[A1P] Chart Cleanup from TLS/AAF

Update the charts and remove all TLS/AAF related entries

Issue-ID: OOM-3112

Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: I50dc3aea3360ee0d593942481edcb7ff7b572cbd
diff --git a/kubernetes/a1policymanagement/Chart.yaml b/kubernetes/a1policymanagement/Chart.yaml
index 1fa512a..c6798d1 100644
--- a/kubernetes/a1policymanagement/Chart.yaml
+++ b/kubernetes/a1policymanagement/Chart.yaml
@@ -26,9 +26,6 @@
   - name: common
     version: ~12.x-0
     repository: '@local'
-  - name: certInitializer
-    version: ~12.x-0
-    repository: '@local'
   - name: repositoryGenerator
     version: ~12.x-0
     repository: '@local'
diff --git a/kubernetes/a1policymanagement/resources/config/application.yaml b/kubernetes/a1policymanagement/resources/config/application.yaml
index 29b0b9a..789f3eb 100644
--- a/kubernetes/a1policymanagement/resources/config/application.yaml
+++ b/kubernetes/a1policymanagement/resources/config/application.yaml
@@ -49,26 +49,23 @@
 server:
   # Configuration of the HTTP/REST server. The parameters are defined and handeled by the springboot framework.
   # See springboot documentation.
-  port: 8433
+  #port: 8081
   http-port: 8081
   ssl:
-    enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+    enabled: false
     key-store-type: PKCS12
-    key-store-password: ${KEYSTORE_PASSWORD}
-    key-store: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-    key-password: ${KEYSTORE_PASSWORD}
-    key-alias: {{ .Values.certInitializer.fqi }}
+    key-store-password: ""
+    key-store: ""
+    key-password: ""
+    key-alias: ""
 app:
   # Location of the component configuration file. The file will only be used if the Consul database is not used;
   # configuration from the Consul will override the file.
   filepath: /opt/app/policy-agent/data/application_configuration.json
   webclient:
-    # Configuration of the trust store used for the HTTP client (outgoing requests)
-    # The file location and the password for the truststore is only relevant if trust-store-used == true
-    # Note that the same keystore as for the server is used.
     trust-store-used: false
-    trust-store-password: ${TRUSTSORE_PASSWORD}
-    trust-store: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+    trust-store-password: ""
+    trust-store: ""
     # Configuration of usage of HTTP Proxy for the southbound accesses.
     # The HTTP proxy (if configured) will only be used for accessing NearRT RIC:s
     http.proxy-host:
diff --git a/kubernetes/a1policymanagement/resources/config/application_configuration.json b/kubernetes/a1policymanagement/resources/config/application_configuration.json
index 5ee3f7d..837ce0c 100644
--- a/kubernetes/a1policymanagement/resources/config/application_configuration.json
+++ b/kubernetes/a1policymanagement/resources/config/application_configuration.json
@@ -3,7 +3,7 @@
     "controller": [
       {
         "name": "controller1",
-        "baseUrl": "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.sdncLink .Values.sdncLinkHttp }}",
+        "baseUrl": "{{ .Values.sdncLink }}",
         "userName": "${A1CONTROLLER_USER}",
         "password": "${A1CONTROLLER_PASSWORD}"
       }
diff --git a/kubernetes/a1policymanagement/templates/ingress.yaml b/kubernetes/a1policymanagement/templates/ingress.yaml
new file mode 100644
index 0000000..bcc60a0
--- /dev/null
+++ b/kubernetes/a1policymanagement/templates/ingress.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.ingress" . }}
diff --git a/kubernetes/a1policymanagement/templates/statefulset.yaml b/kubernetes/a1policymanagement/templates/statefulset.yaml
index 89d131e..b1d0407 100644
--- a/kubernetes/a1policymanagement/templates/statefulset.yaml
+++ b/kubernetes/a1policymanagement/templates/statefulset.yaml
@@ -30,7 +30,7 @@
     spec:
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
-      initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+      initContainers:
       - name: {{ include "common.name" . }}-bootstrap-config
         image: {{ include "repositoryGenerator.image.envsubst" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -39,10 +39,6 @@
         args:
         - -c
         - |
-          {{- if (include "common.needTLS" .) }}
-          export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop\
-            | xargs -0)
-          {{- end }}
           cd /config-input
           for PFILE in `ls -1`
           do
@@ -55,7 +51,7 @@
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }}
         - name: A1CONTROLLER_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }}
-        volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+        volumeMounts:
         - mountPath: /config-input
           name: {{ include "common.fullname" . }}-policy-conf-input
         - mountPath: /config
@@ -97,10 +93,10 @@
           httpGet:
             path: /status
             port: {{ .Values.liveness.port }}
-            scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
+            scheme: HTTP
           initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
           periodSeconds: {{ .Values.liveness.periodSeconds }}
-        volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+        volumeMounts:
         - name: config
           mountPath: /opt/app/policy-agent/data/application_configuration.json
           subPath: application_configuration.json
@@ -111,7 +107,7 @@
           mountPath: "/var/policy-management-service/database"
         resources: {{ include "common.resources" . | nindent 10 }}
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
-      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+      volumes:
         - name: {{ include "common.fullname" . }}-policy-conf-input
           configMap:
             name: {{ include "common.fullname" . }}-policy-conf
diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml
index bf49313..93f57d3 100644
--- a/kubernetes/a1policymanagement/values.yaml
+++ b/kubernetes/a1policymanagement/values.yaml
@@ -30,39 +30,6 @@
     password: '{{ .Values.a1controller.password }}'
     passwordPolicy: required
 
