[SDNC] Use common aaf template in sdnc

Instead of copy-pasting code around aaf_agent usage let's use a common
template that automates this.

Issue-ID: AAF-1134
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I66886290a1a13ca1c1d924b4d1128adc293b301c
diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml
index 3f44c6d..a283678 100644
--- a/kubernetes/sdnc/requirements.yaml
+++ b/kubernetes/sdnc/requirements.yaml
@@ -16,6 +16,9 @@
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
   - name: network-name-gen
     version: ~6.x-0
     repository: '@local'
diff --git a/kubernetes/sdnc/templates/configmap.yaml b/kubernetes/sdnc/templates/configmap.yaml
index cd39425..087ed30 100644
--- a/kubernetes/sdnc/templates/configmap.yaml
+++ b/kubernetes/sdnc/templates/configmap.yaml
@@ -78,16 +78,3 @@
     heritage: {{ .Release.Service }}
 data:
 {{ tpl (.Files.Get "resources/env.yaml") . | indent 2 }}
-
-{{ if .Values.global.aafEnabled }}
-{{- if .Values.aafConfig.addconfig -}}
----
-apiVersion: v1
-kind: ConfigMap
-{{- $suffix := "aaf-add-config" }}
-metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
-data:
-  aaf-add-config.sh: |-
-    cd /opt/app/osaaf/local && /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.aafConfig.credsPath }}/.pass 2>&1
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/sdnc/templates/pv-certs.yaml b/kubernetes/sdnc/templates/pv-certs.yaml
deleted file mode 100644
index 8aa9af4..0000000
--- a/kubernetes/sdnc/templates/pv-certs.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-{{/*
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# #       http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-
-{{ if .Values.certpersistence.enabled }}
----
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  name: {{ include "common.fullname" . }}-certs
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
-    release: "{{ include "common.release" . }}"
-    heritage: "{{ .Release.Service }}"
-    name: {{ include "common.fullname" . }}-certs
-spec:
-  capacity:
-    storage: {{ .Values.certpersistence.size }}
-  accessModes:
-    - {{ .Values.certpersistence.accessMode }}
-  storageClassName: "{{ include "common.fullname" . }}-certs"
-  persistentVolumeReclaimPolicy: {{ .Values.certpersistence.volumeReclaimPolicy }}
-  hostPath:
-    path: {{ .Values.global.persistence.mountPath | default .Values.certpersistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.certpersistence.mountSubPath }}
-{{ end }}
diff --git a/kubernetes/sdnc/templates/pvc.yaml b/kubernetes/sdnc/templates/pvc.yaml
deleted file mode 100644
index aed3d16..0000000
--- a/kubernetes/sdnc/templates/pvc.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-{{- if and .Values.certpersistence.enabled (not .Values.certpersistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: {{ include "common.fullname" .}}-certs
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-    release: "{{ include "common.release" . }}"
-    heritage: "{{ .Release.Service }}"
-    name: {{ include "common.fullname" . }}-certs
-{{- if .Values.certpersistence.annotations }}
-  annotations:
-{{ toYaml .Values.certpersistence.annotations | indent 4 }}
-{{- end }}
-spec:
-  accessModes:
-    - {{ .Values.certpersistence.accessMode }}
-  resources:
-    requests:
-      storage: {{ .Values.certpersistence.size }}
-{{- if eq "True" (include "common.needPV" .) }}
-  storageClassName: "{{ include "common.fullname" . }}-certs"
-{{- else }}
-  storageClassName: {{ include "common.storageClass" . }}
-  {{- end }}
-{{- end -}}
diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index 58ca866..6b2f662 100644
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -91,18 +91,16 @@
         image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
-      {{ if .Values.global.aafEnabled }}
-{{ include "common.aaf-config" . | indent 6 }}
-      {{ end }}
+
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+
       - name: {{ include "common.name" . }}-chown
         image: "busybox"
-        command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }} ; chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certpersistence.certPath }}"]
+        command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }} ; chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}"]
         volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
           - mountPath: {{ .Values.persistence.mdsalPath }}
             name: {{ include "common.fullname" . }}-data
-{{- if .Values.global.aafEnabled }}
-{{ include "common.aaf-config-volume-mountpath" . | indent 10 }}
-{{- end }}
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -151,9 +149,7 @@
           - name: JAVA_HOME
             value: "{{ .Values.config.javaHome}}"
           volumeMounts:
-          {{- if .Values.global.aafEnabled }}
-{{ include "common.aaf-config-volume-mountpath" . | indent 10 }}
-          {{- end }}
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
@@ -257,9 +253,7 @@
         - name: {{ include "common.fullname" . }}-data
           emptyDir: {}
   {{ else }}
-  {{- if .Values.global.aafEnabled }}
-{{ include "common.aaf-config-volumes" . | indent 8 }}
-  {{- end }}
+{{ include "common.certInitializer.volumes" . | nindent 8 }}
   volumeClaimTemplates:
   - metadata:
       name: {{ include "common.fullname" . }}-data
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index 96ea6e3..c8e9745 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -24,7 +24,6 @@
   readinessImage: readiness-check:2.0.2
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
-  aafAgentImage: onap/aaf/aaf_agent:2.1.15
   persistence:
     mountPath: /dockerdata-nfs
   aafEnabled: true
@@ -70,12 +69,6 @@
     password: '{{ .Values.config.odlPassword }}'
     # For now this is left hardcoded but should be revisited in a future
     passwordPolicy: required
-  - uid: &aaf_secret_uid aaf-creds
-    type: basicAuth
-    externalSecret: '{{ ternary (tpl (default "" .Values.aaf_init.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
-    login: '{{ .Values.aaf_init.deploy_fqi }}'
-    password: '{{ .Values.aaf_init.deploy_pass }}'
-    passwordPolicy: required
   - uid: netbox-apikey
     type: password
     externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}'
@@ -195,8 +188,8 @@
       numberGGLogFiles: 10
 
