Merge "[CCSDK] Make a1policymanagement react on ConfigMap updates"
diff --git a/kubernetes/a1policymanagement/resources/envsubst/daemon.sh b/kubernetes/a1policymanagement/resources/envsubst/daemon.sh
new file mode 100644
index 0000000..6d239f1
--- /dev/null
+++ b/kubernetes/a1policymanagement/resources/envsubst/daemon.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+terminate() {
+  echo "$(date) | INFO | Terminating child processes"
+  pids="$(jobs -p)"
+  if [ "$pids" != "" ]; then
+    kill -TERM $pids >/dev/null 2>/dev/null
+  fi
+  wait
+}
+
+trap terminate TERM
+echo "$(date) | INFO | Started monitoring /config-input/ directory"
+inotifyd /tmp/scripts/update_files /config-input/ &
+wait
diff --git a/kubernetes/a1policymanagement/resources/envsubst/update_files b/kubernetes/a1policymanagement/resources/envsubst/update_files
new file mode 100644
index 0000000..754bb55
--- /dev/null
+++ b/kubernetes/a1policymanagement/resources/envsubst/update_files
@@ -0,0 +1,27 @@
+#!/bin/sh
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+if [ "$1" == "y" ] && [ "$3" == "..data" ]; then
+  echo "$(date) | INFO | Configmap has been reloaded"
+  cd /config-input
+  for file in $(ls -1); do
+    if [ "$file" -nt "/config/$file" ]; then
+      echo "$(date) | INFO | Templating /config/$file"
+      envsubst <$file >/config/$file
+    fi
+  done
+fi
diff --git a/kubernetes/a1policymanagement/templates/deployment.yaml b/kubernetes/a1policymanagement/templates/deployment.yaml
index 6987bd4..1a2866b 100644
--- a/kubernetes/a1policymanagement/templates/deployment.yaml
+++ b/kubernetes/a1policymanagement/templates/deployment.yaml
@@ -1,6 +1,7 @@
 {{/*
 ################################################################################
 #   Copyright (c) 2020 Nordix Foundation.                                      #
+#   Copyright © 2020 Samsung Electronics, Modifications                        #
 #                                                                              #
 #   Licensed under the Apache License, Version 2.0 (the "License");            #
 #   you may not use this file except in compliance with the License.           #
@@ -27,14 +28,14 @@
       labels: {{- include "common.labels" . | nindent 8 }}
     spec:
       initContainers:
-      - name: {{ include "common.name" . }}-update-config
+      - name: {{ include "common.name" . }}-bootstrap-config
         image: "{{ .Values.global.envsubstImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
         - sh
         args:
         - -c
-        - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+        - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; chmod o+w /config/${PFILE}; done"
         env:
         - name: A1CONTROLLER_USER
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }}
@@ -46,6 +47,29 @@
         - mountPath: /config
           name: config
       containers:
+      - name: {{ include "common.name" . }}-update-config
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        securityContext:
+          runAsGroup: {{ .Values.groupID }}
+          runAsUser: {{ .Values.userID }}
+          runAsNonRoot: true
+        command:
+        - sh
+        args:
+        - /tmp/scripts/daemon.sh
+        env:
+        - name: A1CONTROLLER_USER
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }}
+        - name: A1CONTROLLER_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }}
+        volumeMounts:
+        - mountPath: /tmp/scripts
+          name: {{ include "common.fullname" . }}-envsubst-scripts
+        - mountPath: /config-input
+          name: {{ include "common.fullname" . }}-policy-conf-input
+        - mountPath: /config
+          name: config
       - name: {{ include "common.name" . }}
         image: {{ include "common.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -70,6 +94,10 @@
         - name: {{ include "common.fullname" . }}-policy-conf-input
           configMap:
             name: {{ include "common.fullname" . }}-policy-conf
+            defaultMode: 0555
+        - name: {{ include "common.fullname" . }}-envsubst-scripts
+          configMap:
+            name: {{ include "common.fullname" . }}-envsubst-scripts
         - name: config
           emptyDir:
             medium: Memory
diff --git a/kubernetes/a1policymanagement/templates/envsubst-configmap.yaml b/kubernetes/a1policymanagement/templates/envsubst-configmap.yaml
new file mode 100644
index 0000000..9944963
--- /dev/null
+++ b/kubernetes/a1policymanagement/templates/envsubst-configmap.yaml
@@ -0,0 +1,23 @@
+{{/*
+################################################################################
+#   Copyright © 2020 Samsung Electronics                                       #
+#                                                                              #
+#   Licensed under the Apache License, Version 2.0 (the "License");            #
+#   you may not use this file except in compliance with the License.           #
+#   You may obtain a copy of the License at                                    #
+#                                                                              #
+#       http://www.apache.org/licenses/LICENSE-2.0                             #
+#                                                                              #
+#   Unless required by applicable law or agreed to in writing, software        #
+#   distributed under the License is distributed on an "AS IS" BASIS,          #
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+#   See the License for the specific language governing permissions and        #
+#   limitations under the License.                                             #
+################################################################################
+*/}}
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+  name: {{ include "common.fullname" . }}-envsubst-scripts
+data:
+{{ tpl (.Files.Glob "resources/envsubst/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml
index 21a86a0..2f45e41 100644
--- a/kubernetes/a1policymanagement/values.yaml
+++ b/kubernetes/a1policymanagement/values.yaml
@@ -1,5 +1,6 @@
 ################################################################################
 #   Copyright (c) 2020 Nordix Foundation.                                      #
+#   Copyright © 2020 Samsung Electronics, Modifications                        #
 #                                                                              #
 #   Licensed under the Apache License, Version 2.0 (the "License");            #
 #   you may not use this file except in compliance with the License.           #
@@ -19,7 +20,7 @@
 
 global:
   nodePortPrefix: 300
-  envsubstImage: dibi/envsubst
+  envsubstImage: dibi/envsubst:1
 
 secrets:
   - uid: controller-secret
@@ -31,6 +32,8 @@
 
 repository: nexus3.onap.org:10001
 image: onap/ccsdk-oran-a1policymanagementservice:1.0.1
+userID: 1000 #Should match with image-defined user ID
+groupID: 999 #Should match with image-defined group ID
 pullPolicy: IfNotPresent
 replicaCount: 1