# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

#################################################################
# Global configuration defaults.
#################################################################
global:
  nodePortPrefix: 302
  centralizedLoggingEnabled: false
  persistence:
    mountPath: /dockerdata-nfs

#################################################################
# Secrets metaconfig
#################################################################
secrets:
  - uid: "db-root-pass"
    name: '{{ include "common.release" . }}-appc-db-root-pass'
    externalSecret: '{{ .Values.config.dbRootPassExternalSecret }}'
    type: password
    password: '{{ .Values.config.dbRootPass }}'
  - uid: 'appcdb-user-creds'
    name: '{{ include "common.release" . }}-appcdb-user-creds'
    type: basicAuth
    externalSecret: '{{ tpl (default "" .Values.config.appcdb.userCredentialsExternalSecret) . }}'
    login: '{{ .Values.config.appcdb.userName }}'
    password: '{{ .Values.config.appcdb.password }}'
  - uid: 'sdncdb-user-creds'
    name: '{{ include "common.release" . }}-sdncdb-user-creds'
    type: basicAuth
    externalSecret: '{{ tpl (default "" .Values.config.sdncdb.userCredentialsExternalSecret) . }}'
    login: '{{ .Values.config.sdncdb.userName }}'
    password: '{{ .Values.config.sdncdb.password }}'


#################################################################
# Application configuration defaults.
#################################################################
flavor: small
# application image
image: onap/appc-image:1.7.2
pullPolicy: Always

# flag to enable debugging - application support required
debugEnabled: false

# log configuration
log:
  path: /var/log/onap

# application configuration
config:
#  dbRootPassExternalSecret: some secret
#  dbRootPass: password
  appcdb:
    # Warning: changing this config option may not work.
    # It seems that the DB name is hardcoded.
    dbName: appcctl
    userName: appcctl
    # password: appcctl
    # userCredsExternalSecret: some secret
  sdncdb:
    # Warning: changing this config option may not work.
    # It seems that the DB name is hardcoded.
    dbName: sdnctl
    userName: sdnctl
    # password: gamma
    # userCredsExternalSecret: some secret
  odlUid: 100
  odlGid: 101
  ansibleServiceName: appc-ansible-server
  ansiblePort: 8000
  mariadbGaleraSVCName: &appc-db appc-db
  mariadbGaleraContName: *appc-db
  enableAAF: true
  enableClustering: false
  configDir: /opt/onap/appc/data/properties
  dmaapTopic: SUCCESS
  dmaapTopicEnv: AUTO
  logstashServiceName: log-ls
  logstashPort: 5044
  odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
  openStackType: OpenStackProvider
  openStackName: OpenStack
  openStackKeyStoneUrl: http://localhost:8181/apidoc/explorer/index.html
  openStackServiceTenantName: default
  openStackDomain: default
  openStackUserName: admin
  openStackEncryptedPassword: enc:LDEbHEAvTF1R
  odlUser: admin
  dmaapServiceUrl: http://localhost:8080/publish
  dmaapServiceUser: appc
  dmaapServicePassword: onapappc

appc-ansible-server:
  enabled: true
  service:
    name: appc-ansible-server
    internalPort: 8000
  config:
    mysqlServiceName: *appc-db

appc-cdt:
  enabled: true

mariadb-galera:
  nameOverride: *appc-db
  rootUser:
    externalSecret: '{{ include "common.release" . }}-appc-db-root-pass'
  service:
    name: *appc-db
  nfsprovisionerPrefix: appc
  sdnctlPrefix: appc
  persistence:
    mountSubPath: appc/data
    enabled: true
  disableNfsProvisioner: true
  serviceAccount:
    nameOverride: *appc-db
  replicaCount: 1

  mariadbConfiguration: |-
    [client]
    port=3306
    socket=/opt/bitnami/mariadb/tmp/mysql.sock
    plugin_dir=/opt/bitnami/mariadb/plugin

    [mysqld]
    lower_case_table_names = 1
    default_storage_engine=InnoDB
    basedir=/opt/bitnami/mariadb
    datadir=/bitnami/mariadb/data
    plugin_dir=/opt/bitnami/mariadb/plugin
    tmpdir=/opt/bitnami/mariadb/tmp
    socket=/opt/bitnami/mariadb/tmp/mysql.sock
    pid_file=/opt/bitnami/mariadb/tmp/mysqld.pid
    bind_address=0.0.0.0

    ## Character set
    collation_server=utf8_unicode_ci
    init_connect='SET NAMES utf8'
    character_set_server=utf8

    ## MyISAM
    key_buffer_size=32M
    myisam_recover_options=FORCE,BACKUP

    ## Safety
    skip_host_cache
    skip_name_resolve
    max_allowed_packet=16M
    max_connect_errors=1000000
    sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE
    sysdate_is_now=1

    ## Binary Logging
    log_bin=mysql-bin
    expire_logs_days=14
    # Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql
    sync_binlog=0
    # Required for Galera
    binlog_format=row

    ## Caches and Limits
    tmp_table_size=32M
    max_heap_table_size=32M
    # Re-enabling as now works with Maria 10.1.2
    query_cache_type=1
    query_cache_limit=4M
    query_cache_size=256M
    max_connections=500
    thread_cache_size=50
    open_files_limit=65535
    table_definition_cache=4096
    table_open_cache=4096