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
-  nameOverride: a1p-cert-initializer
-  aafDeployFqi: deployer@people.osaaf.org
-  aafDeployPass: demo123456!
-  # aafDeployCredsExternalSecret: some secret
-  fqdn: a1p
-  fqi: a1p@a1p.onap.org
-  public_fqdn: a1p.onap.org
-  cadi_longitude: "0.0"
-  cadi_latitude: "0.0"
-  app_ns: org.osaaf.aaf
-  credsPath: /opt/app/osaaf/local
-  fqi_namespace: org.onap.a1p
-  aaf_add_config: |
-    echo "*** changing them into shell safe ones"
-    export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
-    export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
-    cd {{ .Values.credsPath }}
-    keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
-      -storepass "${cadi_keystore_password_p12}" \
-      -keystore {{ .Values.fqi_namespace }}.p12
-    keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
-      -storepass "${cadi_truststore_password}" \
-      -keystore {{ .Values.fqi_namespace }}.trust.jks
-    echo "*** save the generated passwords"
-    echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
-    echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
-    echo "*** change ownership of certificates to targeted user"
-    chown -R 1000 .
-
 image: onap/ccsdk-oran-a1policymanagementservice:1.3.2
 userID: 1000 #Should match with image-defined user ID
 groupID: 999 #Should match with image-defined group ID
@@ -72,21 +39,25 @@
 service:
   type: NodePort
   name: a1policymanagement
-  both_tls_and_plain: true
   ports:
     - name: api
-      port: 8433
-      plain_port: 8081
+      port: 8081
       port_protocol: http
       nodePort: '94'
 
+ingress:
+  enabled: false
+  service:
+    - baseaddr: 'a1policymanagement-api'
+      name: 'a1policymanagement'
+      port: 8081
+
 # SDNC Credentials are used here
 a1controller:
   user: admin
   password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
 
-sdncLink: https://sdnc.onap:8443
-sdncLinkHttp: http://sdnc.onap:8282
+sdncLink: http://sdnc.onap:8282
 # The information about A1-Mediator/RICs can be added here.
 # The A1 policy management service supports both STD & OSC versions.
 # Alternatively, the A1 simulator from ORAN-SC can also be used. It provides STD  & OSC versions for A1 termination.