:\n        - name: config-volume\n          mountPath: /kiwigrid/application-k8s.yaml\n          subPath: application-k8s.yaml\n        resources:\n          {{- toYaml .Values.resources | nindent 10 }}\n      {{- with .Values.nodeSelector }}\n      nodeSelector:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n    {{- with .Values.affinity }}\n      affinity:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- with .Values.tolerations }}\n      tolerations:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n"
  },
  {
    "path": "charts/keycloak-controller/templates/rbac/role.yaml",
    "content": "{{- if .Values.rbac.enabled -}}\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n  name: {{ include \"keycloak-controller.fullname\" . }}\n  labels:\n{{ include \"keycloak-controller.labels\" . | indent 4 }}\nrules:\n- apiGroups:\n  - \"\"\n  resources:\n  - secrets\n  verbs:\n  - get\n  - create\n- apiGroups:\n  - k8s.kiwigrid.com\n  resources:\n  - keycloaks\n  - keycloakrealms\n  - keycloakclients\n  - keycloakclientscopes\n  verbs:\n  - get\n  - list\n  - watch\n  - update\n{{- end -}}\n"
  },
  {
    "path": "charts/keycloak-controller/templates/rbac/role_binding.yaml",
    "content": "{{- if .Values.rbac.enabled -}}\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  name: {{ include \"keycloak-controller.fullname\" . }}\n  labels:\n{{ include \"keycloak-controller.labels\" . | indent 4 }}\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: {{ include \"keycloak-controller.fullname\" . }}\nsubjects:\n- kind: ServiceAccount\n  name: {{ include \"keycloak-controller.fullname\" . }}\n  namespace: {{ .Release.Namespace }}\n{{- end -}}\n"
  },
  {
    "path": "charts/keycloak-controller/templates/rbac/serviceaccount.yaml",
    "content": "{{- if .Values.rbac.enabled -}}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: {{ include \"keycloak-controller.fullname\" . }}\n  labels:\n{{ include \"keycloak-controller.labels\" . | indent 4 }}\n{{- end -}}\n"
  },
  {
    "path": "charts/keycloak-controller/values.yaml",
    "content": "# Default values for keycloak-controller.\n# This is a YAML-formatted file.\n# Declare variables to be passed into your templates.\n\nreplicaCount: 1\n\nimage:\n  repository: kiwigrid/keycloak-controller\n  tag: 2.0.0\n  pullPolicy: IfNotPresent\n\nnameOverride: \"\"\nfullnameOverride: \"\"\n\nrbac:\n  enabled: true\n\n## retryRate for retrying failed resources\nretryRate: 60s\n\nprometheus:\n  enabled: false\n  port: 8080\n  path: /endpoints/prometheus\n  step: PT5s\n  descriptions: false\n\nreadinessProbe:\n  timeoutSeconds: 1\n  initialDelaySeconds: 10\n  periodSeconds: 2\n  failureThreshold: 55\nlivenessProbe:\n  timeoutSeconds: 1\n  initialDelaySeconds: 120\n  periodSeconds: 30\n  failureThreshold: 3\n\njavaToolOptions: \"-Xms48m -Xmx48m -XX:MetaspaceSize=56m -XX:MaxMetaspaceSize=56m -XX:ReservedCodeCacheSize=8m -XX:CompressedClassSpaceSize=12m -XX:MaxDirectMemorySize=1m\"\n\ngcpLogging: true\n\n## Controls whether watching only for events in its namespace\nnamespaced: true\n\nresources: {}\n  # We usually recommend not to specify default resources and to leave this as a conscious\n  # choice for the user. This also increases chances charts run on environments with little\n  # resources, such as Minikube. If you do want to specify resources, uncomment the following\n  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.\n  # limits:\n  #   cpu: 200m\n  #   memory: 256Mi\n  # requests:\n  #   cpu: 100m\n  #   memory: 192Mi\n\nnodeSelector: {}\n\ntolerations: []\n\naffinity: {}\n"
  },
  {
    "path": "charts/kubernetes-policy-controller/.helmignore",
    "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n"
  },
  {
    "path": "charts/kubernetes-policy-controller/Chart.yaml",
    "content": "apiVersion: v1\nappVersion: \"1.2\"\ndescription: A Helm chart for Kubernetes Policy Controller and the open policy agent to manage your cluster policies\nname: kubernetes-policy-controller\nversion: 0.1.2\nhome: https://github.com/kiwigrid/helm-charts\nicon: https://www.openpolicyagent.org/img/opa-logo.svg\nsources:\n- https://github.com/open-policy-agent/kubernetes-policy-controller\n- https://github.com/open-policy-agent/opa\nmaintainers:\n- name: rpahli\n  email: rico.pahlisch@kiwigrid.com\n"
  },
  {
    "path": "charts/kubernetes-policy-controller/README.md",
    "content": "# Kubernetes Policy Controller\n\n- **Source:** https://github.com/open-policy-agent/kubernetes-policy-controller\n\n## Introduction\n\nThis chart creates a Kubernetes Policy Controller deployment on a Kubernetes cluster using the Helm package manager.\n\nSee also the docs for [Kubernetes Policy Controller](https://github.com/open-policy-agent/kubernetes-policy-controller).\n\n\n## Installing the Chart\n\nInstall from remote URL with the release name `kubernetes-policy-controller` into namespace `opa`:\n\n```console\n$ helm upgrade -i kubernetes-policy-controller kiwigrid/kubernetes-policy-controller --namespace opa\n```\n\n## Uninstalling the Chart\n\nTo uninstall/delete the `kubernetes-policy-controller` deployment:\n\n```console\n$ helm delete kubernetes-policy-controller --purge\n```\n\nThe command removes all the Kubernetes components associated with the chart and deletes the release.\n\n## Configuration\n\nThe following table lists the configurable parameters of the kubernetes policy chart controller and their default values.\n\n| Parameter                         | Description                             | Default                                                                                     |\n| --------------------------------- | --------------------------------------  | ---------------------------------------------------------                                   |\n| `opa.image`                           | opa image                          | `openpolicyagent/opa`                                                        |\n| `opa.imageTag`                        | opa image tag                      | `0.10.1`                                                                                      |\n| `opa.imagePullPolicy`                 | Image pull policy                       | `IfNotPresent`                                                                              |\n| `kubeMgmt.image`                           | kube mgmt image                          | `openpolicyagent/kube-mgmt`                                                        |\n| `kubeMgmt.imageTag`                        | kube mgmt image tag                      | `0.6`                                                                                      |\n| `kubeMgmt.imagePullPolicy`                 | Image pull policy                       | `IfNotPresent`                                                                              |\n| `kubernetesPolicyController.image`                           | opa image                          | `nikhilbh/kubernetes-policy-controller`                                                        |\n| `kubernetesPolicyController.imageTag`                        | gcp service account controller image tag                      | `1.2`                                                                                      |\n| `kubernetesPolicyController.imagePullPolicy`                 | Image pull policy                       | `IfNotPresent`                                                                              |\n| `admissionControllerKind`                  | admission controller kind           | `MutatingWebhookConfiguration` |\n| `admissionControllerFailurePolicy`                  | admission controller failure policy           | `Ignore` |\n| `generateAdmissionControllerCerts`                  | auto generate admission controller certs          | `true` |\n| `admissionControllerCA`                  | admission controller ca only used if generateAdmissionControllerCerts is `false`        |  |\n| `admissionControllerCert`                  | admission controller cert only used if generateAdmissionControllerCerts is `false`         |  |\n| `admissionControllerKey`                  | admission controller key only used if generateAdmissionControllerCerts is `false`         |  |\n| `admissionControllerRules`                  | admission controller rules         |  |\n\n\nSpecify each parameter using the `--set key=value[,key=value]` argument to `helm install`.\n\nAlternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,\n\n```console\n$ helm install --name my-release -f values.yaml kiwigrid/kubernetes-policy-controller\n```\n\n> **Tip**: You can use the default [values.yaml](values.yaml)"
  },
  {
    "path": "charts/kubernetes-policy-controller/templates/NOTES.txt",
    "content": "successful setup opa in your cluster.\nPlease see https://www.openpolicyagent.org/ for more infos an how to create policies inside your cluster.\n\n"
  },
  {
    "path": "charts/kubernetes-policy-controller/templates/_helpers.tpl",
    "content": "{{/* vim: set filetype=mustache: */}}\n{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"kubernetes-policy-controller.name\" -}}\n{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCreate a default fully qualified app name.\nWe truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).\nIf release name contains chart name it will be used as a full name.\n*/}}\n{{- define \"kubernetes-policy-controller.fullname\" -}}\n{{- if .Values.fullnameOverride -}}\n{{- .Values.fullnameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- $name := default .Chart.Name .Values.nameOverride -}}\n{{- if contains $name .Release.Name -}}\n{{- .Release.Name | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- printf \"%s-%s\" .Release.Name $name | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n{{- end -}}\n{{- end -}}\n\n{{/*\nCreate chart name and version as used by the chart label.\n*/}}\n{{- define \"kubernetes-policy-controller.chart\" -}}\n{{- printf \"%s-%s\" .Chart.Name .Chart.Version | replace \"+\" \"_\" | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n"
  },
  {
    "path": "charts/kubernetes-policy-controller/templates/clusterrolebinding.yaml",
    "content": "\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n  name: {{ .Release.Name }}-opa-viewer\n  labels:\n    app.kubernetes.io/name: {{ include \"kubernetes-policy-controller.name\" . }}\n    helm.sh/chart: {{ include \"kubernetes-policy-controller.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nroleRef:\n  kind: ClusterRole\n  name: view\n  apiGroup: rbac.authorization.k8s.io\nsubjects:\n- kind: Group\n  name: system:serviceaccounts:{{ .Release.Namespace }}\n  apiGroup: rbac.authorization.k8s.io\n"
  },
  {
    "path": "charts/kubernetes-policy-controller/templates/deployment.yaml",
    "content": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: {{ include \"kubernetes-policy-controller.fullname\" . }}\n  namespace: {{ .Release.Namespace }}\n  labels:\n    app.kubernetes.io/name: {{ include \"kubernetes-policy-controller.name\" . }}\n    helm.sh/chart: {{ include \"kubernetes-policy-controller.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  replicas: {{ .Values.replicaCount }}\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"kubernetes-policy-controller.name\" . }}\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"kubernetes-policy-controller.name\" . }}\n        app.kubernetes.io/instance: {{ .Release.Name }}\n      annotations:\n        checksum/config: {{ include (print $.Template.BasePath \"/webhookconfiguration.yaml\") . | sha256sum }}\n    spec:\n      containers:\n        # WARNING: OPA is NOT running with an authorization policy configured. This\n        # means that clients can read and write policies in OPA. If you are\n        # deploying OPA in an insecure environment, be sure to configure\n        # authentication and authorization on the daemon. See the Security page for\n        # details: https://www.openpolicyagent.org/docs/security.html.\n        - name: opa\n          image: \"{{ .Values.image.opa.repository }}:{{ .Values.image.opa.tag }}\"\n          imagePullPolicy: {{ .Values.image.opa.pullPolicy }}\n          args:\n            - \"run\"\n            - \"--server\"\n            - \"--addr=http://127.0.0.1:8181\"\n        - name: kube-mgmt\n          image: \"{{ .Values.image.kubeMgmt.repository }}:{{ .Values.image.kubeMgmt.tag }}\"\n          imagePullPolicy: {{ .Values.image.kubeMgmt.pullPolicy }}\n          args:\n            - \"--replicate-cluster=v1/namespaces\"\n            - \"--replicate=extensions/v1beta1/ingresses\"\n            - \"--replicate=v1/pods\"\n        - name: kubernetes-policy-controller          \n          image: \"{{ .Values.image.kubernetesPolicyController.repository }}:{{ .Values.image.kubernetesPolicyController.tag }}\"\n          imagePullPolicy: {{ .Values.image.kubernetesPolicyController.pullPolicy }}\n          args:\n            - \"--addr=0.0.0.0:443\"\n            - \"--addr=http://127.0.0.1:7925\"\n          volumeMounts:\n            - readOnly: true\n              mountPath: /certs\n              name: opa-server\n          resources:\n{{ toYaml .Values.resources | indent 12 }}\n    {{- with .Values.nodeSelector }}\n      nodeSelector:\n{{ toYaml . | indent 8 }}\n    {{- end }}\n    {{- with .Values.affinity }}\n      affinity:\n{{ toYaml . | indent 8 }}\n    {{- end }}\n    {{- with .Values.tolerations }}\n      tolerations:\n{{ toYaml . | indent 8 }}\n    {{- end }}\n      volumes:\n        - name: opa-server\n          secret:\n            secretName: {{ template \"kubernetes-policy-controller.fullname\" . }}-cert\n"
  },
  {
    "path": "charts/kubernetes-policy-controller/templates/matches-configmap.yaml",
    "content": "apiVersion: v1\nkind: ConfigMap\nmetadata:\n  name: {{ .Release.Name }}-kubernetes-matches\n  namespace: {{ .Release.Namespace }}\n  labels:\n    app.kubernetes.io/name: {{ include \"kubernetes-policy-controller.name\" . }}\n    helm.sh/chart: {{ include \"kubernetes-policy-controller.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\ndata:\n  matches.rego: |-\n    package k8s\n    import data.kubernetes\n\n    matches[[kind, namespace, name, resource]] {\n      resource := kubernetes[kind][namespace][name].object\n    }\n\n    matches[[kind, namespace, name, resource]] {\n        resource := kubernetes[kind][namespace][name]\n    }\n"
  },
  {
    "path": "charts/kubernetes-policy-controller/templates/policymatches-configmap.yaml",
    "content": "apiVersion: v1\nkind: ConfigMap\nmetadata:\n  name: {{ .Release.Name }}-kubernetes-policymatches\n  namespace: {{ .Release.Namespace }}\n  labels:\n    app.kubernetes.io/name: {{ include \"kubernetes-policy-controller.name\" . }}\n    helm.sh/chart: {{ include \"kubernetes-policy-controller.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\ndata:\n  matches.rego: |-\n    package k8s\n    import data.kubernetes.policies\n\n    # Matches provides an abstraction to find policies that match the (name). \n    policymatches[[name, policy]] {\n        policy := policies[name]\n    }\n"
  },
  {
    "path": "charts/kubernetes-policy-controller/templates/role.yaml",
    "content": "kind: Role\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n  namespace: {{ .Release.Namespace }}\n  name: {{ .Release.Name }}-configmap-modifier\n  labels:\n    app.kubernetes.io/name: {{ include \"kubernetes-policy-controller.name\" . }}\n    helm.sh/chart: {{ include \"kubernetes-policy-controller.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nrules:\n- apiGroups: [\"\"]\n  resources: [\"configmaps\"]\n  verbs: [\"update\", \"patch\"]\n"
  },
  {
    "path": "charts/kubernetes-policy-controller/templates/rolebinding.yaml",
    "content": "kind: RoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n  namespace: {{ .Release.Namespace }}\n  name: {{ .Release.Name }}-configmap-modifier\n  labels:\n    app.kubernetes.io/name: {{ include \"kubernetes-policy-controller.name\" . }}\n    helm.sh/chart: {{ include \"kubernetes-policy-controller.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nroleRef:\n  kind: Role\n  name: {{ .Release.Name }}-configmap-modifier\n  apiGroup: rbac.authorization.k8s.io\nsubjects:\n- kind: Group\n  name: system:serviceaccounts:{{ .Release.Namespace }}\n  apiGroup: rbac.authorization.k8s.io\n"
  },
  {
    "path": "charts/kubernetes-policy-controller/templates/service.yaml",
    "content": "apiVersion: v1\nkind: Service\nmetadata:\n  name: {{ include \"kubernetes-policy-controller.fullname\" . }}\n  namespace: {{ .Release.Namespace }}\n  labels:\n    app.kubernetes.io/name: {{ include \"kubernetes-policy-controller.name\" . }}\n    helm.sh/chart: {{ include \"kubernetes-policy-controller.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  type: {{ .Values.service.type }}\n  ports:  \n  - name: https\n    protocol: TCP\n    port: 443\n    targetPort: 443\n  selector:\n    app.kubernetes.io/name: {{ include \"kubernetes-policy-controller.name\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n"
  },
  {
    "path": "charts/kubernetes-policy-controller/templates/webhookconfiguration.yaml",
    "content": "# this file contains 2 resources because both need the generated cert\n# please don't split the resources\n{{- $cn := printf \"%s.%s.svc\" ( include \"kubernetes-policy-controller.fullname\" . ) .Release.Namespace }}\n{{- $ca := genCA \"opa-admission-ca\" 3650 -}}\n{{- $cert := genSignedCert $cn nil nil 3650 $ca }}\nkind: {{ .Values.admissionControllerKind }}\napiVersion: admissionregistration.k8s.io/v1beta1\nmetadata:\n  name: {{ template \"kubernetes-policy-controller.fullname\" . }}  \n  labels:\n    app.kubernetes.io/name: {{ include \"kubernetes-policy-controller.name\" . }}\n    helm.sh/chart: {{ include \"kubernetes-policy-controller.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nwebhooks:\n  - name: mutating.webhook.kubernetes-policy-controller\n    failurePolicy: {{ .Values.admissionControllerFailurePolicy }}\n    namespaceSelector:\n      matchLabels:\n        opa-mutation: enabled\n    rules:\n{{ toYaml .Values.admissionControllerRules | indent 6 }}\n    clientConfig:\n{{ if .Values.generateAdmissionControllerCerts }}\n      caBundle: {{ b64enc $ca.Cert }}\n{{ else }}\n      caBundle: {{ b64enc .Values.admissionControllerCA }}\n{{ end }}\n      service:\n        name: {{ template \"kubernetes-policy-controller.fullname\" . }}\n        namespace: {{ .Release.Namespace }}\n        path: \"/v1/admit\"\n---\napiVersion: v1\nkind: Secret\nmetadata:\n  name: {{ template \"kubernetes-policy-controller.fullname\" . }}-cert\n  namespace: {{ .Release.Namespace }}\n  labels:\n    app.kubernetes.io/name: {{ include \"kubernetes-policy-controller.name\" . }}\n    helm.sh/chart: {{ include \"kubernetes-policy-controller.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\ntype: Opaque\ndata:\n{{ if .Values.generateAdmissionControllerCerts }}\n  tls.crt: {{ b64enc $cert.Cert }}\n  tls.key: {{ b64enc $cert.Key }}\n{{ else }}\n  tls.crt: {{ b64enc .Values.admissionControllerCert }}\n  tls.key: {{ b64enc .Values.admissionControllerKey }}\n{{ end }}\n"
  },
  {
    "path": "charts/kubernetes-policy-controller/values.yaml",
    "content": "# Default values for kubernetes-policy-controller.\n# This is a YAML-formatted file.\n# Declare variables to be passed into your templates.\n\nreplicaCount: 1\n\nimage:\n  opa:\n    repository: openpolicyagent/opa\n    tag: 0.10.1\n    pullPolicy: IfNotPresent\n  kubeMgmt:\n    repository: openpolicyagent/kube-mgmt\n    tag: 0.6\n    pullPolicy: IfNotPresent\n  kubernetesPolicyController:\n    repository: nikhilbh/kubernetes-policy-controller\n    tag: 1.2\n    pullPolicy: IfNotPresent\n\nnameOverride: \"\"\nfullnameOverride: \"\"\n\nservice:\n  type: ClusterIP\n  port: 443\n\nresources: {}\n  # We usually recommend not to specify default resources and to leave this as a conscious\n  # choice for the user. This also increases chances charts run on environments with little\n  # resources, such as Minikube. If you do want to specify resources, uncomment the following\n  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.\n  # limits:\n  #  cpu: 100m\n  #  memory: 128Mi\n  # requests:\n  #  cpu: 100m\n  #  memory: 128Mi\n\nnodeSelector: {}\n\ntolerations: []\n\naffinity: {}\n\n# To enforce mutating policies, change to MutatingWebhookConfiguration, ValidatingWebhookConfiguration\nadmissionControllerKind: MutatingWebhookConfiguration\nadmissionControllerFailurePolicy: Ignore\n\ngenerateAdmissionControllerCerts: true\nadmissionControllerCA: \"\"\nadmissionControllerCert: \"\"\nadmissionControllerKey: \"\"\n\nadmissionControllerRules:\n  - operations: [\"CREATE\", \"UPDATE\"]\n    apiGroups: [\"*\"]\n    apiVersions: [\"*\"]\n    resources: [\"*\"]\n"
  },
  {
    "path": "charts/prometheus-pingdom-exporter/.helmignore",
    "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n.vscode/\n"
  },
  {
    "path": "charts/prometheus-pingdom-exporter/Chart.yaml",
    "content": "apiVersion: v1\nname: prometheus-pingdom-exporter\nversion: 2.2.1\nappVersion: 20180821-1\nhome: https://github.com/giantswarm/prometheus-pingdom-exporter\ndescription: DEPRECATED ! - A Helm chart for Prometheus Pingdom Exporter\nkeywords:\n- prometheus\n- pingdom\nsources:\n- https://github.com/giantswarm/prometheus-pingdom-exporter\n- https://github.com/camptocamp/prometheus-pingdom-exporter\nicon: https://raw.githubusercontent.com/cncf/artwork/master/prometheus/icon/color/prometheus-icon-color.svg\ndeprecated: true\n"
  },
  {
    "path": "charts/prometheus-pingdom-exporter/README.md",
