# Service Config
image: __CONTAINER__
imagePullPolicy: Always
service:
  type: ClusterIP
  port: 8080
  apiPath: /api/indexer/v2/
  readinessType: exec
  readinessProbeHttpPath: /api/indexer/v2/liveness_check
  startupProbeHttpPath: /api/indexer/v2/liveness_check

serviceParameters:
- objectName: "/osdu/{{ .Values.global.resourcePrefix }}/storage/storage-sqs-url"
  objectType: "ssmparameter"
  objectAlias: storage-sqs-url
- objectName: "/osdu/{{ .Values.global.resourcePrefix }}/indexer/indexer-sns-topic-arn"
  objectType: "ssmparameter"
  objectAlias: indexer-sns-topic-arn
- objectName: "/osdu/{{ .Values.global.resourcePrefix }}/indexer-queue/indexer-deadletter-queue-sqs-url"
  objectType: "ssmparameter"
  objectAlias: indexer-deadletter-queue-sqs-url
- objectName: "/osdu/{{ .Values.global.resourcePrefix }}/elasticsearch/end-point"
  objectType: "ssmparameter"
  objectAlias: "elasticsearch_host"
- objectName: "/osdu/{{ .Values.global.resourcePrefix }}/elasticsearch/end-point-port"
  objectType: "ssmparameter"
  objectAlias: "elasticsearch_port"
- objectName: "/osdu/{{ .Values.global.resourcePrefix }}/elasticsearch/credentials"
  objectType: "secretsmanager"
  objectAlias: "elasticsearch_credentials"
- objectName: "/osdu/{{ .Values.global.resourcePrefix }}/redis/redisauthtoken"
  objectType: "secretsmanager"
  objectAlias: "CACHE_CLUSTER_KEY"
- objectName: "/osdu/{{ .Values.global.resourcePrefix }}/redis-core/end-point"
  objectType: "ssmparameter"
  objectAlias: "CACHE_CLUSTER_ENDPOINT"
- objectName: "/osdu/{{ .Values.global.resourcePrefix }}/redis-core/end-point-port"
  objectType: "ssmparameter"
  objectAlias: "CACHE_CLUSTER_PORT"
environmentVariables:
  - name: APPLICATION_PORT
    value: "{{ .Values.service.port }}"
  - name: AWS_REGION
    value: "{{ .Values.global.region }}"
  - name: ENVIRONMENT
    value: "{{ .Values.global.resourcePrefix }}"
  - name: JAVA_OPTS
    value: "-Xms538M -Xmx900M"
  - name: LOG_LEVEL
    value: "{{ default `INFO` .Values.global.logLevel }}"
  - name: SSM_ENABLED
    value: "True"
  - name: SSL_ENABLED
    value: "false"
  - name: ENTITLEMENTS_BASE_URL
    value: "http://os-entitlements:8080"
  - name: PARTITION_BASE_URL
    value: "http://os-partition:8080"
  - name: STORAGE_BASE_URL
    value: "http://os-storage:8080"
  - name: SCHEMA_BASE_URL
    value: "http://os-schema:8080"
  - name: ELASTIC_DISABLE_CERTIFICATE_TRUST
    value: "true"
  - name: PARAMETER_MOUNT_PATH
    value: "/mnt/params"
  - name: TMP_VOLUME_PATH
    value: "/tmp"

# Resource Config
replicaCount: 1
resources:
  limits:
    memory: 1200M
  requests:
    cpu: 500m
    memory: 1200M
autoscaling:
  enabled: true
  minReplicas: 1
  maxReplicas: 100
  targetCPUUtilizationPercentage: 80
  # targetMemoryUtilizationPercentage: 80

# Security Config
serviceAccountRole: arn:aws:iam::{{ .Values.global.accountID }}:role/osdu-{{ .Values.global.resourcePrefix }}-{{ .Values.global.region }}-{{ include "common.name" . }}
securityContext: 
  runAsUser: 10001
  runAsNonRoot: true
  readOnlyRootFilesystem: true
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL
podSecurityContext: 
  fsGroup: 1337
  seccompProfile:
    type: RuntimeDefault
allowedPrincipals:
  - cluster.local/ns/istio-system/sa/istio-ingressgateway
  - cluster.local/ns/{{ .Release.Namespace }}/sa/indexer-queue
  - cluster.local/ns/aws-binary-dms/sa/binary-dms
  - cluster.local/ns/osdu-airflow/sa/airflow-dag-upload
  - cluster.local/ns/osdu-ingest/sa/os-data-workflow
  - cluster.local/ns/osdu-ingest/sa/os-ingestion-workflow
  - cluster.local/ns/osdu-seismic-ddms/sa/os-seismic-store
  - cluster.local/ns/osdu-well-delivery/sa/os-welldelivery
  - cluster.local/ns/osdu-wellbore-ddms/sa/os-wellbore-ddms