values.yaml

# Service Config
image: __CONTAINER__
imagePullPolicy: Always
service:
  type: ClusterIP
  port: 8080
  apiPath: /api/partition/v1/
  readinessProbeHttpPath: /api/partition/v1/actuator/health
  livenessProbeHttpPath: /api/partition/v1/actuator/health
serviceParameters:
  - objectName: "/osdu/{{ .Values.global.resourcePrefix }}/redis/redisauthtoken"
    objectType: "secretsmanager"
    objectAlias: "CACHE_CLUSTER_KEY"
  - objectName: "/osdu/{{ .Values.global.resourcePrefix }}/redis-core/end-point"
    objectType: "ssmparameter"
    objectAlias: "CACHE_CLUSTER_ENDPOINT"
  - objectName: "/osdu/{{ .Values.global.resourcePrefix }}/redis-core/end-point-port"
    objectType: "ssmparameter"
    objectAlias: "CACHE_CLUSTER_PORT"
  - objectName: "/osdu/{{ .Values.global.resourcePrefix }}/primary-region"
    objectType: "ssmparameter"
    objectAlias: primary-region
  - objectName: "/osdu/{{ .Values.global.resourcePrefix }}/mongodb/endpoint"
    objectType: "ssmparameter"
    objectAlias: "mongodb_host"
  - objectName: "/osdu/{{ .Values.global.resourcePrefix }}/mongodb/port"
    objectType: "ssmparameter"
    objectAlias: "mongodb_port"
  - objectName: "/osdu/{{ .Values.global.resourcePrefix }}/mongodb/credentials"
    objectType: "secretsmanager"
    objectAlias: "mongodb_credentials"
  - objectName: "/osdu/{{ .Values.global.resourcePrefix }}/partition/DataKmsKey/arn"
    objectType: "ssmparameter"
    objectAlias: "KEY_ARN"
environmentVariables:
  - name: APPLICATION_PORT
    value: "{{ .Values.service.port }}"
  - name: AWS_REGION
    value: "{{ .Values.global.region }}"
  - name: ENVIRONMENT
    value: "{{ .Values.global.resourcePrefix }}"
  - name: JAVA_OPTS
    value: "-Xms538M -Xmx900M"
  - name: LOG_LEVEL
    value: "{{ default `INFO` .Values.global.logLevel }}"
  - name: SSM_ENABLED
    value: "True"
  - name: SSL_ENABLED
    value: "false"
  - name: ENTITLEMENTS_BASE_URL
    value: "http://os-entitlements:8080"
  - name: PARAMETER_MOUNT_PATH
    value: "/mnt/params"
  - name: MONGODB_AUTH_DATABASE
    value: "admin"
  - name: MONGODB_RETRY_WRITES
    value: "true"
  - name: MONGODB_WRITE_MODE
    value: "majority"
  - name: MONGODB_USE_SRV_ENDPOINT
    value: "true"
  - name: MONGODB_ENABLE_TLS
    value: "false"
podAnnotations: 
  seccomp.security.alpha.kubernetes.io/pod: "runtime/default"

# Resource Config
replicaCount: 1
resources:
  limits:
    memory: 900M
  requests:
    cpu: 500m
    memory: 900M
autoscaling:
  enabled: true
  minReplicas: 1
  maxReplicas: 100
  targetCPUUtilizationPercentage: 80
  # targetMemoryUtilizationPercentage: 80
# Security Config
serviceAccountRole: arn:aws:iam::{{ .Values.global.accountID }}:role/osdu-{{ .Values.global.resourcePrefix }}-{{ .Values.global.region }}-{{ include "common.name" . }}
cors:
  maxAge: "60m"
  allowCredentials: true
  allowMethods:
    - POST
    - GET
    - PATCH
    - DELETE
  allowHeaders:
    - Authorization
    - Data-Partition-Id
    - Correlation-Id
    - Content-Type
securityContext: 
  runAsUser: 10001
  runAsNonRoot: true
  readOnlyRootFilesystem: false
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

allowedPrincipals:
  - cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account
  - cluster.local/ns/{{ .Release.Namespace }}/sa/compliance-queue
  - cluster.local/ns/{{ .Release.Namespace }}/sa/compliance-queue-trigger
  - cluster.local/ns/{{ .Release.Namespace }}/sa/indexer-queue
  - cluster.local/ns/{{ .Release.Namespace }}/sa/os-crs-catalog
  - cluster.local/ns/{{ .Release.Namespace }}/sa/os-crs-conversion
  - cluster.local/ns/{{ .Release.Namespace }}/sa/os-dataset
  - cluster.local/ns/{{ .Release.Namespace }}/sa/os-entitlements
  - cluster.local/ns/{{ .Release.Namespace }}/sa/os-file
  - cluster.local/ns/{{ .Release.Namespace }}/sa/os-file-dms
  - cluster.local/ns/{{ .Release.Namespace }}/sa/os-indexer
  - cluster.local/ns/{{ .Release.Namespace }}/sa/os-legal
  - cluster.local/ns/{{ .Release.Namespace }}/sa/os-notification
  - cluster.local/ns/{{ .Release.Namespace }}/sa/os-partition
  - cluster.local/ns/{{ .Release.Namespace }}/sa/os-policy
  - cluster.local/ns/{{ .Release.Namespace }}/sa/os-register
  - cluster.local/ns/{{ .Release.Namespace }}/sa/os-schema
  - cluster.local/ns/{{ .Release.Namespace }}/sa/os-search
  - cluster.local/ns/{{ .Release.Namespace }}/sa/os-storage
  - cluster.local/ns/{{ .Release.Namespace }}/sa/os-unit
  - cluster.local/ns/os-timeseries-dms/sa/os-timeseries-dms
  - cluster.local/ns/aws-binary-dms/sa/binary-dms
  - cluster.local/ns/osdu-airflow/sa/airflow-dag-upload
  - cluster.local/ns/osdu-airflow/sa/airflow-worker
  - cluster.local/ns/osdu-ingest/sa/os-data-workflow
  - cluster.local/ns/osdu-ingest/sa/os-ingestion-workflow
  - cluster.local/ns/osdu-ingest/sa/os-secret
  - cluster.local/ns/osdu-seismic-ddms/sa/os-seismic-store
  - cluster.local/ns/osdu-well-delivery/sa/os-welldelivery
  - cluster.local/ns/osdu-wellbore-ddms/sa/os-wellbore-ddms