#  ============LICENSE_START=======================================================
#   Copyright (C) 2019 Nordix Foundation.
#   Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
#   Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved.
#   Modifications Copyright © 2022-2025 OpenInfra Europe. All rights reserved.
#   Modifications Copyright © 2024-2025 Deutsche Telekom
#  ================================================================================
#  Licensed under the Apache License, Version 2.0 (the "License");
#  you may not use this file except in compliance with the License.
#  You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.
#
#  SPDX-License-Identifier: Apache-2.0
#  ============LICENSE_END=========================================================

#################################################################
# Global configuration defaults.
#################################################################
global:
  nodePortPrefixExt: 304
  persistence: {}
  postgres:
    service:
      name: policy-postgres
      name2: policy-pg-primary
      name3: policy-pg-replica
      port: 5432

#################################################################
# Secrets metaconfig
#################################################################
secrets:
  - uid: db-secret
    type: basicAuth
    externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
    login: '{{ .Values.db.user }}'
    password: '{{ .Values.db.password }}'
    passwordPolicy: required
  - uid: restserver-secret
    type: basicAuth
    externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}'
    login: '{{ .Values.restServer.user }}'
    password: '{{ .Values.restServer.password }}'
    passwordPolicy: required
  - uid: api-secret
    type: basicAuth
    externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}'
    login: '{{ .Values.healthCheckRestClient.api.user }}'
    password: '{{ .Values.healthCheckRestClient.api.password }}'
    passwordPolicy: required
  - uid: distribution-secret
    type: basicAuth
    externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.distribution.credsExternalSecret) . }}'
    login: '{{ .Values.healthCheckRestClient.distribution.user }}'
    password: '{{ .Values.healthCheckRestClient.distribution.password }}'
    passwordPolicy: required
  - uid: policy-kafka-user
    externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
    type: genericKV
    envs:
      - name: sasl.jaas.config
        value: '{{ .Values.config.someConfig }}'
        policy: generate

#################################################################
# Application configuration defaults.
#################################################################
# application image
image: onap/policy-pap:4.2.0
pullPolicy: Always

# flag to enable debugging - application support required
debugEnabled: false

# application configuration

db:
  user: policy-user
  password: policy_user

restServer:
  user: policyadmin
  password: zb!XztG34

healthCheckRestClient:
  api:
    user: policyadmin
    password: none
  distribution:
    user: healthcheck
    password: zb!XztG34

# default number of instances
replicaCount: 1

nodeSelector: {}

affinity: {}

# probe configuration parameters
liveness:
  initialDelaySeconds: 60
  periodSeconds: 10
  # necessary to disable liveness probe when setting breakpoints
  # in debugger so K8s doesn't restart unresponsive container
  enabled: true
  port: http-api

readiness:
  initialDelaySeconds: 10
  periodSeconds: 120
  port: http-api
  api: /policy/pap/v1/healthcheck
  successThreshold: 1
  failureThreshold: 3
  timeout: 60

service:
  type: ClusterIP
  name: policy-pap
  ports:
  - name: http-api
    port: 6969
  - name: debug-port
    port: 5005
    protocol: tcp

ingress:
  enabled: false

serviceMesh:
  authorizationPolicy:
    authorizedPrincipals:
      - serviceAccount: strimzi-kafka-read
      - serviceAccount: portal-app-read

flavor: small
resources:
  small:
    limits:
      cpu: "3"
      memory: "1Gi"
    requests:
      cpu: "1"
      memory: "1Gi"
  large:
    limits:
      cpu: "4"
      memory: "2Gi"
    requests:
      cpu: "2"
      memory: "2Gi"
  unlimited: {}

securityContext:
  user_id: 100
  group_id: 102

dirSizes:
  emptyDir:
    sizeLimit: 1Gi
  logDir:
    sizeLimit: 500Mi

#Pods Service Account
serviceAccount:
  nameOverride: policy-pap
  roles:
    - read

metrics:
  serviceMonitor:
    # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
    # The default operator for prometheus enforces the below label.
    labels:
      app: '{{ include "common.name" . }}'
      helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
      app.kubernetes.io/instance: '{{ include "common.release" . }}'
      app.kubernetes.io/managed-by: '{{ .Release.Service }}'
      version: '{{ .Chart.Version | replace "+" "_" }}'
      release: prometheus
    enabled: true
    port: http-api
    path: /policy/pap/v1/metrics
    interval: 60s
    isHttps: false
    basicAuth:
      enabled: true
      externalSecretNameSuffix: policy-pap-user-creds
      externalSecretUserKey: login
      externalSecretPasswordKey: password

# application configuration
config:
# Event consumption (kafka) properties
  kafka:
    topics:
      policyHeartbeat: policy-heartbeat
      policyNotification: policy-notification
      policyPdpPap: policy-pdp-pap
    consumer:
      groupId: policy-pap
  app:
    listener:
      policyPdpPapTopic: policy-pdp-pap

# If targeting a custom kafka cluster, ie useStrimziKakfa: false
# uncomment below config and target your kafka bootstrap servers,
# along with any other security config.
#
# eventConsumption:
#   spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
#   spring.kafka.security.protocol: PLAINTEXT
#   spring.kafka.consumer.group-id: policy-group
#
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
kafkaUser:
  authenticationType: scram-sha-512
  acls:
    - name: policy-pap
      type: group
      operations: [Create, Describe, Read, Write]
    - name: policy-pdp-pap
      type: topic
      patternType: prefix
      operations: [Create, Describe, Read, Write]
    - name: policy-heartbeat
      type: topic
      patternType: prefix
      operations: [Create, Describe, Read, Write]
    - name: policy-notification
      type: topic
      patternType: prefix
      operations: [Create, Describe, Read, Write]

readinessCheck:
  wait_for:
    services:
      - policy-api