--- /dev/null
+diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml
+index 1c20977..4b47c63 100644
+--- a/kubernetes/appc/values.yaml
++++ b/kubernetes/appc/values.yaml
+@@ -29,7 +29,7 @@ global:
+ #################################################################
+ # application image
+ repository: nexus3.onap.org:10001
+-image: onap/appc-image:1.4.0-SNAPSHOT-latest
++image: onap/appc-image:1.3.0
+ pullPolicy: Always
+
+ # flag to enable debugging - application support required
+@@ -37,10 +37,7 @@ debugEnabled: false
+
+ # application configuration
+ config:
+- aafExtIP: 127.0.0.1
+- aafExtFQDN: aaf-onap-beijing-test.osaaf.org
+ dbRootPassword: openECOMP1.0
+- enableAAF: false
+ enableClustering: true
+ configDir: /opt/onap/appc/data/properties
+ dmaapTopic: SUCCESS
+diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml
+index 328e058..b359526 100644
+--- a/kubernetes/common/dgbuilder/templates/deployment.yaml
++++ b/kubernetes/common/dgbuilder/templates/deployment.yaml
+@@ -35,8 +35,14 @@ spec:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+- command: ["/bin/bash"]
+- args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && ./start.sh sdnc1.0 && wait"]
++ command:
++ - /bin/bash
++ - -c
++ - >
++ UPDATE_HOSTS_FILE >> /etc/hosts;
++ UPDATE_NPM_REGISTRY;
++ cd /opt/onap/ccsdk/dgbuilder/;
++ ./start.sh sdnc1.0 && wait
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ readinessProbe:
+@@ -94,3 +100,4 @@ spec:
+ defaultMode: 0755
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
++
+diff --git a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
+index acda520..8fa35f9 100644
+--- a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
++++ b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
+@@ -68,6 +68,8 @@ spec:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
++ - mountPath: /etc/pki/ca-trust/source/anchors
++ name: root-ca
+ securityContext:
+ privileged: True
+ lifecycle:
+@@ -80,6 +82,8 @@ spec:
+ set -ex
+ mkdir -p /var/run/secrets/kubernetes.io/
+ ln -s /secret /var/run/secrets/kubernetes.io/serviceaccount
++ echo -e '\nREQUESTS_CA_BUNDLE="/etc/ssl/certs/ca-bundle.crt"' >> /etc/sysconfig/cloudify-restservice
++ update-ca-trust extract
+ volumes:
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+@@ -93,5 +97,8 @@ spec:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
++ - name: root-ca
++ hostPath:
++ path: CERT_PATH
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+diff --git a/kubernetes/dmaap/charts/message-router/templates/deployment.yaml b/kubernetes/dmaap/charts/message-router/templates/deployment.yaml
+index 379fc24..4802f8b 100644
+--- a/kubernetes/dmaap/charts/message-router/templates/deployment.yaml
++++ b/kubernetes/dmaap/charts/message-router/templates/deployment.yaml
+@@ -48,6 +48,12 @@ spec:
+ name: {{ include "common.name" . }}-readiness
+ containers:
+ - name: {{ include "common.name" . }}
++ command:
++ - /bin/sh
++ - -c
++ - >
++ UPDATE_HOSTS_FILE >> /etc/hosts;
++ ./startup.sh
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
+index b8f15e1..fadb56e 100644
+--- a/kubernetes/onap/values.yaml
++++ b/kubernetes/onap/values.yaml
+@@ -39,7 +39,8 @@ global:
+ loggingRepository: docker.elastic.co
+
+ # image pull policy
+- pullPolicy: Always
++ #pullPolicy: Always
++ pullPolicy: IfNotPresent
+
+ # default mount path root directory referenced
+ # by persistent volumes and log files
+@@ -66,11 +67,11 @@ appc:
+ config:
+ openStackType: OpenStackProvider
+ openStackName: OpenStack
+- openStackKeyStoneUrl: http://localhost:8181/apidoc/explorer/index.html
+- openStackServiceTenantName: default
+- openStackDomain: default
+- openStackUserName: admin
+- openStackEncryptedPassword: admin
++ openStackKeyStoneUrl: FILL-ME
++ openStackServiceTenantName: FILL-ME
++ openStackDomain: FILL-ME
++ openStackUserName: FILL-ME
++ openStackEncryptedPassword: FILL-ME
+ clamp:
+ enabled: true
+ cli:
+@@ -97,8 +98,11 @@ nbi:
+ enabled: true
+ config:
+ # openstack configuration
+- openStackRegion: "Yolo"
+- openStackVNFTenantId: "1234"
++ openStackUserName: "FILL-ME"
++ openStackRegion: "FILL-ME"
++ openStackKeyStoneUrl: "FILL-ME"
++ openStackServiceTenantName: "FILL-ME"
++ openStackEncryptedPasswordHere: "FILL-ME"
+ policy:
+ enabled: true
+ portal:
+@@ -112,7 +116,11 @@ sdnc:
+
+ replicaCount: 1
+
++ config:
++ enableClustering: false
++
+ mysql:
++ disableNfsProvisioner: true
+ replicaCount: 1
+ so:
+ enabled: true
+@@ -129,11 +137,11 @@ so:
+ # message router configuration
+ dmaapTopic: "AUTO"
+ # openstack configuration
+- openStackUserName: "vnf_user"
+- openStackRegion: "RegionOne"
+- openStackKeyStoneUrl: "http://1.2.3.4:5000"
+- openStackServiceTenantName: "service"
+- openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
++ openStackUserName: "FILL-ME"
++ openStackRegion: "FILL-ME"
++ openStackKeyStoneUrl: "FILL-ME"
++ openStackServiceTenantName: "FILL-ME"
++ openStackEncryptedPasswordHere: "FILL-ME"
+
+ # configure embedded mariadb
+ mariadb:
+diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/apps-install.sh b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/apps-install.sh
+index 72f7a74..f6b3478 100644
+--- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/apps-install.sh
++++ b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/apps-install.sh
+@@ -114,7 +114,7 @@ else
+ url_release
+ fi
+
+-wget "${APP_URL}" -O "${DOWNLOAD_DIR}"/apps-"${APP_NAME}".zip
++wget "${APP_URL}" -O "${DOWNLOAD_DIR}"/apps-"${APP_NAME}".zip --no-check-certificate
+ if [[ $? != 0 ]]; then
+ echo "ERROR: cannot download ${DOWNLOAD_DIR}/apps-${APP_NAME}.zip"
+ exit 1
+diff --git a/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh b/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh
+index a6c054d..9e48d55 100644
+--- a/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh
++++ b/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh
+@@ -84,8 +84,8 @@ echo "Restarting PDP-D .."
+ echo
+ echo
+
+-POD=$(kubectl --namespace onap-policy get pods | sed 's/ .*//'| grep drools)
+-kubectl --namespace onap-policy exec -it ${POD} -- bash -c "source /opt/app/policy/etc/profile.d/env.sh && policy stop && sleep 5 && policy start"
++POD=$(kubectl --namespace onap get pods | sed 's/ .*//'| grep drools)
++kubectl --namespace onap exec -it ${POD} -- bash -c "source /opt/app/policy/etc/profile.d/env.sh && policy stop && sleep 1 && policy start"
+
+ sleep 20
+
+diff --git a/kubernetes/policy/resources/config/pe/push-policies.sh b/kubernetes/policy/resources/config/pe/push-policies.sh
+index dcd3afb..21b3171 100644
+--- a/kubernetes/policy/resources/config/pe/push-policies.sh
++++ b/kubernetes/policy/resources/config/pe/push-policies.sh