    "content": "# Prometheus Pingdom Exporter\n\n**CHART HAS BEEN DEPRECATED AND MOVED TO <https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-pingdom-exporter>**\n\n- **Source:** https://github.com/giantswarm/prometheus-pingdom-exporter\n\n[prometheus-pingdom-exporter](https://github.com/giantswarm/prometheus-pingdom-exporter) the prometheus-pingdom-exporter cares about preprocessing the pingdom uptime check results for consumption of by prometheus.\n\n## Introduction\n\nThis chart creates a kubernetes deployment on a Kubernetes cluster using the Helm package manager.\n\n## Installing the Chart\n\nInstall from remote URL with the release name `prometheus-pingdom-exporter`:\n\n```console\n$ helm upgrade -i prometheus-pingdom-exporter kiwigrid/prometheus-pingdom-exporter\n```\n\n## Uninstalling the Chart\n\nTo uninstall/delete the `prometheus-pingdom-exporter` deployment:\n\n```console\n$ helm delete prometheus-pingdom-exporter --purge\n```\n\nThe command removes all the Kubernetes components associated with the chart and deletes the release.\n\n## Configuration\n\nThe following table lists the configurable parameters of the prometheus-pingdom-exporter chart and their default values.\n\n\n\n| Parameter              | Description                                           | Default                                  |\n| ---------------------- | ----------------------------------------------------- | ---------------------------------------- |\n| `image.repository`     | Image                                                 | `camptocamp/prometheus-pingdom-exporter` |\n| `image.tag`            | Image tag                                             | `20180821-1`                             |\n| `image.pullPolicy`     | Image pull policy                                     | `IfNotPresent`                           |\n| `secret.annotations`   | Secret annotations                                    | `{}`                                     |\n| `service.type`         | Service type                                          | `ClusterIP`                              |\n| `service.port`         | Service port of Graphite UI                           | `9100`                                   |\n| `service.annotations`  | Service annotations                                   | `{}`                                     |\n| `service.labels`       | Service labels                                        | `{}`                                     |\n| `resources`            | Resource limits                                       | `{}`                                     |\n| `nodeSelector`         | NodeSelector                                          | `{}`                                     |\n| `tolerations`          | Tolerations                                           | `[]`                                     |\n| `affinity`             | Affinity                                              | `{}`                                     |\n| `pingdom.user`         | Username of the Pingdom Account                       | `somebody@invalid`                       |\n| `pingdom.password`     | Password of the Pingdom Account                       | `totallysecret`                          |\n| `pingdom.appId`        | Application ID, can be created on the pingdom website | `alsototallysecret`                      |\n| `pingdom.accountEmail` | Account-E-Mail of the Account owner                   | `somebodyorelse@invalid`                 |\n| `pingdom.wait`         | time (in seconds) between accessing the Pingdom  API  | `10`                                     |\n| `pod.annotations`      | Pod annotations                                       | `{}`                                     |\n\n\nSpecify each parameter using the `--set key=value[,key=value]` argument to `helm install`.\n\nAlternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,\n\n```console\n$ helm install --name prometheus-pingdom-exporter -f values.yaml kiwigrid/prometheus-pingdom-exporter\n```\n\n> **Tip**: You can use the default [values.yaml](values.yaml)\n"
  },
  {
    "path": "charts/prometheus-pingdom-exporter/templates/NOTES.txt",
    "content": "The prometheus-pingdom-exporter is now running, it will scrape the status of your pingdom checks\nevery {{ .Values.pingdom.wait }} seconds.\n\n{{- if index .Values \"annotations.prometheus.io/scrape\" }}\nAutomatic discovery for prometheus is enabled. The exporter should appear in your prometheus scrape targets from now on.\n{{- else }}\nAutomatic discovery for prometheus is disabled. You will have to add it manually to your scrape config or if you are\nusing autodiscovery set \"annotations.prometheus.io/scrape\" to \"true\"\n{{- end }}\n\nAnyways you may access the metrics on your own by folling those instructions:\n{{- if contains \"NodePort\" .Values.service.type }}\n  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath=\"{.spec.ports[0].nodePort}\" services {{ include \"prometheus-pingdom-exporter.fullname\" . }})\n  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath=\"{.items[0].status.addresses[0].address}\")\n  echo http://$NODE_IP:$NODE_PORT\n{{- else if contains \"LoadBalancer\" .Values.service.type }}\n     NOTE: It may take a few minutes for the LoadBalancer IP to be available.\n           You can watch the status of by running 'kubectl get svc -w {{ include \"prometheus-pingdom-exporter.fullname\" . }}'\n  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include \"prometheus-pingdom-exporter.fullname\" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')\n  echo http://$SERVICE_IP:{{ .Values.service.port }}\n{{- else if contains \"ClusterIP\" .Values.service.type }}\n  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l \"app.kubernetes.io/name={{ include \"prometheus-pingdom-exporter.name\" . }},app.kubernetes.io/instance={{ .Release.Name }}\" -o jsonpath=\"{.items[0].metadata.name}\")\n  echo \"Visit http://127.0.0.1:8080 to use your application\"\n  kubectl port-forward $POD_NAME 8080:80\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-pingdom-exporter/templates/_helpers.tpl",
    "content": "!! CHART HAS BEEN DEPRECATED AND MOVED TO https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-pingdom-exporter> !!\n\n{{/* vim: set filetype=mustache: */}}\n{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"prometheus-pingdom-exporter.name\" -}}\n{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCreate a default fully qualified app name.\nWe truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).\nIf release name contains chart name it will be used as a full name.\n*/}}\n{{- define \"prometheus-pingdom-exporter.fullname\" -}}\n{{- if .Values.fullnameOverride -}}\n{{- .Values.fullnameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- $name := default .Chart.Name .Values.nameOverride -}}\n{{- if contains $name .Release.Name -}}\n{{- .Release.Name | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- printf \"%s-%s\" .Release.Name $name | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n{{- end -}}\n{{- end -}}\n\n{{/*\nCreate chart name and version as used by the chart label.\n*/}}\n{{- define \"prometheus-pingdom-exporter.chart\" -}}\n{{- printf \"%s-%s\" .Chart.Name .Chart.Version | replace \"+\" \"_\" | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n"
  },
  {
    "path": "charts/prometheus-pingdom-exporter/templates/deployment.yaml",
    "content": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: {{ include \"prometheus-pingdom-exporter.fullname\" . }}\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-pingdom-exporter.name\" . }}\n    helm.sh/chart: {{ include \"prometheus-pingdom-exporter.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  replicas: {{ .Values.replicaCount }}\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"prometheus-pingdom-exporter.name\" . }}\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  template:\n    metadata:\n      {{- if .Values.pod.annotations }}\n      annotations:\n        {{- toYaml .Values.pod.annotations | nindent 8 }}\n      {{- end }}\n      labels:\n        app.kubernetes.io/name: {{ include \"prometheus-pingdom-exporter.name\" . }}\n        app.kubernetes.io/instance: {{ .Release.Name }}\n    spec:\n      containers:\n        - name: {{ .Chart.Name }}\n          args:\n            - server\n            - \"$(PINGDOM_USER)\"\n            - \"$(PINGDOM_PASSWORD)\"\n            - \"$(PINGDOM_APPID)\"\n            - \"$(PINGDOM_ACCOUNT)\"\n            - \"--port={{ .Values.service.port }}\"\n            - \"--wait={{ .Values.pingdom.wait }}\"\n          image: \"{{ .Values.image.repository }}:{{ .Values.image.tag }}\"\n          imagePullPolicy: {{ .Values.image.pullPolicy }}\n          env:\n            - name: PINGDOM_USER\n              valueFrom:\n                secretKeyRef:\n                  name: {{ include \"prometheus-pingdom-exporter.name\" . }}\n                  key: user\n            - name: PINGDOM_PASSWORD\n              valueFrom:\n                secretKeyRef:\n                  name: {{ include \"prometheus-pingdom-exporter.name\" . }}\n                  key: password\n            - name: PINGDOM_APPID\n              valueFrom:\n                secretKeyRef:\n                  name: {{ include \"prometheus-pingdom-exporter.name\" . }}\n                  key: appId\n            - name: PINGDOM_ACCOUNT\n              valueFrom:\n                secretKeyRef:\n                  name: {{ include \"prometheus-pingdom-exporter.name\" . }}\n                  key: accountEmail\n          ports:\n            - name: http\n              containerPort: {{ .Values.service.port }}\n              protocol: TCP\n          livenessProbe:\n            httpGet:\n              path: /\n              port: http\n          readinessProbe:\n            httpGet:\n              path: /\n              port: http\n          resources:\n            {{- toYaml .Values.resources | nindent 12 }}\n      {{- with .Values.nodeSelector }}\n      nodeSelector:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n    {{- with .Values.affinity }}\n      affinity:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- with .Values.tolerations }}\n      tolerations:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n"
  },
  {
    "path": "charts/prometheus-pingdom-exporter/templates/secret.yaml",
    "content": "apiVersion: v1\nkind: Secret\nmetadata:\n  name: {{ include \"prometheus-pingdom-exporter.name\" . }}\n  {{- if .Values.secret.annotations }}\n  annotations:\n    {{- toYaml .Values.secret.annotations | nindent 4 }}\n  {{- end }}\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-pingdom-exporter.name\" . }}\n    helm.sh/chart: {{ include \"prometheus-pingdom-exporter.name\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\ntype: Opaque\ndata:\n  user: {{ .Values.pingdom.user | b64enc }}\n  password: {{ .Values.pingdom.password | b64enc }}\n  appId: {{ .Values.pingdom.appId | b64enc }}\n  accountEmail: {{ .Values.pingdom.accountEmail | b64enc }}\n"
  },
  {
    "path": "charts/prometheus-pingdom-exporter/templates/service.yaml",
    "content": "apiVersion: v1\nkind: Service\nmetadata:\n  name: {{ include \"prometheus-pingdom-exporter.fullname\" . }}\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-pingdom-exporter.name\" . }}\n    helm.sh/chart: {{ include \"prometheus-pingdom-exporter.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\n{{- if .Values.service.annotations }}\n  annotations:\n{{ toYaml .Values.service.annotations | indent 4 }}\n{{- end }}\nspec:\n  type: {{ .Values.service.type }}\n  ports:\n    - port: {{ .Values.service.port }}\n      targetPort: http\n      protocol: TCP\n      name: http\n  selector:\n    app.kubernetes.io/name: {{ include \"prometheus-pingdom-exporter.name\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n"
  },
  {
    "path": "charts/prometheus-pingdom-exporter/values.yaml",
    "content": "# Default values for prometheus-pingdom-exporter.\n# This is a YAML-formatted file.\n# Declare variables to be passed into your templates.\n\nreplicaCount: 1\n\nimage:\n  # we use camptocamp/prometheus-pingdom-exporter image as giantswarm did not publish recent versions after 0.1.1\n  repository: camptocamp/prometheus-pingdom-exporter\n  tag: 20180821-1\n  pullPolicy: IfNotPresent\n\nnameOverride: \"\"\nfullnameOverride: \"\"\n\nservice:\n  type: ClusterIP\n  port: 9100\n  annotations: {}\n    # prometheus.io/scrape: \"true\"\n    # prometheus.io/port: \"9100\"\n\nresources: {}\n  # We usually recommend not to specify default resources and to leave this as a conscious\n  # choice for the user. This also increases chances charts run on environments with little\n  # resources, such as Minikube. If you do want to specify resources, uncomment the following\n  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.\n  # limits:\n  #  cpu: 100m\n  #  memory: 128Mi\n  # requests:\n  #  cpu: 100m\n  #  memory: 128Mi\n\nnodeSelector: {}\n\ntolerations: []\n\naffinity: {}\n\n# configuration of the pingdom credentials\npingdom:\n  # username of the pingdom account\n  user: somebody@invalid\n  # password of the pingdom account\n  password: totallysecret\n  # application id / api secret can be created on the pingdom website\n  appId: alsototallysecret\n  # account email of the account owner if using multiaccount / team accounts\n  accountEmail: somebodyorelse@invalid\n  # time (in seconds) between accessing the Pingdom  API\n  wait: 10\n\npod:\n  annotations: {}\n    # key: \"true\"\n    # example: \"false\"\n\nsecret:\n  annotations: {}\n    # key: \"true\"\n    # example: \"false\"\n"
  },
  {
    "path": "charts/prometheus-thanos/.helmignore",
    "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n.vscode/\n"
  },
  {
    "path": "charts/prometheus-thanos/Chart.yaml",
    "content": "apiVersion: v1\nappVersion: \"0.32.4\"\ndescription: A Helm chart for thanos monitoring components\nname: prometheus-thanos\nversion: 5.0.0\nhome: https://github.com/thanos-io/thanos\nsources:\n- https://github.com/thanos-io/thanos\n- https://github.com/kiwigrid/helm-charts/tree/master/charts/prometheus-thanos\nicon: https://raw.githubusercontent.com/thanos-io/thanos/master/docs/img/Thanos-logo_fullmedium.png\nmaintainers:\n- name: rpahli\n  email: rico.pahlisch@kiwigrid.com\n- name: axdotl\n  email: axel.koehler@kiwigrid.com\n"
  },
  {
    "path": "charts/prometheus-thanos/README.md",
    "content": "# Prometheus Thanos\n\n## Introduction\n\n[Thanos](https://github.com/thanos-io/thanos/) is a set of components that can be composed into a highly available metric system with unlimited storage capacity, which can be added seamlessly on top of existing Prometheus deployments.\n\nThanos leverages the Prometheus 2.0 storage format to cost-efficiently store historical metric data in any object storage while retaining fast query latencies. Additionally, it provides a global query view across all Prometheus installations and can merge data from Prometheus HA pairs on the fly..\n\n## Prerequisites\n\n* Has been tested on Kubernetes 1.11+\n\n## Installing the Chart\n\nTo install the chart you have to set `objStoreConfig`.\nTo install the chart with the release name `prometheus-thanos`, run the following command:\n\n```bash\nhelm install kiwigrid/prometheus-thanos --name prometheus-thanos --values=my-values.yaml\n```\n\n## Using Sidecar Configmap Watcher\n\nTo enable the sidecar you can set `ruler.sidecar.enabled` to `true`. The sidcar will then watch all configmaps and if there is a configmap with label named like `ruler.sidecar.watchLabel` the sidecar will use the contents inside the config directory of the ruler and will notify the ruler to reload the config files.\n\nAn example configmap will look like:\n\n```yaml\napiVersion: v1\nkind: ConfigMap\nmetadata:\n  name: custom-config-map\n  labels:\n    thanos_alert_config: \"1\"\ndata:\n  custom-external-rules.yaml: |-\n    groups:\n    - name: custom_external_rules_group\n      rules:\n      - alert: custom_alert\n        annotations:\n          description: \"add your desc here\"\n          summary: \"add your summary here\"\n        expr: up\n        for: 10m\n        labels:\n          severity: warn\n```\n\n## Uninstalling the Chart\n\nTo uninstall/delete the `prometheus-thanos` deployment:\n\n```bash\nhelm delete prometheus-thanos\n```\n\nThe command removes all the Kubernetes components associated with the chart and deletes the release.\n\n> **Tip**: To completely remove the release, run `helm delete --purge prometheus-thanos`\n\n## Upgrading\n\nThis section describes instructions on how to upgrade from a previous version of this chart and breaking changes.\n\n### 3.x\n\nThere was a breaking change in version 3.0.0 which removed the `storeGateway.indexCacheSize` setting in favour of a `storeGateway.indexCache` config object.\nIf you're upgrading from a pre-3.0.0 version of this chart, your config needs to adapt the new format.\n\nFor example, if you had previously set `storeGateway.indexCacheSize` to `500MB`, you need to set `storeGateway.indexCache` to the following:\n\n```yaml\nindexCache:\n  type: IN-MEMORY\n  config:\n    max_size: 500MB\n```\nAll configuration options can be found in [the documentation](https://thanos.io/components/store.md/#index-cache).\n\n### 4.x\n\nThe compactor persistence is now enabled by default and the default PVC size was raised to 10GB.\n\n## Configuration\n\nThe following table lists the configurable parameters of the prometheus-thanos chart and their default values.\n\n| Parameter                                  | Description                               | Default                            |\n| ------------------------------------------ | ----------------------------------------- | ---------------------------------- |\n| `tracing.enabled` | Controls whether [tracing](https://github.com/thanos-io/thanos/blob/master/docs/tracing.md) is required across all components | `false` |\n| `tracing.type` | The tracer [type](https://github.com/thanos-io/thanos/blob/master/docs/tracing.md).  All components which support tracing will use this  | `` |\n| `tracing.config` | Config for the [tracer](https://github.com/thanos-io/thanos/blob/master/docs/tracing.md).  All components which support tracing will use this | `{}` |\n| `bucketWebInterface.enabled` | Controls whether bucket web interface related resources should be created | `false` |\n| `bucketWebInterface.additionalAnnotations` | Additional annotations on bucket web interface pods| `{}` |\n| `bucketWebInterface.additionalFlags` | Additional command line flags | `{}` |\n| `bucketWebInterface.additionalLabels` | Additional labels on bucket web interface pods| `{}` |\n| `bucketWebInterface.affinity` | Affinity | `{}` |\n| `bucketWebInterface.extraEnv` | Extra env vars | `nil` |\n| `bucketWebInterface.httpServerPort` | The port to expose from the bucket web interface container | `10902` |\n| `bucketWebInterface.image.repository` | Docker image repo for bucket web interface | `quay.io/thanos/thanos` |\n| `bucketWebInterface.image.tag` | Docker image tag for bucket web interface | `v0.27.0` |\n| `bucketWebInterface.image.pullPolicy` | Docker image pull policy for bucket web interface| `IfNotPresent` |\n| `bucketWebInterface.serviceAccount.create` | Create service account | `true` |\n| `bucketWebInterface.serviceAccount.annotations` | Service account annotations | `nil` |\n| `bucketWebInterface.logLevel` | Bucket web interface log level | `info` |\n| `bucketWebInterface.nodeSelector` | NodeSelector | `{}` |\n| `bucketWebInterface.objStoreType` | Object store [type](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `nil` |\n| `bucketWebInterface.objStoreConfig` | Config for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `{}` |\n| `bucketWebInterface.objStoreConfigFile` | Path to config file for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md). Either this or `objStoreType` + `objStoreConfig`. | `nil` |\n| `bucketWebInterface.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` |\n| `bucketWebInterface.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` |\n| `bucketWebInterface.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `\"\"` |\n| `bucketWebInterface.replicaCount` | Replica count for bucket web interface | `1` |\n| `bucketWebInterface.resources` | Resources | `{}` |\n| `bucketWebInterface.tolerations` | Tolerations | `[]` |\n| `bucketWebInterface.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | <br> `runAsUser: 1001` <br> `runAsGroup: 1001` <br> `fsGroup: 1001` |\n| `bucketWebInterface.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | <br> `runAsNonRoot: true` <br> `allowPrivilegeEscalation: false` <br> `capabilities:` <br> `drop:` <br> `- ALL` <br> `privileged: false` |\n| `bucketWebInterface.updateStrategy` | Deployment update strategy | `type: RollingUpdate` |\n| `bucketWebInterface.volumeMounts` | Additional volume mounts | `nil` |\n| `bucketWebInterface.volumes` |Additional volumes | `nil` |\n| `compact.enabled` | Controls whether compact related resources should be created | `true` |\n| `compact.additionalAnnotations` | Additional annotations on compactor pod| `{}` |\n| `compact.additionalFlags` | Additional command line flags | `{}` |\n| `compact.additionalLabels` | Additional labels on compactor pod| `{}` |\n| `compact.affinity` | Affinity | `{}` |\n| `compact.consistencyDelay` | Consistency delay | `30m` |\n| `compact.extraEnv` | Extra env vars | `nil` |\n| `compact.image.repository` | Docker image repo for compactor | `quay.io/thanos/thanos` |\n| `compact.image.tag` | Docker image tag for compactor | `v0.27.0` |\n| `compact.image.pullPolicy` | Docker image pull policy for store gateway | `IfNotPresent` |\n| `compact.serviceAccount.create` | Create service account | `true` |\n| `compact.serviceAccount.annotations` | Service account annotations | `nil` |\n| `compact.logLevel` | Store gateway log level | `info` |\n| `compact.nodeSelector` | NodeSelector | `{}` |\n| `compact.objStoreConfig` | Config for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `{}` |\n| `compact.objStoreConfigFile` | Path to config file for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md). Either this or `objStoreType` + `objStoreConfig`. | `nil` |\n| `compact.objStoreType` | Object store [type](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `nil` |\n| `compact.persistentVolume.enabled` | Persistent volume enabled | `true` |\n| `compact.persistentVolume.accessModes` | Persistent volume accessModes | `[ReadWriteOnce]` |\n| `compact.persistentVolume.annotations` | Persistent volume annotations | `{}` |\n| `compact.persistentVolume.existingClaim` | Persistent volume existingClaim | `\"\"` |\n| `compact.persistentVolume.size` | Persistent volume size | `10Gi` |\n| `compact.persistentVolume.storageClass` | Persistent volume storage class name | `\"\"` |\n| `compact.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` |\n| `compact.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` |\n| `compact.