[AAI] Service Mesh compatibility

This patch makes AAI to work on service mesh by removing https calls
from everywhere.
It allows also to use AAI on an environment without need of TLS.

Issue-ID: OOM-2670
Signed-off-by: Ondrej Frindrich <ondrej1.frindrich@orange.com>
Change-Id: I19adabc7b33c1ada243ec16f77dbf8fde19b1386
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties
index e62ba07..512e906 100644
--- a/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties
@@ -24,20 +24,28 @@
 # this could come from siteconfig.pl?
 aai.config.nodename=AutomaticallyOverwritten
 
+{{ if ( include "common.needTLS" .) }}
 aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
 aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
 aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
+{{ else }}
+aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/
+aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
+{{ end }}
 
-{{ if .Values.global.config.basic.auth.enabled }}
+{{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }}
 aai.tools.enableBasicAuth=true
 aai.tools.username={{ .Values.global.config.basic.auth.username }}
 aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
 {{ end }}
 
+{{ if ( include "common.needTLS" .) }}
 aai.truststore.filename={{ .Values.global.config.truststore.filename }}
 aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }}
 aai.keystore.filename={{ .Values.global.config.keystore.filename }}
 aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }}
+{{ end }}
 
 aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
 aai.notificationEvent.default.status=UNPROCESSED
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
index 8cefebc..367e903 100644
--- a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
@@ -33,7 +33,7 @@
 
 spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
 
-spring.profiles.active={{ .Values.config.profiles.active }}
+spring.profiles.active={{ .Values.config.profiles.active }}{{ (eq "true" (include "common.needTLS" .)) | ternary ",one-way-ssl" "" }}
 spring.jersey.application-path=${schema.uri.base.path}
 #The max number of active threads in this pool
 server.tomcat.max-threads=200
@@ -48,6 +48,7 @@
 server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
 
 server.port=8449
+{{ if ( include "common.needTLS" .) }}
 server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
 server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
 server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
@@ -55,11 +56,15 @@
 server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
 server.ssl.client-auth=want
 server.ssl.key-store-type=JKS
+{{ else }}
+security.require-ssl=false
+server.ssl.enabled=false
+{{ end }}
 
 # JMS bind address host port
 jms.bind.address=tcp://localhost:61649
-dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:3905
-dmaap.ribbon.transportType=https
+dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }}
+dmaap.ribbon.transportType={{ include "common.scheme" . }}
 
 # Schema related attributes for the oxm and edges
 # Any additional schema related attributes should start with prefix schema
@@ -91,23 +96,28 @@
 schema.version.api.default={{ .Values.global.config.schema.version.api.default }}
 
 schema.translator.list={{ .Values.global.config.schema.translator.list }}
-schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
+schema.service.base.url={{ include "common.scheme" . }}://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
 schema.service.nodes.endpoint=nodes?version=
 schema.service.edges.endpoint=edgerules?version=
 schema.service.versions.endpoint=versions
-schema.service.client={{ .Values.global.config.schema.service.client }}
+schema.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
 
+{{ if ( include "common.needTLS" .) }}
 schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
 schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }}
 schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
 schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+{{ end }}
 
 aperture.rdbmsname=aai_relational
 
-aperture.service.client={{ .Values.global.config.schema.service.client }}
+aperture.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
+
 aperture.service.base.url=http://localhost:8457/aai/aperture
+{{ if ( include "common.needTLS" .) }}
 aperture.service.ssl.key-store=${server.local.startpath}etc/auth/{{ .Values.global.config.keystore.filename }}
 aperture.service.ssl.trust-store=${server.local.startpath}etc/auth/{{ .Values.global.config.truststore.filename }}
 aperture.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
 aperture.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+{{ end }}
 aperture.service.timeout-in-milliseconds=300000
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
index 5e6f2bc..8ed7ce8 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
@@ -187,4 +187,4 @@
             {{ end }}
       restartPolicy: {{ .Values.restartPolicy }}
       imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+      - name: {{ include "common.namespace" . }}-docker-registry-key
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
index 154ad30..0cdce11 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
@@ -80,8 +80,10 @@
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
         - /bin/bash
-        - docker-entrypoint.sh
-        - dataSnapshot.sh
+        - -c
+        - |
+           bash docker-entrypoint.sh dataSnapshot.sh ;
+           {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
         env:
         - name: LOCAL_USER_ID
           value: {{ .Values.global.config.userId | quote }}
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
index 7914468..7c078e9 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
@@ -80,8 +80,10 @@
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
         - /bin/bash
-        - docker-entrypoint.sh
-        - createDBSchema.sh
+        - -c
+        - |
+           bash docker-entrypoint.sh createDBSchema.sh ;
+           {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
         env:
         - name: LOCAL_USER_ID
           value: {{ .Values.global.config.userId | quote }}
@@ -149,5 +151,5 @@
             {{ end }}
       restartPolicy: Never
       imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+      - name: {{ include "common.namespace" . }}-docker-registry-key
 {{ end }}
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
index 4b100dd..9b4be4e 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
@@ -130,7 +130,9 @@
         command:
         - /bin/bash
         - -c
-        - bash docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges
+        - |
+           bash docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges ;
+           {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
         env:
         - name: LOCAL_USER_ID
           value: {{ .Values.global.config.userId | quote }}
@@ -248,8 +250,10 @@
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
         - /bin/bash
-        - docker-entrypoint.sh
-        - dataSnapshot.sh
+        - -c
+        - |
+           bash docker-entrypoint.sh dataSnapshot.sh ;
+           {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
         env:
         - name: LOCAL_USER_ID
           value: {{ .Values.global.config.userId | quote }}
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml
index 2f7aaa9..85165e2 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml
@@ -35,17 +35,16 @@
   {{if eq .Values.service.type "NodePort" -}}
   - port: {{ .Values.service.internalPort }}
     nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
-    name: {{ .Values.service.portName }}
+    name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
   - port: {{ .Values.service.internalPort2 }}
     nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
     name: {{ .Values.service.portName2 }}
   {{- else -}}
   - port: {{ .Values.service.internalPort }}
-    name: {{ .Values.service.portName }}
+    name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
   - port: {{ .Values.service.internalPort2 }}
     name: {{ .Values.service.portName2 }}
   {{- end}}
   selector:
     app: {{ include "common.name" . }}
     release: {{ include "common.release" . }}
-  clusterIP: None
diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml
index 63c668f..ad6ef3c 100644
--- a/kubernetes/aai/components/aai-graphadmin/values.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/values.yaml
@@ -61,6 +61,7 @@
     # Schema specific properties that include supported versions of api
     schema:
       # Specifies if the connection should be one way ssl, two way ssl or no auth
+      # will be set to no-auth if tls is disabled
       service:
         client: one-way-ssl
       # Specifies which translator to use if it has schema-service, then it will
@@ -131,7 +132,9 @@
 
   # Specify the profiles for the graphadmin microservice
   profiles:
-    active: "dmaap,one-way-ssl"
+    # one way ssl profile will be set unless tlsEnabled is set to false or serviceMesh is enabled and
+    # serviceMesh.tls is set to tru
+    active: dmaap #,one-way-ssl"
 
   # Specifies the timeout limit for the REST API requests
   timeout:
@@ -200,9 +203,9 @@
 service:
   type: ClusterIP
   # REST API port for the graphadmin microservice
-  portName: aai-graphadmin-8449
+  portName: http
   internalPort: 8449
-  portName2: aai-graphadmin-5005
+  portName2: tcp-5005
   internalPort2: 5005
 
 ingress: