# Copyright © 2017 Amdocs, Bell Canada
# Copyright © 2020 Samsung Electronics
# Copyright © 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Default values for vid.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
  nodePortPrefix: 302
  mariadbGalera: &mariadbGalera
    #This flag allows VID to instantiate its own mariadb-galera cluster
    localCluster: false
    service: mariadb-galera
    internalPort: 3306
    nameOverride: mariadb-galera
  centralizedLoggingEnabled: true

#################################################################
# Secrets metaconfig
#################################################################
secrets:
  - uid: vid-db-user-secret
    name: &dbUserSecretName '{{ include "common.release" . }}-vid-db-user-secret'
    type: basicAuth
    externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
    login: '{{ .Values.config.db.userName }}'
    password: '{{ .Values.config.db.userPassword }}'

#################################################################
# AAF part
#################################################################
certInitializer:
  nameOverride: vid-cert-initializer
  aafDeployFqi: deployer@people.osaaf.org
  aafDeployPass: demo123456!
  # aafDeployCredsExternalSecret: some secret
  fqdn: vid
  fqi: vid@vid.onap.org
  public_fqdn: vid.onap.org
  fqi_namespace: "org.onap.vid"
  cadi_longitude: "0.0"
  cadi_latitude: "0.0"
  app_ns: org.osaaf.aaf
  credsPath: /opt/app/osaaf/local
  aaf_add_config: |
    echo "*** retrieving password for keystore and trustore"
    export $(/opt/app/aaf_config/bin/agent.sh local showpass \
    {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0)
    if [ -z "$cadi_keystore_password" ]
    then
      echo "  /!\ certificates retrieval failed"
      exit 1
    else
      echo "*** changing them into shell safe ones"
      export KEYSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
      export TRUSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
      cd {{ .Values.credsPath }}
      keytool -storepasswd -new "${KEYSTORE_PASSWD}" \
        -storepass "${cadi_keystore_password_jks}" \
        -keystore {{ .Values.fqi_namespace }}.jks
      keytool -storepasswd -new "${TRUSTORE_PASSWD}" \
        -storepass "${cadi_truststore_password}" \
        -keystore {{ .Values.fqi_namespace }}.trust.jks
      echo "*** set key password as same password as keystore password"
      keytool -keypasswd -new "${KEYSTORE_PASSWD}" \
        -keystore {{ .Values.fqi_namespace }}.jks \
        -keypass "${cadi_keystore_password_jks}" \
        -storepass "${KEYSTORE_PASSWD}" -alias {{ .Values.fqi }}
      echo "*** save the generated passwords"
      echo "VID_KEYSTORE_PASSWORD=${KEYSTORE_PASSWD}" > mycreds.prop
      echo "VID_TRUSTSTORE_PASSWORD=${TRUSTORE_PASSWD}" >> mycreds.prop
      echo "*** change ownership of certificates to targeted user"
      chown -R 1000 .
    fi

subChartsOnly:
  enabled: true

# application image
image: onap/vid:8.0.2
pullPolicy: Always

# application configuration
config:
  db:
    userName: vidadmin
#    userCredentialsExternalSecret: some secret
#    userPassword: password
  asdcclientrestauth: "Basic dmlkOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU="
  asdcclientrestport: "8443"
  vidaaiport: "8443"
  onapport: "30225"
  onapportrest: "8443"
  portalhost: "portal.api.simpledemo.onap.org"
  msoport: "8080"
  vidmsopass: OBF:1ih71i271vny1yf41ymf1ylz1yf21vn41hzj1icz
  msodme2serverurl: http://localhost:8081
  vidcontactuslink: https://todo_contact_us_link.com
  vidmysqlmaxconnections: "5"
  logstashServiceName: log-ls
  logstashPort: 5044
  roleaccesscentralized: remote

mariadb-galera:
  db:
    # password:
    externalSecret: *dbUserSecretName
    name: &mysqlDbName vid_openecomp_epsdk
  nameOverride: &vid-galera vid-galera
  replicaCount: 3
  persistence:
    enabled: true
    mountSubPath: vid/maria/data
  externalConfig: |-
    [mysqld]
    lower_case_table_names = 1
  serviceAccount:
    nameOverride: *vid-galera

mariadb-init:
  config:
    userCredentialsExternalSecret: *dbUserSecretName
    mysqlDatabase: *mysqlDbName
  nameOverride: vid-mariadb-init
  # A configMap of same name is created. It points to file that will be run after
  # The DB has been created.
  dbScriptConfigMap: '{{ include "common.release" . }}-vid-db-init'

# default number of instances
replicaCount: 1

nodeSelector: {}

affinity: {}

# probe configuration parameters
liveness:
  initialDelaySeconds: 120
  periodSeconds: 10
  # necessary to disable liveness probe when setting breakpoints
  # in debugger so K8s doesn't restart unresponsive container
  enabled: true

readiness:
  initialDelaySeconds: 10
  periodSeconds: 10

service:
  type: NodePort
  name: vid
  portName: vid
  externalPort: 8443
  internalPort: 8443
  nodePort: "00"
  externalHttpPort: 8080
  internalHttpPort: 8080

ingress:
  enabled: false
  service:
    - baseaddr: "vid.api"
      name: "vid-http"
      port: 8443
  config:
    ssl: "redirect"

# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
resources:
  small:
    limits:
      cpu: 200m
      memory: 2Gi
    requests:
      cpu: 100m
      memory: 1Gi
  large:
    limits:
      cpu: 400m
      memory: 4Gi
    requests:
      cpu: 200m
      memory: 2Gi
  unlimited: {}

# Log configuration
log:
  path: /var/log/onap