[DCAEGEN2] Deploy DCAE microservices via Helm

Deploy DCAE microservices using Helm instead of having
the DCAE bootstrap container deploy them using Cloudify.

Charts for the microservices are found under
oom/kubernetes/dcaegen2-services.

Issue-ID: DCAEGEN2-2615
Issue-ID: DCAEGEN2-2617
Signed-off-by: Jack Lucas <jflos@sonoris.net>
Change-Id: I22d88987ae8e21b3c08f31f13ffda98967d13297
[Use common secret template for secrets]
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl
new file mode 100644
index 0000000..46f52b8
--- /dev/null
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl
@@ -0,0 +1,65 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2019 AT&T
+# Copyright (c) 2021 J. F. Lucas.  All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/*
+dcaegen2-services-common.configMap:
+This template produces Kubernetes configMap(s) needed by a
+DCAE microservice.
+
+The template expects the full chart context as input.  A chart for a
+DCAE microservice references this template using:
+{{ include "dcaegen2-services-common.configMap" . }}
+The template directly references data in .Values, and indirectly (through its
+use of templates from the ONAP "common" collection) references data in
+.Release.
+
+The template always produces a configMap containing the microservice's
+initial configuration data.  This configMap is used by an initContainer
+that loads the configuration into Consul.  (See the documentation for
+dcaegen2-services-common.microserviceDeployment for more details.)
+
+If the microservice is using a logging sidecar (again, see the documentation
+for dcaegen2-services-common.microserviceDeployment for more details), the
+template generates an additiona configMap that supplies configuration
+information for the logging sidecar.
+*/}}
+
+{{- define "dcaegen2-services-common.configMap" -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+    name: {{ include "common.fullname" . }}-application-config-configmap
+    namespace: {{ include "common.namespace" . }}
+    labels: {{ include "common.labels" . | nindent 6 }}
+data:
+  application_config.yaml: |
+{{ .Values.applicationConfig | toYaml | indent 4 }}
+
+{{- if .Values.logDirectory }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-filebeat-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels: {{ include "common.labels" . | nindent 6 }}
+data:
+  filebeat.yml: |-
+{{ include "dcaegen2-services-common.filebeatConfiguration" . | indent 4 }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
new file mode 100644
index 0000000..c03be83
--- /dev/null
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
@@ -0,0 +1,239 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{/*
+dcaegen2-services-common.microserviceDeployment:
+This template produces a Kubernetes Deployment for a DCAE microservice.
+
+All DCAE microservices currently use very similar Deployments.  Having a
+common template eliminates a lot of repetition in the individual charts
+for each microservice.
+
+The template expects the full chart context as input.  A chart for a
+DCAE microservice references this template using:
+{{ include "dcaegen2-services-common.microserviceDeployment" . }}
+The template directly references data in .Values, and indirectly (through its
+use of templates from the ONAP "common" collection) references data in
+.Release.
+
+The exact content of the Deployment generated from this template
+depends on the content of .Values.
+
+The Deployment always includes a single Pod, with a container that uses
+the DCAE microservice image.
+
+The Deployment Pod may also include a logging sidecar container.
+The sidecar is included if .Values.logDirectory is set.  The
+logging sidecar and the DCAE microservice container share a
+volume where the microservice logs are written.
+
+The Deployment includes an initContainer that pushes the
+microservice's initial configuration (from .Values.applicationConfig)
+into Consul.  All DCAE microservices retrieve their initial
+configurations by making an API call to a DCAE platform component called
+the  config-binding-service.  The config-binding-service currently
+retrieves configuration information from Consul.
+
+The Deployment also includes an initContainer that checks for the
+readiness of other components that the microservice relies on.
+This container is generated by the "common.readinessCheck.waitfor"
+template.
+
+If the microservice acts as a TLS client or server, the Deployment will
+include an initContainer that retrieves certificate information from
+the AAF certificate manager.  The information is mounted at the
+mount point specified in .Values.certDirectory.  If the microservice is
+a TLS server (indicated by setting .Values.tlsServer to true), the
+certificate information will include a server cert and key, in various
+formats.  It will also include the AAF CA cert.   If the microservice is
+a TLS client only (indicated by setting .Values.tlsServer to false), the
+certificate information includes only the AAF CA cert.
