Merge "[AAI] Use CertInitializer for AAI Proxy"
diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
index 84d3df3..09e9607 100644
--- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
@@ -1234,6 +1234,8 @@
           value: {{ .Values.global.config.userId | quote }}
         - name: LOCAL_GROUP_ID
           value: {{ .Values.global.config.groupId | quote }}
+        - name: POST_JAVA_OPTS
+          value: '-Djavax.net.ssl.trustStore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword=changeit'
         volumeMounts:
         - mountPath: /etc/localtime
           name: localtime
diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml
index 19b87b1..b6ee064 100644
--- a/kubernetes/common/cmpv2Config/values.yaml
+++ b/kubernetes/common/cmpv2Config/values.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2020 Nokia
+# Copyright © 2020-2021 Nokia
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,7 +14,7 @@
 global:
   platform:
     certServiceClient:
-      image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.2
+      image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
       secretName: oom-cert-service-client-tls-secret
       envVariables:
         # Certificate related
@@ -29,5 +29,5 @@
         keystorePassword: "secret"
         truststorePassword: "secret"
     certPostProcessor:
-      image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.2
+      image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3
 
diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml
index f5592bd..e39b8c4 100644
--- a/kubernetes/common/etcd/templates/statefulset.yaml
+++ b/kubernetes/common/etcd/templates/statefulset.yaml
@@ -133,6 +133,10 @@
             # we should wait for other pods to be up before trying to join
             # otherwise we got "no such host" errors when trying to resolve other members
             for i in $(seq 0 $((${INITIAL_CLUSTER_SIZE} - 1))); do
+                if [ "${SET_NAME}-${i}" == "${HOSTNAME}" ]; then
+                    echo "Skipping self-checking"
+                    continue
+                fi
                 while true; do
                     echo "Waiting for ${SET_NAME}-${i}.${SERVICE_NAME} to come up"
                     ping -W 1 -c 1 ${SET_NAME}-${i}.${SERVICE_NAME} > /dev/null && break
diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml
index 7d6fabe..5596756 100644
--- a/kubernetes/common/repositoryGenerator/values.yaml
+++ b/kubernetes/common/repositoryGenerator/values.yaml
@@ -23,7 +23,7 @@
   # common global images
   busyboxImage: busybox:1.32
   curlImage: curlimages/curl:7.69.1
-  certServiceClientImage: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.2
+  certServiceClientImage: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
   envsubstImage: dibi/envsubst:1
   # there's only latest image for htpasswd
   htpasswdImage: xmartlabs/htpasswd:latest
diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml
index 13ea930..a9c0029 100644
--- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml
@@ -92,7 +92,7 @@
       mountInitPath: dcaemod
 
 # application image
-image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.3
+image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.4
 
 # Resource Limit flavor -By Default using small
 flavor: small
diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
index b9f8943..03b5c83 100644
--- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
@@ -69,7 +69,7 @@
   # Should have a proper readiness endpoint or script
 
 # application image
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.2.0
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.2.1
 
 # Resource Limit flavor -By Default using small
 flavor: small
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
index f653a02..40a4d7d 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
@@ -87,7 +87,7 @@
         {{- end -}}
         {{- if .Values.affinity }}
         affinity: {{ toYaml .Values.affinity | nindent 10 }}
-        {{- end -}}
+        {{- end }}
         # Filebeat sidecar container
         - name: {{ include "common.name" . }}-filebeat-onap
           image: {{ include "repositoryGenerator.image.logging" . }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
index a43073e..5c94116 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
@@ -105,7 +105,7 @@
         {{- if .Values.affinity }}
         affinity:
 {{ toYaml .Values.affinity | indent 10 }}
-        {{- end -}}
+        {{- end }}
       # Filebeat sidecar container
         - name: {{ include "common.name" . }}-filebeat-onap
           image: {{ include "repositoryGenerator.image.logging" . }}
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 0489450..b401d66 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -202,7 +202,7 @@
   CMPv2CertManagerIntegration: false
   platform:
     certServiceClient:
-      image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.2
+      image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
       secret:
         name: oom-cert-service-client-tls-secret
         mountPath: /etc/onap/oom/certservice/certs/
diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml
index 8f31124..537b025 100644
--- a/kubernetes/platform/components/oom-cert-service/values.yaml
+++ b/kubernetes/platform/components/oom-cert-service/values.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2020, Nokia
+# Copyright © 2020-2021, Nokia
 # Modifications Copyright  © 2020, Nordix Foundation, Orange
 # Modifications Copyright © 2020 Nokia
 #
@@ -38,7 +38,7 @@
 
 # Deployment configuration
 repository: "nexus3.onap.org:10001"
-image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.2
+image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.3
 pullPolicy: Always
 replicaCount: 1
 
diff --git a/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties b/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties
index a21ac04..57a16bd 100644
--- a/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties
+++ b/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties
@@ -12,6 +12,13 @@
 faultConsumerClass=org.onap.ccsdk.features.sdnr.wt.mountpointregistrar.impl.DMaaPFaultVESMsgConsumer
 TransportType=HTTPNOAUTH
 host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}}
+{{- if .Values.config.sdnr.dmaapProxy.enabled }}
+{{- if .Values.config.sdnr.dmaapProxy.usepwd }}
+jersey.config.client.proxy.username=${DMAAP_HTTP_PROXY_USERNAME}
+jersey.config.client.proxy.password=${DMAAP_HTTP_PROXY_PASSWORD}
+{{- end }}
+jersey.config.client.proxy.uri={{ .Values.config.sdnr.dmaapProxy.url }}
+{{- end }}
 topic=unauthenticated.SEC_FAULT_OUTPUT
 contenttype=application/json
 group=myG
@@ -23,6 +30,13 @@
 pnfRegConsumerClass=org.onap.ccsdk.features.sdnr.wt.mountpointregistrar.impl.DMaaPPNFRegVESMsgConsumer
 TransportType=HTTPNOAUTH
 host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}}
+{{- if .Values.config.sdnr.dmaapProxy.enabled }}
+{{- if .Values.config.sdnr.dmaapProxy.usepwd }}
+jersey.config.client.proxy.username=${DMAAP_HTTP_PROXY_USERNAME}
+jersey.config.client.proxy.password=${DMAAP_HTTP_PROXY_PASSWORD}
+{{- end }}
+jersey.config.client.proxy.uri={{ .Values.config.sdnr.dmaapProxy.url }}
+{{- end }}
 topic=unauthenticated.VES_PNFREG_OUTPUT
 contenttype=application/json
 group=myG
diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index b668fd8..2158fef 100644
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -67,6 +67,13 @@
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
         - name: ODL_ADMIN_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
+        {{ if and .Values.config.sdnr.dmaapProxy.enabled  .Values.config.sdnr.dmaapProxy.usepwd }}
+        - name: DMAAP_HTTP_PROXY_USERNAME
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-proxy-creds" "key" "login") | indent 10 }}
+        - name: DMAAP_HTTP_PROXY_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-proxy-creds" "key" "password") | indent 10 }}
+        {{- end }}
+
 
         volumeMounts:
         - mountPath: /config-input
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index 4354fe4..c02d559 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -73,6 +73,14 @@
     password: '{{ .Values.config.odlPassword }}'
     # For now this is left hardcoded but should be revisited in a future
     passwordPolicy: required
+  - uid: dmaap-proxy-creds
+    name: &dmaapProxyCredsSecretName '{{ include "common.release" . }}-sdnc-dmaap-proxy-creds'
+    type: basicAuth
+    externalSecret: '{{ .Values.config.dmaapProxyCredsExternalSecret }}'
+    login: '{{ .Values.config.sdnr.dmaapProxy.user }}'
+    password: '{{ .Values.config.sdnr.dmaapProxy.password }}'
+    # For now this is left hardcoded but should be revisited in a future
+    passwordPolicy: required
   - uid: netbox-apikey
     type: password
     externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}'
@@ -227,6 +235,15 @@
     sdnrdbTrustAllCerts: true
     mountpointRegistrarEnabled: false
     mountpointStateProviderEnabled: false
+    # enable and set dmaap-proxy for mountpointRegistrar
+    dmaapProxy:
+      enabled: false
+      usepwd: true
+      user: addUserHere
+      password: addPasswordHere
+      url: addProxyUrlHere
+
+