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `\"\"` |\n| `compact.resources` | Resources | `{}` |\n| `compact.retentionResolutionRaw` | Retention for raw buckets | `30d` |\n| `compact.retentionResolution5m` | Retention for 5m buckets | `30d` |\n| `compact.retentionResolution1h` | Retention for 1h buckets | `10y` |\n| `compact.tolerations` | Tolerations | `[]` |\n| `compact.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | <br> `runAsUser: 1001` <br> `runAsGroup: 1001` <br> `fsGroup: 1001` |\n| `compact.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | <br> `runAsNonRoot: true` <br> `allowPrivilegeEscalation: false` <br> `capabilities:` <br> `drop:` <br> `- ALL` <br> `privileged: false` |\n| `compact.updateStrategy` | StatefulSet update strategy | `type: RollingUpdate` |\n| `compact.volumeMounts` | Additional volume mounts | `nil` |\n| `compact.volumes` | Additional volumes | `nil` |\n| `querier.enabled` | Controls whether querier related resources should be created | `true` |\n| `querier.additionalAnnotations` | Additional annotations on querier pods| `{}` |\n| `querier.additionalFlags` | Additional command line flags | `{}` |\n| `querier.additionalLabels` | Additional labels on querier pods| `{}` |\n| `querier.affinity` | Affinity | `{}` |\n| `querier.autoscaling.enabled` | Controls whether StoreGateway autoscaling is enabled | `false` |\n| `querier.autoscaling.maxReplicas` | Maximum number of replicas to scale to | `10` |\n| `querier.autoscaling.minReplicas` | Minimum number of replicas to scale to | `1` |\n| `querier.autoscaling.metrics` | Array of MetricSpecs that will decide whether to scale in or out | `target of 80% for both CPU and memory resources` |\n| `querier.image.repository` | Docker image repo for querier | `quay.io/thanos/thanos` |\n| `querier.image.tag` | Docker image tag for querier | `v0.27.0` |\n| `querier.image.pullPolicy` | Docker image pull policy for querier| `IfNotPresent` |\n| `querier.serviceAccount.create` | Create service account | `true` |\n| `querier.serviceAccount.annotations` | Service account annotations | `nil` |\n| `querier.livenessProbe.initialDelaySeconds` | Liveness probe initialDelaySeconds | `30` |\n| `querier.livenessProbe.periodSeconds` | Liveness probe periodSeconds | `10` |\n| `querier.livenessProbe.successThreshold` | Liveness probe successThreshold | `1` |\n| `querier.livenessProbe.timeoutSeconds` | Liveness probe timeoutSeconds | `30` |\n| `querier.logLevel` | Querier log level | `info` |\n| `querier.nodeSelector` | NodeSelector | `{}` |\n| `querier.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` |\n| `querier.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` |\n| `querier.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `\"\"` |\n| `querier.readinessProbe.initialDelaySeconds` | Readiness probe initialDelaySeconds | `30` |\n| `querier.readinessProbe.periodSeconds` | Readiness probe periodSeconds | `10` |\n| `querier.readinessProbe.successThreshold` | Readiness probe successThreshold | `1` |\n| `querier.readinessProbe.timeoutSeconds` | Readiness probe timeoutSeconds | `30` |\n| `querier.replicaCount` | Replica count for querier | `1` |\n| `querier.replicaLabels` | Replica reference labels which are used for query response deduplication | `[]` |\n| `querier.resources` | Resources | `{}` |\n| `querier.stores` | List of stores [see](https://github.com/thanos-io/thanos/blob/master/docs/components/query.md) | `[]` |\n| `querier.tolerations` | Tolerations | `[]` |\n| `querier.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | <br> `runAsUser: 1001` <br> `runAsGroup: 1001` <br> `fsGroup: 1001` |\n| `querier.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | <br> `runAsNonRoot: true` <br> `allowPrivilegeEscalation: false` <br> `capabilities:` <br> `drop:` <br> `- ALL` <br> `privileged: false` |\n| `querier.updateStrategy` | Deployment update strategy | `type: RollingUpdate` |\n| `querier.volumeMounts` | Additional volume mounts | `nil` |\n| `querier.volumes` | Additional volumes | `nil` |\n| `queryFrontend.enabled` | Controls whether query-frontend related resources should be created | `true` |\n| `queryFrontend.additionalAnnotations` | Additional annotations on query-frontend pods| `{}` |\n| `queryFrontend.additionalFlags` | Additional command line flags | `{}` |\n| `queryFrontend.additionalLabels` | Additional labels on query-frontend pods| `{}` |\n| `queryFrontend.affinity` | Affinity | `{}` |\n| `queryFrontend.autoscaling.enabled` | Controls whether query-frontend autoscaling is enabled | `false` |\n| `queryFrontend.autoscaling.maxReplicas` | Maximum number of replicas to scale to | `10` |\n| `queryFrontend.autoscaling.minReplicas` | Minimum number of replicas to scale to | `1` |\n| `queryFrontend.autoscaling.metrics` | Array of MetricSpecs that will decide whether to scale in or out | `target of 80% for both CPU and memory resources` |\n| `queryFrontend.cache.config` | Caching configuration | `nil` |\n| `queryFrontend.cache.enabled` | Controls whether caching should be used | `false` |\n| `queryFrontend.cache.type` | Type of caching [see](https://thanos.io/tip/components/query-frontend.md/#caching) | `nil` |\n| `queryFrontend.downstreamUrl` | The URL of the querier service | `the default URL of the querier service` |\n| `queryFrontend.image.repository` | Docker image repo for query-frontend | `quay.io/thanos/thanos` |\n| `queryFrontend.image.tag` | Docker image tag for query-frontend | `v0.27.0` |\n| `queryFrontend.image.pullPolicy` | Docker image pull policy for query-frontend| `IfNotPresent` |\n| `queryFrontend.serviceAccount.create` | Create service account | `true` |\n| `queryFrontend.serviceAccount.annotations` | Service account annotations | `nil` |\n| `queryFrontend.livenessProbe.initialDelaySeconds` | Liveness probe initialDelaySeconds | `30` |\n| `queryFrontend.livenessProbe.periodSeconds` | Liveness probe periodSeconds | `10` |\n| `queryFrontend.livenessProbe.successThreshold` | Liveness probe successThreshold | `1` |\n| `queryFrontend.livenessProbe.timeoutSeconds` | Liveness probe timeoutSeconds | `30` |\n| `queryFrontend.logLevel` | Query-frontend log level | `info` |\n| `queryFrontend.logQueriesLongerThan` | Log queries that are slower than the specified duration. | `0` |\n| `queryFrontend.nodeSelector` | NodeSelector | `{}` |\n| `queryFrontend.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` |\n| `queryFrontend.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` |\n| `queryFrontend.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `\"\"` |\n| `queryFrontend.querySplitInterval` |  Split query range requests by an interval and execute in parallel | `24h` |\n| `queryFrontend.readinessProbe.initialDelaySeconds` | Readiness probe initialDelaySeconds | `30` |\n| `queryFrontend.readinessProbe.periodSeconds` | Readiness probe periodSeconds | `10` |\n| `queryFrontend.readinessProbe.successThreshold` | Readiness probe successThreshold | `1` |\n| `queryFrontend.readinessProbe.timeoutSeconds` | Readiness probe timeoutSeconds | `30` |\n| `queryFrontend.replicaCount` | Replica count for query-frontend | `1` |\n| `queryFrontend.resources` | Resources | `{}` |\n| `queryFrontend.stores` | List of stores [see](https://github.com/thanos-io/thanos/blob/master/docs/components/query.md) | `[]` |\n| `queryFrontend.tolerations` | Tolerations | `[]` |\n| `queryFrontend.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | <br> `runAsUser: 1001` <br> `runAsGroup: 1001` <br> `fsGroup: 1001` |\n| `queryFrontend.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | <br> `runAsNonRoot: true` <br> `allowPrivilegeEscalation: false` <br> `capabilities:` <br> `drop:` <br> `- ALL` <br> `privileged: false` |\n| `queryFrontend.updateStrategy` | Deployment update strategy | `type: RollingUpdate` |\n| `queryFrontend.volumeMounts` | Additional volume mounts | `nil` |\n| `queryFrontend.volumes` | Additional volumes | `nil` |\n| `receiver.enabled` | Controls whether receiver related resources should be created | `true` |\n| `receiver.affinity` | Affinity | `{}` |\n| `receiver.additionalAnnotations` | Additional annotations on receiver pods| `{}` |\n| `receiver.additionalFlags` | Additional command line flags | `{}` |\n| `receiver.additionalLabels` | Additional labels on receiver pods| `{}` |\n| `receiver.extraEnv` | Extra env vars | `nil` |\n| `receiver.image.repository` | Docker image repo for receiver | `quay.io/thanos/thanos` |\n| `receiver.image.tag` | Docker image tag for receiver | `v0.27.0` |\n| `receiver.image.pullPolicy` | Docker image pull policy for receiver | `IfNotPresent` |\n| `receiver.livenessProbe.initialDelaySeconds` | Liveness probe initialDelaySeconds | `30` |\n| `receiver.livenessProbe.periodSeconds` | Liveness probe periodSeconds | `10` |\n| `receiver.livenessProbe.successThreshold` | Liveness probe successThreshold | `1` |\n| `receiver.livenessProbe.timeoutSeconds` | Liveness probe timeoutSeconds | `30` |\n| `receiver.logLevel` | Receiver log level | `info` |\n| `receiver.nodeSelector` | NodeSelector | `{}` |\n| `receiver.objStoreConfig` | Config for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `{}` |\n| `receiver.objStoreConfigFile` | Path to config file for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md). Either this or `objStoreType` + `objStoreConfig`. | `nil` |\n| `receiver.objStoreType` | Object store [type](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `GCS` |\n| `receiver.persistentVolume.enabled` | Persistent volume enabled | `true` |\n| `receiver.persistentVolume.accessModes` | Persistent volume accessModes | `[ReadWriteOnce]` |\n| `receiver.persistentVolume.annotations` | Persistent volume annotations | `{}` |\n| `receiver.persistentVolume.existingClaim` | Persistent volume existingClaim | `\"\"` |\n| `receiver.persistentVolume.size` | Persistent volume size | `2Gi` |\n| `receiver.persistentVolume.storageClass` | Persistent volume storage class name | `\"\"` |\n| `receiver.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` |\n| `receiver.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` |\n| `receiver.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `\"\"` |\n| `receiver.readinessProbe.initialDelaySeconds` | Readiness probe initialDelaySeconds | `30` |\n| `receiver.readinessProbe.periodSeconds` | Readiness probe periodSeconds | `10` |\n| `receiver.readinessProbe.successThreshold` | Readiness probe successThreshold | `1` |\n| `receiver.readinessProbe.timeoutSeconds` |Readiness probe timeoutSeconds | `30` |\n| `receiver.replicaCount` | Replica count for receiver | `1` |\n| `receiver.replicationFactor` | Number of times to replicate incoming write requests | `1` |\n| `receiver.resources` | Resources | `{}` |\n| `receiver.serviceAccount.create` | Create service account | `true` |\n| `receiver.serviceAccount.annotations` | Service account annotations | `nil` |\n| `receiver.tolerations` | Tolerations | `[]` |\n| `receiver.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | <br> `runAsUser: 1001` <br> `runAsGroup: 1001` <br> `fsGroup: 1001` |\n| `receiver.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | <br> `runAsNonRoot: true` <br> `allowPrivilegeEscalation: false` <br> `capabilities:` <br> `drop:` <br> `- ALL` <br> `privileged: false` |\n| `receiver.tsdbRetention` | The period to retain TSDB blocks in the receiver | `1d` |\n| `receiver.updateStrategy` | StatefulSet update strategy | `type: RollingUpdate` |\n| `receiver.volumeMounts` | Additional volume mounts | `nil` |\n| `receiver.volumes` |Additional volumes | `nil` |\n| `ruler.enabled` | controls whether ruler related resources should be created | `true` |\n| `ruler.additionalAnnotations` | Additional annotations on ruler pod| `{}` |\n| `ruler.additionalFlags` | Additional command line flags | `{}` |\n| `ruler.additionalLabels` | Additional labels on ruler pod| `{}` |\n| `ruler.affinity` | Affinity | `{}` |\n| `ruler.alertmanagerUrl` | Ruler alert manager url | `http://localhost` |\n| `ruler.clusterName` | Ruler cluster name | `nil` |\n| `ruler.config` | Default ruler config | `nil` |\n| `ruler.evalInterval` | Ruler evaluation interval | `1m` |\n| `ruler.extraEnv` | Extra env vars | `nil` |\n| `ruler.image.repository` | Docker image repo for ruler | `quay.io/thanos/thanos` |\n| `ruler.image.tag` | Docker image tag for ruler | `v0.27.0` |\n| `ruler.image.pullPolicy` | Docker image pull policy for ruler | `IfNotPresent` |\n| `ruler.imagePullSecrets` | Docker image pull secrets for ruler | `[]` |\n| `ruler.serviceAccount.annotations` | Service account annotations | `nil` |\n| `ruler.livenessProbe.initialDelaySeconds` | Liveness probe initialDelaySeconds | `30` |\n| `ruler.livenessProbe.periodSeconds` | Liveness probe periodSeconds | `10` |\n| `ruler.livenessProbe.successThreshold` | Liveness probe successThreshold | `1` |\n| `ruler.livenessProbe.timeoutSeconds` | Liveness probe timeoutSeconds | `30` |\n| `ruler.logLevel` | Ruler log level | `info` |\n| `ruler.nodeSelector` | NodeSelector | `{}` |\n| `ruler.objStoreType` | Object store [type](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `nil` |\n| `ruler.objStoreConfig` | Config for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `{}` |\n| `ruler.objStoreConfigFile` | Path to config file for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md). Either this or `objStoreType` + `objStoreConfig`. | `nil` |\n| `ruler.persistentVolume.enabled` | Persistent volume enabled | `true` |\n| `ruler.persistentVolume.accessModes` | Persistent volume accessModes | `[ReadWriteOnce]` |\n| `ruler.persistentVolume.annotations` | Persistent volume annotations | `{}` |\n| `ruler.persistentVolume.existingClaim` | Persistent volume existingClaim | `\"\"` |\n| `ruler.persistentVolume.size` | Persistent volume size | `2Gi` |\n| `ruler.persistentVolume.storageClass` | Persistent volume storage class name | `\"\"` |\n| `ruler.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`.| `false` |\n| `ruler.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` |\n| `ruler.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `\"\"` |\n| `ruler.queries` | Ruler quieries endpoints | `[]` |\n| `ruler.readinessProbe.initialDelaySeconds` | Readiness probe initialDelaySeconds | `30` |\n| `ruler.readinessProbe.periodSeconds` | Readiness probe periodSeconds | `10` |\n| `ruler.readinessProbe.successThreshold` | Readiness probe successThreshold | `1` |\n| `ruler.readinessProbe.timeoutSeconds` | Readiness probe timeoutSeconds | `30` |\n| `ruler.replicaCount` |  Replica count for ruler | `1` |\n| `ruler.resources` | Resources | `{}` |\n| `ruler.ruleFile` | Rule files that should be used | `/etc/thanos-ruler/**/*-rules.yaml` |\n| `ruler.sidecar.image.repository` | Docker image for configmap watcher sidecar | `kiwigrid/k8s-configmap-watcher` |\n| `ruler.sidecar.image.tag` | Docker image tag for configmap watcher sidecar | `0.1.1` |\n| `ruler.sidecar.image.pullPolicy` | Pull policy for configmap watcher sidecar | `IfNotPresent` |\n| `ruler.sidecar.enabled` | Enable configmap watcher sidecar | `false` |\n| `ruler.sidecar.watchLabel` | Label for configmaps to watch | `thanos_alert_config` |\n| `ruler.tolerations` | Tolerations | `[]` |\n| `ruler.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | <br> `runAsUser: 1001` <br> `runAsGroup: 1001` <br> `fsGroup: 1001` |\n| `ruler.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | <br> `runAsNonRoot: true` <br> `allowPrivilegeEscalation: false` <br> `capabilities:` <br> `drop:` <br> `- ALL` <br> `privileged: false` |\n| `ruler.updateStrategy` | StatefulSet update strategy | `type: RollingUpdate` |\n| `ruler.volumeMounts` | Additional volume mounts | `nil` |\n| `ruler.volumes` | Additional volumes | `nil` |\n| `service.bucketWebInterface.type` | Service type for the bucket web interface | `ClusterIP` |\n| `service.bucketWebInterface.http.port` | Service http port for the bucket web interface  | `9090` |\n| `service.bucketWebInterface.annotations` | Service annotations for the bucket web interface  | `{}` |\n| `service.compact.type` | Service type for the compactor | `ClusterIP` |\n| `service.compact.http.port` | Service http port for the compactor | `9090` |\n| `service.compact.annotations` | Service annotations for the compactor | `{}` |\n| `service.receiver.http.port` | Service http port for the receiver | `9090` |\n| `service.receiver.httpRemoteWrite.port` | Service http port for the receiver remote write endpoint | `9091` |\n| `service.receiver.grpc.port` | Service grpc port for the receiver | `10901` |\n| `service.receiver.annotations` | Service annotations for the receiver | `{}` |\n| `service.querier.type` | Service type for the querier | `ClusterIP` |\n| `service.querier.http.port` | Service http port for the querier  | `9090` |\n| `service.querier.grpc.port` | Service grpc port for the querier  | `10901` |\n| `service.querier.annotations` | Service annotations for the querier  | `{}` |\n| `service.storeGateway.type` | Service type for the store gateway | `ClusterIP` |\n| `service.storeGateway.http.port` | Service http port for the store gateway | `9090` |\n| `service.storeGateway.grpc.port` | Service grpc port for the store gateway | `10901` |\n| `service.storeGateway.annotations` | Service annotations for the store gateway | `{}` |\n| `service.ruler.type` | Service type for ruler | `ClusterIP` |\n| `service.ruler.http.port` | Service http port for ruler | `9090` |\n| `service.ruler.grpc.port` | Service grpc port for ruler | `10901` |\n| `service.ruler.annotations` | Service annotations for the ruler | `{}` |\n| `storeGateway.enabled` | Controls whether StoreGateway related resources should be created | `true` |\n| `storeGateway.affinity` | Affinity | `{}` |\n| `storeGateway.additionalAnnotations` | Additional annotations on store gateway pods| `{}` |\n| `storeGateway.additionalFlags` | Additional command line flags | `{}` |\n| `storeGateway.additionalLabels` | Additional labels on store gateway pods| `{}` |\n| `storeGateway.autoscaling.enabled` | Controls whether StoreGateway autoscaling is enabled | `false` |\n| `storeGateway.autoscaling.maxReplicas` | Maximum number of replicas to scale to | `10` |\n| `storeGateway.autoscaling.minReplicas` | Minimum number of replicas to scale to | `1` |\n| `storeGateway.autoscaling.metrics` | Array of MetricSpecs that will decide whether to scale in or out | `target of 80% for both CPU and memory resources` |\n| `storeGateway.chunkPoolSize` | Chunk pool size | `500MB` |\n| `storeGateway.extraEnv` | Extra env vars | `nil` |\n| `storeGateway.image.repository` | Docker image repo for store gateway | `quay.io/thanos/thanos` |\n| `storeGateway.image.tag` | Docker image tag for store gateway | `v0.27.0` |\n| `storeGateway.image.pullPolicy` | Docker image pull policy for store gateway | `IfNotPresent` |\n| `storeGateway.indexCache.config` | Config for the index cache, see [the docs](https://thanos.io/components/store.md/#index-cache) | `max_size: 500MB` |\n| `storeGateway.indexCache.type` | Type of the index cache, either `IN-MEMORY` or `MEMCACHED` | `IN-MEMORY` |\n| `storeGateway.livenessProbe.initialDelaySeconds` | Liveness probe initialDelaySeconds | `30` |\n| `storeGateway.livenessProbe.periodSeconds` | Liveness probe periodSeconds | `10` |\n| `storeGateway.livenessProbe.successThreshold` | Liveness probe successThreshold | `1` |\n| `storeGateway.livenessProbe.timeoutSeconds` | Liveness probe timeoutSeconds | `30` |\n| `storeGateway.logLevel` | Store gateway log level | `info` |\n| `storeGateway.nodeSelector` | NodeSelector | `{}` |\n| `storeGateway.objStoreConfig` | Config for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `{}` |\n| `storeGateway.objStoreConfigFile` | Path to config file for the [bucket store](https://github.com/thanos-io/thanos/blob/master/docs/storage.md). Either this or `objStoreType` + `objStoreConfig`. | `nil` |\n| `storeGateway.objStoreType` | Object store [type](https://github.com/thanos-io/thanos/blob/master/docs/storage.md) | `GCS` |\n| `storeGateway.persistentVolume.enabled` | Persistent volume enabled | `true` |\n| `storeGateway.persistentVolume.accessModes` | Persistent volume accessModes | `[ReadWriteOnce]` |\n| `storeGateway.persistentVolume.annotations` | Persistent volume annotations | `{}` |\n| `storeGateway.persistentVolume.existingClaim` | Persistent volume existingClaim | `\"\"` |\n| `storeGateway.persistentVolume.size` | Persistent volume size | `2Gi` |\n| `storeGateway.persistentVolume.storageClass` | Persistent volume storage class name | `\"\"` |\n| `storeGateway.podNumericalPriorityEnabled` | Enables use of the `podPriority`. Either this or `podPriorityClassName`. | `false` |\n| `storeGateway.podPriority` | Numerical value of the pod priority. Enabled by `podNumericalPriorityEnabled` | `0` |\n| `storeGateway.podPriorityClassName` | Name of the pod priority class to use. Either this or `podNumericalPriorityEnabled` | `\"\"` |\n| `storeGateway.readinessProbe.initialDelaySeconds` | Readiness probe initialDelaySeconds | `30` |\n| `storeGateway.readinessProbe.periodSeconds` | Readiness probe periodSeconds | `10` |\n| `storeGateway.readinessProbe.successThreshold` | Readiness probe successThreshold | `1` |\n| `storeGateway.readinessProbe.timeoutSeconds` |Readiness probe timeoutSeconds | `30` |\n| `storeGateway.replicaCount` | Replica count for store gateway | `1` |\n| `storeGateway.resources` | Resources | `{}` |\n| `storeGateway.serviceAccount.create` | Create service account | `true` |\n| `storeGateway.serviceAccount.annotations` | Service account annotations | `nil` |\n| `storeGateway.tolerations` | Tolerations | `[]` |\n| `storeGateway.podSecurityContext` | [Pod Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | <br> `runAsUser: 1001` <br> `runAsGroup: 1001` <br> `fsGroup: 1001` |\n| `storeGateway.containerSecurityContext` | [Container Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | <br> `runAsNonRoot: true` <br> `allowPrivilegeEscalation: false` <br> `capabilities:` <br> `drop:` <br> `- ALL` <br> `privileged: false` |\n| `storeGateway.updateStrategy` | StatefulSet update strategy | `type: RollingUpdate` |\n| `storeGateway.volumeMounts` | Additional volume mounts | `nil` |\n| `storeGateway.volumes` |Additional volumes | `nil` |\n\nSpecify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example:\n\n```bash\nhelm install --name prometheus-thanos --set ingress.enabled=false kiwigrid/prometheus-thanos\n```\n\nAlternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart."