+*/}}
+
+{{- define "dcaegen2-services-common.microserviceDeployment" -}}
+{{- $logDir :=  default "" .Values.logDirectory -}}
+{{- $certDir := default "" .Values.certDirectory . -}}
+{{- $tlsServer := default "" .Values.tlsServer -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+  replicas: 1
+  selector: {{- include "common.selectors" . | nindent 4 }}
+  template:
+    metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+    spec:
+      initContainers:
+      - command:
+        - sh
+        args:
+        - -c
+        - |
+        {{- range $var := .Values.customEnvVars }}
+          export {{ $var.name }}="{{ $var.value }}";
+        {{- end }}
+          cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done
+        env:
+        {{- range $cred := .Values.credentials }}
+        - name: {{ $cred.name }}
+          {{- include "common.secret.envFromSecretFast" (dict "global" $ "uid" $cred.uid "key" $cred.key) | indent 10 }}
+        {{- end }}
+        volumeMounts:
+        - mountPath: /config-input
+          name: app-config-input
+        - mountPath: /config
+          name: app-config
+        image: {{ include "repositoryGenerator.image.envsubst" . }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ include "common.name" . }}-update-config
+
+      {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
+      - name: init-consul
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.consulLoaderImage }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        args:
+        - --key-yaml
+        - "{{ include "common.name" . }}|/app-config/application_config.yaml"
+        resources: {{ include "common.resources" . | nindent 2 }}
+        volumeMounts:
+          - mountPath: /app-config
+            name: app-config
+      {{- if $certDir }}
+      - name: init-tls
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.tlsImage }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        env:
+        - name: TLS_SERVER
+          value: {{ $tlsServer | quote }}
+        - name: POD_IP
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: status.podIP
+        resources: {{ include "common.resources" . | nindent 2 }}
+        volumeMounts:
+        - mountPath: /opt/app/osaaf
+          name: tls-info
+      {{- end }}
+      containers:
+      - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ include "common.name" . }}
+        env:
+        {{- if $certDir }}
+        - name: DCAE_CA_CERTPATH
+          value: {{ $certDir}}/cacert.pem
+        {{- end }}
+        - name: CONSUL_HOST
+          value: consul-server.onap
+        - name: CONFIG_BINDING_SERVICE
+          value: config-binding-service
+        - name: CBS_CONFIG_URL
+          value: https://config-binding-service:10443/service_component_all/{{ include "common.name" . }}
+        - name: POD_IP
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: status.podIP
+        {{- if .Values.applicationEnv }}
+        {{- range $envName, $envValue := .Values.applicationEnv }}
+        - name: {{ $envName }}
+          value: {{ $envValue | quote }}
+        {{- end }}
+        {{- end }}
+        {{- if .Values.service }}
+        ports: {{ include "common.containerPorts" . | nindent 10 }}
+        {{- end }}
+        {{- if .Values.readiness }}
+        readinessProbe:
+          initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds | default 5 }}
+          periodSeconds: {{ .Values.readiness.periodSeconds | default 15 }}
+          timeoutSeconds: {{ .Values.readiness.timeoutSeconds | default 1 }}
+          {{- $probeType := .Values.readiness.type | default "httpGet" -}}
+          {{- if eq $probeType "httpGet" }}
+          httpGet:
+            scheme: {{ .Values.readiness.scheme }}
+            path: {{ .Values.readiness.path }}
+            port: {{ .Values.readiness.port }}
+          {{- end }}
+          {{- if eq $probeType "exec" }}
+          exec:
+            command:
+            {{- range $cmd := .Values.readiness.command }}
+            - {{ $cmd }}
+            {{- end }}
+          {{- end }}
+        {{- end }}
+        resources: {{ include "common.resources" . | nindent 2 }}
+        {{- if or $logDir $certDir  }}
+        volumeMounts:
+        {{- if $logDir }}
+        - mountPath: {{ $logDir}}
+          name: component-log
+        {{- end }}
+        {{- if $certDir }}
+        - mountPath: {{ $certDir }}
+          name: tls-info
+        {{- end }}
+        {{- end }}
+      {{- if $logDir }}
+      - image: {{ include "repositoryGenerator.image.logging" . }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: filebeat
+        env:
+        - name: POD_IP
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: status.podIP
+        resources: {{ include "common.resources" . | nindent 2 }}
+        volumeMounts:
+        - mountPath: /var/log/onap/{{ include "common.name" . }}
+          name: component-log
+        - mountPath: /usr/share/filebeat/data
+          name: filebeat-data
+        - mountPath: /usr/share/filebeat/filebeat.yml
+          name: filebeat-conf
+          subPath: filebeat.yml
+      {{- end }}
+      hostname: {{ include "common.name" . }}
+      volumes:
+      - configMap:
+          defaultMode: 420
+          name: {{ include "common.fullname" . }}-application-config-configmap
+        name: app-config-input
+      - emptyDir:
+          medium: Memory
+        name: app-config
+      {{- if $logDir }}
+      - emptyDir: {}
+        name: component-log
+      - emptyDir: {}
+        name: filebeat-data
+      - configMap:
+          defaultMode: 420
+          name: {{ include "common.fullname" . }}-filebeat-configmap
+        name: filebeat-conf
+      {{- end }}
+      {{- if $certDir }}
+      - emptyDir: {}
+        name: tls-info
+      {{- end }}
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ end -}}
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_filebeat-config.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_filebeat-config.tpl
new file mode 100644
index 0000000..a402517
--- /dev/null
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_filebeat-config.tpl
@@ -0,0 +1,86 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Copyright (c) 2021 J. F. Lucas.  All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{/*
+dcaegen2-services-common.filebeatConfiguration:
+This template generates configuration data for filebeat (log file aggregation).
