# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

#################################################################
# Global configuration defaults.
#################################################################
global:
  nodePortPrefix: 302

#################################################################
# Certificate configuration
#################################################################
certInitializer:
  nameOverride: cli-cert-initializer
  aafDeployFqi: deployer@people.osaaf.org
  aafDeployPass: demo123456!
  # aafDeployCredsExternalSecret: some secret
  fqdn: "cli"
  app_ns: "org.osaaf.aaf"
  fqi_namespace: "org.onap.cli"
  fqi: "cli@cli.onap.org"
  public_fqdn: "aaf.osaaf.org"
  cadi_longitude: "0.0"
  cadi_latitude: "0.0"
  credsPath: /opt/app/osaaf/local
  aaf_add_config: |
    echo "*** retrieving password for keystore and trustore"
    export $(/opt/app/aaf_config/bin/agent.sh local showpass \
      {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0)
    if [ -z "$cadi_keystore_password_p12" ]
    then
      echo "  /!\ certificates retrieval failed"
      exit 1
    else
      echo "*** transform AAF certs into pem files"
      mkdir -p {{ .Values.credsPath }}/certs
      keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \
        -keystore {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.trust.jks \
        -alias ca_local_0 \
        -storepass $cadi_truststore_password
      openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
        -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \
        -passin pass:$cadi_keystore_password_p12 \
        -passout pass:$cadi_keystore_password_p12
      echo "*** generating needed file"
      cat {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \
          {{ .Values.credsPath }}/certs/cert.pem \
          {{ .Values.credsPath }}/certs/cacert.pem \
          > {{ .Values.credsPath }}/certs/fullchain.pem;
      cat {{ .Values.credsPath }}/certs/fullchain.pem
      echo "*** change ownership of certificates to targeted user"
      chown -R 33 {{ .Values.credsPath }}
    fi


#################################################################
# Application configuration defaults.
#################################################################
# application image
image: onap/cli:6.0.0
pullPolicy: Always
flavor: small

# application configuration
config:
  climode: daemon

# default number of instances
replicaCount: 1

nodeSelector: {}

affinity: {}

# probe configuration parameters
liveness:
  initialDelaySeconds: 10
  periodSeconds: 10
  # necessary to disable liveness probe when setting breakpoints
  # in debugger so K8s doesn't restart unresponsive container
  enabled: true

readiness:
  initialDelaySeconds: 10
  periodSeconds: 10

service:
  type: NodePort
  name: cli
  externalPort: 443
  externalPort1: 9090
  internalPort: "443"
  internalPort1: 9090
  nodePort: "60"
  nodePort1: "71"

ingress:
  enabled: false
  service:
    - baseaddr: "cli.api"
      name: "cli"
      port: 443
    - baseaddr: "cli2.api"
      name: cli
      port: 9090
  config:
    ssl: "redirect"

# Configure resource requests and limits
# ref: http://kubernetes.io/docs/user-guide/compute-resources/
resources:
  small:
    limits:
      cpu: 1
      memory: 2Gi
    requests:
      cpu: 10m
      memory: 500Mi
  large:
    limits:
      cpu: 4
      memory: 8Gi
    requests:
      cpu: 2
      memory: 4Gi
  unlimited: {}