+@@ -22,7 +22,7 @@ echo "Upload BRMS Param Template"
+
+ sleep 2
+
+-wget -O cl-amsterdam-template.drl https://git.onap.org/policy/drools-applications/plain/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl?h=beijing
++wget -O cl-amsterdam-template.drl https://git.onap.org/policy/drools-applications/plain/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl?h=beijing --no-check-certificate
+
+ sleep 2
+
+diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml
+index aea67c8..06dc17b 100644
+--- a/kubernetes/robot/values.yaml
++++ b/kubernetes/robot/values.yaml
+@@ -39,49 +39,49 @@ config:
+ # Password of the lighthttpd server. Used for HTML auth for webpage access
+ lightHttpdPassword: robot
+ # gerrit branch where the latest heat code is checked in
+- gerritBranch: 2.0.0-ONAP
++ gerritBranch: master
+ # gerrit project where the latest heat code is checked in
+ gerritProject: http://gerrit.onap.org/r/demo.git
+
+
+ # Demo configuration
+ # Nexus demo artifact version. Maps to GLOBAL_INJECTED_ARTIFACTS_VERSION
+-demoArtifactsVersion: "1.2.0-SNAPSHOT"
++demoArtifactsVersion: "1.3.0"
+ # Openstack medium sized flavour name. Maps GLOBAL_INJECTED_VM_FLAVOR
+ openStackFlavourMedium: "m1.medium"
+ # Openstack keystone URL. Maps to GLOBAL_INJECTED_KEYSTONE
+-openStackKeyStoneUrl: "http://1.2.3.4:5000"
++openStackKeyStoneUrl: "FILL-ME"
+ # UUID of the Openstack network that can assign floating ips. Maps to GLOBAL_INJECTED_PUBLIC_NET_ID
+-openStackPublicNetId: "e8f51958045716781ffc"
++openStackPublicNetId: "FILL-ME"
+ # password for Openstack tenant where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_PASSWORD
+-openStackPassword: "tenantPassword"
++openStackPassword: "FILL-ME"
+ # Openstack region. Maps to GLOBAL_INJECTED_REGION
+ openStackRegion: "RegionOne"
+ # Openstack tenant UUID where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_TENANT_ID
+-openStackTenantId: "47899782ed714295b1151681fdfd51f5"
++openStackTenantId: "FILL-ME"
+ # username for Openstack tenant where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_USERNAME
+-openStackUserName: "tenantUsername"
++openStackUserName: "FILL-ME"
+ # Openstack glance image name for Ubuntu 14. Maps to GLOBAL_INJECTED_UBUNTU_1404_IMAGE
+-ubuntu14Image: "Ubuntu_14_trusty"
++ubuntu14Image: "FILL-ME"
+ # Openstack glance image name for Ubuntu 16. Maps to GLOBAL_INJECTED_UBUNTU_1604_IMAGE
+-ubuntu16Image: "Ubuntu_16_xenial"
++ubuntu16Image: "FILL-ME"
+ # GLOBAL_INJECTED_SCRIPT_VERSION. Maps to GLOBAL_INJECTED_SCRIPT_VERSION
+-scriptVersion: "1.2.0-SNAPSHOT"
++scriptVersion: "1.2.1"
+ # Openstack network to which VNFs will bind their primary (first) interface. Maps to GLOBAL_INJECTED_NETWORK
+-openStackPrivateNetId: "e8f51956-00dd-4425-af36-045716781ffc"
++openStackPrivateNetId: "FILL-ME"
+
+ # SDNC Preload configuration
+ # Openstack subnet UUID for the network defined by openStackPrivateNetId. Maps to onap_private_subnet_id
+-openStackPrivateSubnetId: "e8f51956-00dd-4425-af36-045716781ffc"
++openStackPrivateSubnetId: "FILL-ME"
+ # CIDR notation for the Openstack private network where VNFs will be spawned. Maps to onap_private_net_cidr
+-openStackPrivateNetCidr: "10.0.0.0/8"
++openStackPrivateNetCidr: "FILL-ME"
+ # The first 2 octets of the private Openstack subnet where VNFs will be spawned.
