[HOLMES] Remove AAF dependency and support SM

Delete AAF and certificate entries and change Holmes interfaces to HTTP
Add readiness checks for the postgres-init-job to avoid missing DB user

Issue-ID: OOM-3101

Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: Id15cfdbcd753d404ccae912dcd0d057f647917e7
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml
index 1aa4726..5160145 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml
@@ -27,7 +27,7 @@
   - name: repositoryGenerator
     version: ~12.x-0
     repository: '@local'
-  - name: certInitializer
+  - name: readinessCheck
     version: ~12.x-0
     repository: '@local'
   - name: serviceAccount
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/application.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/application.yaml
index f818dfd..34c4024 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/application.yaml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/application.yaml
@@ -2,11 +2,6 @@
   port: 9102
   servlet:
     context-path: /api/holmes-engine-mgmt/v1
-  ssl:
-    key-store: /opt/onap/conf/holmes.keystore
-    key-store-password: holmes
-    #PKCS12
-    key-store-type: JKS
 
 logging:
   config: classpath:logback-spring.xml
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml
index 9e62ccf..9a16390 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml
@@ -19,10 +19,8 @@
   applicationContextPath: /
   adminContextPath: /admin
   connector:
-    type: https
+    type: http
     port: 9102
-    keyStorePath: /opt/onap/conf/holmes.keystore
-    keyStorePassword: holmes
     validateCerts: false
     validatePeers: false
 
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml
index dd7bb45..9bf6f39 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml
@@ -33,7 +33,10 @@
   template:
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
-      initContainers: {{- include "common.certInitializer.initContainer" . | nindent 6 }}
+      initContainers:
+      {{- if not .Values.global.postgres.localCluster }}
+      {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
+      {{- end }}
       - name: {{ include "common.name" . }}-env-config
         image: {{ include "repositoryGenerator.image.envsubst" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -64,7 +67,7 @@
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         resources: {{ include "common.resources" . | nindent 10 }}
         ports: {{ include "common.containerPorts" . | nindent 10  }}
-        volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 8 }}
+        volumeMounts:
         - name: {{ include "common.fullname" . }}-env-config
           mountPath: /opt/hemconfig
         - name: {{ include "common.fullname" . }}-config
@@ -119,7 +122,7 @@
         - name: DB_PORT
           value: "{{ .Values.config.pgConfig.dbPort }}"
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
-      volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+      volumes:
       - name: {{ include "common.fullname" . }}-config
         configMap:
           defaultMode: 422
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
index ce3035e..d2ad0d4 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
@@ -20,9 +20,11 @@
 #################################################################
 global:
   nodePortPrefixExt: 302
-  msbProtocol: https
+  msbProtocol: http
   msbServiceName: msb-iag
-  msbPort: 443
+  msbPort: 80
+  postgres:
+    localCluster: false
 
 #################################################################
 # Application configuration defaults.
@@ -32,39 +34,6 @@
 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
 
 #################################################################
-# AAF part
-#################################################################
-certInitializer:
-  nameOverride: holmes-engine-mgmt-cert-initializer
-  aafDeployFqi: deployer@people.osaaf.org
-  aafDeployPass: demo123456!
-  # aafDeployCredsExternalSecret: some secret
-  fqdn: holmes-engine-mgmt
-  fqi: holmes-engine-mgmt@holmes-engine-mgmt.onap.org
-  fqi_namespace: org.onap.holmes-engine-mgmt
-  public_fqdn: holmes-engine-mgmt.onap.org
-  cadi_longitude: "0.0"
-  cadi_latitude: "0.0"
-  app_ns: org.osaaf.aaf
-  credsPath: /opt/app/osaaf/local
-  aaf_add_config: |
-    echo "*** changing them into shell safe ones"
-    export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
-    export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
-    cd {{ .Values.credsPath }}
-    keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
-      -storepass "${cadi_keystore_password_p12}" \
-      -keystore {{ .Values.fqi_namespace }}.p12
-    keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
-      -storepass "${cadi_truststore_password}" \
-      -keystore {{ .Values.fqi_namespace }}.trust.jks
-    echo "*** save the generated passwords"
-    echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
-    echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
-    echo "*** change ownership of certificates to targeted user"
-    chown -R 1000 .
-
-#################################################################
 # Secrets metaconfig
 #################################################################
 secrets:
@@ -95,7 +64,7 @@
   type: ClusterIP
   name: holmes-engine-mgmt
   ports:
-  - name: https-rest
+  - name: http-rest
     port: &svc_port 9102
 
 # probe configuration parameters
@@ -103,7 +72,7 @@
   initialDelaySeconds: 10
   periodSeconds: 10
   path: /api/holmes-engine-mgmt/v1/healthcheck
-  scheme: HTTPS
+  scheme: HTTP
   port: *svc_port
   enabled: true
 
@@ -111,7 +80,7 @@
   initialDelaySeconds: 30
   periodSeconds: 30
   path: /api/holmes-engine-mgmt/v1/healthcheck
-  scheme: HTTPS
+  scheme: HTTP
   port: *svc_port
 