  },
  {
    "path": "charts/prometheus-thanos/ci/test-values.yaml",
    "content": "any-resource:\n  enabled: true\n  anyResources:\n    initBucketConfigMap: |-\n\n      apiVersion: v1\n      kind: ConfigMap\n      metadata:\n        name: test-minio-init\n        labels:\n          app: minio\n          chart: minio-7.0.2\n          release: test\n          heritage: Tiller\n      data:\n        initialize: |-\n          #!/bin/sh\n          set -e ; # Have script exit in the event of a failed command.\n\n          # connectToMinio\n          # Use a check-sleep-check loop to wait for Minio service to be available\n          connectToMinio() {\n            SCHEME=$1\n            ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts\n            set -e ; # fail if we can't read the keys.\n            ACCESS=$(cat /config/accesskey) ; SECRET=$(cat /config/secretkey) ;\n            set +e ; # The connections to minio are allowed to fail.\n            echo \"Connecting to Minio server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT\" ;\n            MC_COMMAND=\"mc config host add myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET\" ;\n            $MC_COMMAND ;\n            STATUS=$? ;\n            until [ $STATUS = 0 ]\n            do\n              ATTEMPTS=`expr $ATTEMPTS + 1` ;\n              echo \\\"Failed attempts: $ATTEMPTS\\\" ;\n              if [ $ATTEMPTS -gt $LIMIT ]; then\n                exit 1 ;\n              fi ;\n              sleep 2 ; # 1 second intervals between attempts\n              $MC_COMMAND ;\n              STATUS=$? ;\n            done ;\n            set -e ; # reset `e` as active\n            return 0\n          }\n\n          # checkBucketExists ($bucket)\n          # Check if the bucket exists, by using the exit code of `mc ls`\n          checkBucketExists() {\n            BUCKET=$1\n            CMD=$(/usr/bin/mc ls myminio/$BUCKET > /dev/null 2>&1)\n            return $?\n          }\n\n          # createBucket ($bucket, $policy, $purge)\n          # Ensure bucket exists, purging if asked to\n          createBucket() {\n            BUCKET=$1\n            POLICY=$2\n            PURGE=$3\n\n            # Purge the bucket, if set & exists\n            # Since PURGE is user input, check explicitly for `true`\n            if [ $PURGE = true ]; then\n              if checkBucketExists $BUCKET ; then\n                echo \"Purging bucket '$BUCKET'.\"\n                set +e ; # don't exit if this fails\n                /usr/bin/mc rm -r --force myminio/$BUCKET\n                set -e ; # reset `e` as active\n              else\n                echo \"Bucket '$BUCKET' does not exist, skipping purge.\"\n              fi\n            fi\n\n            # Create the bucket if it does not exist\n            if ! checkBucketExists $BUCKET ; then\n              echo \"Creating bucket '$BUCKET'\"\n              /usr/bin/mc mb myminio/$BUCKET\n            else\n              echo \"Bucket '$BUCKET' already exists.\"\n            fi\n\n            # At this point, the bucket should exist, skip checking for existence\n            # Set policy on the bucket\n            echo \"Setting policy of bucket '$BUCKET' to '$POLICY'.\"\n            /usr/bin/mc policy $POLICY myminio/$BUCKET\n          }\n\n          # Try connecting to Minio instance\n          scheme=http\n          connectToMinio $scheme\n          createBucket demo-bucket none false\n\n    initBucket: |-\n      apiVersion: batch/v1\n      kind: Job\n      metadata:\n        name: test-minio-make-bucket-job\n        labels:\n          app: minio\n          chart: minio-7.0.2\n          release: test\n          heritage: Tiller\n      spec:\n        template:\n          metadata:\n            labels:\n              app: minio\n              release: test\n          spec:\n            restartPolicy: OnFailure\n            volumes:\n              - name: minio-configuration\n                projected:\n                  sources:\n                  - configMap:\n                      name: test-minio-init\n                  - secret:\n                      name: test-minio\n            containers:\n            - name: minio-mc\n              image: \"minio/mc:RELEASE.2019-03-13T21-05-06Z\"\n              imagePullPolicy: IfNotPresent\n              command: [\"/bin/sh\", \"/config/initialize\"]\n              env:\n                - name: MINIO_ENDPOINT\n                  value: test-minio\n                - name: MINIO_PORT\n                  value: \"9000\"\n              volumeMounts:\n                - name: minio-configuration\n                  mountPath: /config\n\nminio:\n  enabled: true\n  fullnameOverride: test-minio\n  accessKey: \"TESTKEY\"\n  secretKey: \"TESTDEMO\"\n  persistence:\n    enabled: false\n\nstoreGateway:\n  objStoreType: S3\n  objStoreConfig:\n    bucket: demo-bucket\n    access_key: TESTKEY\n    secret_key: TESTDEMO\n    endpoint: test-minio:9000\n    insecure: true\n\ncompact:\n  objStoreType: S3\n  objStoreConfig:\n    bucket: demo-bucket\n    access_key: TESTKEY\n    secret_key: TESTDEMO\n    endpoint: test-minio:9000\n    insecure: true\n\nruler:\n  objStoreType: S3\n  objStoreConfig:\n    bucket: demo-bucket\n    access_key: TESTKEY\n    secret_key: TESTDEMO\n    endpoint: test-minio:9000\n    insecure: true\n\nreceiver:\n  objStoreType: S3\n  objStoreConfig:\n    bucket: demo-bucket\n    access_key: TESTKEY\n    secret_key: TESTDEMO\n    endpoint: test-minio:9000\n    insecure: true"
  },
  {
    "path": "charts/prometheus-thanos/requirements.yaml",
    "content": "dependencies:\n- name: minio\n  version: 7.0.2\n  repository: https://helm.min.io/\n  condition: minio.enabled\n- name: any-resource\n  version: 0.1.0\n  repository: https://kiwigrid.github.io/\n  condition: any-resource.enabled"
  },
  {
    "path": "charts/prometheus-thanos/templates/NOTES.txt",
    "content": "Store gateway and querier now running.\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/_helpers.tpl",
    "content": "{{/* vim: set filetype=mustache: */}}\n{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"prometheus-thanos.name\" -}}\n{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCreate a default fully qualified app name.\nWe truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).\nIf release name contains chart name it will be used as a full name.\n*/}}\n{{- define \"prometheus-thanos.fullname\" -}}\n{{- if .Values.fullnameOverride -}}\n{{- .Values.fullnameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- $name := default .Chart.Name .Values.nameOverride -}}\n{{- if contains $name .Release.Name -}}\n{{- .Release.Name | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- printf \"%s-%s\" .Release.Name $name | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n{{- end -}}\n{{- end -}}\n\n{{/*\nCreate chart name and version as used by the chart label.\n*/}}\n{{- define \"prometheus-thanos.chart\" -}}\n{{- printf \"%s-%s\" .Chart.Name .Chart.Version | replace \"+\" \"_\" | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/bucket-web/deployment.yaml",
    "content": "{{- if .Values.bucketWebInterface.enabled -}}\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-bucket-web-interface\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-bucket-web-interface\n    helm.sh/chart: {{ include \"prometheus-thanos.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  replicas: {{ .Values.bucketWebInterface.replicaCount }}\n  strategy:\n  {{- with .Values.bucketWebInterface.updateStrategy }}\n  {{- toYaml . | nindent 4 }}\n  {{- end }}\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-bucket-web-interface\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-bucket-web-interface\n        app.kubernetes.io/instance: {{ .Release.Name }}\n        prometheus-thanos-peer: \"true\"\n        {{- with .Values.bucketWebInterface.additionalLabels }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n    {{- if .Values.bucketWebInterface.additionalAnnotations }}\n      annotations:\n        {{- with .Values.bucketWebInterface.additionalAnnotations }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n    {{- end }}\n    spec:\n      {{- if .Values.bucketWebInterface.serviceAccount.create }}\n      serviceAccount: {{ include \"prometheus-thanos.fullname\" . }}-bucket-web-interface\n      {{- end }}\n      containers:\n        - name: {{ .Chart.Name }}-bucket-web-interface\n          imagePullPolicy: {{ .Values.bucketWebInterface.image.pullPolicy }}\n          image: \"{{ .Values.bucketWebInterface.image.repository }}:{{ .Values.bucketWebInterface.image.tag }}\"\n          args:\n          - tools\n          - bucket\n          - web\n          - --log.level={{ .Values.bucketWebInterface.logLevel }}\n          {{- if .Values.bucketWebInterface.objStoreType }}\n          - |\n            --objstore.config=type: {{ .Values.bucketWebInterface.objStoreType }}\n            config:\n            {{- toYaml .Values.bucketWebInterface.objStoreConfig | nindent 14 }}\n          {{ else if .Values.bucketWebInterface.objStoreConfigFile }}\n          - --objstore.config-file={{ .Values.bucketWebInterface.objStoreConfigFile }}\n          {{- end }}\n          {{- range $key, $value := .Values.bucketWebInterface.additionalFlags }}\n          - \"--{{ $key }}{{if $value }}={{ $value }}{{end}}\"\n          {{- end }}\n          ports:\n            - name: http\n              containerPort: {{ .Values.bucketWebInterface.httpServerPort }}\n              protocol: TCP\n          {{- if .Values.bucketWebInterface.extraEnv }}\n          env:\n            {{- toYaml .Values.bucketWebInterface.extraEnv | nindent 12 }}\n          {{- end }}\n          resources:\n            {{- toYaml .Values.bucketWebInterface.resources | nindent 12 }}\n          securityContext:\n            {{- toYaml .Values.bucketWebInterface.containerSecurityContext | nindent 12 }}\n          {{- with .Values.bucketWebInterface.volumeMounts }}\n          volumeMounts:\n            {{- toYaml . | nindent 14 }}\n          {{- end }}\n      {{- with .Values.bucketWebInterface.nodeSelector }}\n      nodeSelector:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n    {{- with .Values.bucketWebInterface.affinity }}\n      affinity:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- with .Values.bucketWebInterface.tolerations }}\n      tolerations:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- with .Values.bucketWebInterface.podSecurityContext }}\n      securityContext:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- with .Values.bucketWebInterface.volumes }}\n      volumes:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- if .Values.bucketWebInterface.podNumericalPriorityEnabled }}\n      priority: {{ .Values.bucketWebInterface.podPriority }}\n    {{- else if .Values.bucketWebInterface.podPriorityClassName }}\n      priorityClassName: {{ .Values.bucketWebInterface.podPriorityClassName }}\n    {{- end }}\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/bucket-web/service.yaml",
    "content": "{{- if .Values.bucketWebInterface.enabled -}}\napiVersion: v1\nkind: Service\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-bucket-web-interface\n{{- if .Values.service.bucketWebInterface.annotations }}\n  annotations:\n{{ toYaml .Values.service.bucketWebInterface.annotations | indent 4 }}\n{{- end }}\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-bucket-web-interface\n    helm.sh/chart: {{ include \"prometheus-thanos.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  type: {{ .Values.service.bucketWebInterface.type }}\n  ports:\n    - port: {{ .Values.service.bucketWebInterface.http.port }}\n      targetPort: http\n      protocol: TCP\n      name: http\n  selector:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-bucket-web-interface\n    app.kubernetes.io/instance: {{ .Release.Name }}\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/bucket-web/serviceaccount.yaml",
    "content": "{{- if and .Values.bucketWebInterface.enabled .Values.bucketWebInterface.serviceAccount.create -}}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-bucket-web-interface\n{{- if .Values.bucketWebInterface.serviceAccount.annotations }}\n  annotations:\n{{ toYaml .Values.bucketWebInterface.serviceAccount.annotations | indent 4 }}\n{{- end }}\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-bucket-web-interface\n    helm.sh/chart: {{ include \"prometheus-thanos.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/compactor/service.yaml",
    "content": "{{- if .Values.compact.enabled -}}\napiVersion: v1\nkind: Service\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-compact\n{{- if .Values.service.compact.annotations }}\n  annotations:\n{{ toYaml .Values.service.compact.annotations | indent 4 }}\n{{- end }}\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-compact\n    helm.sh/chart: {{ include \"prometheus-thanos.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  type: {{ .Values.service.compact.type }}\n  ports:\n    - port: {{ .Values.service.compact.http.port }}\n      targetPort: monitoring\n      protocol: TCP\n      name: http\n  selector:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-compact\n    app.kubernetes.io/instance: {{ .Release.Name }}\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/compactor/serviceaccount.yaml",
    "content": "{{- if and .Values.compact.enabled .Values.compact.serviceAccount.create -}}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-compact\n{{- if .Values.compact.serviceAccount.annotations }}\n  annotations:\n{{ toYaml .Values.compact.serviceAccount.annotations | indent 4 }}\n{{- end }}\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-compact\n    helm.sh/chart: {{ include \"prometheus-thanos.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/compactor/statefulset.yaml",
    "content": "{{- if .Values.compact.enabled -}}\napiVersion: apps/v1\nkind: StatefulSet\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-compact\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-compact\n    helm.sh/chart: {{ include \"prometheus-thanos.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  replicas: 1\n  updateStrategy:\n    type: {{ .Values.compact.updateStrategy }}\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-compact\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  serviceName: {{ include \"prometheus-thanos.name\" . }}-compact\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-compact\n        app.kubernetes.io/instance: {{ .Release.Name }}\n        {{- with .Values.compact.additionalLabels }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n      annotations:\n        prometheus.io/scrape: \"true\"\n        prometheus.io/port: \"10902\"\n        {{- with .Values.compact.additionalAnnotations }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n    spec:\n      {{- if .Values.compact.serviceAccount.create }}\n      serviceAccount: {{ include \"prometheus-thanos.fullname\" . }}-compact\n      {{- end }}\n      containers:\n        - name: {{ .Chart.Name }}-compact\n          imagePullPolicy: {{ .Values.compact.image.pullPolicy }}\n          image: \"{{ .Values.compact.image.repository }}:{{ .Values.compact.image.tag }}\"\n          args:\n          - compact\n          - --log.level={{ .Values.compact.logLevel }}\n          - --retention.resolution-raw={{ .Values.compact.retentionResolutionRaw }}\n          - --retention.resolution-5m={{ .Values.compact.retentionResolution5m }}\n          - --retention.resolution-1h={{ .Values.compact.retentionResolution1h }}\n          - --consistency-delay={{ .Values.compact.consistencyDelay }}\n          {{- range $key, $value := .Values.compact.additionalFlags }}\n          - \"--{{ $key }}{{if $value }}={{ $value }}{{end}}\"\n          {{- end }}\n          {{- if .Values.compact.objStoreType }}\n          - |\n            --objstore.config=type: {{ .Values.compact.objStoreType }}\n            config:\n            {{- toYaml .Values.compact.objStoreConfig | nindent 14 }}\n          {{ else if .Values.compact.objStoreConfigFile }}\n          - --objstore.config-file={{ .Values.compact.objStoreConfigFile }}\n          {{- end }}\n          {{- if .Values.tracing.enabled }}\n          - |\n            --tracing.config=type: {{ .Values.tracing.type }}\n            config:\n              {{- toYaml .Values.tracing.config | nindent 14 }}\n          {{- end }}\n          - --wait\n          ports:\n          - name: monitoring\n            containerPort: 10902\n          {{- if .Values.compact.extraEnv }}\n          env:\n            {{- toYaml .Values.compact.extraEnv | nindent 12 }}\n          {{- end }}\n          resources:\n            {{- toYaml .Values.compact.resources | nindent 12 }}\n          securityContext:\n            {{- toYaml .Values.compact.containerSecurityContext | nindent 12 }}\n          volumeMounts:\n            - mountPath: /data\n              name: storage-volume\n          {{- with .Values.compact.volumeMounts }}\n            {{- toYaml . | nindent 12 }}\n          {{- end }}\n      {{- with .Values.compact.nodeSelector }}\n      nodeSelector:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n      {{- with .Values.compact.affinity }}\n      affinity:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n      {{- with .Values.compact.tolerations }}\n      tolerations:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n      {{- with .Values.compact.podSecurityContext }}\n      securityContext:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n      volumes:\n        {{- with .Values.compact.volumes }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n        {{- if not .Values.compact.persistentVolume.enabled }}\n        - name: storage-volume\n          emptyDir: {}\n        {{- else if .Values.compact.persistentVolume.existingClaim }}\n        - name: storage-volume\n          persistentVolumeClaim:\n            claimName: {{ .Values.compact.persistentVolume.existingClaim }}\n        {{- end }}\n      {{- if .Values.compact.podNumericalPriorityEnabled }}\n      priority: {{ .Values.compact.podPriority }}\n      {{- else if .Values.compact.podPriorityClassName }}\n      priorityClassName: {{ .Values.compact.podPriorityClassName }}\n      {{- end }}\n  {{- if and .Values.compact.persistentVolume.enabled (not .Values.compact.persistentVolume.existingClaim) }}\n  volumeClaimTemplates:\n    - metadata:\n        name: storage-volume\n        {{- if .Values.compact.persistentVolume.annotations }}\n        annotations:\n        {{- toYaml .Values.compact.persistentVolume.annotations | nindent 10 }}\n        {{- end }}\n      spec:\n        accessModes:\n        {{- toYaml .Values.compact.persistentVolume.accessModes | nindent 10 }}\n        resources:\n          requests:\n            storage: \"{{ .Values.compact.persistentVolume.size }}\"\n        {{- if .Values.compact.persistentVolume.storageClass }}\n        {{- if (eq \"-\" .Values.compact.persistentVolume.storageClass) }}\n        storageClassName: \"\"\n        {{- else }}\n        storageClassName: \"{{ .Values.compact.persistentVolume.storageClass }}\"\n        {{- end }}\n        {{- end }}\n  {{- end }}\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/querier/deployment-hpa.yaml",
    "content": "{{- if and .Values.querier.enabled .Values.querier.autoscaling.enabled -}}\napiVersion: autoscaling/v1\nkind: HorizontalPodAutoscaler\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-querier\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-querier\n    helm.sh/chart: {{ include \"prometheus-thanos.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  scaleTargetRef:\n    apiVersion: apps/v1\n    kind: Deployment\n    name: {{ include \"prometheus-thanos.fullname\" . }}-querier\n  minReplicas: {{ .Values.querier.autoscaling.minReplicas }}\n  maxReplicas: {{ .Values.querier.autoscaling.maxReplicas }}\n{{- with .Values.querier.autoscaling.metrics }}\n  metrics: \n    {{- toYaml . | nindent 4 }}\n{{- end }}\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/querier/deployment.yaml",
    "content": "{{- if .Values.querier.enabled -}}\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-querier\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-querier\n    helm.sh/chart: {{ include \"prometheus-thanos.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  replicas: {{ .Values.querier.replicaCount }}\n  strategy:\n  {{- with .Values.querier.updateStrategy }}\n  {{- toYaml . | nindent 4 }}\n  {{- end }}\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-querier\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-querier\n        app.kubernetes.io/instance: {{ .Release.Name }}\n        prometheus-thanos-peer: \"true\"\n        {{- with .Values.querier.additionalLabels }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n      annotations:\n        prometheus.io/scrape: \"true\"\n        prometheus.io/port: \"10902\"\n        {{- with .Values.querier.additionalAnnotations }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n    spec:\n      {{- if .Values.querier.serviceAccount.create }}\n      serviceAccount: {{ include \"prometheus-thanos.fullname\" . }}-querier\n      {{- end }}\n      containers:\n        - name: {{ .Chart.Name }}-querier\n          imagePullPolicy: {{ .Values.querier.image.pullPolicy }}\n          image: \"{{ .Values.querier.image.repository }}:{{ .Values.querier.image.tag }}\"\n          args:\n          - query\n          - --log.level={{ .Values.querier.logLevel }}\n          {{- range .Values.querier.replicaLabels }}\n          - --query.replica-label={{ . }}\n          {{- end }}\n          {{- range .Values.querier.stores }}\n          - --store={{ . }}\n          {{- end }}\n          {{- range $key, $value := .Values.querier.additionalFlags }}\n          - \"--{{ $key }}{{if $value }}={{ $value }}{{end}}\"\n          {{- end }}\n          {{- if .Values.tracing.enabled }}\n          - |\n            --tracing.config=type: {{ .Values.tracing.type }}\n            config:\n              {{- toYaml .Values.tracing.config | nindent 14 }}\n          {{- end }}\n          ports:\n            - name: http\n              containerPort: 10902\n              protocol: TCP\n            - name: grpc\n              containerPort: 10901\n              protocol: TCP\n          livenessProbe:\n            httpGet:\n              path: /-/healthy\n              port: http\n            initialDelaySeconds: {{ .Values.querier.livenessProbe.initialDelaySeconds }}\n            periodSeconds: {{ .Values.querier.livenessProbe.periodSeconds }}\n            successThreshold: {{ .Values.querier.livenessProbe.successThreshold }}\n            timeoutSeconds: {{ .Values.querier.livenessProbe.timeoutSeconds }}\n          readinessProbe:\n            httpGet:\n              path: /-/ready\n              port: http\n            initialDelaySeconds: {{ .Values.querier.readinessProbe.initialDelaySeconds }}\n            periodSeconds: {{ .Values.querier.readinessProbe.periodSeconds }}\n            successThreshold: {{ .Values.querier.readinessProbe.successThreshold }}\n            timeoutSeconds: {{ .Values.querier.readinessProbe.timeoutSeconds }}\n          resources:\n            {{- toYaml .Values.querier.resources | nindent 12 }}\n          securityContext:\n            {{- toYaml .Values.querier.containerSecurityContext | nindent 12 }}\n          {{- with .Values.querier.volumeMounts }}\n          volumeMounts:\n            {{- toYaml . | nindent 14 }}\n          {{- end }}\n      {{- with .Values.querier.nodeSelector }}\n      nodeSelector:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n    {{- with .Values.querier.affinity }}\n      affinity:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- with .Values.querier.tolerations }}\n      tolerations:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- with .Values.querier.podSecurityContext }}\n      securityContext:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- with .Values.querier.volumes }}\n      volumes:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- if .Values.querier.podNumericalPriorityEnabled }}\n      priority: {{ .Values.querier.podPriority }}\n    {{- else if .Values.querier.podPriorityClassName }}\n      priorityClassName: {{ .Values.querier.podPriorityClassName }}\n    {{- end }}\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/querier/service.yaml",
    "content": "{{- if .Values.querier.enabled -}}\napiVersion: v1\nkind: Service\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-querier\n{{- if .Values.service.querier.annotations }}\n  annotations:\n{{ toYaml .Values.service.querier.annotations | indent 4 }}\n{{- end }}\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-querier\n    helm.sh/chart: {{ include \"prometheus-thanos.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  type: {{ .Values.service.querier.type }}\n  ports:\n    - port: {{ .Values.service.querier.http.port }}\n      targetPort: http\n      protocol: TCP\n      name: http\n    - port: {{ .Values.service.querier.grpc.port }}\n      targetPort: grpc\n      protocol: TCP\n      name: grpc\n  selector:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-querier\n    app.kubernetes.io/instance: {{ .Release.Name }}\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/querier/serviceaccount.yaml",
    "content": "{{- if and .Values.querier.enabled .Values.querier.serviceAccount.create -}}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-querier\n{{- if .Values.querier.serviceAccount.annotations }}\n  annotations:\n{{ toYaml .Values.querier.serviceAccount.annotations | indent 4 }}\n{{- end }}\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-querier\n    helm.sh/chart: {{ include \"prometheus-thanos.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/query-frontend/deployment-hpa.yaml",
