#
# ============LICENSE_START=======================================================
# org.onap.aai
# ================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
# Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================

# Default values for resources.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global: # global defaults
  nodePortPrefix: 302
  cassandra:
    #This will instantiate AAI cassandra cluster, default:shared cassandra.
    localCluster: false
  initContainers:
    enabled: true
  jobs:
    # When enabled, it will create the schema based on oxm and edge rules
    createSchema:
      enabled: true
    #migration using helm hooks
    migration:
      enabled: false
  config:

    # Specifies that the cluster connected to a dynamic
    # cluster being spinned up by kubernetes deployment
    cluster:
      cassandra:
        dynamic: true

    # Specifies if the basic authorization is enabled
    basic:
      auth:
        enabled: true
        username: AAI
        passwd: AAI

    # Notification event specific properties
    notification:
      eventType: AAI-EVENT
      domain: dev

    # Schema specific properties that include supported versions of api
    schema:
      # Specifies if the connection should be one way ssl, two way ssl or no auth
      # will be set to no-auth if tls is disabled
      service:
        client: one-way-ssl
      # Specifies which translator to use if it has schema-service, then it will
      # make a rest request to schema service
      translator:
        list: schema-service
      source:
        # Specifies which folder to take a look at
        name: onap
      uri:
        # Base URI Path of the application
        base:
          path: /aai
      version:
        # Current version of the REST API
        api:
          default: v27
        # Specifies which version the depth parameter is configurable
        depth: v11
        # List of all the supported versions of the API
        list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27
        # Specifies from which version related link should appear
        related:
          link: v11
        # Specifies from which version the app root change happened
        app:
          root: v11
        # Specifies from which version the xml namespace changed
        namespace:
          change: v12
        # Specifies from which version the edge label appeared in API
        edge:
          label: v12

    # Specifies which clients should always default to realtime graph connection
    realtime:
      clients: SDNC,-1|MSO,-1|SO,-1|robot-ete,-1

#################################################################
# Certificate configuration
#################################################################
certInitializer:
  nameOverride: aai-graphadmin-cert-initializer
  aafDeployFqi: deployer@people.osaaf.org
  aafDeployPass: demo123456!
  # aafDeployCredsExternalSecret: some secret
  fqdn: aai
  fqi: aai@aai.onap.org
  public_fqdn: aai.onap.org
  cadi_longitude: "0.0"
  cadi_latitude: "0.0"
  app_ns: org.osaaf.aaf
  credsPath: /opt/app/osaaf/local
  fqi_namespace: org.onap.aai
  user_id: &user_id 1000
  group_id: &group_id 1000
  aaf_add_config: |
    echo "*** changing them into shell safe ones"
    export KEYSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
    export KEYSTORE_JKS_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
    export TRUSTSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
    cd {{ .Values.credsPath }}
    keytool -storepasswd -new "${KEYSTORE_PLAIN_PASSWORD}" \
      -storepass "${cadi_keystore_password_p12}" \
      -keystore {{ .Values.fqi_namespace }}.p12
    keytool -storepasswd -new "${TRUSTSTORE_PLAIN_PASSWORD}" \
      -storepass "${cadi_truststore_password}" \
      -keystore {{ .Values.fqi_namespace }}.trust.jks
    keytool -storepasswd -new "${KEYSTORE_JKS_PLAIN_PASSWORD}" \
        -storepass "${cadi_keystore_password_jks}" \
        -keystore {{ .Values.fqi_namespace }}.jks
    echo "*** set key password as same password as keystore password"
    keytool -keypasswd -new "${KEYSTORE_JKS_PLAIN_PASSWORD}" \
      -keystore {{ .Values.fqi_namespace }}.jks \
      -keypass "${cadi_keystore_password_jks}" \
      -storepass "${KEYSTORE_JKS_PLAIN_PASSWORD}" -alias {{ .Values.fqi }}
    echo "*** writing passwords into prop file"
    echo "KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}" > {{ .Values.credsPath }}/mycreds.prop
    echo "KEYSTORE_JKS_PLAIN_PASSWORD=${KEYSTORE_JKS_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop
    echo "TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop
    echo "*** change ownership of certificates to targeted user"
    chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }}

