#  ============LICENSE_START=======================================================
#   Copyright (C) 2018 Ericsson. All rights reserved.
#   Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
#   Modifications Copyright © 2022 Nordix Foundation
#  ================================================================================
#  Licensed under the Apache License, Version 2.0 (the "License");
#  you may not use this file except in compliance with the License.
#  You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.
#
#  SPDX-License-Identifier: Apache-2.0
#  ============LICENSE_END=========================================================

#################################################################
# Global configuration defaults.
#################################################################
global:
  nodePortPrefix: 302
  aafEnabled: true
  persistence: {}

#################################################################
# Secrets metaconfig
#################################################################
secrets:
  - uid: restserver-creds
    type: basicAuth
    externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
    login: '{{ .Values.restServer.user }}'
    password: '{{ .Values.restServer.password }}'
  - uid: truststore-pass
    type: password
    externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
    password: '{{ .Values.certStores.trustStorePassword }}'
    passwordPolicy: required
  - uid: keystore-pass
    type: password
    externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
    password: '{{ .Values.certStores.keyStorePassword }}'
    passwordPolicy: required
  - uid: policy-kafka-user
    externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
    type: genericKV
    envs:
      - name: sasl.jaas.config
        value: '{{ .Values.config.someConfig }}'
        policy: generate

#################################################################
# Application configuration defaults.
#################################################################
# application image
image: onap/policy-apex-pdp:2.8.2
pullPolicy: Always

# flag to enable debugging - application support required
debugEnabled: false

# application configuration

restServer:
  user: healthcheck
  password: zb!XztG34
truststore:
  password: Pol1cy_0nap
certStores:
  keyStorePassword: Pol1cy_0nap
  trustStorePassword: Pol1cy_0nap

certInitializer:
  nameOverride: policy-apex-pdp-cert-initializer
  aafDeployFqi: deployer@people.osaaf.org
  aafDeployPass: demo123456!
  fqdn: policy
  fqi: policy@policy.onap.org
  public_fqdn: policy.onap.org
  cadi_latitude: "0.0"
  cadi_longitude: "0.0"
  credsPath: /opt/app/osaaf/local
  app_ns: org.osaaf.aaf
  uid: 101
  gid: 102
  aaf_add_config: >
    echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
    echo "export KEYSTORE_PASSWORD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
    chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});

# default number of instances
replicaCount: 1

nodeSelector: {}

affinity: {}

# probe configuration parameters
liveness:
  initialDelaySeconds: 20
  periodSeconds: 10
  # necessary to disable liveness probe when setting breakpoints
  # in debugger so K8s doesn't restart unresponsive container
  enabled: true

readiness:
  initialDelaySeconds: 20
  periodSeconds: 10

service:
  type: ClusterIP
  name: policy-apex-pdp
  portName: http
  externalPort: 6969
  internalPort: 6969
  nodePort: 37

ingress:
  enabled: false

# Resource Limit flavor -By Default using small
# Segregation for Different environment (Small and Large)
flavor: small
resources:
  small:
    limits:
      cpu: 1
      memory: 4Gi
    requests:
      cpu: 10m
      memory: 1Gi
  large:
    limits:
      cpu: 2
      memory: 8Gi
    requests:
      cpu: 20m
      memory: 2Gi
  unlimited: {}

#Pods Service Account
serviceAccount:
  nameOverride: policy-apex-pdp
  roles:
    - read

metrics:
  serviceMonitor:
    # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
    # The default operator for prometheus enforces the below label.
    labels:
      release: prometheus
    enabled: true
    port: policy-apex-pdp
    interval: 60s
    isHttps: true
    basicAuth:
      enabled: true
      externalSecretNameSuffix: policy-apex-pdp-restserver-creds
      externalSecretUserKey: login
      externalSecretPasswordKey: password
    selector:
      app: '{{ include "common.name" . }}'
      chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
      release: '{{ include "common.release" . }}'
      heritage: '{{ .Release.Service }}'

# application configuration
config:
# Event consumption (kafka) properties
  useStrimziKafka: true
  kafkaBootstrap: strimzi-kafka-bootstrap
  kafka:
    consumer:
      groupId: policy-group
  app:
    listener:
      policyPdpPapTopic: policy-pdp-pap
# If targeting a custom kafka cluster, ie useStrimziKakfa: false
# uncomment below config and target your kafka bootstrap servers,
# along with any other security config.
#
# eventConsumption:
#   spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
#   spring.kafka.security.protocol: PLAINTEXT
#   spring.kafka.consumer.group-id: policy-group
#
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.