# Copyright © 2020, Nokia
# Modifications Copyright  © 2020, Nordix Foundation, Orange
# Modifications Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Global
global:
  envsubstImage: dibi/envsubst
  nodePortPrefix: 302
  # Readiness image
  readinessImage: onap/oom/readiness:3.0.1
  # Ubuntu Init image
  ubuntuInitRepository: registry.hub.docker.com
  ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
  # Logging image
  loggingRepository: docker.elastic.co
  loggingImage: beats/filebeat:5.5.0
  # BusyBox image
  busyboxRepository: registry.hub.docker.com
  busyboxImage: library/busybox:1.31
  persistence:
    enabled: true
  # Standard OOM
  pullPolicy: "Always"
  repository: "nexus3.onap.org:10001"


# Service configuration
service:
  type: ClusterIP
  ports:
    - name: http
      port: 8443
      port_protocol: http


# Deployment configuration
repository: nexus3.onap.org:10001
image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0
pullPolicy: Always
replicaCount: 1

liveness:
  initialDelaySeconds: 60
  periodSeconds: 10
  command: curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
readiness:
  initialDelaySeconds: 30
  periodSeconds: 10
  command: curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD

flavor: small
resources:
  small:
    limits:
      cpu: 0.5
      memory: 1Gi
    requests:
      cpu: 0.2
      memory: 512Mi
  large:
    limits:
      cpu: 1
      memory: 2Gi
    requests:
      cpu: 0.4
      memory: 1Gi
  unlimited: {}


# Application configuration
cmpServers:
  secret:
    name: oom-cert-service-secret
  volume:
    name: oom-cert-service-volume
    mountPath: /etc/onap/oom/certservice

tls:
  server:
    secret:
      name: oom-cert-service-server-tls-secret
    volume:
      name: oom-cert-service-server-tls-volume
      mountPath: /etc/onap/oom/certservice/certs/
  client:
    secret:
      defaultName: oom-cert-service-client-tls-secret

envs:
  keystore:
    jksName: certServiceServer-keystore.jks
    p12Name: certServiceServer-keystore.p12
  truststore:
    jksName: truststore.jks
    crtName: root.crt
  httpsPort: 8443

# External secrets with credentials can be provided to override default credentials defined below,
# by uncommenting and filling appropriate *ExternalSecret value
credentials:
  tls:
    keystorePassword: secret
    truststorePassword: secret
    #keystorePasswordExternalSecret:
    #truststorePasswordExternalSecret:
  # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled
  cmp:
    # Used only if cmpv2 testing is enabled
    clientIakExternalSecret: '{{ include "common.release" . }}-ejbca-client-iak'
    #clientRvExternalSecret:
    raIakExternalSecret: '{{ include "common.release" . }}-ejbca-ra-iak'
    #raRvExternalSecret:
    client: {}
      # iak: mypassword
      # rv: unused
    ra: {}
      # iak: mypassword
      # rv: unused

secrets:
  - uid: keystore-password
    name: '{{ include "common.release" . }}-keystore-password'
    type: password
    externalSecret: '{{ tpl (default "" .Values.credentials.tls.keystorePasswordExternalSecret) . }}'
    password: '{{ .Values.credentials.tls.keystorePassword }}'
    passwordPolicy: required
  - uid: truststore-password
    name: '{{ include "common.release" . }}-truststore-password'
    type: password
    externalSecret: '{{ tpl (default "" .Values.credentials.tls.truststorePasswordExternalSecret) . }}'
    password: '{{ .Values.credentials.tls.truststorePassword }}'
    passwordPolicy: required
  # Below values are relevant only if global addTestingComponents flag is enabled
  - uid: ejbca-server-client-iak
    type: password
    externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientIakExternalSecret) . }}'
    password: '{{ .Values.credentials.cmp.client.iak }}'
  - uid: cmp-config-client-rv
    type: password
    externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientRvExternalSecret) . }}'
    password: '{{ .Values.credentials.cmp.client.rv }}'
  - uid: ejbca-server-ra-iak
    type: password
    externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raIakExternalSecret) . }}'
    password: '{{ .Values.credentials.cmp.ra.iak }}'
  - uid: cmp-config-ra-rv
    type: password
    externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}'
    password: '{{ .Values.credentials.cmp.ra.rv }}'