    "content": "{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.autoscaling.enabled -}}\napiVersion: autoscaling/v1\nkind: HorizontalPodAutoscaler\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-query-frontend\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-query-frontend\n    helm.sh/chart: {{ include \"prometheus-thanos.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  scaleTargetRef:\n    apiVersion: apps/v1\n    kind: Deployment\n    name: {{ include \"prometheus-thanos.fullname\" . }}-query-frontend\n  minReplicas: {{ .Values.queryFrontend.autoscaling.minReplicas }}\n  maxReplicas: {{ .Values.queryFrontend.autoscaling.maxReplicas }}\n{{- with .Values.querier.autoscaling.metrics }}\n  metrics: \n    {{- toYaml . | nindent 4 }}\n{{- end }}\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/query-frontend/deployment.yaml",
    "content": "{{- if .Values.queryFrontend.enabled -}}\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-query-frontend\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-query-frontend\n    helm.sh/chart: {{ include \"prometheus-thanos.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  replicas: {{ .Values.queryFrontend.replicaCount }}\n  strategy:\n  {{- with .Values.queryFrontend.updateStrategy }}\n  {{- toYaml . | nindent 4 }}\n  {{- end }}\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-query-frontend\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-query-frontend\n        app.kubernetes.io/instance: {{ .Release.Name }}\n        prometheus-thanos-peer: \"true\"\n        {{- with .Values.queryFrontend.additionalLabels }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n      annotations:\n        prometheus.io/scrape: \"true\"\n        prometheus.io/port: \"10902\"\n        {{- with .Values.queryFrontend.additionalAnnotations }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n    spec:\n      {{- if .Values.queryFrontend.serviceAccount.create }}\n      serviceAccount: {{ include \"prometheus-thanos.fullname\" . }}-query-frontend\n      {{- end }}\n      containers:\n        - name: {{ .Chart.Name }}-query-frontend\n          imagePullPolicy: {{ .Values.queryFrontend.image.pullPolicy }}\n          image: \"{{ .Values.queryFrontend.image.repository }}:{{ .Values.queryFrontend.image.tag }}\"\n          args:\n          - query-frontend\n          - --log.level={{ .Values.queryFrontend.logLevel }}\n          - --query-frontend.log-queries-longer-than={{ .Values.queryFrontend.logQueriesLongerThan }}\n          - --query-range.split-interval={{ .Values.queryFrontend.querySplitInterval }}\n          {{- if .Values.queryFrontend.downstreamUrl }}\n          - --query-frontend.downstream-url={{ .Values.queryFrontend.downstreamUrl }}\n          {{- else }}\n          - --query-frontend.downstream-url=http://{{ include \"prometheus-thanos.fullname\" . }}-querier.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.service.querier.http.port }}\n          {{- end}}\n          {{- range .Values.queryFrontend.orgIdHeaders }}\n          - --query-frontend.org-id-header={{ . }}\n          {{- end }}\n          {{- if .Values.queryFrontend.cache.enabled }}\n          - |\n            --query-range.response-cache-config=\"config\":\n              {{- toYaml .Values.queryFrontend.cache.config | nindent 14 }}\n            \"type\": {{ .Values.queryFrontend.cache.type }}\n          {{- end }}\n          {{- range $key, $value := .Values.queryFrontend.additionalFlags }}\n          - \"--{{ $key }}{{if $value }}={{ $value }}{{end}}\"\n          {{- end }}\n          {{- if .Values.tracing.enabled }}\n          - |\n            --tracing.config=type: {{ .Values.tracing.type }}\n            config:\n              {{- toYaml .Values.tracing.config | nindent 14 }}\n          {{- end }}\n          ports:\n            - name: http\n              containerPort: 10902\n              protocol: TCP\n          livenessProbe:\n            httpGet:\n              path: /-/healthy\n              port: http\n            initialDelaySeconds: {{ .Values.queryFrontend.livenessProbe.initialDelaySeconds }}\n            periodSeconds: {{ .Values.queryFrontend.livenessProbe.periodSeconds }}\n            successThreshold: {{ .Values.queryFrontend.livenessProbe.successThreshold }}\n            timeoutSeconds: {{ .Values.queryFrontend.livenessProbe.timeoutSeconds }}\n          readinessProbe:\n            httpGet:\n              path: /-/ready\n              port: http\n            initialDelaySeconds: {{ .Values.queryFrontend.readinessProbe.initialDelaySeconds }}\n            periodSeconds: {{ .Values.queryFrontend.readinessProbe.periodSeconds }}\n            successThreshold: {{ .Values.queryFrontend.readinessProbe.successThreshold }}\n            timeoutSeconds: {{ .Values.queryFrontend.readinessProbe.timeoutSeconds }}\n          resources:\n            {{- toYaml .Values.queryFrontend.resources | nindent 12 }}\n          securityContext:\n            {{- toYaml .Values.queryFrontend.containerSecurityContext | nindent 12 }}\n          {{- with .Values.queryFrontend.volumeMounts }}\n          volumeMounts:\n            {{- toYaml . | nindent 14 }}\n          {{- end }}\n      {{- with .Values.queryFrontend.nodeSelector }}\n      nodeSelector:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n    {{- with .Values.queryFrontend.affinity }}\n      affinity:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- with .Values.queryFrontend.tolerations }}\n      tolerations:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- with .Values.queryFrontend.podSecurityContext }}\n      securityContext:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- with .Values.queryFrontend.volumes }}\n      volumes:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- if .Values.queryFrontend.podNumericalPriorityEnabled }}\n      priority: {{ .Values.queryFrontend.podPriority }}\n    {{- else if .Values.queryFrontend.podPriorityClassName }}\n      priorityClassName: {{ .Values.queryFrontend.podPriorityClassName }}\n    {{- end }}\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/query-frontend/service.yaml",
    "content": "{{- if .Values.queryFrontend.enabled -}}\napiVersion: v1\nkind: Service\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-query-frontend\n{{- if .Values.service.queryFrontend.annotations }}\n  annotations:\n{{ toYaml .Values.service.queryFrontend.annotations | indent 4 }}\n{{- end }}\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-query-frontend\n    helm.sh/chart: {{ include \"prometheus-thanos.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  type: {{ .Values.service.queryFrontend.type }}\n  ports:\n    - port: {{ .Values.service.queryFrontend.http.port }}\n      targetPort: http\n      protocol: TCP\n      name: http\n  selector:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-query-frontend\n    app.kubernetes.io/instance: {{ .Release.Name }}\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/query-frontend/serviceaccount.yaml",
    "content": "{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.serviceAccount.create -}}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-query-frontend\n{{- if .Values.queryFrontend.serviceAccount.annotations }}\n  annotations:\n{{ toYaml .Values.queryFrontend.serviceAccount.annotations | indent 4 }}\n{{- end }}\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-query-frontend\n    helm.sh/chart: {{ include \"prometheus-thanos.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/receiver/hashring-configmap.yaml",
    "content": "{{- if .Values.receiver.enabled -}}\napiVersion: v1\nkind: ConfigMap\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-receiver-hashring\ndata:\n  hashrings.json: |\n    [\n      {\n        \"endpoints\": [\n          {{- range $i, $e := until (int .Values.receiver.replicaCount) }}\n            \"{{ include \"prometheus-thanos.fullname\" $ }}-receiver-{{ $i }}.{{ include \"prometheus-thanos.fullname\" $ }}-receiver.{{ $.Release.Namespace }}.svc.cluster.local:{{ $.Values.service.receiver.grpc.port }}\"\n\n            {{- if lt $i (sub (int $.Values.receiver.replicaCount) 1) -}}\n            ,\n            {{- end -}}\n          {{- end }}\n        ]\n      }\n    ]\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/receiver/service.yaml",
    "content": "{{- /*\nSee comments in ./statefulset.yaml about why this is headless\n*/}}\n\n{{- if .Values.receiver.enabled -}}\napiVersion: v1\nkind: Service\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-receiver\n{{- if .Values.service.receiver.annotations }}\n  annotations:\n{{ toYaml .Values.service.receiver.annotations | indent 4 }}\n{{- end }}\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-receiver\n    helm.sh/chart: {{ include \"prometheus-thanos.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  clusterIP: None\n  ports:\n    - port: {{ .Values.service.receiver.http.port }}\n      targetPort: http\n      protocol: TCP\n      name: http\n    - port: {{ .Values.service.receiver.httpRemoteWrite.port }}\n      targetPort: http-rw\n      protocol: TCP\n      name: http-rw\n    - port: {{ .Values.service.receiver.grpc.port }}\n      targetPort: grpc\n      protocol: TCP\n      name: grpc\n  selector:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-receiver\n    app.kubernetes.io/instance: {{ .Release.Name }}\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/receiver/serviceaccount.yaml",
    "content": "{{- if and .Values.receiver.enabled .Values.receiver.serviceAccount.create -}}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-receiver\n{{- if .Values.receiver.serviceAccount.annotations }}\n  annotations:\n{{ toYaml .Values.receiver.serviceAccount.annotations | indent 4 }}\n{{- end }}\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-receiver\n    helm.sh/chart: {{ include \"prometheus-thanos.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/receiver/statefulset.yaml",
    "content": "{{- /*\nReceivers must currently be behind a headless services since they form a hashring and communicate directly with each \nother. This means that port mappings at the service level won't be respected, so unlike other components the port \noverrides are defined here, rather than within the service.  In an attempt to keep some consistency (and perhaps future \nproof for the case where it may some day be possible to map ports in headless services) the path for port values is of \nthe form '.Values.service.receiver.PORT_NAME.port'\n\nAt this moment in time using the HPA to scale Receivers is not a good idea so no template has been provided.\nSee https://youtu.be/5MJqdJq41Ms\n*/}}\n\n{{- if .Values.receiver.enabled -}}\napiVersion: apps/v1\nkind: StatefulSet\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-receiver\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-receiver\n    helm.sh/chart: {{ include \"prometheus-thanos.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  replicas: {{ .Values.receiver.replicaCount }}\n  updateStrategy:\n    type: {{ .Values.receiver.updateStrategy }}\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-receiver\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  serviceName: {{ include \"prometheus-thanos.fullname\" . }}-receiver\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-receiver\n        app.kubernetes.io/instance: {{ .Release.Name }}\n        prometheus-thanos-peer: \"true\"\n        {{- with .Values.receiver.additionalLabels }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n      annotations:\n        prometheus.io/scrape: \"true\"\n        prometheus.io/port: \"10902\"\n        {{- with .Values.receiver.additionalAnnotations }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n    spec:\n      {{- if .Values.receiver.serviceAccount.create }}\n      serviceAccount: {{ include \"prometheus-thanos.fullname\" . }}-receiver\n      {{- end }}\n      containers:\n        - name: {{ .Chart.Name }}-receiver\n          imagePullPolicy: {{ .Values.receiver.image.pullPolicy }}\n          image: \"{{ .Values.receiver.image.repository }}:{{ .Values.receiver.image.tag }}\"\n          args:\n          - receive\n          - --tsdb.path=/data\n          - --log.level={{ .Values.receiver.logLevel }}\n          - --receive.replication-factor={{ .Values.receiver.replicationFactor }}\n          - --label=receive_replica=\"$(K8S_POD)\"\n          - --tsdb.retention={{ .Values.receiver.tsdbRetention }}\n          - --grpc-address=0.0.0.0:{{ .Values.service.receiver.grpc.port }}\n          - --http-address=0.0.0.0:{{ .Values.service.receiver.http.port }}\n          - --remote-write.address=0.0.0.0:{{ .Values.service.receiver.httpRemoteWrite.port }}\n          - --receive.local-endpoint=$(K8S_POD).$(K8S_SERVICE).$(K8S_NAMESPACE).svc.cluster.local:{{ .Values.service.receiver.grpc.port }}\n          - --receive.hashrings-file=/var/lib/thanos-receive/hashrings.json\n          {{- if .Values.tracing.enabled }}\n          - |\n            --tracing.config=type: {{ .Values.tracing.type }}\n            config:\n              {{- toYaml .Values.tracing.config | nindent 14 }}\n          {{- end }}\n          {{- range $key, $value := .Values.receiver.additionalFlags }}\n          - \"--{{ $key }}{{if $value }}={{ $value }}{{end}}\"\n          {{- end }}\n          {{- if .Values.receiver.objStoreType }}\n          - |\n            --objstore.config=type: {{ .Values.receiver.objStoreType }}\n            config:\n            {{- toYaml .Values.receiver.objStoreConfig | nindent 14 }}\n          {{ else if .Values.receiver.objStoreConfigFile }}\n          - --objstore.config-file={{ .Values.receiver.objStoreConfigFile }}\n          {{- end }}\n          ports:\n            - name: grpc\n              containerPort: {{ .Values.service.receiver.grpc.port }}\n              protocol: TCP\n            - name: http\n              containerPort: {{ .Values.service.receiver.http.port }}\n              protocol: TCP\n            - name: http-rw\n              containerPort: {{ .Values.service.receiver.httpRemoteWrite.port }}\n              protocol: TCP\n          env:\n            - name: K8S_NAMESPACE\n              valueFrom:\n                fieldRef:\n                  fieldPath: metadata.namespace\n            - name: K8S_POD\n              valueFrom:\n                fieldRef:\n                  fieldPath: metadata.name\n            - name: K8S_SERVICE\n              value: {{ include \"prometheus-thanos.fullname\" . }}-receiver\n            {{- if .Values.receiver.extraEnv }}\n            {{- toYaml .Values.receiver.extraEnv | nindent 12 }}\n            {{- end }}\n          livenessProbe:\n            httpGet:\n              path: /-/healthy\n              port: http\n            initialDelaySeconds: {{ .Values.receiver.livenessProbe.initialDelaySeconds }}\n            periodSeconds: {{ .Values.receiver.livenessProbe.periodSeconds }}\n            successThreshold: {{ .Values.receiver.livenessProbe.successThreshold }}\n            timeoutSeconds: {{ .Values.receiver.livenessProbe.timeoutSeconds }}\n          readinessProbe:\n            httpGet:\n              path: /-/ready\n              port: http\n            initialDelaySeconds: {{ .Values.receiver.readinessProbe.initialDelaySeconds }}\n            periodSeconds: {{ .Values.receiver.readinessProbe.periodSeconds }}\n            successThreshold: {{ .Values.receiver.readinessProbe.successThreshold }}\n            timeoutSeconds: {{ .Values.receiver.readinessProbe.timeoutSeconds }}\n          resources:\n            {{- toYaml .Values.receiver.resources | nindent 12 }}\n          securityContext:\n            {{- toYaml .Values.receiver.containerSecurityContext | nindent 12 }}\n          volumeMounts:\n          - mountPath: /data\n            name: storage-volume\n            readOnly: false\n          - mountPath: /var/lib/thanos-receive\n            name: hashring-config\n          {{- with .Values.receiver.volumeMounts }}\n          {{- toYaml . | nindent 10 }}\n          {{- end }}\n      {{- with .Values.receiver.nodeSelector }}\n      nodeSelector:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n      {{- with .Values.receiver.affinity }}\n      affinity:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n      {{- with .Values.receiver.tolerations }}\n      tolerations:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n      {{- with .Values.receiver.podSecurityContext }}\n      securityContext:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n      volumes:\n        {{- with .Values.receiver.volumes }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n        {{- if not .Values.receiver.persistentVolume.enabled }}\n        - name: storage-volume\n          emptyDir: {}\n        {{- else if .Values.receiver.persistentVolume.existingClaim }}\n        - name: storage-volume\n          persistentVolumeClaim:\n            claimName: {{ .Values.receiver.persistentVolume.existingClaim }}\n        {{- end }}\n        - name: hashring-config\n          configMap:\n            name: {{ include \"prometheus-thanos.fullname\" . }}-receiver-hashring\n      {{- if .Values.receiver.podNumericalPriorityEnabled }}\n      priority: {{ .Values.receiver.podPriority }}\n      {{- else if .Values.receiver.podPriorityClassName }}\n      priorityClassName: {{ .Values.receiver.podPriorityClassName }}\n      {{- end }}\n  {{- if and .Values.receiver.persistentVolume.enabled (not .Values.receiver.persistentVolume.existingClaim) }}\n  volumeClaimTemplates:\n    - metadata:\n        name: storage-volume\n        {{- if .Values.receiver.persistentVolume.annotations }}\n        annotations:\n        {{- toYaml .Values.receiver.persistentVolume.annotations | nindent 10 }}\n        {{- end }}\n      spec:\n        accessModes:\n        {{- toYaml .Values.receiver.persistentVolume.accessModes | nindent 10 }}\n        resources:\n          requests:\n            storage: \"{{ .Values.receiver.persistentVolume.size }}\"\n        {{- if .Values.receiver.persistentVolume.storageClass }}\n        {{- if (eq \"-\" .Values.receiver.persistentVolume.storageClass) }}\n        storageClassName: \"\"\n        {{- else }}\n        storageClassName: \"{{ .Values.receiver.persistentVolume.storageClass }}\"\n        {{- end }}\n        {{- end }}\n  {{- end }}\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/ruler/clusterrole.yaml",
    "content": "{{- if .Values.ruler.sidecar.enabled }}\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-ruler\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-ruler\n    helm.sh/chart: {{ include \"prometheus-thanos.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nrules:\n- apiGroups:\n  - \"\"\n  resources:\n  - configmaps\n  verbs:\n  - get\n  - list\n  - watch\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/ruler/clusterrolebinding.yaml",
    "content": "{{- if .Values.ruler.sidecar.enabled }}\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-ruler\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-ruler\n    helm.sh/chart: {{ include \"prometheus-thanos.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: {{ include \"prometheus-thanos.fullname\" . }}-ruler\nsubjects:\n- kind: ServiceAccount\n  name: {{ include \"prometheus-thanos.fullname\" . }}-ruler\n  namespace: {{ .Release.Namespace }}\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/ruler/configmap.yaml",
    "content": "{{- if .Values.ruler.enabled -}}\napiVersion: v1\nkind: ConfigMap\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-ruler\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-ruler\n    helm.sh/chart: {{ include \"prometheus-thanos.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\ndata:\n  default.rules.yaml: |\n  {{- if .Values.ruler.config }}\n    {{- .Values.ruler.config | toYaml | nindent 4 }}\n  {{- end }}\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/ruler/service.yaml",
    "content": "{{- if .Values.ruler.enabled -}}\napiVersion: v1\nkind: Service\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-ruler\n{{- if .Values.service.ruler.annotations }}\n  annotations:\n{{ toYaml .Values.service.ruler.annotations | indent 4 }}\n{{- end }}\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-ruler\n    helm.sh/chart: {{ include \"prometheus-thanos.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  type: {{ .Values.service.ruler.type }}\n  ports:\n    - port: {{ .Values.service.ruler.http.port }}\n      targetPort: http\n      protocol: TCP\n      name: http\n    - port: {{ .Values.service.ruler.grpc.port }}\n      targetPort: grpc\n      protocol: TCP\n      name: grpc\n  selector:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-ruler\n    app.kubernetes.io/instance: {{ .Release.Name }}\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/ruler/serviceaccount.yaml",
    "content": "{{- if .Values.ruler.enabled -}}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-ruler\n{{- if .Values.ruler.serviceAccount.annotations }}\n  annotations:\n{{ toYaml .Values.ruler.serviceAccount.annotations | indent 4 }}\n{{- end }}\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-ruler\n    helm.sh/chart: {{ include \"prometheus-thanos.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/ruler/statefulset.yaml",
    "content": "{{- if .Values.ruler.enabled -}}\napiVersion: apps/v1\nkind: StatefulSet\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-ruler\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-ruler\n    helm.sh/chart: {{ include \"prometheus-thanos.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  replicas: {{ .Values.ruler.replicaCount }}\n  updateStrategy:\n    type: {{ .Values.ruler.updateStrategy }}\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-ruler\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  serviceName: {{ include \"prometheus-thanos.fullname\" . }}-ruler\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-ruler\n        app.kubernetes.io/instance: {{ .Release.Name }}\n        prometheus-thanos-peer: \"true\"\n        {{- with .Values.ruler.additionalLabels }}\n          {{- toYaml . | nindent 8 }}\n        {{- end }}\n      annotations:\n        prometheus.io/scrape: \"true\"\n        prometheus.io/port: \"10902\"\n        checksum/config: {{ include (print $.Template.BasePath \"/ruler/configmap.yaml\") . | sha256sum }}\n        {{- with .Values.ruler.additionalAnnotations }}\n          {{- toYaml . | nindent 8 }}\n        {{- end }}\n    spec:\n      serviceAccount: {{ include \"prometheus-thanos.fullname\" . }}-ruler\n    {{- with .Values.ruler.imagePullSecrets }}\n      imagePullSecrets:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n      containers:\n        - name: {{ .Chart.Name }}-ruler\n          imagePullPolicy: {{ .Values.ruler.image.pullPolicy }}\n          image: \"{{ .Values.ruler.image.repository }}:{{ .Values.ruler.image.tag }}\"\n          args:\n          - rule\n          - --data-dir=/data\n          - --log.level={{ .Values.ruler.logLevel }}\n          - --eval-interval={{ .Values.ruler.evalInterval }}\n          - --rule-file={{ .Values.ruler.ruleFile }}\n          - --alertmanagers.url={{ .Values.ruler.alertmanagerUrl }}\n          - --query={{ include \"prometheus-thanos.fullname\" . }}-querier:{{ .Values.service.querier.http.port }}\n          {{- range .Values.ruler.queries }}\n          - --query={{ . }}\n          {{- end }}\n          {{- if .Values.ruler.objStoreType }}\n          - |\n            --objstore.config=type: {{ .Values.ruler.objStoreType }}\n            config:\n            {{- toYaml .Values.ruler.objStoreConfig | nindent 14 }}\n          {{ else if .Values.ruler.objStoreConfigFile }}\n          - --objstore.config-file={{ .Values.ruler.objStoreConfigFile }}\n          {{- end }}\n          {{- range $key, $value := .Values.ruler.additionalFlags }}\n          - \"--{{ $key }}{{if $value }}={{ $value }}{{end}}\"\n          {{- end }}\n          - --label=ruler_cluster=\"{{ .Values.ruler.clusterName }}\"\n          - --label=replica=\"$(POD_NAME)\"\n          {{- if .Values.tracing.enabled }}\n          - |\n            --tracing.config=type: {{ .Values.tracing.type }}\n            config:\n              {{- toYaml .Values.tracing.config | nindent 14 }}\n          {{- end }}\n          env:\n            - name: POD_NAME\n              valueFrom:\n                fieldRef:\n                  fieldPath: metadata.name\n          {{- if .Values.ruler.extraEnv }}\n            {{- toYaml .Values.ruler.extraEnv | nindent 12 }}\n          {{- end }}\n          ports:\n            - name: http\n              containerPort: 10902\n              protocol: TCP\n            - name: grpc\n              containerPort: 10901\n              protocol: TCP\n          livenessProbe:\n            httpGet:\n              path: /-/healthy\n              port: http\n            initialDelaySeconds: {{ .Values.ruler.livenessProbe.initialDelaySeconds }}\n            periodSeconds: {{ .Values.ruler.livenessProbe.periodSeconds }}\n            successThreshold: {{ .Values.ruler.livenessProbe.successThreshold }}\n            timeoutSeconds: {{ .Values.ruler.livenessProbe.timeoutSeconds }}\n          readinessProbe:\n            httpGet:\n              path: /-/ready\n              port: http\n            initialDelaySeconds: {{ .Values.ruler.readinessProbe.initialDelaySeconds }}\n            periodSeconds: {{ .Values.ruler.readinessProbe.periodSeconds }}\n            successThreshold: {{ .Values.ruler.readinessProbe.successThreshold }}\n            timeoutSeconds: {{ .Values.ruler.readinessProbe.timeoutSeconds }}\n          resources:\n            {{- toYaml .Values.ruler.resources | nindent 12 }}\n          securityContext:\n            {{- toYaml .Values.ruler.containerSecurityContext | nindent 12 }}\n          volumeMounts:\n          - mountPath: /etc/thanos-ruler\n            name: config\n          - mountPath: /etc/thanos-ruler/external\n            name: external-config-volume\n          - mountPath: /data\n            name: storage-volume\n          {{- with .Values.ruler.volumeMounts }}\n          {{- toYaml . | nindent 10 }}\n          {{- end }}\n        {{- if .Values.ruler.sidecar.enabled }}\n        - env:\n          - name: LABEL\n            value: {{ .Values.ruler.sidecar.watchLabel }}\n          - name: FOLDER\n            value: /etc/config\n          - name: NAMESPACE\n            value: ALL\n          - name: REQ_URL\n            value: http://127.0.0.1:10902/-/reload\n          - name: REQ_METHOD\n            value: POST\n          imagePullPolicy: {{ .Values.ruler.sidecar.image.pullPolicy }}\n          image: \"{{ .Values.ruler.sidecar.image.repository }}:{{ .Values.ruler.sidecar.image.tag }}\"\n          name: k8s-configmap-watcher\n          resources:\n            limits:\n              cpu: 20m\n              memory: 64Mi\n            requests:\n              cpu: 10m\n              memory: 32Mi\n          terminationMessagePath: /dev/termination-log\n          terminationMessagePolicy: File\n          volumeMounts:\n          - mountPath: /etc/config\n            name: external-config-volume\n        {{- end }}\n      {{- with .Values.ruler.nodeSelector }}\n      nodeSelector:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n      {{- with .Values.ruler.affinity }}\n      affinity:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n      {{- with .Values.ruler.tolerations }}\n      tolerations:\n      {{- toYaml . | nindent 6 }}\n      {{- end }}\n      {{- with .Values.ruler.podSecurityContext }}\n      securityContext:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n      volumes:\n      - name: external-config-volume\n        emptyDir: {}\n      - configMap:\n          name: {{ include \"prometheus-thanos.fullname\" . }}-ruler\n        name: config\n      {{- with .Values.ruler.volumes }}\n      {{- toYaml . | nindent 6 }}\n      {{- end }}\n      {{- if not .Values.ruler.persistentVolume.enabled }}\n      - name: storage-volume\n        emptyDir: {}\n      {{- else if .Values.ruler.persistentVolume.existingClaim }}\n      - name: storage-volume\n        persistentVolumeClaim:\n          claimName: {{ .Values.ruler.persistentVolume.existingClaim }}\n      {{- end }}\n      {{- if .Values.ruler.podNumericalPriorityEnabled }}\n      priority: {{ .Values.ruler.podPriority }}\n      {{- else if .Values.ruler.podPriorityClassName }}\n      priorityClassName: {{ .Values.ruler.podPriorityClassName }}\n      {{- end }}\n  {{- if and .Values.ruler.persistentVolume.enabled (not .Values.ruler.persistentVolume.existingClaim) }}\n  volumeClaimTemplates:\n    - metadata:\n        name: storage-volume\n        {{- if .Values.ruler.persistentVolume.annotations }}\n        annotations:\n          {{- toYaml .Values.ruler.persistentVolume.annotations | nindent 10 }}\n        {{- end }}\n      spec:\n        accessModes:\n          {{- toYaml .Values.ruler.persistentVolume.accessModes | nindent 10 }}\n        resources:\n          requests:\n            storage: \"{{ .Values.ruler.persistentVolume.size }}\"\n        {{- if .Values.ruler.persistentVolume.storageClass }}\n        {{- if (eq \"-\" .Values.ruler.persistentVolume.storageClass) }}\n        storageClassName: \"\"\n        {{- else }}\n        storageClassName: \"{{ .Values.ruler.persistentVolume.storageClass }}\"\n        {{- end }}\n        {{- end }}\n  {{- end }}\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/store-gateway/service.yaml",