# application image
image: onap/aai-graphadmin:1.11.1
pullPolicy: Always
restartPolicy: Always
flavor: small
flavorOverride: small
# default number of instances
replicaCount: 1
# the minimum number of seconds that a newly created Pod should be ready
minReadySeconds: 30
updateStrategy:
  type: RollingUpdate
  # The number of pods that can be unavailable during the update process
  maxUnavailable: 0
  # The number of pods that can be created above the desired amount of pods during an update
  maxSurge: 1

# Configuration for the graphadmin deployment
config:

  # Specify the profiles for the graphadmin microservice
  profiles:
    # one way ssl profile will be set unless tlsEnabled is set to false or serviceMesh is enabled and
    # serviceMesh.tls is set to tru
    active: dmaap #,one-way-ssl"

  # Specifies the timeout limit for the REST API requests
  timeout:
    enabled: true
    limit: 180000

  # Default maximum records to fix for the data grooming and dupeTool
  maxFix:
    dataGrooming: 150
    dupeTool: 25

  # Default number of sleep minutes for dataGrooming and dupeTool
  sleepMinutes:
    dataGrooming: 7
    dupeTool: 7

  # Cron specific attributes to be triggered for the graphadmin spring cron tasks
  cron:
    # Specifies that the data grooming tool which runs duplicates should be enabled
    dataGrooming:
      enabled: true
    # Specifies that the data snapshot which takes a graphson snapshot should be enabled
    dataSnapshot:
      enabled: true
      params: JUST_TAKE_SNAPSHOT

    # Data cleanup which zips snapshots older than x days and deletes older than y days
    dataCleanup:

      dataGrooming:
        enabled: true
        # Zips up the dataGrooming files older than 5 days
        ageZip: 5
        # Deletes the dataGrooming files older than 30 days
        ageDelete: 30

      dataSnapshot:
        enabled: true
        # Zips up the dataSnapshot graphson files older than 5 days
        ageZip: 5
        # Deletes the dataSnapshot graphson files older than 30 days
        ageDelete: 30
  # Concurrency lock control flag
  aai:
    lock:
      uri:
        enabled: false


nodeSelector: {}

affinity: {}

# probe configuration parameters
liveness:
  initialDelaySeconds: 60
  periodSeconds: 60
  # necessary to disable liveness probe when setting breakpoints
  # in debugger so K8s doesn't restart unresponsive container
  enabled: false

readiness:
  initialDelaySeconds: 60
  periodSeconds: 10

service:
  type: ClusterIP
  # REST API port for the graphadmin microservice
  portName: http
  internalPort: 8449
  portName2: tcp-5005
  internalPort2: 5005
  terminationGracePeriodSeconds: 120

ingress:
  enabled: false

persistence:
  enabled: true
  ## A manually managed Persistent Volume and Claim
  ## Requires persistence.enabled: true
  ## If defined, PVC must be created manually before volume will be bound
  # existingClaim:
  volumeReclaimPolicy: Retain
  ## database data Persistent Volume Storage Class
  ## If defined, storageClassName: <storageClass>
  ## If set to "-", storageClassName: "", which disables dynamic provisioning
  ## If undefined (the default) or set to null, no storageClassName spec is
  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
  ##   GKE, AWS & OpenStack)
  ##
  # storageClass: "-"
  accessMode: ReadWriteMany
  size: 2Gi

  mountPath: /dockerdata-nfs
  mountSubPath: aai/aai-graphadmin
  mountSubPath1: aai/migration

# To make logback capping values configurable
logback:
  logToFileEnabled: true
  maxHistory: 7
  totalSizeCap: 6GB
  queueSize: 1000

accessLogback:
  logToFileEnabled: true
  maxHistory: 7
  totalSizeCap: 6GB

resources:
  small:
    limits:
      cpu: 2
      memory: 4Gi
    requests:
      cpu: 0.5
      memory: 1536Mi
  large:
    limits:
      cpu: 4
      memory: 8Gi
    requests:
      cpu: 1
      memory: 2Gi
  unlimited: {}

# Not fully used for now
securityContext:
  user_id: *user_id
  group_id: *group_id

#Pods Service Account
serviceAccount:
  nameOverride: aai-graphadmin
  roles:
    - read
#Log configuration
log:
  path: /var/log/onap
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
