Merge "[POLICY] Move policy dist to use strimzi templates"
diff --git a/kubernetes/cli/Chart.yaml b/kubernetes/cli/Chart.yaml
index 16885d9..884ee00 100644
--- a/kubernetes/cli/Chart.yaml
+++ b/kubernetes/cli/Chart.yaml
@@ -26,9 +26,6 @@
     # a part of this chart's package and will not
     # be published independently to a repo (at this point)
     repository: '@local'
-  - name: certInitializer
-    version: ~12.x-0
-    repository: '@local'
   - name: repositoryGenerator
     version: ~12.x-0
     repository: '@local'
diff --git a/kubernetes/cli/resources/configuration/lighttpd.conf b/kubernetes/cli/resources/configuration/lighttpd.conf
index 0809868..f1735a1 100644
--- a/kubernetes/cli/resources/configuration/lighttpd.conf
+++ b/kubernetes/cli/resources/configuration/lighttpd.conf
@@ -1,6 +1,7 @@
 {{/*
 # Copyright 2018 Huawei Technologies Co., Ltd.
 # Copyright 2021 Huawei Technologies Co., Ltd.
+# Modifications Copyright © 2023 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -18,9 +19,7 @@
 server.document-root = "/var/www-data/servers/open-cli/"
 server.username             = "www-data"
 server.groupname            = "www-data"
-server.port                 = 443
-ssl.engine                  = "enable"
-ssl.pemfile                 = "{{ .Values.certInitializer.credsPath }}/certs/fullchain.pem"
+server.port                 = {{ .Values.containerPort }}
 
 mimetype.assign = (
   ".html" => "text/html",
@@ -38,18 +37,8 @@
         "mod_proxy",
         "mod_alias",
         "mod_compress",
-        "mod_redirect",
-#       "mod_rewrite",
+        "mod_redirect"
 )
 
-#server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
 server.errorlog             = "/var/log/lighttpd/error.log"
 server.pid-file             = "/var/run/lighttpd.pid"
-#compress.cache-dir          = "/var/cache/lighttpd/compress/"
-#compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )
-
-# default listening port for IPv6 falls back to the IPv4 port
-## Use ipv6 if available
-#include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
-#include_shell "/usr/share/lighttpd/create-mime.assign.pl"
-#include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
\ No newline at end of file
diff --git a/kubernetes/cli/templates/NOTES.txt b/kubernetes/cli/templates/NOTES.txt
deleted file mode 100644
index f3fe9c9..0000000
--- a/kubernetes/cli/templates/NOTES.txt
+++ /dev/null
@@ -1,33 +0,0 @@
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/cli/templates/configmap.yaml b/kubernetes/cli/templates/configmap.yaml
index ae515a0..a4c636f 100644
--- a/kubernetes/cli/templates/configmap.yaml
+++ b/kubernetes/cli/templates/configmap.yaml
@@ -1,5 +1,6 @@
 {{/*
 # Copyright © 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -16,13 +17,6 @@
 
 apiVersion: v1
 kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-lighttpd
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
+metadata:  {{- include "common.resourceMetadata" . | nindent 2 }}
 data:
-{{ tpl (.Files.Glob "resources/configuration/*").AsConfig . | indent 2 }}
\ No newline at end of file
+{{ tpl (.Files.Glob "resources/configuration/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/cli/templates/deployment.yaml b/kubernetes/cli/templates/deployment.yaml
index 0a3f967..06a5168 100644
--- a/kubernetes/cli/templates/deployment.yaml
+++ b/kubernetes/cli/templates/deployment.yaml
@@ -16,50 +16,35 @@
 
 apiVersion: apps/v1
 kind: Deployment
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
 spec:
   replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      app: {{ include "common.name" . }}
+  selector: {{- include "common.selectors" . | nindent 4 }}
   template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
+    metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
-      initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
       containers:
         - name: {{ include "common.name" . }}
           image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          ports:
-          - containerPort: {{ .Values.service.internalPort }}
-          - containerPort: {{ .Values.service.internalPort1 }}
-          # disable liveness probe when breakpoints set in debugger
-          # so K8s doesn't restart unresponsive container
+          ports: {{ include "common.containerPorts" . | nindent 12  }}
           {{- if eq .Values.liveness.enabled true }}
           livenessProbe:
-            tcpSocket:
-              port: {{ .Values.service.internalPort }}
+            httpGet:
+              port: {{ .Values.liveness.port }}
+              path: {{ .Values.liveness.path }}
             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
             periodSeconds: {{ .Values.liveness.periodSeconds }}
           {{ end -}}
           readinessProbe:
-            tcpSocket:
-              port: {{ .Values.service.internalPort }}
+            httpGet:
+              port: {{ .Values.readiness.port }}
+              path: {{ .Values.readiness.path }}
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
-          volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 10 }}
+          volumeMounts:
           - name: lighttpd
-            mountPath: "/etc/lighttpd/lighttpd.conf"
+            mountPath: /etc/lighttpd/lighttpd.conf
             subPath: lighttpd.conf
             readOnly: true
           env:
@@ -76,9 +61,9 @@
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
-      volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+      volumes:
       - name: lighttpd
         configMap:
-          name: {{ include "common.fullname" . }}-lighttpd
+          name: {{ include "common.fullname" . }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/cli/templates/ingress.yaml b/kubernetes/cli/templates/ingress.yaml
index 8f87c68..0deb6ce 100644
--- a/kubernetes/cli/templates/ingress.yaml
+++ b/kubernetes/cli/templates/ingress.yaml
@@ -1 +1,16 @@
+{{/*
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
 {{ include "common.ingress" . }}
diff --git a/kubernetes/cli/templates/service.yaml b/kubernetes/cli/templates/service.yaml
index eaa8508..b33db21 100644
--- a/kubernetes/cli/templates/service.yaml
+++ b/kubernetes/cli/templates/service.yaml
@@ -1,5 +1,6 @@
 {{/*
 # Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2023 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,36 +15,4 @@
 # limitations under the License.
 */}}
 