    "content": "{{- if .Values.storeGateway.enabled -}}\napiVersion: v1\nkind: Service\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-store-gateway\n{{- if .Values.service.storeGateway.annotations }}\n  annotations:\n{{ toYaml .Values.service.storeGateway.annotations | indent 4 }}\n{{- end }}\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-store-gateway\n    helm.sh/chart: {{ include \"prometheus-thanos.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  type: {{ .Values.service.storeGateway.type }}\n  ports:\n    - port: {{ .Values.service.storeGateway.http.port }}\n      targetPort: http\n      protocol: TCP\n      name: http\n    - port: {{ .Values.service.storeGateway.grpc.port }}\n      targetPort: grpc\n      protocol: TCP\n      name: grpc\n  selector:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-store-gateway\n    app.kubernetes.io/instance: {{ .Release.Name }}\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/store-gateway/serviceaccount.yaml",
    "content": "{{- if and .Values.storeGateway.enabled .Values.storeGateway.serviceAccount.create -}}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-store-gateway\n{{- if .Values.storeGateway.serviceAccount.annotations }}\n  annotations:\n{{ toYaml .Values.storeGateway.serviceAccount.annotations | indent 4 }}\n{{- end }}\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-store-gateway\n    helm.sh/chart: {{ include \"prometheus-thanos.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/store-gateway/statefulset-hpa.yaml",
    "content": "{{- if and .Values.storeGateway.enabled .Values.storeGateway.autoscaling.enabled -}}\napiVersion: autoscaling/v1\nkind: HorizontalPodAutoscaler\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-store-gateway\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-store-gateway\n    helm.sh/chart: {{ include \"prometheus-thanos.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  scaleTargetRef:\n    apiVersion: apps/v1\n    kind: StatefulSet\n    name: {{ include \"prometheus-thanos.fullname\" . }}-store-gateway\n  minReplicas: {{ .Values.storeGateway.autoscaling.minReplicas }}\n  maxReplicas: {{ .Values.storeGateway.autoscaling.maxReplicas }}\n{{ with  .Values.storeGateway.autoscaling.metrics }}\n  metrics:\n    {{- toYaml . | nindent 4 }}\n{{- end }}\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/templates/store-gateway/statefulset.yaml",
    "content": "{{- if .Values.storeGateway.enabled -}}\napiVersion: apps/v1\nkind: StatefulSet\nmetadata:\n  name: {{ include \"prometheus-thanos.fullname\" . }}-store-gateway\n  labels:\n    app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-store-gateway\n    helm.sh/chart: {{ include \"prometheus-thanos.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  replicas: {{ .Values.storeGateway.replicaCount }}\n  updateStrategy:\n    type: {{ .Values.storeGateway.updateStrategy }}\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-store-gateway\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  serviceName: {{ include \"prometheus-thanos.fullname\" . }}-store-gateway\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"prometheus-thanos.name\" . }}-store-gateway\n        app.kubernetes.io/instance: {{ .Release.Name }}\n        prometheus-thanos-peer: \"true\"\n        {{- with .Values.storeGateway.additionalLabels }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n      annotations:\n        prometheus.io/scrape: \"true\"\n        prometheus.io/port: \"10902\"\n        {{- with .Values.storeGateway.additionalAnnotations }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n    spec:\n      {{- if .Values.storeGateway.serviceAccount.create }}\n      serviceAccount: {{ include \"prometheus-thanos.fullname\" . }}-store-gateway\n      {{- end }}\n      containers:\n        - name: {{ .Chart.Name }}-store-gateway\n          imagePullPolicy: {{ .Values.storeGateway.image.pullPolicy }}\n          image: \"{{ .Values.storeGateway.image.repository }}:{{ .Values.storeGateway.image.tag }}\"\n          args:\n          - store\n          - --data-dir=/data\n          - --log.level={{ .Values.storeGateway.logLevel }}\n          - |\n            --index-cache.config=type: {{ .Values.storeGateway.indexCache.type }}\n            config:\n            {{- toYaml .Values.storeGateway.indexCache.config | nindent 14 }}\n          - --chunk-pool-size={{ .Values.storeGateway.chunkPoolSize }}\n          {{- range $key, $value := .Values.storeGateway.additionalFlags }}\n          - \"--{{ $key }}{{if $value }}={{ $value }}{{end}}\"\n          {{- end }}\n          {{- if .Values.storeGateway.objStoreType }}\n          - |\n            --objstore.config=type: {{ .Values.storeGateway.objStoreType }}\n            config:\n            {{- toYaml .Values.storeGateway.objStoreConfig | nindent 14 }}\n          {{ else if .Values.storeGateway.objStoreConfigFile }}\n          - --objstore.config-file={{ .Values.storeGateway.objStoreConfigFile }}\n          {{- end }}\n          {{- if .Values.tracing.enabled }}\n          - |\n            --tracing.config=type: {{ .Values.tracing.type }}\n            config:\n              {{- toYaml .Values.tracing.config | nindent 14 }}\n          {{- end }}\n          ports:\n            - name: http\n              containerPort: 10902\n              protocol: TCP\n            - name: grpc\n              containerPort: 10901\n              protocol: TCP\n          {{- if .Values.storeGateway.extraEnv }}\n          env:\n            {{- toYaml .Values.storeGateway.extraEnv | nindent 12 }}\n          {{- end }}\n          livenessProbe:\n            httpGet:\n              path: /-/healthy\n              port: http\n            initialDelaySeconds: {{ .Values.storeGateway.livenessProbe.initialDelaySeconds }}\n            periodSeconds: {{ .Values.storeGateway.livenessProbe.periodSeconds }}\n            successThreshold: {{ .Values.storeGateway.livenessProbe.successThreshold }}\n            timeoutSeconds: {{ .Values.storeGateway.livenessProbe.timeoutSeconds }}\n          readinessProbe:\n            httpGet:\n              path: /-/ready\n              port: http\n            initialDelaySeconds: {{ .Values.storeGateway.readinessProbe.initialDelaySeconds }}\n            periodSeconds: {{ .Values.storeGateway.readinessProbe.periodSeconds }}\n            successThreshold: {{ .Values.storeGateway.readinessProbe.successThreshold }}\n            timeoutSeconds: {{ .Values.storeGateway.readinessProbe.timeoutSeconds }}\n          resources:\n            {{- toYaml .Values.storeGateway.resources | nindent 12 }}\n          securityContext:\n            {{- toYaml .Values.storeGateway.containerSecurityContext | nindent 12 }}\n          volumeMounts:\n            - mountPath: /data\n              name: storage-volume\n          {{- with .Values.storeGateway.volumeMounts }}\n            {{- toYaml . | nindent 12 }}\n          {{- end }}\n      {{- with .Values.storeGateway.nodeSelector }}\n      nodeSelector:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n      {{- with .Values.storeGateway.affinity }}\n      affinity:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n      {{- with .Values.storeGateway.tolerations }}\n      tolerations:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n      {{- with .Values.storeGateway.podSecurityContext }}\n      securityContext:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n      volumes:\n        {{- with .Values.storeGateway.volumes }}\n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n        {{- if not .Values.storeGateway.persistentVolume.enabled }}\n        - name: storage-volume\n          emptyDir: {}\n        {{- else if .Values.storeGateway.persistentVolume.existingClaim }}\n        - name: storage-volume\n          persistentVolumeClaim:\n            claimName: {{ .Values.storeGateway.persistentVolume.existingClaim }}\n        {{- end }}\n      {{- if .Values.storeGateway.podNumericalPriorityEnabled }}\n      priority: {{ .Values.storeGateway.podPriority }}\n      {{- else if .Values.storeGateway.podPriorityClassName }}\n      priorityClassName: {{ .Values.storeGateway.podPriorityClassName }}\n      {{- end }}\n  {{- if and .Values.storeGateway.persistentVolume.enabled (not .Values.storeGateway.persistentVolume.existingClaim) }}\n  volumeClaimTemplates:\n    - metadata:\n        name: storage-volume\n        {{- if .Values.storeGateway.persistentVolume.annotations }}\n        annotations:\n        {{- toYaml .Values.storeGateway.persistentVolume.annotations | nindent 10 }}\n        {{- end }}\n      spec:\n        accessModes:\n        {{- toYaml .Values.storeGateway.persistentVolume.accessModes | nindent 10 }}\n        resources:\n          requests:\n            storage: \"{{ .Values.storeGateway.persistentVolume.size }}\"\n        {{- if .Values.storeGateway.persistentVolume.storageClass }}\n        {{- if (eq \"-\" .Values.storeGateway.persistentVolume.storageClass) }}\n        storageClassName: \"\"\n        {{- else }}\n        storageClassName: \"{{ .Values.storeGateway.persistentVolume.storageClass }}\"\n        {{- end }}\n        {{- end }}\n  {{- end }}\n{{- end }}\n"
  },
  {
    "path": "charts/prometheus-thanos/values.yaml",
    "content": "# Default values for prometheus-thanos.\n# This is a YAML-formatted file.\n# Declare variables to be passed into your templates.\n\nnameOverride: \"\"\nfullnameOverride: \"\"\n\ntracing:\n  enabled: false\n  type: \"\"\n  config: {}\n\nservice:\n  queryFrontend:\n    type: ClusterIP\n    http:\n      port: 9090\n    annotations: {}\n  querier:\n    type: ClusterIP\n    http:\n      port: 9090\n    grpc:\n      port: 10901\n    annotations: {}\n  storeGateway:\n    type: ClusterIP\n    http:\n      port: 9090\n    grpc:\n      port: 10901\n    annotations: {}\n  ruler:\n    type: ClusterIP\n    http:\n      port: 9090\n    grpc:\n      port: 10901\n    annotations: {}\n  receiver:\n    http:\n      port: 9090\n    httpRemoteWrite:\n      port: 9091\n    grpc:\n      port: 10901\n    annotations: {}\n  bucketWebInterface:\n    type: ClusterIP\n    http:\n      port: 9090\n    annotations: {}\n  compact:\n    type: ClusterIP\n    http:\n      port: 9090\n    annotations: {}\n\nqueryFrontend:\n  enabled: true\n  replicaCount: 1\n  updateStrategy:\n    type: RollingUpdate\n    rollingUpdate:\n      maxSurge: 1\n      maxUnavailable: 0\n  image:\n    repository: quay.io/thanos/thanos\n    tag: v0.32.4\n    pullPolicy: IfNotPresent\n  serviceAccount:\n    create: false\n  cache:\n    enabled: false\n  #  annotations: eks.amazonaws.com/role-arn: arn:aws:iam::AWS_ACCOUNT_ID:role/IAM_ROLE_NAME\n  ## See https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html\n  ## for IAM Role for your Service Account usage\n  additionalLabels: {}\n  additionalAnnotations: {}\n  logLevel: info\n  logQueriesLongerThan: 0\n  querySplitInterval: 24h\n  additionalFlags: {}\n  resources: {}\n  nodeSelector: {}\n  podNumericalPriorityEnabled: false\n  podPriority: 0\n  podSecurityContext:\n    runAsUser: 1001\n    runAsGroup: 1001\n    fsGroup: 1001\n  containerSecurityContext:\n    runAsNonRoot: true\n    allowPrivilegeEscalation: false\n    capabilities:\n      drop:\n        - ALL\n    privileged: false\n  podPriorityClassName: \"\"\n  tolerations: []\n  affinity: {}\n  livenessProbe:\n    initialDelaySeconds: 30\n    periodSeconds: 10\n    successThreshold: 1\n    timeoutSeconds: 30\n  readinessProbe:\n    initialDelaySeconds: 30\n    periodSeconds: 10\n    successThreshold: 1\n    timeoutSeconds: 30\n\n  autoscaling:\n    enabled: false\n    minReplicas: 1\n    maxReplicas: 10\n    metrics:\n    # List of MetricSpecs to decide whether to scale\n    # See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#metricspec-v2beta2-autoscaling\n    - type: Resource\n      resource:\n        name: cpu\n        target:\n          type: Utilization\n          averageUtilization: 80\n    - type: Resource\n      resource:\n        name: memory\n        target:\n          type: Utilization\n          averageUtilization: 80\n\nquerier:\n  enabled: true\n  replicaCount: 1\n  updateStrategy:\n    type: RollingUpdate\n    rollingUpdate:\n      maxSurge: 1\n      maxUnavailable: 0\n  image:\n    repository: quay.io/thanos/thanos\n    tag: v0.32.4\n    pullPolicy: IfNotPresent\n  serviceAccount:\n    create: false\n  #  annotations: eks.amazonaws.com/role-arn: arn:aws:iam::AWS_ACCOUNT_ID:role/IAM_ROLE_NAME\n  ## See https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html\n  ## for IAM Role for your Service Account usage\n  additionalLabels: {}\n  additionalAnnotations: {}\n  replicaLabels: []\n  logLevel: info\n  stores: []\n  additionalFlags: {}\n  resources: {}\n  nodeSelector: {}\n  podNumericalPriorityEnabled: false\n  podPriority: 0\n  podPriorityClassName: \"\"\n  podSecurityContext:\n    runAsUser: 1001\n    runAsGroup: 1001\n    fsGroup: 1001\n  containerSecurityContext:\n    runAsNonRoot: true\n    allowPrivilegeEscalation: false\n    capabilities:\n      drop:\n        - ALL\n    privileged: false\n  tolerations: []\n  affinity: {}\n  livenessProbe:\n    initialDelaySeconds: 30\n    periodSeconds: 10\n    successThreshold: 1\n    timeoutSeconds: 30\n  readinessProbe:\n    initialDelaySeconds: 30\n    periodSeconds: 10\n    successThreshold: 1\n    timeoutSeconds: 30\n\n  autoscaling:\n    enabled: false\n    minReplicas: 1\n    maxReplicas: 10\n    metrics:\n    # List of MetricSpecs to decide whether to scale\n    # See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#metricspec-v2beta2-autoscaling\n    - type: Resource\n      resource:\n        name: cpu\n        target:\n          type: Utilization\n          averageUtilization: 80\n    - type: Resource\n      resource:\n        name: memory\n        target:\n          type: Utilization\n          averageUtilization: 80\n\nstoreGateway:\n  enabled: true\n  replicaCount: 1\n  updateStrategy: RollingUpdate\n  image:\n    repository: quay.io/thanos/thanos\n    tag: v0.32.4\n    pullPolicy: IfNotPresent\n  serviceAccount:\n    create: false\n  additionalLabels: {}\n  additionalAnnotations: {}\n  extraEnv: []\n  # - name: GOOGLE_APPLICATION_CREDENTIALS\n  #   value: /etc/gcp/secrets/credentials.json\n  logLevel: info\n  # IndexCache configuraiton. See https://thanos.io/components/store.md/#index-cache for available options\n  indexCache:\n    type: IN-MEMORY\n    config:\n      max_size: 500MB\n  chunkPoolSize: 500MB\n\n  objStoreType: GCS  # WARNING: this is default to null in other sections\n  additionalFlags: {}\n  objStoreConfig: {}\n  ## GCS example\n  #  bucket: demo-bucket\n\n  ## S3 example\n  #  bucket: demo-bucket\n  #  access_key: smth\n  #  secret_key: Need8Chars\n  #  endpoint: a\n  #  insecure: true\n  objStoreConfigFile: null\n  podNumericalPriorityEnabled: false\n  podPriority: 0\n  podPriorityClassName: \"\"\n  podSecurityContext:\n    runAsUser: 1001\n    runAsGroup: 1001\n    fsGroup: 1001\n  containerSecurityContext:\n    runAsNonRoot: true\n    allowPrivilegeEscalation: false\n    capabilities:\n      drop:\n        - ALL\n    privileged: false\n  resources: {}\n  nodeSelector: {}\n  tolerations: []\n  affinity: {}\n  livenessProbe:\n    initialDelaySeconds: 30\n    periodSeconds: 10\n    successThreshold: 1\n    timeoutSeconds: 30\n  readinessProbe:\n    initialDelaySeconds: 30\n    periodSeconds: 10\n    successThreshold: 1\n    timeoutSeconds: 30\n  volumeMounts:\n  volumes:\n  persistentVolume:\n    enabled: true\n    accessModes:\n      - ReadWriteOnce\n    annotations: {}\n    existingClaim: \"\"\n    size: 10Gi\n    storageClass: \"\"\n\n  autoscaling:\n    enabled: false\n    minReplicas: 1\n    maxReplicas: 10\n    metrics:\n    # List of MetricSpecs to decide whether to scale\n    # See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#metricspec-v2beta2-autoscaling\n    - type: Resource\n      resource:\n        name: cpu\n        target:\n          type: Utilization\n          averageUtilization: 80\n    - type: Resource\n      resource:\n        name: memory\n        target:\n          type: Utilization\n          averageUtilization: 80\n\ncompact:\n  enabled: true\n  updateStrategy: RollingUpdate\n  image:\n    repository: quay.io/thanos/thanos\n    tag: v0.32.4\n    pullPolicy: IfNotPresent\n  serviceAccount:\n    create: false\n  additionalLabels: {}\n  additionalAnnotations: {}\n  logLevel: info\n  retentionResolutionRaw: 30d\n  retentionResolution5m: 30d\n  retentionResolution1h: 10y\n  consistencyDelay: 30m\n  additionalFlags: {}\n\n  objStoreType: null\n  objStoreConfig: {}\n  ## GCS example\n  #  bucket: demo-bucket\n\n  ## S3 example\n  #  bucket: demo-bucket\n  #  access_key: smth\n  #  secret_key: Need8Chars\n  #  endpoint: a\n  #  insecure: true\n  objStoreConfigFile: null\n  podNumericalPriorityEnabled: false\n  podPriority: 0\n  podPriorityClassName: \"\"\n  podSecurityContext:\n    runAsUser: 1001\n    runAsGroup: 1001\n    fsGroup: 1001\n  containerSecurityContext:\n    runAsNonRoot: true\n    allowPrivilegeEscalation: false\n    capabilities:\n      drop:\n        - ALL\n    privileged: false\n  extraEnv: []\n  # - name: GOOGLE_APPLICATION_CREDENTIALS\n  #   value: /etc/gcp/secrets/credentials.json\n  resources: {}\n  nodeSelector: {}\n  tolerations: []\n  affinity: {}\n  volumeMounts:\n  volumes:\n  persistentVolume:\n    enabled: true\n    storageClass: \"\"\n    accessModes:\n      - ReadWriteOnce\n    annotations: {}\n    existingClaim: \"\"\n    size: 10Gi\n\n\nruler:\n  enabled: true\n  replicaCount: 1\n  updateStrategy: RollingUpdate\n  image:\n    repository: quay.io/thanos/thanos\n    tag: v0.32.4\n    pullPolicy: IfNotPresent\n  sidecar:\n    enabled: false\n    watchLabel: thanos_alert_config\n    image:\n      repository: kiwigrid/k8s-configmap-watcher\n      tag: 0.1.1\n      pullPolicy: IfNotPresent\n  serviceAccount: {}\n  imagePullSecrets: []\n  replicaLabel: replica\n  logLevel: info\n  ## Ruler configuration\n  ## ref: https://thanos.io/components/rule.md/#flags\n  queries: []\n  clusterName:\n  alertmanagerUrl: http://localhost\n  evalInterval: 1m\n  ruleFile: /etc/thanos-ruler/**/*-rules.yaml\n\n  objStoreType: null\n  objStoreConfig: {}\n  ## GCS example\n  #  bucket: demo-bucket\n\n  ## S3 example\n  #  bucket: demo-bucket\n  #  access_key: smth\n  #  secret_key: Need8Chars\n  #  endpoint: a\n  #  insecure: true\n  objStoreConfigFile: null\n\n  config: {}\n  #  groups:\n  #  - name: metamonitoring\n  #    rules:\n  #    - alert: PrometheusReplicaDown\n  #      annotations:\n  #        message: Prometheus replica in cluster {{ $labels.cluster }} has disappeared from Prometheus target discovery.\n  #        runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-prometheusdown\n  #      expr: absent(up{job=\"prometheus\"})\n  #      for: 15s # for demo purposes\n  #      labels:\n  #        severity: critical\n  additionalFlags: {}\n  resources: {}\n  nodeSelector: {}\n  tolerations: []\n  affinity: {}\n  livenessProbe:\n    initialDelaySeconds: 30\n    periodSeconds: 10\n    successThreshold: 1\n    timeoutSeconds: 30\n  readinessProbe:\n    initialDelaySeconds: 30\n    periodSeconds: 10\n    successThreshold: 1\n    timeoutSeconds: 30\n\n  persistentVolume:\n    enabled: true\n    accessModes:\n      - ReadWriteOnce\n    annotations: {}\n    existingClaim: \"\"\n    size: 10Gi\n    storageClass: \"\"\n  podNumericalPriorityEnabled: true\n  podPriority: 0\n  podPriorityClassName: \"\"\n  podSecurityContext:\n    runAsUser: 1001\n    runAsGroup: 1001\n    fsGroup: 1001\n  containerSecurityContext:\n    runAsNonRoot: true\n    allowPrivilegeEscalation: false\n    capabilities:\n      drop:\n        - ALL\n    privileged: false\n\nreceiver:\n  enabled: true\n  replicaCount: 1\n  updateStrategy: RollingUpdate\n  image:\n    repository: quay.io/thanos/thanos\n    tag: v0.32.4\n    pullPolicy: IfNotPresent\n  serviceAccount:\n    create: false\n  additionalLabels: {}\n  additionalAnnotations: {}\n  extraEnv: []\n  logLevel: info\n  tsdbRetention: 1d\n  replicationFactor: 1\n\n  objStoreType: GCS  # WARNING: this is default to null in other sections\n  additionalFlags: {}\n  objStoreConfig: {}\n  ## GCS example\n  #  bucket: demo-bucket\n\n  ## S3 example\n  #  bucket: demo-bucket\n  #  access_key: smth\n  #  secret_key: Need8Chars\n  #  endpoint: a\n  #  insecure: true\n  objStoreConfigFile: null\n  podNumericalPriorityEnabled: false\n  podPriority: 0\n  podPriorityClassName: \"\"\n  podSecurityContext:\n    runAsUser: 1001\n    runAsGroup: 1001\n    fsGroup: 1001\n  containerSecurityContext:\n    runAsNonRoot: true\n    allowPrivilegeEscalation: false\n    capabilities:\n      drop:\n        - ALL\n    privileged: false\n  resources: {}\n  nodeSelector: {}\n  tolerations: []\n  affinity: {}\n  livenessProbe:\n    initialDelaySeconds: 60\n    periodSeconds: 10\n    successThreshold: 1\n    timeoutSeconds: 30\n  readinessProbe:\n    initialDelaySeconds: 60\n    periodSeconds: 10\n    successThreshold: 1\n    timeoutSeconds: 30\n  volumeMounts:\n  volumes:\n  persistentVolume:\n    enabled: true\n    accessModes:\n      - ReadWriteOnce\n    annotations: {}\n    existingClaim: \"\"\n    size: 8Gi\n    storageClass: \"\"\n\nbucketWebInterface:\n  enabled: false\n  additionalAnnotations: {}\n  additionalFlags: {}\n  additionalLabels: {}\n  affinity: {}\n  extraEnv: []\n  httpServerPort: 10902\n  image:\n    repository: quay.io/thanos/thanos\n    tag: v0.32.4\n    pullPolicy: IfNotPresent\n  serviceAccount:\n    create: false\n  logLevel: info\n  objStoreType: null\n  objStoreConfig: {}\n  ## GCS example\n  #  bucket: demo-bucket\n\n  ## S3 example\n  #  bucket: demo-bucket\n  #  access_key: smth\n  #  secret_key: Need8Chars\n  #  endpoint: a\n  #  insecure: true\n  objStoreConfigFile: null\n  nodeSelector: {}\n  podNumericalPriorityEnabled: false\n  podPriority: 0\n  podPriorityClassName: \"\"\n  podSecurityContext:\n    runAsUser: 1001\n    runAsGroup: 1001\n    fsGroup: 1001\n  containerSecurityContext:\n    runAsNonRoot: true\n    allowPrivilegeEscalation: false\n    capabilities:\n      drop:\n        - ALL\n    privileged: false\n  replicaCount: 1\n  resources: {}\n  tolerations: []\n  updateStrategy:\n    type: RollingUpdate\n    rollingUpdate:\n      maxSurge: 1\n      maxUnavailable: 0\n  volumeMounts:\n  volumes:\n\n## this is only for test support dont use this in production\nminio:\n  enabled: false\nany-resource:\n  enabled: false\n"
  },
  {
    "path": "charts/pull-secret-distributor/.helmignore",
    "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n"
  },
  {
    "path": "charts/pull-secret-distributor/Chart.yaml",
    "content": "apiVersion: v1\nappVersion: \"25\"\ndescription: A Helm chart to distribute pull secret across namespaces\nname: pull-secret-distributor\nversion: 0.3.1\nhome: https://github.com/kiwigrid/pull-secret-distributor\nsources:\n- https://github.com/kiwigrid/pull-secret-distributor\ndeprecated: true\n"