+ # Needed because sdnc preload templates hardcodes things like this 10.0.${ecompnet}.X
+ openStackOamNetworkCidrPrefix: "10.0"
+ # Override with Pub Key for access to VNF
+-vnfPubKey: "FILL_IN_WITH_PUB_KEY"
+-# Override with DCAE VES Collector external IP
+-dcaeCollectorIp: "FILL_IN_WITH_DCAE_VES_COLLECTOR_IP"
++vnfPubKey: "FILL-ME"
++# Override with DCAE VES Collector external IP
++dcaeCollectorIp: "FILL-ME"
+
+ # default number of instances
+ replicaCount: 1
+@@ -156,4 +156,4 @@ persistence:
+ accessMode: ReadWriteMany
+ size: 2Gi
+ mountPath: /dockerdata-nfs
+- mountSubPath: robot/logs
+\ No newline at end of file
++ mountSubPath: robot/logs
+diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml
+index a19c33a..b49e2c4 100644
+--- a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml
++++ b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml
+@@ -47,8 +47,17 @@ spec:
+ name: {{ include "common.name" . }}-readiness
+ containers:
+ - name: {{ include "common.name" . }}
+- command: ["/bin/bash"]
+- args: ["-c", "cd /opt/onap/sdnc && ./startAnsibleServer.sh"]
++ command:
++ - bash
++ - "-c"
++ - |
++ pip install /root/ansible_pkg/*.whl
++ dpkg -i /root/ansible_pkg/*.deb
++ cp /etc/ansible/ansible.cfg /etc/ansible/ansible.cfg.orig
++ cat /etc/ansible/ansible.cfg.orig | sed -e 's/#host_key_checking/host_key_checking/' > /etc/ansible/ansible.cfg
++ touch /tmp/.ansible-server-installed
++ cd /opt/onap/sdnc
++ ./startAnsibleServer.sh
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+@@ -74,6 +83,8 @@ spec:
+ - mountPath: {{ .Values.config.configDir }}/RestServer_config
+ name: config
+ subPath: RestServer_config
++ - mountPath: /root/ansible_pkg
++ name: ansible-pkg
+ resources:
+ {{ toYaml .Values.resources | indent 12 }}
+ {{- if .Values.nodeSelector }}
+@@ -92,5 +103,9 @@ spec:
+ configMap:
+ name: {{ include "common.fullname" . }}
+ defaultMode: 0644
++ - name: ansible-pkg
++ hostPath:
++ path: /root/ansible_pkg
+ imagePullSecrets:
+- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+\ No newline at end of file
++ - name: "{{ include "common.namespace" . }}-docker-registry-key"
++
+diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml
+index 87ed6aa..5da236d 100644
+--- a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml
++++ b/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml
+@@ -49,8 +49,13 @@ spec:
+ name: {{ include "common.name" . }}-readiness
+ containers:
+ - name: {{ include "common.name" . }}
+- command: ["/bin/bash"]
+- args: ["-c", "cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh"]
++ command:
++ - /bin/bash
++ - -c
++ - >
++ UPDATE_HOSTS_FILE >> /etc/hosts;
++ UPDATE_NPM_REGISTRY;
++ cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+diff --git a/kubernetes/uui/charts/uui-server/templates/deployment.yaml b/kubernetes/uui/charts/uui-server/templates/deployment.yaml
+index accdff9..fa83daf 100644
+--- a/kubernetes/uui/charts/uui-server/templates/deployment.yaml
++++ b/kubernetes/uui/charts/uui-server/templates/deployment.yaml
+@@ -34,6 +34,12 @@ spec:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
++ command:
++ - /bin/bash
++ - -c
++ - >
++ chown -R mysql:mysql /var/lib/mysql /var/run/mysqld;
++ /home/uui/bin/run.sh
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+--- oom/kubernetes/common/common/templates/_cacert.tpl 1970-01-01 00:00:00.000000000 +0000
++++ onap-dev/install/onap-offline/resources/oom/kubernetes/common/common/templates/_cacert.tpl 2018-11-02 15:09:31.781688957 +0000
+@@ -0,0 +1,62 @@
++#This template adds volume for access to ca certificate.
++#Template is ignored when cacert not set.
++{{- define "common.cacert-volume" }}
++{{- if .Values.global.cacert }}
++- name: cacert
++ configMap:
++ name: {{ include "common.namespace" . }}-root-ca-cert
++{{- end }}
++{{- end }}
++
++#This template mounts the CA certificate in an ubuntu compatible way.
++#It is mounted to /usr/local/share/ca-certificates/cacert.crt.