    ## InnoDB
    innodb=FORCE
    innodb_strict_mode=1
    # Mandatory per https://github.com/codership/documentation/issues/25
    innodb_autoinc_lock_mode=2
    # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/
    innodb_doublewrite=1
    innodb_flush_method=O_DIRECT
    innodb_log_files_in_group=2
    innodb_log_file_size=128M
    innodb_flush_log_at_trx_commit=1
    innodb_file_per_table=1
    # 80% Memory is default reco.
    # Need to re-evaluate when DB size grows
    innodb_buffer_pool_size=2G
    innodb_file_format=Barracuda

    ## Logging
    log_error=/opt/bitnami/mariadb/logs/mysqld.log
    slow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log
    log_queries_not_using_indexes=1
    slow_query_log=1

    ## SSL
    ## Use extraVolumes and extraVolumeMounts to mount /certs filesystem
    # ssl_ca=/certs/ca.pem
    # ssl_cert=/certs/server-cert.pem
    # ssl_key=/certs/server-key.pem

    [galera]
    wsrep_on=ON
    wsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so
    wsrep_sst_method=mariabackup
    wsrep_slave_threads=4
    wsrep_cluster_address=gcomm://
    wsrep_cluster_name=galera
    wsrep_sst_auth="root:"
    # Enabled for performance per https://mariadb.com/kb/en/innodb-system-variables/#innodb_flush_log_at_trx_commit
    innodb_flush_log_at_trx_commit=2
    # MYISAM REPLICATION SUPPORT #
    wsrep_replicate_myisam=ON
    binlog_format=row
    default_storage_engine=InnoDB
    innodb_autoinc_lock_mode=2
    transaction-isolation=READ-COMMITTED
    wsrep_causal_reads=1
    wsrep_sync_wait=7

    [mariadb]
    plugin_load_add=auth_pam

    ## Data-at-Rest Encryption
    ## Use extraVolumes and extraVolumeMounts to mount /encryption filesystem
    # plugin_load_add=file_key_management
    # file_key_management_filename=/encryption/keyfile.enc
    # file_key_management_filekey=FILE:/encryption/keyfile.key
    # file_key_management_encryption_algorithm=AES_CTR
    # encrypt_binlog=ON
    # encrypt_tmp_files=ON

    ## InnoDB/XtraDB Encryption
    # innodb_encrypt_tables=ON
    # innodb_encrypt_temporary_tables=ON
    # innodb_encrypt_log=ON
    # innodb_encryption_threads=4
    # innodb_encryption_rotate_key_age=1

    ## Aria Encryption
    # aria_encrypt_tables=ON
    # encrypt_tmp_disk_tables=ON

dgbuilder:
  nameOverride: appc-dgbuilder
  certInitializer:
    nameOverride: appc-dgbuilder-cert-initializer
  config:
    db:
      rootPasswordExternalSecret: '{{ include "common.release" . }}-appc-db-root-pass'
      userCredentialsExternalSecret: '{{ include "common.release" . }}-sdncdb-user-creds'
    dbPodName: *appc-db
    dbServiceName: *appc-db
  service:
    name: appc-dgbuilder
  serviceAccount:
    nameOverride: appc-dgbuilder
  ingress:
    enabled: false
    service:
      - baseaddr: "appc-dgbuilder"
        name: "appc-dgbuilder"
        port: 3000
    config:
      ssl: "redirect"

#passing value to cdt chart. value of nodePort3 will be same as appc.service.nodePort3.
appc-cdt:
  nodePort3: 11
# default number of instances
replicaCount: 1

nodeSelector: {}

affinity: {}

# probe configuration parameters
liveness:
  initialDelaySeconds: 300
  periodSeconds: 60
  # necessary to disable liveness probe when setting breakpoints
  # in debugger so K8s doesn't restart unresponsive container
  enabled: true

readiness:
  initialDelaySeconds: 300
  periodSeconds: 60

service:
  type: NodePort
  name: appc
  portName: appc

  internalPort: 8443
  externalPort: 8443
  nodePort: 30

  externalPort2: 1830
  nodePort2: 31
  clusterPort: 2550

  internalPort3: 9191
  externalPort3: 9090
  nodePort3: 11

## Persist data to a persitent volume
persistence:
  enabled: true

  ## A manually managed Persistent Volume and Claim
  ## Requires persistence.enabled: true
  ## If defined, PVC must be created manually before volume will be bound
  # existingClaim:
  volumeReclaimPolicy: Retain

  ## database data Persistent Volume Storage Class
  ## If defined, storageClassName: <storageClass>
  ## If set to "-", storageClassName: "", which disables dynamic provisioning
  ## If undefined (the default) or set to null, no storageClassName spec is
  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
  ##   GKE, AWS & OpenStack)
  accessMode: ReadWriteOnce
  size: 1Gi
  mountPath: /dockerdata-nfs
  mountSubPath: appc/mdsal
  mdsalPath: /opt/opendaylight/current/daexim

ingress:
  enabled: false
  service:
    - baseaddr: "appc.api"
      name: "appc"
      port: 8443
  config:
    ssl: "redirect"

# Configure resource requests and limits
# ref: http://kubernetes.io/docs/user-guide/compute-resources/
resources:
  small:
    limits:
      cpu: 2
      memory: 4Gi
    requests:
      cpu: 1
      memory: 2Gi
  large:
    limits:
      cpu: 4
      memory: 8Gi
    requests:
      cpu: 2
      memory: 4Gi
  unlimited: {}