  },
  {
    "path": "charts/pull-secret-distributor/README.md",
    "content": "# Pull secret distributor\n\nThis chart was renamed and is therefore deprecated.\n\nPlease use [secret-replicator](https://github.com/kiwigrid/helm-charts/tree/master/charts/secret-replicator) instead.\n\n"
  },
  {
    "path": "charts/pull-secret-distributor/templates/NOTES.txt",
    "content": "Deployments successful installed.\n\nyou can check if it's working by creating a new namespace. The pull secrets should be populated to the new namespace.\n"
  },
  {
    "path": "charts/pull-secret-distributor/templates/_helpers.tpl",
    "content": "{{/* vim: set filetype=mustache: */}}\n{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"pull-secret-distributor.name\" -}}\n{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCreate a default fully qualified app name.\nWe truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).\nIf release name contains chart name it will be used as a full name.\n*/}}\n{{- define \"pull-secret-distributor.fullname\" -}}\n{{- if .Values.fullnameOverride -}}\n{{- .Values.fullnameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- $name := default .Chart.Name .Values.nameOverride -}}\n{{- if contains $name .Release.Name -}}\n{{- .Release.Name | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- printf \"%s-%s\" .Release.Name $name | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n{{- end -}}\n{{- end -}}\n\n{{/*\nCreate chart name and version as used by the chart label.\n*/}}\n{{- define \"pull-secret-distributor.chart\" -}}\n{{- printf \"%s-%s\" .Chart.Name .Chart.Version | replace \"+\" \"_\" | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n"
  },
  {
    "path": "charts/pull-secret-distributor/templates/cluster-role.yaml",
    "content": "{{- if and .Values.rbac.enabled }}\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n  name: {{ template \"pull-secret-distributor.fullname\" . }}-ca\n  labels:\n    app.kubernetes.io/name: {{ include \"pull-secret-distributor.name\" . }}\n    helm.sh/chart: {{ include \"pull-secret-distributor.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nrules:\n- apiGroups:\n    - \"\"\n  resources:\n    - \"secrets\"\n    - \"namespaces\"\n  verbs:\n    - \"*\"\n{{- end -}}\n"
  },
  {
    "path": "charts/pull-secret-distributor/templates/cluster-rolebinding.yaml",
    "content": "{{- if and .Values.rbac.enabled }}\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  name: {{ template \"pull-secret-distributor.fullname\" . }}-crb\n  labels:\n    app.kubernetes.io/name: {{ include \"pull-secret-distributor.name\" . }}\n    helm.sh/chart: {{ include \"pull-secret-distributor.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: {{ template \"pull-secret-distributor.fullname\" . }}-ca\nsubjects:\n- kind: ServiceAccount\n  name: {{ template \"pull-secret-distributor.fullname\" . }}-sa\n  namespace: {{ .Release.Namespace }}\n{{- end }}\n"
  },
  {
    "path": "charts/pull-secret-distributor/templates/deployment.yaml",
    "content": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: {{ include \"pull-secret-distributor.fullname\" . }}\n  labels:\n    app.kubernetes.io/name: {{ include \"pull-secret-distributor.name\" . }}\n    helm.sh/chart: {{ include \"pull-secret-distributor.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"pull-secret-distributor.name\" . }}\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"pull-secret-distributor.name\" . }}\n        app.kubernetes.io/instance: {{ .Release.Name }}\n    spec:\n      serviceAccountName: {{ template \"pull-secret-distributor.fullname\" . }}-sa\n      containers:\n        - name: {{ .Chart.Name }}\n          image: \"{{ .Values.image.repository }}:{{ .Values.image.tag }}\"\n          imagePullPolicy: {{ .Values.image.pullPolicy }}\n          env:\n          - name: PULL_SECRETS\n            value: {{ .Values.pullSecrets }}\n          - name: IGNORE_NAMESPACES\n            value: {{ .Values.ignoreNamespaces }}\n          resources:\n{{ toYaml .Values.resources | indent 12 }}\n      imagePullSecrets:\n      - name: registry-secret\n    {{- with .Values.nodeSelector }}\n      nodeSelector:\n{{ toYaml . | indent 8 }}\n    {{- end }}\n    {{- with .Values.affinity }}\n      affinity:\n{{ toYaml . | indent 8 }}\n    {{- end }}\n    {{- with .Values.tolerations }}\n      tolerations:\n{{ toYaml . | indent 8 }}\n    {{- end }}\n"
  },
  {
    "path": "charts/pull-secret-distributor/templates/serviceaccount.yaml",
    "content": "{{- if and .Values.rbac.enabled }}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: {{ template \"pull-secret-distributor.fullname\" . }}-sa\n  labels:  \n    app.kubernetes.io/name: {{ include \"pull-secret-distributor.name\" . }}\n    helm.sh/chart: {{ include \"pull-secret-distributor.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\n{{- end }}\n"
  },
  {
    "path": "charts/pull-secret-distributor/values.yaml",
    "content": "# Default values for pull-secret-distributor.\n# This is a YAML-formatted file.\n# Declare variables to be passed into your templates.\n\nimage:\n  repository: kiwigrid/pull-secret-distributor\n  tag: 25\n  pullPolicy: IfNotPresent\n# csv list of secrets\npullSecrets: \"\"\n# pullSecrets: \"secret1,secret2\n\nignoreNamespaces: \"kube-system,kube-public\"\nrbac:\n  enabled: true\n\nresources: {}\n  # limits:\n  #   cpu: 50m\n  #   memory: 20Mi\n  # requests:\n  #   cpu: 20m\n  #   memory: 20Mi\n\nnodeSelector: {}\n\ntolerations: []\n\naffinity: {}\n"
  },
  {
    "path": "charts/secret-replicator/.helmignore",
    "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n"
  },
  {
    "path": "charts/secret-replicator/Chart.yaml",
    "content": "apiVersion: v1\nappVersion: \"0.2.0\"\ndescription: A Helm chart to replicate secret across namespaces\nname: secret-replicator\nversion: 0.6.0\nhome: https://github.com/kiwigrid/secret-replicator\nsources:\n- https://github.com/kiwigrid/secret-replicator\nmaintainers:\n- name: rpahli\n  email: rico.pahlisch@kiwigrid.com\n"
  },
  {
    "path": "charts/secret-replicator/README.md",
    "content": "# Secret Replicator\n\n- **Source:** https://github.com/kiwigrid/secret-replicator\n\n## Introduction\n\nThis chart distibutes existing secrets especially pull secrets across namespaces.\n\n## Installing the Chart\n\nInstall from remote URL with the release name `secret-replicator` into namespace `default`:\n\n```console\n$ helm upgrade -i secret-replicator kiwigrid/secret-replicator\n```\n\n## Uninstalling the Chart\n\nTo uninstall/delete the `secret-replicator` deployment:\n\n```console\n$ helm delete secret-replicator --purge\n```\n\nThe command removes all the Kubernetes components associated with the chart and deletes the release.\n\n## Configuration\n\nThe following table lists the configurable parameters of the chart and their default values.\n\n| Parameter                  | Description                                   | Default                      |\n|----------------------------|-----------------------------------------------|------------------------------|\n| `image.repository`         | image name                                    | `kiwigrid/secret-replicator` |\n| `image.tag`                | image tag                                     | `0.2.0`                      |\n| `image.pullPolicy`         | Image pull policy                             | `IfNotPresent`               |\n| `image.pullSecrets`        | Image pull secrets                            | `nil`                        |\n| `secretList`               | list of pull secrets                          | empty string                 |\n| `ignoreNamespaces`         | namespaces which should be excluded from sync | `kube-system,kube-pulic`     |\n| `secretNamespace`          | namespaces where the secrets can be found     | `<release namespace>`        |\n| `resources`                | Resource limits for pod                       | `{}`                         |\n| `nodeSelector`             | NodeSelector                                  | `{}`                         |\n| `tolerations`              | Tolerations                                   | `[]`                         |\n| `affinity`                 | Affinity                                      | `{}`                         |\n| `podSecurityContext`       | SecurityContext at pod level                  | `{}`                         |\n| `containerSecurityContext` | SecurityContext at container level            | `{}`                         |\n\n\nSpecify each parameter using the `--set key=value[,key=value]` argument to `helm install`.\n\nAlternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,\n\n```console\n$ helm install --name my-release -f values.yaml kiwigrid/secret-replicator\n```\n\n> **Tip**: You can use the default [values.yaml](values.yaml)\n"
  },
  {
    "path": "charts/secret-replicator/templates/NOTES.txt",
    "content": "Deployments successful installed.\n\nyou can check if it's working by creating a new namespace. The pull secrets should be populated to the new namespace.\n"
  },
  {
    "path": "charts/secret-replicator/templates/_helpers.tpl",
    "content": "{{/* vim: set filetype=mustache: */}}\n{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"secret-replicator.name\" -}}\n{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCreate a default fully qualified app name.\nWe truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).\nIf release name contains chart name it will be used as a full name.\n*/}}\n{{- define \"secret-replicator.fullname\" -}}\n{{- if .Values.fullnameOverride -}}\n{{- .Values.fullnameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- $name := default .Chart.Name .Values.nameOverride -}}\n{{- if contains $name .Release.Name -}}\n{{- .Release.Name | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- printf \"%s-%s\" .Release.Name $name | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n{{- end -}}\n{{- end -}}\n\n{{/*\nCreate chart name and version as used by the chart label.\n*/}}\n{{- define \"secret-replicator.chart\" -}}\n{{- printf \"%s-%s\" .Chart.Name .Chart.Version | replace \"+\" \"_\" | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n"
  },
  {
    "path": "charts/secret-replicator/templates/cluster-role.yaml",
    "content": "{{- if and .Values.rbac.enabled }}\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n  name: {{ template \"secret-replicator.fullname\" . }}-ca\n  labels:\n    app.kubernetes.io/name: {{ include \"secret-replicator.name\" . }}\n    helm.sh/chart: {{ include \"secret-replicator.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nrules:\n- apiGroups:\n    - \"\"\n  resources:\n    - \"secrets\"\n    - \"namespaces\"\n  verbs:\n    - \"*\"\n{{- end -}}\n"
  },
  {
    "path": "charts/secret-replicator/templates/cluster-rolebinding.yaml",
    "content": "{{- if and .Values.rbac.enabled }}\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  name: {{ template \"secret-replicator.fullname\" . }}-crb\n  labels:\n    app.kubernetes.io/name: {{ include \"secret-replicator.name\" . }}\n    helm.sh/chart: {{ include \"secret-replicator.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: {{ template \"secret-replicator.fullname\" . }}-ca\nsubjects:\n- kind: ServiceAccount\n  name: {{ template \"secret-replicator.fullname\" . }}-sa\n  namespace: {{ .Release.Namespace }}\n{{- end }}\n"
  },
  {
    "path": "charts/secret-replicator/templates/deployment.yaml",
    "content": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: {{ include \"secret-replicator.fullname\" . }}\n  labels:\n    app.kubernetes.io/name: {{ include \"secret-replicator.name\" . }}\n    helm.sh/chart: {{ include \"secret-replicator.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"secret-replicator.name\" . }}\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"secret-replicator.name\" . }}\n        app.kubernetes.io/instance: {{ .Release.Name }}\n    spec:\n      serviceAccountName: {{ template \"secret-replicator.fullname\" . }}-sa\n      securityContext:\n{{ toYaml .Values.podSecurityContext | indent 8 }}      \n      containers:\n        - name: {{ .Chart.Name }}\n          image: \"{{ .Values.image.repository }}:{{ .Values.image.tag }}\"\n          imagePullPolicy: {{ .Values.image.pullPolicy }}\n          env:\n          - name: SECRETS_LIST\n            value: {{ .Values.secretList }}\n          - name: IGNORE_NAMESPACES\n            value: {{ .Values.ignoreNamespaces }}\n          - name: SECRET_NAMESPACE\n            value: {{ .Values.secretNamespace | default .Release.Namespace }}\n          resources:\n{{ toYaml .Values.resources | indent 12 }}\n          securityContext:\n{{ toYaml .Values.containerSecurityContext | indent 12 }}\n      {{- if .Values.image.pullSecrets }}\n      imagePullSecrets:\n      - name: {{ .Values.image.pullSecrets }}\n      {{- end }}\n    {{- with .Values.nodeSelector }}\n      nodeSelector:\n{{ toYaml . | indent 8 }}\n    {{- end }}\n    {{- with .Values.affinity }}\n      affinity:\n{{ toYaml . | indent 8 }}\n    {{- end }}\n    {{- with .Values.tolerations }}\n      tolerations:\n{{ toYaml . | indent 8 }}\n    {{- end }}\n"
  },
  {
    "path": "charts/secret-replicator/templates/serviceaccount.yaml",
    "content": "{{- if and .Values.rbac.enabled }}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: {{ template \"secret-replicator.fullname\" . }}-sa\n  labels:  \n    app.kubernetes.io/name: {{ include \"secret-replicator.name\" . }}\n    helm.sh/chart: {{ include \"secret-replicator.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\n{{- end }}\n"
  },
  {
    "path": "charts/secret-replicator/values.yaml",
    "content": "# Default values for secret-replicator.\n# This is a YAML-formatted file.\n# Declare variables to be passed into your templates.\n\nimage:\n  repository: kiwigrid/secret-replicator\n  tag: 0.2.0\n  pullPolicy: IfNotPresent\n  ## Specify ImagePullSecrets for Pods\n  ## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod\n  # pullSecrets: myregistrykey\n\n# csv list of secrets\nsecretList: \"\"\n# secretList: \"secret1,secret2\n\nignoreNamespaces: \"kube-system,kube-public\"\n\n# If defined, allow secret-replicator to watch for secrets in _another_ namespace\nsecretNamespace:\n\nrbac:\n  enabled: true\n\nresources: {}\n  # limits:\n  #   cpu: 50m\n  #   memory: 20Mi\n  # requests:\n  #   cpu: 20m\n  #   memory: 20Mi\n\nnodeSelector: {}\n\ntolerations: []\n\naffinity: {}\n"
  },
  {
    "path": "charts/spring-cloud-config-server/.helmignore",
    "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n.vscode/\n"
  },
  {
    "path": "charts/spring-cloud-config-server/Chart.yaml",
    "content": "apiVersion: v1\nappVersion: \"2.1.3.RELEASE\"\ndescription: A Helm chart for Spring Cloud Config Server\nname: spring-cloud-config-server\nversion: 0.1.3\nhome: https://github.com/hyness/spring-cloud-config-server\nsources:\n- https://github.com/hyness/spring-cloud-config-server\n- https://github.com/kiwigrid/helm-charts/tree/master/charts/spring-cloud-config-server\nmaintainers:\n- name: rpahli\n  email: rico.pahlisch@kiwigrid.com\n"
  },
  {
    "path": "charts/spring-cloud-config-server/README.md",
    "content": "# Spring Cloud Config Server\n\n## Introduction\n\nSpring Cloud Config Server is a normal Spring Boot application, it can be configured through all the ways a Spring Boot application can be configured.  You may use environment variables or you can mount configuration in the provided volume.  The configuration file must be named **application** and may be a properties or yaml file. See the [Spring Boot documentation](http://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#boot-features-external-config) for further information on how to use and configure Spring Boot.\n\n## Prerequisites\n\n-   Has been tested on Kubernetes 1.11+\n\n## Installing the Chart\n\nTo install the chart with the release name `spring-cloud-config-server`, run the following command:\n\n```bash\n$ helm install kiwigrid/spring-cloud-config-server --name spring-cloud-config-server\n```\n\n## Uninstalling the Chart\n\nTo uninstall/delete the `spring-cloud-config-server` deployment:\n\n```bash\n$ helm delete spring-cloud-config-server\n```\n\nThe command removes all the Kubernetes components associated with the chart and deletes the release.\n\n> **Tip**: To completely remove the release, run `helm delete --purge spring-cloud-config-server`\n\n## Configuration\n\nThe following table lists the configurable parameters of the spring-cloud-config-server chart and their default values.\n\n| Parameter                                  | Description                               | Default                            |\n| ------------------------------------------ | ----------------------------------------- | ---------------------------------- |\n| `image.repository`                         | Docker image repo                         | `hyness/spring-cloud-config-server`|\n| `image.tag`                                | Docker image                              | `2.1.3.RELEASE`                    |\n| `image.pullPolicy`                         | Docker image pull policy                  | `IfNotPresent`                     |\n| `image.pullSecrets`                        | Docker image pull secrets                 | `{}`                               |\n| `service.type`                             | Service type                              | `ClusterIP`                        |\n| `service.port`                             | Service port of spring-cloud-config-server| `80`                               |\n| `resources`                                | Resource limits for the pod               | `{}`                               |\n| `ingress.enabled`                          | Ingress enabled                           | `false`                            |\n| `ingress.annotations`                      | Ingress annotations                       | `{}`                               |\n| `podTemplate.annotations`                  | Pod template annotations                  | `{}`                               |\n| `ingress.path`                             | Ingress path                              | `/`                                |\n| `ingress.hosts`                            | Ingress hosts                             | `[]`                               |\n| `ingress.tls`                              | Ingress TLS                               | `[]`                               |\n| `resources`                                | Resources                                 | `{}`                               |\n| `nodeSelector`                             | NodeSelector                              | `{}`                               |\n| `tolerations`                              | Tolerations                               | `[]`                               |\n| `affinity`                                 | Affinity                                  | `{}`                               |\n| `extraEnv`                                 | extra Env                                 | `[]`                               |\n| `config.gitUri`                            | git repo URL                              | `{}`                               |\n| `config.gitSearchpath`                     | git search path                           | `{application}`                    |\n| `secrets.gitUsername`                      | git username                              | `{}`                               |\n| `secrets.gitPassword`                      | git password                              | `{}`                               |\n| `secrets.githubKnownHosts                  | known_hosts content (base64)              | `{}`                               |\n| `secrets.githubPrivateKey`                 | id_rsa content (base64)                   | `{}`                               |\n\n\nSpecify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example:\n\n```bash\n$ helm install --name spring-cloud-config-server --set ingress.enabled=false kiwigrid/spring-cloud-config-server\n```\n\nAlternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart.\n"
  },
  {
    "path": "charts/spring-cloud-config-server/templates/NOTES.txt",
    "content": "Spring cloud config server is now running\n"
  },
  {
    "path": "charts/spring-cloud-config-server/templates/_helpers.tpl",
    "content": "{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"spring-cloud-config-server.name\" -}}\n{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix \"-\" }}\n{{- end }}\n\n{{/*\nCreate a default fully qualified app name.\nWe truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).\nIf release name contains chart name it will be used as a full name.\n*/}}\n{{- define \"spring-cloud-config-server.fullname\" -}}\n{{- if .Values.fullnameOverride }}\n{{- .Values.fullnameOverride | trunc 63 | trimSuffix \"-\" }}\n{{- else }}\n{{- $name := default .Chart.Name .Values.nameOverride }}\n{{- if contains $name .Release.Name }}\n{{- .Release.Name | trunc 63 | trimSuffix \"-\" }}\n{{- else }}\n{{- printf \"%s-%s\" .Release.Name $name | trunc 63 | trimSuffix \"-\" }}\n{{- end }}\n{{- end }}\n{{- end }}\n\n{{/*\nCreate chart name and version as used by the chart label.\n*/}}\n{{- define \"spring-cloud-config-server.chart\" -}}\n{{- printf \"%s-%s\" .Chart.Name .Chart.Version | replace \"+\" \"_\" | trunc 63 | trimSuffix \"-\" }}\n{{- end }}\n\n{{/*\nCommon labels\n*/}}\n{{- define \"spring-cloud-config-server.labels\" -}}\nhelm.sh/chart: {{ include \"spring-cloud-config-server.chart\" . }}\n{{ include \"spring-cloud-config-server.selectorLabels\" . }}\n{{- if .Chart.AppVersion }}\napp.kubernetes.io/version: {{ .Chart.AppVersion | quote }}\n{{- end }}\napp.kubernetes.io/managed-by: {{ .Release.Service }}\n{{- end }}\n\n{{/*\nSelector labels\n*/}}\n{{- define \"spring-cloud-config-server.selectorLabels\" -}}\napp.kubernetes.io/name: {{ include \"spring-cloud-config-server.name\" . }}\napp.kubernetes.io/instance: {{ .Release.Name }}\n{{- end }}\n\n{{/*\nCreate the name of the service account to use\n*/}}\n{{- define \"spring-cloud-config-server.serviceAccountName\" -}}\n{{- if .Values.serviceAccount.create }}\n{{- default (include \"spring-cloud-config-server.fullname\" .) .Values.serviceAccount.name }}\n{{- else }}\n{{- default \"default\" .Values.serviceAccount.name }}\n{{- end }}\n{{- end }}\n"
  },
  {
    "path": "charts/spring-cloud-config-server/templates/deployment.yaml",
    "content": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: {{ include \"spring-cloud-config-server.fullname\" . }}\n  labels:\n    {{- include \"spring-cloud-config-server.labels\" . | nindent 4 }}\nspec:\n  replicas: {{ .Values.replicaCount }}\n  selector:\n    matchLabels:\n      {{- include \"spring-cloud-config-server.labels\" . | nindent 6 }}\n  template:\n    metadata:\n      labels:\n        {{- include \"spring-cloud-config-server.labels\" . | nindent 8 }}\n        {{- with .Values.podTemplate.annotations }}  \n        {{- toYaml . | nindent 8 }}\n        {{- end }}\n    spec:\n    {{- with .Values.imagePullSecrets }}\n      imagePullSecrets:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- if .Values.secrets.githubPrivateKey }}\n      volumes:\n        - name: {{ include \"spring-cloud-config-server.fullname\" . }}-githubprivatekey\n          secret:\n            secretName: {{ include \"spring-cloud-config-server.fullname\" . }}-githubprivatekey\n            defaultMode: 0600\n    {{- end }}\n      containers:\n        - name: {{ .Chart.Name }}\n          image: \"{{ .Values.image.repository }}:{{ .Values.image.tag }}\"\n          imagePullPolicy: {{ .Values.image.pullPolicy }}\n          {{- if .Values.secrets.githubPrivateKey }}\n          volumeMounts:\n            - name: {{ include \"spring-cloud-config-server.fullname\" . }}-githubprivatekey\n              readOnly: true\n              mountPath: \"/root/.ssh/\"\n          {{- end }}\n          ports:\n            - name: http\n              containerPort: 8888\n              protocol: TCP\n          livenessProbe:\n            httpGet:\n              path: /actuator/health\n              port: http\n          readinessProbe:\n            httpGet:\n              path: /actuator/health\n              port: http\n          env:\n          {{- if .Values.config.gitUri }}\n          - name: SPRING_CLOUD_CONFIG_SERVER_GIT_URI\n            value: \"{{ .Values.config.gitUri }}\"\n          {{- else }}\n          - name: SPRING_PROFILES_ACTIVE\n            value: \"native\"\n          {{- end}}\n          - name: SPRING_CLOUD_CONFIG_SERVER_GIT_SEARCHPATHS\n            value: \"{{ .Values.config.gitSearchpath }}\"\n          - name: SPRING_CLOUD_CONFIG_SERVER_GIT_USERNAME\n            valueFrom:\n              secretKeyRef:\n                name: \"{{ include \"spring-cloud-config-server.fullname\" . }}\"\n                key: \"gitUsername\"\n          - name: SPRING_CLOUD_CONFIG_SERVER_GIT_PASSWORD\n            valueFrom:\n              secretKeyRef:\n                name: \"{{ include \"spring-cloud-config-server.fullname\" . }}\"\n                key: \"gitPassword\"\n          {{- if .Values.extraEnv }}\n            {{- toYaml .Values.extraEnv | nindent 10 }}\n          {{- end }}\n          resources:\n            {{- toYaml .Values.resources | nindent 12 }}\n      {{- with .Values.nodeSelector }}\n      nodeSelector:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n    {{- with .Values.affinity }}\n      affinity:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- with .Values.tolerations }}\n      tolerations:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n"
  },
  {
    "path": "charts/spring-cloud-config-server/templates/ingress.yaml",