++#Template is ignored if cacert not set.
++{{- define "common.cacert-mount-ubuntu" }}
++{{- if .Values.global.cacert }}
++- mountPath: "/usr/local/share/ca-certificates/cacert.crt"
++ name: cacert
++ subPath: certificate
++{{- end }}
++{{- end }}
++
++#This template creates an empty volume used to store system certificates (includes java keystore).
++{{- define "common.system-ca-store-volume" }}
++{{- if .Values.global.cacert }}
++- name: system-ca-store
++ emptyDir:
++{{- end }}
++{{- end }}
++
++#This template mounts system ca store volume to /etc/ssl/certs (ubuntu specific).
++#Template is ignored in case cacert is not given.
++{{- define "common.system-ca-store-mount-ubuntu" }}
++{{- if .Values.global.cacert }}
++- mountPath: "/etc/ssl/certs"
++ name: system-ca-store
++{{- end }}
++{{- end }}
++
++#This template is a template for an init container.
++#This init container can be declared to update system's ca store for ubuntu containers.
++#It runs as root using the same image as the main one.
++#It expects /etc/ssl/certs to be mounted as a volume.
++#It has to be shared with the main container.
++#This template is ignored if cacert is not given as helm value.
++{{- define "common.update-system-ca-store-ubuntu" }}
++{{- if .Values.global.cacert }}
++- command:
++ - "/bin/bash"
++ - "-c"
++ - |
++ mkdir -p /etc/ssl/certs/java
++ update-ca-certificates
++ name: update-system-ca-store
++ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
++ image: {{ include "common.repository" . }}/{{ .Values.image }}
++ securityContext:
++ runAsUser: 0
++ volumeMounts:
++{{ include "common.cacert-mount-ubuntu" . | indent 2 }}
++{{ include "common.system-ca-store-mount-ubuntu" . | indent 2 }}
++{{- end }}
++{{- end }}
+--- oom/kubernetes/onap/templates/configmap.yaml 1970-01-01 00:00:00.000000000 +0000
++++ onap-dev/install/onap-offline/resources/oom/kubernetes/onap/templates/configmap.yaml 2018-11-02 15:09:31.804689107 +0000
+@@ -0,0 +1,15 @@
++{{ if .Values.global.cacert -}}
++apiVersion: v1
++kind: ConfigMap
++metadata:
++ name: {{ include "common.namespace" . }}-root-ca-cert
++ namespace: {{ include "common.namespace" . }}
++ labels:
++ app: {{ include "common.name" . }}
++ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
++ release: {{ .Release.Name }}
++ heritage: {{ .Release.Service }}
++data:
++ certificate: |
++{{ .Values.global.cacert | indent 4 }}
++{{- end }}
+--- oom/kubernetes/policy/charts/brmsgw/templates/deployment.yaml 2018-11-06 07:38:46.341849402 +0000
++++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/charts/brmsgw/templates/deployment.yaml 2018-11-02 15:09:31.808689133 +0000
+@@ -45,6 +45,7 @@
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
++{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }}
+ containers:
+ - command:
+ - /bin/bash
+@@ -68,6 +69,8 @@
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
++{{ include "common.cacert-mount-ubuntu" . | indent 8 }}
++{{ include "common.system-ca-store-mount-ubuntu" . | indent 8 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+@@ -94,6 +97,8 @@
+ {{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
++{{ include "common.cacert-volume" . | indent 8 }}
++{{ include "common.system-ca-store-volume" . | indent 8 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+--- oom/kubernetes/policy/charts/drools/templates/statefulset.yaml 2018-11-06 07:38:46.343849404 +0000
++++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/charts/drools/templates/statefulset.yaml 2018-11-02 15:09:31.810689146 +0000
+@@ -51,6 +51,8 @@
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
++{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }}
++{{ include "policy.update-policy-keystore" . | indent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+@@ -78,6 +80,9 @@
+ - name: REPLICAS
+ value: "{{ .Values.replicaCount }}"
+ volumeMounts:
++{{ include "common.cacert-mount-ubuntu" . | indent 10 }}
++{{ include "common.system-ca-store-mount-ubuntu" . | indent 10 }}
++{{ include "policy.keystore-mount" . | indent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+@@ -136,6 +141,9 @@