+
+The template is used to create a configMap mounted by a filebeat sidecar pod
+running alongside a DCAE microservice pod.
+
+See dcaegen2-services-common.configMap for more information.
+*/}}
+{{- define "dcaegen2-services-common.filebeatConfiguration" -}}
+filebeat.prospectors:
+#it is mandatory, in our case it's log
+- input_type: log
+  #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
+  paths:
+    - /var/log/onap/*/*/*/*.log
+    - /var/log/onap/*/*/*.log
+    - /var/log/onap/*/*.log
+  #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
+  ignore_older: 48h
+  # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
+  clean_inactive: 96h
+
+
+# Name of the registry file. If a relative path is used, it is considered relative to the
+# data path. Else full qualified file name.
+#filebeat.registry_file: ${path.data}/registry
+
+
+output.logstash:
+  #List of logstash server ip addresses with port number.
+  #But, in our case, this will be the loadbalancer IP address.
+  #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
+  hosts: ["{{.Values.filebeatConfig.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.filebeatConfig.logstashPort}}"]
+  #If enable will do load balancing among availabe Logstash, automatically.
+  loadbalance: true
+
+  #The list of root certificates for server verifications.
+  #If certificate_authorities is empty or not set, the trusted
+  #certificate authorities of the host system are used.
+  #ssl.certificate_authorities: $ssl.certificate_authorities
+
+  #The path to the certificate for SSL client authentication. If the certificate is not specified,
+  #client authentication is not available.
+  #ssl.certificate: $ssl.certificate
+
+  #The client certificate key used for client authentication.
+  #ssl.key: $ssl.key
+
+  #The passphrase used to decrypt an encrypted key stored in the configured key file
+  #ssl.key_passphrase: $ssl.key_passphrase
+
+logging:
+  level: debug
+
+  # enable file rotation with default configuration
+  to_files: true
+
+  # do not log to syslog
+  to_syslog: false
+
+  files:
+    path: /usr/share/filebeat/logs
+    name: mybeat.log
+    keepfiles: 7
+{{- end -}}
\ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_job.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_job.tpl
new file mode 100644
index 0000000..6d52b2a
--- /dev/null
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_job.tpl
@@ -0,0 +1,61 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{/*
+dcaegen2-services-common.consulDeleteJob:
+This template generates a Kubernetes Job that runs when a
+DCAE microservice is deleted.  The Job deletes the Consul
+entry that contains the microservice's configuration.
+
+The template expects the full chart context as input.  A chart for a
+DCAE microservice references this template using:
+{{ include "dcaegen2-services-common.consulDeleteJob" . }}
+The template directly references data in .Values, and indirectly (through its
+use of templates from the ONAP "common" collection) references data in
+.Release.
+
+The microservice configuration data is loaded into Consul by an
+initContainer that is part of the Kubernetes Deployment for the microservice.
+See the documentation for dcaegen2-services-common.microserviceDeployment
+for more information.
+*/}}
+{{- define "dcaegen2-services-common.consulDeleteJob" -}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "common.fullname" . }}-delete-config
+  namespace: {{ include "common.namespace" . }}
+  labels: {{ include "common.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-delete-policy": hook-succeeded,hook-failed
+spec:
+  template:
+    metadata:
+      name: {{ include "common.fullname" . }}-delete-config
+      labels: {{ include "common.labels" . | nindent 8 }}
+    spec:
+      restartPolicy: Never
+      containers:
+      - name: dcae-config-delete
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.consulLoaderImage }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        args:
+        - --delete-key
+        - {{ include "common.name" . }}
+{{ end -}}