    "content": "{{- if .Values.ingress.enabled -}}\n{{- $fullName := include \"spring-cloud-config-server.fullname\" . -}}\napiVersion: networking.k8s.io/v1beta1\nkind: Ingress\nmetadata:\n  name: {{ $fullName }}\n  labels:\n    {{- include \"spring-cloud-config-server.labels\" . | nindent 4 }}\n  {{- with .Values.ingress.annotations }}\n  annotations:\n    {{- toYaml . | nindent 4 }}\n  {{- end }}\nspec:\n{{- if .Values.ingress.tls }}\n  tls:\n  {{- range .Values.ingress.tls }}\n    - hosts:\n      {{- range .hosts }}\n        - {{ . | quote }}\n      {{- end }}\n      secretName: {{ .secretName }}\n  {{- end }}\n{{- end }}\n  rules:\n  {{- range .Values.ingress.hosts }}\n    - host: {{ .host | quote }}\n      http:\n        paths:\n        {{- range .paths }}\n          - path: {{ . }}\n            backend:\n              serviceName: {{ $fullName }}\n              servicePort: http\n        {{- end }}\n  {{- end }}\n{{- end }}\n"
  },
  {
    "path": "charts/spring-cloud-config-server/templates/secret.yaml",
    "content": "apiVersion: v1\nkind: Secret\ntype: Opaque\nmetadata:\n  name: {{ include \"spring-cloud-config-server.fullname\" . }}\n  labels:\n{{ include \"spring-cloud-config-server.labels\" . | indent 4 }}\ndata:\n  {{- if .Values.secrets.gitUsername }}\n  gitUsername: {{ .Values.secrets.gitUsername | b64enc | quote }}\n  {{- else }}\n  gitUsername: {{ randAlphaNum 20 | b64enc | quote }}\n  {{- end }}\n  {{- if .Values.secrets.gitPassword }}\n  gitPassword: {{ .Values.secrets.gitPassword | b64enc | quote }}\n  {{- else }}\n  gitPassword: {{ randAlphaNum 20 | b64enc | quote }}\n  {{- end }}\n---\n{{- if .Values.secrets.githubPrivateKey }}\napiVersion: v1\nkind: Secret\ntype: Opaque\nmetadata:\n  name: {{ include \"spring-cloud-config-server.fullname\" . }}-githubprivatekey\n  labels:\n{{ include \"spring-cloud-config-server.labels\" . | indent 4 }}\ndata:\n  id_rsa: {{ .Values.secrets.githubPrivateKey }}\n  known_hosts: {{ .Values.secrets.githubKnownHosts }}\n{{- end }}\n"
  },
  {
    "path": "charts/spring-cloud-config-server/templates/service.yaml",
    "content": "apiVersion: v1\nkind: Service\nmetadata:\n  name: {{ include \"spring-cloud-config-server.fullname\" . }}\n  labels:\n    {{- include \"spring-cloud-config-server.labels\" . | nindent 4 }}\nspec:\n  type: {{ .Values.service.type }}\n  ports:\n    - port: {{ .Values.service.port }}\n      targetPort: http\n      protocol: TCP\n      name: http\n  selector:\n    {{- include \"spring-cloud-config-server.selectorLabels\" . | nindent 4 }}\n\n"
  },
  {
    "path": "charts/spring-cloud-config-server/values.yaml",
    "content": "# Default values for spring-cloud-config-server.\n# This is a YAML-formatted file.\n# Declare variables to be passed into your templates.\n\nreplicaCount: 1\n\nimage:\n  repository: hyness/spring-cloud-config-server\n  tag: 2.1.3.RELEASE\n  pullPolicy: IfNotPresent\n\nimagePullSecrets: []\nnameOverride: \"\"\nfullnameOverride: \"\"\n\nservice:\n  type: ClusterIP\n  port: 80\n\ningress:\n  enabled: false\n  annotations: {}\n    # kubernetes.io/ingress.class: nginx\n    # kubernetes.io/tls-acme: \"true\"\n  hosts:\n    - host: chart-example.local\n      paths: []\n\n  tls: []\n  #  - secretName: chart-example-tls\n  #    hosts:\n  #      - chart-example.local\n\nresources: {}\n  # We usually recommend not to specify default resources and to leave this as a conscious\n  # choice for the user. This also increases chances charts run on environments with little\n  # resources, such as Minikube. If you do want to specify resources, uncomment the following\n  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.\n  # limits:\n  #   cpu: 100m\n  #   memory: 128Mi\n  # requests:\n  #   cpu: 100m\n  #   memory: 128Mi\n\nnodeSelector: {}\n\ntolerations: []\n\naffinity: {}\n\npodTemplate:\n  annotations: {}\n\nextraEnv: []\nconfig:\n  gitUri: \"\"\n  gitSearchpath: \"{application}\"\n\nsecrets:\n  gitUsername: \"\"\n  gitPassword: \"\"\n# Github deploy key auth method. Base64 coded known_hosts and private key.\n# githubKnownHosts: \"\"\n# githubPrivateKey: \"\"\n\n"
  },
  {
    "path": "charts/stackdriver-exporter/.helmignore",
    "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n.vscode/\n"
  },
  {
    "path": "charts/stackdriver-exporter/Chart.yaml",
    "content": "apiVersion: v1\nappVersion: \"0.6.0\"\ndescription: A Helm chart for exporting stackdriver metrics to prometheus\nname: stackdriver-exporter\nversion: 0.2.0\nhome: https://github.com/frodenas/stackdriver_exporter\nsources:\n- https://github.com/frodenas/stackdriver_exporter\nmaintainers:\n- name: rpahli\n  email: rico.pahlisch@kiwigrid.com\n"
  },
  {
    "path": "charts/stackdriver-exporter/README.md",
    "content": "# Stackdriver Exporter\n\n- **Source:** https://github.com/frodenas/stackdriver_exporter\n\n## Introduction\n\nThis chart is for the stackdriver exporter.\n\n## Installing the Chart\n\nInstall from remote URL with the release name `stackdriver-exporter` into namespace `default`:\n\n```console\nhelm upgrade -i stackdriver-exporter kiwigrid/stackdriver-exporter\n```\n\n## Uninstalling the Chart\n\nTo uninstall/delete the `stackdriver-exporter` deployment:\n\n```console\nhelm delete stackdriver-exporter --purge\n```\n\nThe command removes all the Kubernetes components associated with the chart and deletes the release.\n\n## Configuration\n\nThe following table lists the configurable parameters of the chart and their default values.\n\n| Parameter                         | Description                             | Default                                                                                     |\n| --------------------------------- | --------------------------------------  | ---------------------------------------------------------                                   |\n| `image.repository`                           | image name                        | `frodenas/stackdriver-exporter`                                                        |\n| `image.tag`                        | image tag                      | `v0.6.0`                                                                                      |\n| `image.pullPolicy`                 | Image pull policy                       | `IfNotPresent`                                                                              |\n| `web.port`                    | listen port                          | `9255`                                               |\n| `web.path`                    | Path under which to expose Prometheus metrics                          | `/metrics`                                               |\n| `gcp.projectId`                    | gcp project id                          |                                                        |\n| `gcp.serviceAccountName`                    | name of service account for gcp                          |                                                        |\n| `gcp.keyfileSecretName`                    | name of secret                          |                                                        |\n| `gcp.metricsTypePrefixes`          | list of metric prefixes                                     |             |\n| `gcp.metricsInterval`          | Metric's timestamp interval to request from the Google Stackdriver Monitoring Metrics API. Only the most recent data point is used                                     | `5m`            |\n| `gcp.metricsOffset`          | Offset (into the past) for the metric's timestamp interval to request from the Google Stackdriver Monitoring Metrics API, to handle latency in published metrics                                     | `0s`            |\n| `gcpCredentials`          | gcp key file base64 encoded has only be set if `usingGCPController` is `false`                    |             |\n| `usingGCPController`          | if true the secret will be created via a crd (see [Gcp Service Account Controller](https://github.com/kiwigrid/gcp-serviceaccount-controller) for more infos)                                     | `false`             |\n| `resources`                    | Resource limits for pod             | `{}`                                   |\n| `nodeSelector`                 | NodeSelector                                 | `{}`                                   |\n| `tolerations`                  | Tolerations                                  | `[]`                                   |\n| `affinity`                     | Affinity                                     | `{}`                                   |\n| `prometheusScrapeSlow`         | Enables prometheus.io/scrape-slow annotation | `false`                                |\n\nSpecify each parameter using the `--set key=value[,key=value]` argument to `helm install`.\n\nAlternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,\n\n```console\nhelm install --name my-release -f values.yaml kiwigrid/stackdriver-exporter\n```\n\n> **Tip**: You can use the default [values.yaml](values.yaml)\n"
  },
  {
    "path": "charts/stackdriver-exporter/templates/NOTES.txt",
    "content": "Deployments successful installed.\n\nyou can check if it's working by forwarding the port 9255 and visit localhost:9255/metrics\n\n  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l \"app.kubernetes.io/name={{ include \"stackdriver-exporter.name\" . }},app.kubernetes.io/instance={{ .Release.Name }}\" -o jsonpath=\"{.items[0].metadata.name}\")\n  echo \"Visit http://127.0.0.1:9255/metrics to use your application\"\n  kubectl port-forward $POD_NAME 9255\n  "
  },
  {
    "path": "charts/stackdriver-exporter/templates/_helpers.tpl",
    "content": "{{/* vim: set filetype=mustache: */}}\n{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"stackdriver-exporter.name\" -}}\n{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCreate a default fully qualified app name.\nWe truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).\nIf release name contains chart name it will be used as a full name.\n*/}}\n{{- define \"stackdriver-exporter.fullname\" -}}\n{{- if .Values.fullnameOverride -}}\n{{- .Values.fullnameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- $name := default .Chart.Name .Values.nameOverride -}}\n{{- if contains $name .Release.Name -}}\n{{- .Release.Name | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- printf \"%s-%s\" .Release.Name $name | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n{{- end -}}\n{{- end -}}\n\n{{/*\nCreate chart name and version as used by the chart label.\n*/}}\n{{- define \"stackdriver-exporter.chart\" -}}\n{{- printf \"%s-%s\" .Chart.Name .Chart.Version | replace \"+\" \"_\" | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\ncreate a csv for metric prefixes\n*/}}\n{{- define \"stackdriver-exporter.utils.joinListWithComma\" -}}\n{{- $local := dict \"first\" true -}}\n{{- range $k, $v := . -}}{{- if not $local.first -}},{{- end -}}{{- $v -}}{{- $_ := set $local \"first\" false -}}{{- end -}}\n{{- end -}}\n\n{{/*\nGenerate gcp service account secret name\n*/}}\n{{- define \"stackdriver-exporter.gcpsecretName\" -}}\n{{ default ( printf \"%s-%s\" (include \"stackdriver-exporter.fullname\" .) \"gcloud-keyfile\" ) .Values.gcp.keyfileSecretName }}\n{{- end -}}\n\n{{/*\nGenerate gcp service account name\n*/}}\n{{- define \"stackdriver-exporter.serviceAccountName\" -}}\n{{ default (include \"stackdriver-exporter.fullname\" .) .Values.gcp.serviceAccountName }}\n{{- end -}}\n"
  },
  {
    "path": "charts/stackdriver-exporter/templates/deployment.yaml",
    "content": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: {{ include \"stackdriver-exporter.fullname\" . }}\n  labels:\n    app.kubernetes.io/name: {{ include \"stackdriver-exporter.name\" . }}\n    helm.sh/chart: {{ include \"stackdriver-exporter.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  replicas: {{ .Values.replicaCount }}\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"stackdriver-exporter.name\" . }}\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"stackdriver-exporter.name\" . }}\n        app.kubernetes.io/instance: {{ .Release.Name }}\n      annotations:\n{{- if .Values.usingGCPController }}\n        checksum/secret: {{ include (print $.Template.BasePath \"/gcpserviceaccount.yaml\") . | sha256sum }}        \n{{ else }}\n        checksum/secret: {{ include (print $.Template.BasePath \"/secret.yaml\") . | sha256sum }}        \n{{ end }}\n        prometheus.io/port: \"{{ .Values.web.port }}\"\n        prometheus.io/scrape: \"true\"\n        prometheus.io/path: \"{{ .Values.web.path }}\"\n{{- if .Values.prometheusScrapeSlow }}\n        prometheus.io/scrape-slow: \"true\"\n{{ end }}\n    spec:\n      containers:\n        - name: {{ .Chart.Name }}\n          image: \"{{ .Values.image.repository }}:{{ .Values.image.tag }}\"\n          imagePullPolicy: {{ .Values.image.pullPolicy }}\n          args:\n            - --google.project-id={{ required \"gcp.projectId has to be set\" .Values.gcp.projectId }}\n            - --monitoring.metrics-type-prefixes={{ include \"stackdriver-exporter.utils.joinListWithComma\" .Values.gcp.metricsTypePrefixes }}\n            - --web.listen-address=:{{ .Values.web.port }}\n            - --web.telemetry-path={{ .Values.web.path }}\n{{- if .Values.gcp.metricsInterval }}\n            - --monitoring.metrics-interval={{ .Values.gcp.metricsInterval }}\n{{ end }}\n{{- if .Values.gcp.metricsOffset }}\n            - --monitoring.metrics-offset={{ .Values.gcp.metricsOffset }}\n{{ end }}\n          ports:\n            - name: http\n              containerPort: {{ .Values.web.port }}\n              protocol: TCP\n          livenessProbe:\n            httpGet:\n              path: /\n              port: http\n          readinessProbe:\n            httpGet:\n              path: /\n              port: http\n          env:\n          - name: GOOGLE_APPLICATION_CREDENTIALS\n            value: /var/secrets/gcp/credentials.json\n          volumeMounts:          \n          - name: gcp-secret\n            mountPath: /var/secrets/gcp\n          resources:\n            {{- toYaml .Values.resources | nindent 12 }}\n      {{- with .Values.nodeSelector }}\n      nodeSelector:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n    {{- with .Values.affinity }}\n      affinity:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- with .Values.tolerations }}\n      tolerations:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n      volumes:      \n      - name: gcp-secret\n        secret:\n          secretName: {{ template \"stackdriver-exporter.gcpsecretName\" . }}\n\n"
  },
  {
    "path": "charts/stackdriver-exporter/templates/gcpserviceaccount.yaml",
    "content": "{{- if .Values.usingGCPController }}\napiVersion: gcp.kiwigrid.com/v1beta1\nkind: GcpServiceAccount\nmetadata:\n  labels:\n    app.kubernetes.io/name: {{ include \"stackdriver-exporter.name\" . }}\n    helm.sh/chart: {{ include \"stackdriver-exporter.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\n  name: {{ template \"stackdriver-exporter.fullname\" . }}\nspec:\n  serviceAccountIdentifier: {{ template \"stackdriver-exporter.serviceAccountName\" . }}\n  serviceAccountDescription: Service account for accessing stackdriver metrics for prometheus\n  secretName: {{ template \"stackdriver-exporter.gcpsecretName\" . }}\n  bindings:\n  - resource: \"//cloudresourcemanager.googleapis.com/projects/{{required \"gcp.projectId has to be set\" .Values.gcp.projectId }}\"\n    roles:\n    - roles/monitoring.viewer\n{{ end }}\n"
  },
  {
    "path": "charts/stackdriver-exporter/templates/secret.yaml",
    "content": "{{- if not .Values.usingGCPController }}\napiVersion: v1\nkind: Secret\nmetadata:\n  name: {{ template \"stackdriver-exporter.gcpsecretName\" . }}\n  labels:\n    app.kubernetes.io/name: {{ include \"stackdriver-exporter.name\" . }}\n    helm.sh/chart: {{ include \"stackdriver-exporter.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}    \ndata:\n  credentials.json: \"{{ required \"gcpCredentials has to be set if usingGCPController is false\" .Values.gcpCredentials }}\"\n{{ end }}\n"
  },
  {
    "path": "charts/stackdriver-exporter/values.yaml",
    "content": "# Default values for stackdriver-exporter.\n# This is a YAML-formatted file.\n# Declare variables to be passed into your templates.\n\nreplicaCount: 1\n\nimage:\n  repository: frodenas/stackdriver-exporter\n  tag: v0.6.0\n  pullPolicy: IfNotPresent\n\nnameOverride: \"\"\nfullnameOverride: \"\"\nweb:\n  port: 9255\n  path: /metrics\n\ngcp:\n  projectId: \"DUMMY_PROJECT\"\n#  serviceAccountName: \"\"\n#  keyfileSecretName: \"\"\n#  metricsOffset: 0s\n#  metricsInterval: 5m\n  metricsTypePrefixes:\n  - logging.googleapis.com/\n  # - pubsub.googleapis.com/\n  # - cloudsql.googleapis.com/\n  # - container.googleapis.com/\n  # - dataproc.googleapis.com/\n  # - compute.googleapis.com/instance/cpu\n\nusingGCPController: false\n# has to bae base64 encoded\ngcpCredentials: \"ewogICAidHlwZSI6ICJzZXJ2aWNlX2FjY291bnQiLAogICAicHJvamVjdF9pZCI6ICJkdW1teS1hY2MiLAogICAicHJpdmF0ZV9rZXlfaWQiOiAiMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAiLAogICAicHJpdmF0ZV9rZXkiOiAiIiwKICAgImNsaWVudF9lbWFpbCI6ICJkdW1teUBkdW1teS1hY2MuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iLAogICAiY2xpZW50X2lkIjogIjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAiLAogICAiYXV0aF91cmkiOiAiaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tL28vb2F1dGgyL2F1dGgiLAogICAidG9rZW5fdXJpIjogImh0dHBzOi8vb2F1dGgyLmdvb2dsZWFwaXMuY29tL3Rva2VuIiwKICAgImF1dGhfcHJvdmlkZXJfeDUwOV9jZXJ0X3VybCI6ICJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9vYXV0aDIvdjEvY2VydHMiLAogICAiY2xpZW50X3g1MDlfY2VydF91cmwiOiAiaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vcm9ib3QvdjEvbWV0YWRhdGEveDUwOS9kdW1teSVkdW1teS1hY2MuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iCn0K\"\n\nresources: {}\n  # We usually recommend not to specify default resources and to leave this as a conscious\n  # choice for the user. This also increases chances charts run on environments with little\n  # resources, such as Minikube. If you do want to specify resources, uncomment the following\n  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.\n  # limits:\n  #   cpu: 100m\n  #   memory: 128Mi\n  # requests:\n  #   cpu: 100m\n  #   memory: 128Mi\n\nnodeSelector: {}\n\ntolerations: []\n\naffinity: {}\n\nprometheusScrapeSlow: false\n"
  },
  {
    "path": "charts/zipkin-stackdriver-proxy/.helmignore",
    "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n.vscode/\n"
  },
  {
    "path": "charts/zipkin-stackdriver-proxy/Chart.yaml",
    "content": "apiVersion: v1\nappVersion: \"v0.6.0\"\ndescription: A Helm chart for Zipkin Stackdriver proxy\nname: zipkin-stackdriver-proxy\nversion: 0.1.0\nhome: https://github.com/openzipkin/zipkin-gcp\nsources:\n  - https://github.com/openzipkin/zipkin-gcp\nmaintainers:\n  - name: rpahli\n    email: rico.pahlisch@kiwigrid.com\n"
  },
  {
    "path": "charts/zipkin-stackdriver-proxy/README.md",
    "content": "# Zipkins Stackdriver Proxy\n\n- **Source:** https://github.com/openzipkin/zipkin-gcp\n\n## Introduction\n\nThis chart forwards zipkin traces to stackdriver.\n\n## Installing the Chart\n\nInstall from remote URL with the release name `zipkin-stackdriver-proxy` into namespace `default`:\n\n```console\n$ helm upgrade -i zipkin-stackdriver-proxy kiwigrid/zipkin-stackdriver-proxy\n```\n\n## Uninstalling the Chart\n\nTo uninstall/delete the `zipkin-stackdriver-proxy` deployment:\n\n```console\n$ helm delete zipkin-stackdriver-proxy --purge\n```\n\nThe command removes all the Kubernetes components associated with the chart and deletes the release.\n\n## Configuration\n\nThe following table lists the configurable parameters of the chart and their default values.\n\n| Parameter                         | Description                             | Default                                                                                     |\n| --------------------------------- | --------------------------------------  | ---------------------------------------------------------                                   |\n| `image.repository`                           | image name                        | `gcr.io/stackdriver-trace-docker/zipkin-collector`                                                        |\n| `image.tag`                        | image tag                      | `v0.6.0`                                                                                      |\n| `image.pullPolicy`                 | Image pull policy                       | `IfNotPresent`                                                                              |\n| `resources`                    | Resource limits for pod             | `{}`                                   |\n| `nodeSelector`                 | NodeSelector                                 | `{}`                                   |\n| `tolerations`                  | Tolerations                                  | `[]`                                   |\n| `affinity`                     | Affinity                                     | `{}`                                   |\n\n\nSpecify each parameter using the `--set key=value[,key=value]` argument to `helm install`.\n\nAlternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,\n\n```console\n$ helm install --name my-release -f values.yaml kiwigrid/zipkin-stackdriver-proxy\n```\n\n> **Tip**: You can use the default [values.yaml](values.yaml)\n"
  },
  {
    "path": "charts/zipkin-stackdriver-proxy/templates/NOTES.txt",
    "content": "Your Zipkin proxy is now running and can collect traces from your apps\n"
  },
  {
    "path": "charts/zipkin-stackdriver-proxy/templates/_helpers.tpl",
    "content": "{{/* vim: set filetype=mustache: */}}\n{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"zipkin-stackdriver-proxy.name\" -}}\n{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCreate a default fully qualified app name.\nWe truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).\nIf release name contains chart name it will be used as a full name.\n*/}}\n{{- define \"zipkin-stackdriver-proxy.fullname\" -}}\n{{- if .Values.fullnameOverride -}}\n{{- .Values.fullnameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- $name := default .Chart.Name .Values.nameOverride -}}\n{{- if contains $name .Release.Name -}}\n{{- .Release.Name | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- printf \"%s-%s\" .Release.Name $name | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n{{- end -}}\n{{- end -}}\n\n{{/*\nCreate chart name and version as used by the chart label.\n*/}}\n{{- define \"zipkin-stackdriver-proxy.chart\" -}}\n{{- printf \"%s-%s\" .Chart.Name .Chart.Version | replace \"+\" \"_\" | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n"
  },
  {
    "path": "charts/zipkin-stackdriver-proxy/templates/deployment.yaml",
    "content": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: {{ include \"zipkin-stackdriver-proxy.fullname\" . }}\n  labels:\n    app.kubernetes.io/name: {{ include \"zipkin-stackdriver-proxy.name\" . }}\n    helm.sh/chart: {{ include \"zipkin-stackdriver-proxy.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  replicas: {{ .Values.replicaCount }}\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: {{ include \"zipkin-stackdriver-proxy.name\" . }}\n      app.kubernetes.io/instance: {{ .Release.Name }}\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: {{ include \"zipkin-stackdriver-proxy.name\" . }}\n        app.kubernetes.io/instance: {{ .Release.Name }}\n    spec:\n      containers:\n        - name: {{ .Chart.Name }}\n          image: \"{{ .Values.image.repository }}:{{ .Values.image.tag }}\"\n          imagePullPolicy: {{ .Values.image.pullPolicy }}\n          ports:\n            - name: http\n              containerPort: 9411\n              protocol: TCP\n          livenessProbe:\n            httpGet:\n              path: /health\n              port: http\n          readinessProbe:\n            httpGet:\n              path: /health\n              port: http\n          resources:\n            {{- toYaml .Values.resources | nindent 12 }}\n      {{- with .Values.nodeSelector }}\n      nodeSelector:\n        {{- toYaml . | nindent 8 }}\n      {{- end }}\n    {{- with .Values.affinity }}\n      affinity:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n    {{- with .Values.tolerations }}\n      tolerations:\n        {{- toYaml . | nindent 8 }}\n    {{- end }}\n"
  },
  {
    "path": "charts/zipkin-stackdriver-proxy/templates/service.yaml",
    "content": "apiVersion: v1\nkind: Service\nmetadata:\n  name: {{ include \"zipkin-stackdriver-proxy.fullname\" . }}\n  labels:\n    app.kubernetes.io/name: {{ include \"zipkin-stackdriver-proxy.name\" . }}\n    helm.sh/chart: {{ include \"zipkin-stackdriver-proxy.chart\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n    app.kubernetes.io/managed-by: {{ .Release.Service }}\nspec:\n  type: {{ .Values.service.type }}\n  ports:\n    - port: {{ .Values.service.port }}\n      targetPort: http\n      protocol: TCP\n      name: http\n  selector:\n    app.kubernetes.io/name: {{ include \"zipkin-stackdriver-proxy.name\" . }}\n    app.kubernetes.io/instance: {{ .Release.Name }}\n"
  },
  {
    "path": "charts/zipkin-stackdriver-proxy/values.yaml",
    "content": "# Default values for zipkin-stackdriver-proxy.\n# This is a YAML-formatted file.\n# Declare variables to be passed into your templates.\n\nreplicaCount: 1\n\nimage:\n  repository: gcr.io/stackdriver-trace-docker/zipkin-collector\n  tag: v0.6.0\n  pullPolicy: IfNotPresent\n\nnameOverride: \"\"\nfullnameOverride: \"\"\n\nservice:\n  type: ClusterIP\n  port: 9411\n\nresources: {}\n  # We usually recommend not to specify default resources and to leave this as a conscious\n  # choice for the user. This also increases chances charts run on environments with little\n  # resources, such as Minikube. If you do want to specify resources, uncomment the following\n  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.\n  # limits:\n  #  cpu: 100m\n  #  memory: 128Mi\n  # requests:\n  #  cpu: 100m\n  #  memory: 128Mi\n\nnodeSelector: {}\n\ntolerations: []\n\naffinity: {}\n"
  }
]