+ {{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
++{{ include "common.cacert-volume" . | indent 8 }}
++{{ include "common.system-ca-store-volume" . | indent 8 }}
++{{ include "policy.keystore-storage-volume" . | indent 8 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+--- oom/kubernetes/policy/charts/pdp/templates/statefulset.yaml 2018-11-06 07:38:46.345849405 +0000
++++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/charts/pdp/templates/statefulset.yaml 2018-11-02 15:09:31.812689159 +0000
+@@ -49,6 +49,7 @@
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
++{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }}
+ containers:
+ - command:
+ - /bin/bash
+@@ -72,6 +73,8 @@
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
++{{ include "common.cacert-mount-ubuntu" . | indent 8 }}
++{{ include "common.system-ca-store-mount-ubuntu" . | indent 8 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+@@ -121,6 +124,8 @@
+ {{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
++{{ include "common.cacert-volume" . | indent 6 }}
++{{ include "common.system-ca-store-volume" . | indent 6 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+--- oom/kubernetes/policy/charts/policy-common/templates/_keystore.tpl 1970-01-01 00:00:00.000000000 +0000
++++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/charts/policy-common/templates/_keystore.tpl 2018-11-02 15:09:31.812689159 +0000
+@@ -0,0 +1,43 @@
++#This template creates a volume for storing policy-keystore with imported ca.
++#It is ignored if cacert was not given.
++{{- define "policy.keystore-storage-volume" }}
++{{- if .Values.global.cacert }}
++- name: keystore-storage
++ emptyDir:
++{{- end }}
++{{- end }}
++
++#This template mounts policy-keystore in appropriate place for policy components to take it.
++#It is ignored if cacert is not given.
++{{- define "policy.keystore-mount" }}
++{{- if .Values.global.cacert }}
++- mountPath: "/tmp/policy-install/config/policy-keystore"
++ name: keystore-storage
++ subPath: policy-keystore
++{{- end }}
++{{- end }}
++
++#This will extract a policy keystore and then import
++#the root cacert of offline nexus into it.
++#This template expects a volume named keystore-storage where policy-keystore will be put.
++#It also expects volume named cacert where the file "certificate" will contain the cert to import.
++#Template is ignored if ca certificate not given.
++{{- define "policy.update-policy-keystore" }}
++{{- if .Values.global.cacert }}
++- command:
++ - "/bin/bash"
++ - "-c"
++ - |
++ set -e
++ tar -xzf base-*.tar.gz etc/ssl/policy-keystore
++ cp etc/ssl/policy-keystore keystore-storage/
++ keytool -import -keystore keystore-storage/policy-keystore -storepass "Pol1cy_0nap" -noprompt -file /usr/local/share/ca-certificates/cacert.crt
++ name: update-policy-keystore
++ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
++ image: {{ include "common.repository" . }}/{{ .Values.image }}
++ volumeMounts:
++ - mountPath: "/tmp/policy-install/keystore-storage"
++ name: keystore-storage
++{{ include "common.cacert-mount-ubuntu" . | indent 2 }}
++{{- end }}
++{{- end }}
+--- oom/kubernetes/policy/templates/deployment.yaml 2018-11-06 07:38:46.346849406 +0000
++++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/templates/deployment.yaml 2018-11-02 15:09:31.813689166 +0000
+@@ -45,6 +45,7 @@
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
++{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }}
+ containers:
+ - command:
+ - /bin/bash
+@@ -72,6 +73,8 @@
+ - name: PRELOAD_POLICIES
+ value: "{{ .Values.config.preloadPolicies }}"
+ volumeMounts:
++{{ include "common.cacert-mount-ubuntu" . | indent 10 }}
++{{ include "common.system-ca-store-mount-ubuntu" . | indent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+@@ -136,6 +139,8 @@
+ {{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
++{{ include "common.cacert-volume" . | indent 8 }}
++{{ include "common.system-ca-store-volume" . | indent 8 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
Code Review / oom / offline-installer.git / commitdiff