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Values.service.name }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    {{if eq .Values.service.type "NodePort" -}}
-    - port: {{ .Values.service.externalPort }}
-      targetPort: {{ .Values.service.internalPort }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
-      name: {{ .Values.service.name }}{{ .Values.service.externalPort }}
-    - port: {{ .Values.service.externalPort1 }}
-      targetPort: {{ .Values.service.internalPort1 }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort1 }}
-      name: {{ .Values.service.name }}{{ .Values.service.externalPort1 }}
-    {{- else -}}
-    - port: {{ .Values.service.externalPort }}
-      targetPort: {{ .Values.service.internalPort }}
-      name: {{ .Values.service.name }}{{ .Values.service.externalPort }}
-    - port: {{ .Values.service.externalPort1 }}
-      targetPort: {{ .Values.service.internalPort1 }}
-      name: {{ .Values.service.name }}{{ .Values.service.externalPort1 }}
-    {{- end}}
-  selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
+{{ include "common.service" . }}
diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml
index db36661..437e04a 100644
--- a/kubernetes/cli/values.yaml
+++ b/kubernetes/cli/values.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2023 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -16,63 +17,45 @@
 # Global configuration defaults.
 #################################################################
 global:
-  nodePortPrefix: 302
-
-#################################################################
-# Certificate configuration
-#################################################################
-certInitializer:
-  nameOverride: cli-cert-initializer
-  aafDeployFqi: deployer@people.osaaf.org
-  aafDeployPass: demo123456!
-  # aafDeployCredsExternalSecret: some secret
-  fqdn: "cli"
-  app_ns: "org.osaaf.aaf"
-  fqi_namespace: "org.onap.cli"
-  fqi: "cli@cli.onap.org"
-  public_fqdn: "aaf.osaaf.org"
-  cadi_longitude: "0.0"
-  cadi_latitude: "0.0"
-  credsPath: /opt/app/osaaf/local
-  aaf_add_config: |
-    echo "*** transform AAF certs into pem files"
-    mkdir -p {{ .Values.credsPath }}/certs
-    keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \
-      -keystore {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.trust.jks \
-      -alias ca_local_0 \
-      -storepass $cadi_truststore_password
-    openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
-      -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \
-      -passin pass:$cadi_keystore_password_p12 \
-      -passout pass:$cadi_keystore_password_p12
-    echo "*** generating needed file"
-    cat {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \
-        {{ .Values.credsPath }}/certs/cert.pem \
-        {{ .Values.credsPath }}/certs/cacert.pem \
-        > {{ .Values.credsPath }}/certs/fullchain.pem;
-    cat {{ .Values.credsPath }}/certs/fullchain.pem
-    echo "*** change ownership of certificates to targeted user"
-    chown -R 33 {{ .Values.credsPath }}
-
-
+  persistence: {}
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
 image: onap/cli:6.0.1
-pullPolicy: Always
+pullPolicy: IfNotPresent
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+nodeSelector: {}
+affinity: {}
+
+# Resource Limit flavor -By Default using small
 flavor: small
+# default number of instances
+replicaCount: 1
 
 # application configuration
 config:
   climode: daemon
 
-# default number of instances
-replicaCount: 1
+containerPort: &svc_port 8080
+service:
+  type: ClusterIP
+  name: cli
+  ports:
+    - name: http
+      port: *svc_port
+      targetPort: *svc_port
 
-nodeSelector: {}
-
-affinity: {}
+ingress:
+  enabled: true
+  service:
+    - baseaddr: "cli-api"
+      path: "/"
+      name: "cps"
+      port: *svc_port
 
 # probe configuration parameters
 liveness:
@@ -81,32 +64,15 @@
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
   enabled: true
+  port: *svc_port
+  path: /
 
 readiness:
   initialDelaySeconds: 10
   periodSeconds: 10
+  port: *svc_port
+  path: /
 
-service:
-  type: NodePort
-  name: cli
-  externalPort: 443
-  externalPort1: 9443
-  internalPort: "443"
-  internalPort1: 9443
-  nodePort: "60"
-  nodePort1: "71"
-
-ingress:
-  enabled: false
-  service:
-    - baseaddr: "cli-api"
-      name: "cli"
-      port: 443
-    - baseaddr: "cli2-api"
-      name: cli
-      port: 9443
-  config:
-    ssl: "redirect"
 
 # Configure resource requests and limits
 # ref: http://kubernetes.io/docs/user-guide/compute-resources/
diff --git a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py
index c57685a..ff97755 100644
--- a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py
+++ b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py
@@ -143,8 +143,8 @@
 GLOBAL_NBI_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
 GLOBAL_NBI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "nbi" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}'
 # cli info - everything is from the private oam network (also called onap private network)
-GLOBAL_CLI_SERVER_PROTOCOL = "https"
-GLOBAL_CLI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "cli" "port" 443) }}'
+GLOBAL_CLI_SERVER_PROTOCOL = "http"
+GLOBAL_CLI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "cli" "port" 8080) }}'
 # dcae info - everything is from the private oam network (also called onap private network)
 GLOBAL_DCAE_SERVER_PROTOCOL = "http"
 GLOBAL_DCAE_HEALTH_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-healthcheck" "port" 80) }}'