 # Segregation for Different environment (Small and Large)
@@ -132,6 +101,11 @@
       memory: 1Gi
   unlimited: {}
 
+readinessCheck:
+  wait_for:
+    jobs:
+      - '{{ include "common.release" . }}-holmes-postgres-init-config-job'
+
 #Pods Service Account
 serviceAccount:
   nameOverride: holmes-engine-mgmt
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml
index 628f5c6..09b2490 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml
@@ -27,7 +27,7 @@
   - name: repositoryGenerator
     version: ~12.x-0
     repository: '@local'
-  - name: certInitializer
+  - name: readinessCheck
     version: ~12.x-0
     repository: '@local'
   - name: serviceAccount
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/application.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/application.yaml
index 18cf3b4..2ff0fa6 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/application.yaml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/application.yaml
@@ -2,11 +2,6 @@
   port: 9101
   servlet:
     context-path: /api/holmes-rule-mgmt/v1
-  ssl:
-    key-store: /opt/onap/conf/holmes.keystore
-    key-store-password: holmes
-    #PKCS12
-    key-store-type: JKS
 
 logging:
   config: classpath:logback-spring.xml
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml
index 89269de..3b72188 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml
@@ -13,10 +13,8 @@
   applicationContextPath: /
   adminContextPath: /admin
   connector:
-    type: https
+    type: http
     port: 9101
-    keyStorePath: /opt/onap/conf/holmes.keystore
-    keyStorePassword: holmes
     validateCerts: false
     validatePeers: false
 
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml
index 21a9656..8b0cd84 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml
@@ -32,7 +32,10 @@
   template:
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
-      initContainers: {{- include "common.certInitializer.initContainer" . | nindent 6 }}
+      initContainers:
+      {{- if not .Values.global.postgres.localCluster }}
+      {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
+      {{- end }}
       - name: {{ include "common.name" . }}-env-config
         image: {{ include "repositoryGenerator.image.envsubst" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -62,7 +65,7 @@
         image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         ports: {{ include "common.containerPorts" . | nindent 8  }}
-        volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 8 }}
+        volumeMounts:
         - name: {{ include "common.fullname" . }}-env-config
           mountPath: /opt/hrmconfig
         - name: {{ include "common.fullname" . }}-rule-config
@@ -117,7 +120,7 @@
         - name: DB_PORT
           value: "{{ .Values.config.pgConfig.dbPort }}"
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
-      volumes:  {{ include "common.certInitializer.volumes" . | nindent 6 }}
+      volumes:
       - name: {{ include "common.fullname" . }}-general-config
         configMap:
           defaultMode: 422
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
index bd84c24..0a25527 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
@@ -20,9 +20,11 @@
 #################################################################
 global:
   nodePortPrefixExt: 302
-  msbProtocol: https
+  msbProtocol: http
   msbServiceName: msb-iag
-  msbPort: 443
+  msbPort: 80
+  postgres:
+    localCluster: false
 
 #################################################################
 # Application configuration defaults.
@@ -32,39 +34,6 @@
 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
 
 #################################################################
-# AAF part
-#################################################################
-certInitializer:
-  nameOverride: holmes-rule-mgmt-cert-initializer
-  aafDeployFqi: deployer@people.osaaf.org
-  aafDeployPass: demo123456!
-  # aafDeployCredsExternalSecret: some secret
-  fqdn: holmes-rule-mgmt
-  fqi: holmes-rule-mgmt@holmes-rule-mgmt.onap.org
-  fqi_namespace: org.onap.holmes-rule-mgmt
-  public_fqdn: holmes-rule-mgmt.onap.org
-  cadi_longitude: "0.0"
-  cadi_latitude: "0.0"
-  app_ns: org.osaaf.aaf
-  credsPath: /opt/app/osaaf/local
-  aaf_add_config: |
-    echo "*** changing them into shell safe ones"
-    export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
-    export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
-    cd {{ .Values.credsPath }}
-    keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
-      -storepass "${cadi_keystore_password_p12}" \
-      -keystore {{ .Values.fqi_namespace }}.p12
-    keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
-      -storepass "${cadi_truststore_password}" \
-      -keystore {{ .Values.fqi_namespace }}.trust.jks
-    echo "*** save the generated passwords"
-    echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
-    echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
-    echo "*** change ownership of certificates to targeted user"
-    chown -R 1000 .
-
-#################################################################
 # Secrets metaconfig
 #################################################################
 secrets:
@@ -95,10 +64,10 @@
   type: NodePort
   name: holmes-rule-mgmt
   ports:
-  - name: https-rest
+  - name: http-rest
     port: &svc_port 9101
     nodePort: 92
-  - name: https-ui
+  - name: http-ui
     port: 9104
     nodePort: 93
 
@@ -109,14 +78,14 @@
   periodSeconds: 10
   path: /api/holmes-rule-mgmt/v1/healthcheck
   enabled: true
-  scheme: HTTPS
+  scheme: HTTP
 
 readiness:
   initialDelaySeconds: 30
   port: *svc_port
   periodSeconds: 30
   path: /api/holmes-rule-mgmt/v1/healthcheck
-  scheme: HTTPS
+  scheme: HTTP
 
 # Segregation for Different environment (Small and Large)
 resources:
@@ -136,6 +105,11 @@
       memory: 512Mi
   unlimited: {}
 
+readinessCheck:
+  wait_for:
+    jobs:
+      - '{{ include "common.release" . }}-holmes-postgres-init-config-job'
+
 #Pods Service Account
 serviceAccount:
   nameOverride: holmes-rule-mgmt