# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020 AT&T Intellectual Property
# Modifications Copyright (C) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

#################################################################
# Global configuration defaults.
#################################################################
global:
  aafEnabled: true
  mariadb:
    # '&mariadbConfig' means we "store" the values for  later use in the file
    # with '*mariadbConfig' pointer.
    config: &mariadbConfig
      mysqlDatabase: policyadmin
    service: &mariadbService
      name: &policy-mariadb policy-mariadb
      internalPort: 3306

#################################################################
# Secrets metaconfig
#################################################################
secrets:
  - uid: db-root-password
    name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
    type: password
    externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}'
    password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
    policy: generate
  - uid: db-secret
    name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret'
    type: basicAuth
    externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}'
    login: '{{ index .Values "mariadb-galera" "db" "user" }}'
    password: '{{ index .Values "mariadb-galera" "db" "password" }}'
    passwordPolicy: generate
  - uid: policy-app-user-creds
    name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds'
    type: basicAuth
    externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}'
    login: '{{ .Values.config.policyAppUserName }}'
    password: '{{ .Values.config.policyAppUserPassword }}'
    passwordPolicy: generate

db: &dbSecretsHook
  credsExternalSecret: *dbSecretName

policy-api:
  enabled: true
  db: *dbSecretsHook
policy-pap:
  enabled: true
  db: *dbSecretsHook
policy-xacml-pdp:
  enabled: true
  db: *dbSecretsHook
policy-apex-pdp:
  enabled: true
  db: *dbSecretsHook
policy-drools-pdp:
  enabled: true
  db: *dbSecretsHook
policy-distribution:
  enabled: true
  db: *dbSecretsHook
policy-clamp-be:
  enabled: true
  db: *dbSecretsHook
  config:
    appUserExternalSecret: *policyAppCredsSecret
policy-clamp-fe:
  enabled: true
policy-clamp-cl-k8s-ppnt:
  enabled: true
policy-nexus:
  enabled: false
policy-clamp-cl-runtime:
  enabled: true
  db: *dbSecretsHook
  config:
    appUserExternalSecret: *policyAppCredsSecret
policy-gui:
  enabled: true

#################################################################
# DB configuration defaults.
#################################################################

repository: nexus3.onap.org:10001
pullPolicy: Always

mariadb:
  image: mariadb:10.5.8

dbmigrator:
  image: onap/policy-db-migrator:2.3.0
  schema: policyadmin
  policy_home: "/opt/app/policy"

subChartsOnly:
  enabled: true

# flag to enable debugging - application support required
debugEnabled: false

# default number of instances
replicaCount: 1

nodeSelector: {}

affinity: {}

# probe configuration parameters
liveness:
  initialDelaySeconds: 10
  periodSeconds: 10
  # necessary to disable liveness probe when setting breakpoints
  # in debugger so K8s doesn't restart unresponsive container
  enabled: true

readiness:
  initialDelaySeconds: 10
  periodSeconds: 10


config:
  policyAppUserName: runtimeUser

mariadb-galera:
  # mariadb-galera.config and global.mariadb.config must be equals
  db:
    user: policy_user
    # password:
    externalSecret: *dbSecretName
    name: &mysqlDbName policyadmin
  rootUser:
    externalSecret: *dbRootPassSecretName
  nameOverride: *policy-mariadb
  # mariadb-galera.service and global.mariadb.service must be equals
  service: *mariadbService
  replicaCount: 1
  persistence:
    enabled: true
    mountSubPath: policy/maria/data
  serviceAccount:
    nameOverride: *policy-mariadb

# Resource Limit flavor -By Default using small
# Segregation for Different environment (small, large, or unlimited)
flavor: small
resources:
  small:
    limits:
      cpu: 1
      memory: 4Gi
    requests:
      cpu: 100m
      memory: 1Gi
  large:
    limits:
      cpu: 2
      memory: 8Gi
    requests:
      cpu: 200m
      memory: 2Gi
  unlimited: {}

#Pods Service Account
serviceAccount:
  nameOverride: policy
  roles:
    - read