 # dependency / sub-chart configuration
-aafConfig:
-  addconfig: true
+certInitializer:
+  nameOverride: sdnc-cert-initializer
   fqdn: "sdnc"
   app_ns: "org.osaaf.aaf"
   fqi: "sdnc@sdnc.onap.org"
@@ -206,19 +199,10 @@
   aafDeployPass: demo123456!
   cadi_latitude: "38.0"
   cadi_longitude: "-72.0"
-  secret_uid: *aaf_secret_uid
   credsPath: /opt/app/osaaf/local
-
-aaf_init:
-  agentImage: onap/aaf/aaf_agent:2.1.15
-  app_ns: "org.osaaf.aaf"
-  fqi: "sdnc@sdnc.onap.org"
-  fqdn: "sdnc"
-  public_fqdn: "sdnc.onap.org"
-  deploy_fqi: "deployer@people.osaaf.org"
-  deploy_pass: "demo123456!"
-  cadi_latitude: "38.0"
-  cadi_longitude: "-72.0"
+  aaf_add_config: >
+    cd /opt/app/osaaf/local;
+    /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1
 
 mariadb-galera: &mariadbGalera
   nameOverride: sdnc-db
@@ -414,22 +398,6 @@
   mountSubPath: sdnc/mdsal
   mdsalPath: /opt/opendaylight/current/daexim
 
-certpersistence:
-  enabled: true
-
-  ## A manually managed Persistent Volume and Claim
-  ## Requires persistence.enabled: true
-  ## If defined, PVC must be created manually before volume will be bound
-  # existingClaim:
-
-  volumeReclaimPolicy: Retain
-  accessMode: ReadWriteOnce
-  size: 50Mi
-  mountPath: /dockerdata-nfs
-  mountSubPath: sdnc/certs
-  certPath: /opt/app/osaaf
-  ##storageClass: "manual"
-
 ingress:
   enabled: false
   service: