From 4b328b83b4c3810cfdeb6e5ae4b9ccb265920f02 Mon Sep 17 00:00:00 2001
From: Geora Barsky <georab@amdocs.com>
Date: Wed, 1 Aug 2018 12:02:33 -0400
Subject: [PATCH] Initial submission of validation-service OOM chart

Change-Id: I58c065d09edfe8364b556ac20a1e2311804ef04d
Issue-ID: LOG-427
Signed-off-by: Geora Barsky <georab@amdocs.com>
Signed-off-by: Pierre Rioux <pierre.rioux@amdocs.com>
---
 .../charts/pomba-validation-service/Chart.yaml     |  18 +++
 .../pomba-validation-service/requirements.yaml     |  18 +++
 .../resources/appconfig/README.txt                 |  10 ++
 .../resources/appconfig/aai-environment.properties |  15 +++
 .../resources/appconfig/auth/client-cert-onap.p12  | Bin 0 -> 2556 bytes
 .../resources/appconfig/auth/tomcat_keystore       | Bin 0 -> 2214 bytes
 .../resources/appconfig/auth_policy.json           |  46 ++++++++
 .../resources/appconfig/rule-indexing.properties   |   4 +
 .../resources/appconfig/schemaIngest.properties    |   7 ++
 .../topics/topic-poa-audit-result.properties       |  22 ++++
 .../topics/topic-poa-rule-validation.properties    |  23 ++++
 .../appconfig/validation-service-auth.properties   |   2 +
 .../appconfig/validation-service.properties        |  13 +++
 .../resources/application.properties               |  43 +++++++
 .../templates/configmap.yaml                       |  37 ++++++
 .../templates/deployment.yaml                      | 129 +++++++++++++++++++++
 .../templates/secrets.yaml                         |  22 ++++
 .../templates/service.yaml                         |  41 +++++++
 .../charts/pomba-validation-service/values.yaml    | 106 +++++++++++++++++
 19 files changed, 556 insertions(+)
 create mode 100644 kubernetes/pomba/charts/pomba-validation-service/Chart.yaml
 create mode 100644 kubernetes/pomba/charts/pomba-validation-service/requirements.yaml
 create mode 100644 kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/README.txt
 create mode 100644 kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/aai-environment.properties
 create mode 100644 kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth/client-cert-onap.p12
 create mode 100644 kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth/tomcat_keystore
 create mode 100644 kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth_policy.json
 create mode 100644 kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/rule-indexing.properties
 create mode 100644 kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/schemaIngest.properties
 create mode 100644 kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-audit-result.properties
 create mode 100644 kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-rule-validation.properties
 create mode 100644 kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/validation-service-auth.properties
 create mode 100644 kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/validation-service.properties
 create mode 100644 kubernetes/pomba/charts/pomba-validation-service/resources/application.properties
 create mode 100644 kubernetes/pomba/charts/pomba-validation-service/templates/configmap.yaml
 create mode 100644 kubernetes/pomba/charts/pomba-validation-service/templates/deployment.yaml
 create mode 100644 kubernetes/pomba/charts/pomba-validation-service/templates/secrets.yaml
 create mode 100644 kubernetes/pomba/charts/pomba-validation-service/templates/service.yaml
 create mode 100644 kubernetes/pomba/charts/pomba-validation-service/values.yaml

diff --git a/kubernetes/pomba/charts/pomba-validation-service/Chart.yaml b/kubernetes/pomba/charts/pomba-validation-service/Chart.yaml
new file mode 100644
index 0000000000..0f6a3a61fe
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-validation-service/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: POMBA Validaton-Service
+name: pomba-validation-service
+version: 2.0.0
diff --git a/kubernetes/pomba/charts/pomba-validation-service/requirements.yaml b/kubernetes/pomba/charts/pomba-validation-service/requirements.yaml
new file mode 100644
index 0000000000..ce82a2f838
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-validation-service/requirements.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~2.0.0
+    repository: '@local'
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/README.txt b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/README.txt
new file mode 100644
index 0000000000..5cc01497f5
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/README.txt
@@ -0,0 +1,10 @@
+This directory contains all external configuration files that
+need to be mounted into an application container.
+
+See the configmap.yaml in the templates directory for an example
+of how to load (ie map) config files from this directory, into
+Kubernetes, for distribution within the k8s cluster.
+
+See deployment.yaml in the templates directory for an example
+of how the 'config mapped' files are then mounted into the
+containers.
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/aai-environment.properties b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/aai-environment.properties
new file mode 100644
index 0000000000..2d600ce41a
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/aai-environment.properties
@@ -0,0 +1,15 @@
+host=dummy-host.onap.org
+port=8443
+httpProtocol=https
+trustStorePath=/auth/tomcat_keystore
+#trustStorePassword intentionally left blank
+trustStorePassword.x=
+keyStorePath=/auth/client-cert-onap.p12
+keyStorePassword.x=dfcfd1003bdde18de8efea3c8661510e
+keyManagerFactoryAlgorithm=SunX509
+keyStoreType=PKCS12
+securityProtocol=TLS
+connectionTimeout=5000
+readTimeout=1000
+
+baseModelURI=/aai/v8/service-design-and-creation/models/model
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth/client-cert-onap.p12 b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth/client-cert-onap.p12
new file mode 100644
index 0000000000000000000000000000000000000000..dbf4fcacecf190fb0244dce0d1b438e6fea4500d
GIT binary patch
literal 2556
zcmY+EdpHw{8^>p6vvN1q+;S^Iwz<tpj&i@{5Oz>0#F1O>%q@$`lt@_`#}p!mZsr!v
zrA;)F+=b00##|C}&vBmT_dDk~f4tB8JfH9PegFKR2+$26A3ur!eGP_c+_bv6F3bnv
zqY$7^K?G>QJ|?3G0>A$!5^w_%1YGv9<Nnx#5B~2;=l~y(LI7={2p}Fx9em*bc>lQ!
z2xbYdREtLj!#tMeXTuU~Y}^mN=>q~m01yH6;iwV9rpF(${h@HJ?@grEMCee9ri-P)
zwzE2^?>3>tjiqo5*=`e>dbXiy^X|@E0$!PKLudIJtgh4W8suwce{PMLt2sx-*UI6F
z!=)~#bGYY1wTtBr?TXBfjP2}S>r)?dXjlH6NdFDxJivFEjLiGlmGFMS9SiW?*?m-#
z6vbW7ozLnRpnP1x;1qCc*giY4axyE6+VS)Ztd?rL6ea=|uIDxv(Z78GS8#VoK1cJ8
z!FSDn*aO*Dx^Bf(*PeI%;F-7^_85~7(P(TNt(ZEztJE{opI(0q0k#DB4{pJ@<7p|)
zpZtoQpC34>S1l`7lj$C)&u8Bd-;@;d-QOjbY?tfoBF&HJ^-Eb@v9|e~<mCXgmkIx~
zL#Eu@aEMa)r<<|yRvcqyPPdRD*Ma1(qnWBAaMAIB9pA@rQOiTm@7%s7Nqn)Krl5jn
zuU`^unpPIB2~U*SNQc~JwKy90(Jsb`p6N!&CC>4pp?YJgza+-^?9hj4GbOZGiTk*`
zAbxe_30a7E8x*F}ckf`o3;K=T_4}P|dc-SD@KbApw{&<o#q3piT?hAtRmYI!sN@F0
zXK5YhEGyML4Ko{7OBM@cIv1!d7YI2JO+EBy7va0CS0MRL6*-m^hP1=neeuM04*wMU
z2Ix+AEIpYC7eY<2TVr_+@`bf=pP>dRXeRFAiP&yTX{gAZtFhiU;|2D-kJHZr4^2}y
z-yy;3?Oqd%Tw_%HZhrrHwr3!+%>6}3Z#<07>lT!6<@ucUdq}KG>~?qu!KmL5y8*bE
zLav3Fm)&ApK@K!c7u`27&VN1E-;l89F>JcyJToKFXt1jFa!+dZZf`;1)h>Zi`b+$|
zOatMJv<Jb~d-?<M42r=tBcVt-DO|sY)a_*xTE&vLuK#g0gKPZFjTzMd%<X-nC|B!Y
z7ldr0$>&P|yQuXMBaP1FqCUN`b9IyHbW9vytIu}WAz32`X(@&jJe|%8_c9qTdYIHw
z3fZtxHhk>d{+J@y6QH!L5;&97BmG4fersW56HO~_aff2xrb14q;B$h>Dl>!u-0^#3
zNM)Lp-+>qA%2{haKilb6wE~VGeF98WyTD%5*2t#3y@legMFULBxF@-nUq$W=S2R<)
zI48ac)-CNcs?~L2;SJ0qALf6G&Rw5L^MCbG^vC>37XW*fZee2c>60$!G%;(z%l36t
zVR3dNTR{B=kNDllFa+A>A}pnZyHmD?-})}8SjYUd6ghk(<8u1b8VN5Z(jz!uX<@xQ
z?g<vyD*4-aZNU{H+UOuLVS7#IF=;~AH(couMUa7rZYL_whx4Yb?wSt18wk|SyX&FV
zC^dML+q|@j$^^CB=?D~R#Js2kO26!3R%+I9S}tuoBHqb1n99|xoBU{%BZrSrNh8Ni
zyL4oKRll}ofkx_Jjk3O|AvEu-KFGNj$%7y+o`2G+h`;fcw3~CSgXo@rJE^i`vg~Z6
zZ=~}=yRGRYBK?xUk0ZCBmjaJ0^kf%piaBYDqa-S1IyuGW(GMUy7hovP=?ih&I}Wwa
z<;YNz*THiYQYon!OQ(}3uB#b{Sg~F#CTH*dwuEK8F_|B4ky?X_JI~~MIEJ=8@(lJg
zZsVd&P_qA+5(-0$C<p-}03m=NfH&YWAOfZIZzzR^fh3&$gRUr|^{~3SI=WaL9gIGD
z-<_KOlpx@JoyzT_LqI;j{u2K;;rowZ!G8;uil^NguB7$T94GPk?&}LB@A?h@7VLEb
z|6nI8oM+@Qg8eqUHRE96)$TuEUK(T?4*vq;i5>c*Y;wbUR8lJ2rgmFlsgovS9poe;
z%0J?oiYmm1E;^?_bV$$TeAa6(KcIHD^=++kgqXG4qb+YU#nLPjzn3`@-VW&ZQ;i&q
zQ+=P9?vT$%MXeFKXZMQjXR(BZ77X~0DuFSsn@PzYu<c>W*6-_qZ0DEnz99sZ)ti;*
z%*hSuCsbrr8!5ub?T^D8^E{C%|5*w!^qc(G$nIGG>bz3GL;o&GkPg9Z*648Z&9>g4
zxgSFPB5mlK@GzB8nxxlmWRilyg#ccoTDp=D`f8@fW=Uharxj&N8gb2qChAMuxN-e`
z@z=#64FA;6o|9IL_x#8ZI(1z(LlCrbIV;B|yf?ti?AILK$%L3pqW_gUAxcv+G_s$C
z>&IhLG?_i%%Moj~pI!leKDom7$j?gD`J@t-uW%TS<z8ALV`tFAo*mC&X7;t0%I?jD
zBFJTs;^U#U?qQUh(OxT2WFKLpMmB6I39PC;e}WsF2**$=gBj_A1yb9uG&KkL7h?wF
z&TPfJFgv_xTN6>MtJ1I<Wsyf69n{iix+lvemoZMro^Nlif3>5Y>bsno58xjYj38Ok
z#dww61flet6${l96L3ai^70CVZGPYGD<*B_QpKhmaPi`3gUVa&Rkow~faF)WiAIf{
zw!VVbLBOewjxYw*#ZPy-u+{ImT1YqQ$$b;6$<*anGHM4j&i57=^Z96?+pCw<A~4m(
zv@chketm7EN#zHR`nM*Y<$M?vhfr0=h&|07B66YYy&K!~3!zRgbxsWy*#p{0YbC|l
zBmEC_liblpj!9>6>}QGd-<8Iza65d<R(jr+79}FhCg6B`Q{b9J7uR0cPuy8^Tal{C
znrb8AdVdB;oMdM3d>zA2s5Elcr`LwveyTFFUwuyNMqbe>8zPTb$E<q4Ie1}lvZ=Q2
zgHVidz=QsAc_X!QjjUPnB4b=@F{+??q|11-G^~4GmTu6=z`T~~R9-?ionzFuV4&ep
zXzx9et<FVr7crQ@xNV?)AC=8guA11TpK%oDamc&@i(G6#EG2bul$e2gSRMQt%R@@N
zhcvLV9wFdy8m>BtzuSv%NFNd5cYEh{uDhjr)({@X`vvX!;d%ccy~WAQpexeVZ|F3K
zh+iEDrjnV#qVX%yh#DKUexv+rS0|4)+YYs{K9=l0<FK)=S$ne!%|TFAExSE3EXpj-
zO4d)NcXVFL(rc%lD^(&Ijy4c4-tKG;Ky&DnM`NM-mY;+`*>;8pDe`nY>J&-|1qBOe
zitqzv1OOly$@=nb#PO1w+DFZwsfNPY!%h`*Aebw;+{L0$LiiNyc&sYG#@NT=%=+JI
F_zSHP#{>WX

literal 0
HcmV?d00001

diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth/tomcat_keystore b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth/tomcat_keystore
new file mode 100644
index 0000000000000000000000000000000000000000..9eec841aa2c1243b5ca3e22b0b116e5bca2afd49
GIT binary patch
literal 2214
zcmcJQXHyf35{A<VB@{6fLkAT^BqRil5ULV-69qv52}MBZRq==tIub!Zia=;mq#a67
zdX*wlrI*kNMG*x75ljyE+<Rxv{Q>vG`{CJ{ot=GmXP3T7-vj^vpko357Sz|n&7R<U
zjJGQwyRrZP69`3w&{3RFHW?@o0z41m1_GG?5F%s)O`o5m>YU`$h=up~Z`{XDvR*`$
zzz#)47haP~tv|D6mK5}zGvJ;XTcs8(8BRtSutt0nY_g%MoRa|;|Md5m6Fh;Jq2N{Y
z_@3}C$JB}YtUs*Za?s`JeoMO1+r=63TnZY#qy*QgQqWyhEkSt;6nsS%)@q-fP~E0k
z;;U!hctBy*u?73i4m--P-{w7I<y>}r@otzjdND9D8ErKeeYe+W<Y2)3AQCAR))OIG
z^Of&?&*?4%{T#)_qJO$vt0J{2VT<O8)I!*AEfi9!PZ6%Z^404&*>~WR6XoY%67E(c
zKG2?clD{PU%-x8D{xsDjm8_i!Iz*!~sprgz-pbd|wD(J^B61Y&c8N|WjVZ|w(#tL3
z);vAKL47*5^D&KRS;w=+hJbeg9DS27bTdLTKaF?v@IGVZYIWHjnM2&;#FbO!hU2qE
z+bdse`Ua`*ZDSbQ2`zD<k*dyCFluvm{sA+8PGe0{D2-)Me|0SscGuan{z0l@O0?^R
zM?;T<hW6^*KV~+Q`o3scZL(LZugo=5UFx2YoJ>ZPe8T@&;k+)>fplIw{8rpK#w_<z
zdPOtpW*EAbe9yw;DFq{_$<k5~Mu<D&^B%#SajUxi>^oyy@JG-<*ytx4iE#yxnm0w=
zsQ3mhmsjlZsqDe$)4tZiZ8RyqHRA(V@Z-;JVxjT&?A7`G1xSuj{d4<CurJXMs-f&F
zT|z|*@-U+~Vj5rYkD_t4r&?JmIiaixpWdR|h<PDIRm{y|(%OJD0<~A{OdA`pXg>T^
z`)2$ClX^CNSj2ZA7>6eiBWnlCZ#_k7+R{j3Zs3k}#59ZG%&egH70h}?*UV&AM*Nux
zftp}&{@Bu4uYsw@OI5B^W#l8Gva3CRE@@gldvhn`*Zk<$Y0#?*w(wKl@IPPerG#ew
zF#ma(&R;XYX7qXa!7I*7ye&-MlMsvA*gq!(+D7brD%esfz4f5p*wqG`A;*o|ZZ!I}
z+5PP#v@U?VeeENz+c5~Ar}mueC$HJKfJ&S_*{uz6VF>tC@l@c(g?Mr?%9Bnz=F$N%
zGJwGPmUyvf1q#=GQSz;4>Y0n!PhQ=nPlaG+ZKuVDSYCSTCB@@0XY72sTWR}GFu0sM
zuJU)M7B9no2}*V)H*Q$sZ4bK=uc;9Z#*YlOBsxVL(zz4`vhyg-qh<?POEu2U{+u&X
zz3`ZuowcXSU_X2%+^B|dGo;&<)*PN>WGi7huPU<11)Y5*UN!14#^-uFzS7BV58VKr
zEA@&jM5+va6#HX6u>AXmQdEdZs8yblX}kfBR64HCf0!aQRy-pc`BR7Bd{w0`La7pI
zkm=yi-+ve=rYfwtttU<AljTeuLl>geMdb|Jcjx%UI#bu~NFgHk+;KiDl~>v4d7X3w
z9rc55$0f!7n&sJ9{L+P^xOe}Ks>QqeF)(&V{YCm!er2w>_iX(t<sRx<V%CyaXAbJ^
zs5k30%?|ktTfgkGB2Myx$Z8Ze5MYu1wKo1}eVN>_Tivuge8N>R-3qr~xQviRhIz7E
zmF2Mnc|_>mPq`r8ijUH>?@90qr{15OW~Xm0vAh<vfGfY+&O4CnXIvURBGZ2--J<Bd
zi$T`gR0cF$hS@N@kQWdMH_Z6^S5lW_(IV$aAUjBz9XUgOYo}Y|@5{(!fxL)P1OUL+
zC?ePrMFeSNfk8kJ2!bcfoJMg#S<i>-gzs|zfiNZj${Gzru|mOS5GWjURRewE_<kM(
z3!K^5-Iw6);(_Km&Nz-R!=c8$zJve*nga#<SAY!;F*edL`7gr$7s3BVln6fu8jDhp
z$I7En7ctmd{2Ul83XPWk5B|T)6M+){Z20&efQdjZ0E!4?0}+8hK-!6X)WhrA6%KyU
z=Cc)Ciowv6i=gR4jb=<mxsZ6m_nKmf2aDb>Y};HIkp*=k2hB<ubXZDJUm7u{9OLxT
zs5PYdosfBb+Goq)ZJ46qp3n}r4Q!_H`~A@wTLXl2=cE<FYXRH?%)ghAGM_^+E(pFx
z=i&9jQm2H}cYa<L8qVGB4`FoJDG1<Jls+=vBqy_}M$ZSjAKi$(WT>Qiz7ez0-g*`J
z;kBFnkU1$tF0Q3m>%h|VsX%2p1>*X`1iB_Xsp#U?;-t;1ook?X4d(qVk*{RR6P$!(
zp1b3J(1hT0hDnnDpuGp1ZS=|N6}7K@$PGzIw|!Z2!?d{VA_xow0CUArqA20xnF@14
z_#iwJi$B9~LoCv7gCyLen@bi+ATHT|ns~f5$0h;+Rx~^Phbuh2WcIpC_L=IRX6m;L
zysyK_ECDymj03FucK5@FeBsQGhhk{RwcU?BM=B2vJs7~^Rk^HuniMI0TX<ajx9pqo
zrr@xO(Z_v2!nXlK5NYe$VE$!h;VVszze&n!+|pll0X@o|PMIB*KsmkPPC`?)sSH_|
zYP895yL1=tasPd~zpQ`VNQ-4|WYT9?uK&m`x%AhB*caA8rU(V>6bN0{i~@uuQZjr@
z0~JCi^gFuj9Za{klpnkui<5%Dg>7HPFqAv?53G&aN9E<Q1#nS`pgVz%r^&mISf*J0
z4J648l4@6$HS39!%%e1%j+AH6Jb$_hGe=s09I>0RU&+ronb{ED1*wh|l;Zsh_>tSL

literal 0
HcmV?d00001

diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth_policy.json b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth_policy.json
new file mode 100644
index 0000000000..ea5565a71e
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth_policy.json
@@ -0,0 +1,46 @@
+{"roles": [
+    {
+        "name": "admin",
+        "functions": [
+            {
+                "name": "actions",
+                "methods": [
+                    {"name": "GET"},
+                    {"name": "DELETE"},
+                    {"name": "PUT"}
+                ]
+            },
+            {
+                "name": "validate",
+                "methods": [{"name": "POST"}]
+            }
+        ],
+        "users": [
+            {"username": "CN=common-name, OU=org-unit, O=org, L=location, ST=state, C=US"},
+            {"username": "CN=test, OU=qa, O=Test Ltd, L=London, ST=London, C=GB"},
+            {"username": "CN=aai-client.dev.att.com, OU=aai digicert client dev, O=\"AT&T Services, Inc.\", L=Dallas, ST=Texas, C=US"}
+        ]
+    },
+    {
+        "name": "ops",
+        "functions": [{
+            "name": "actions",
+            "methods": [{"name": "POST"}]
+        }],
+        "users": [
+            {"username": "CN=common-name, OU=org-unit, O=org, L=location, ST=state, C=US"},
+            {"username": "CN=test, OU=qa, O=Test Ltd, L=London, ST=London, C=GB"}
+        ]
+    },
+    {
+        "name": "basicauth",
+        "functions": [{
+            "name": "util",
+            "methods": [{"name": "GET"}]
+        }],
+        "users": [{
+            "user": "aai",
+            "pass": "OBF:1u2a1t2v1vgb1s3g1s3m1vgj1t3b1u30"
+        }]
+    }
+]}
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/rule-indexing.properties b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/rule-indexing.properties
new file mode 100644
index 0000000000..06f4626ab6
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/rule-indexing.properties
@@ -0,0 +1,4 @@
+rule.indexing.events=POA-EVENT
+rule.indexing.exclude.oxm.validation=POA-EVENT
+rule.indexing.key.attributes=$.poa-event.modelVersionId,$.poa-event.modelInvariantId
+rule.indexing.default.key=default-rules
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/schemaIngest.properties b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/schemaIngest.properties
new file mode 100644
index 0000000000..41e83bb11d
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/schemaIngest.properties
@@ -0,0 +1,7 @@
+# Properties for the SchemaLocationsBean
+# The AAI Schema jar will be unpacked to bundleconfig/etc
+schemaConfig=bundleconfig
+# Files named aai_oxm_v*.xml are unpacked here:
+nodeDir=${APP_HOME}/bundleconfig/etc/oxm
+# Dummy folder/directory:
+edgeDir=${APP_HOME}/bundleconfig/etc/oxm
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-audit-result.properties b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-audit-result.properties
new file mode 100644
index 0000000000..f15f46dd11
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-audit-result.properties
@@ -0,0 +1,22 @@
+# ============LICENSE_START===================================================
+# Copyright (c) 2018 Amdocs
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=====================================================
+
+poa-audit-result.name=POA-AUDIT-RESULT
+poa-audit-result.host=message-router:3904
+poa-audit-result.publisher.partition=1
+poa-audit-result.username=
+poa-audit-result.password=
+poa-audit-result.transport.type=HTTPAUTH
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-rule-validation.properties b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-rule-validation.properties
new file mode 100644
index 0000000000..79aa5398ae
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-rule-validation.properties
@@ -0,0 +1,23 @@
+# ============LICENSE_START===================================================
+# Copyright (c) 2018 Amdocs
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=====================================================
+
+poa-rule-validation.name=POA-RULE-VALIDATION
+poa-rule-validation.host=message-router:3904
+poa-rule-validation.username=
+poa-rule-validation.password=
+poa-rule-validation.consumer.group=poa-validator-test
+poa-rule-validation.consumer.id=test
+poa-rule-validation.transport.type=HTTPAUTH
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/validation-service-auth.properties b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/validation-service-auth.properties
new file mode 100644
index 0000000000..8bbd4233a6
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/validation-service-auth.properties
@@ -0,0 +1,2 @@
+auth.policy.file=${CONFIG_HOME}/auth_policy.json
+auth.authentication.disable=false
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/validation-service.properties b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/validation-service.properties
new file mode 100644
index 0000000000..9b2e86213a
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/validation-service.properties
@@ -0,0 +1,13 @@
+topic.publish.enable=true
+topic.publish.retries=3
+topic.consume.enable=true
+topic.consume.polling.interval.seconds=3
+
+event.domain=onap
+event.action.exclude=DELETE
+event.type.rule=POA-EVENT
+event.type.model=NOT-APPLICABLE-IN-POMBA
+event.type.end=END-EVENT
+
+model.cache.expirySeconds=3
+aai.oxm.version=10
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/application.properties b/kubernetes/pomba/charts/pomba-validation-service/resources/application.properties
new file mode 100644
index 0000000000..a71bb9b01e
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-validation-service/resources/application.properties
@@ -0,0 +1,43 @@
+# ============LICENSE_START===================================================
+# Copyright (c) 2018 Amdocs
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=====================================================
+
+# Note that the start.sh script sets the following System Properties
+# We provide default values here for testing purposes
+APP_HOME=.
+CONFIG_HOME=appconfig
+com.att.eelf.logging.path=src/main/resources
+com.att.eelf.logging.file=logback.xml
+logback.configurationFile=${com.att.eelf.logging.path}/${com.att.eelf.logging.file}
+
+schemaIngestPropLoc=${CONFIG_HOME}/schemaIngest.properties
+
+server.port=9501
+server.ssl.client-auth=want
+server.ssl.key-store=${CONFIG_HOME}/auth/tomcat_keystore
+# Work-around for missing Java certificates file "cacerts". This default value should be overridden.
+server.ssl.trust-store=${CONFIG_HOME}/auth/tomcat_keystore
+
+server.tomcat.max-threads=200
+# The minimum number of threads always kept alive
+server.tomcat.min-spare-threads=25
+
+# Spring Boot logging
+logging.config=${logback.configurationFile}
+
+consumer.topic.names=poa-rule-validation
+publisher.topic.names=poa-audit-result
+
+topics.properties.location=${CONFIG_HOME}/topics/
diff --git a/kubernetes/pomba/charts/pomba-validation-service/templates/configmap.yaml b/kubernetes/pomba/charts/pomba-validation-service/templates/configmap.yaml
new file mode 100644
index 0000000000..e66afdc71e
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-validation-service/templates/configmap.yaml
@@ -0,0 +1,37 @@
+# Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-root-config
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/*.*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-config-properties
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/appconfig/*.*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-config-topics
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/appconfig/topics/*.properties").AsConfig . | indent 2 }}
diff --git a/kubernetes/pomba/charts/pomba-validation-service/templates/deployment.yaml b/kubernetes/pomba/charts/pomba-validation-service/templates/deployment.yaml
new file mode 100644
index 0000000000..550223b4e9
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-validation-service/templates/deployment.yaml
@@ -0,0 +1,129 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}
+        release: {{ .Release.Name }}
+    spec:
+      containers:
+        - name: {{ include "common.name" . }}
+          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          ports:
+          - containerPort: {{ .Values.service.internalPort }}
+          # disable liveness probe when breakpoints set in debugger
+          # so K8s doesn't restart unresponsive container
+          {{ if .Values.liveness.enabled }}
+          livenessProbe:
+            tcpSocket:
+              port: {{ .Values.service.internalPort }}
+            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.liveness.periodSeconds }}
+          {{ end }}
+          {{ if .Values.readiness.enabled }}
+          readinessProbe:
+            tcpSocket:
+              port: {{ .Values.service.internalPort }}
+            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.readiness.periodSeconds }}
+          {{ end }}
+          env:
+            - name: APP_HOME
+              value: "{{ .Values.config.appDir }}"
+            - name: CONFIG_HOME
+              value: "{{ .Values.config.configDir }}"
+            - name: MAX_HEAP
+              value: "{{ .Values.config.maxHeap }}"
+          volumeMounts:
+          - mountPath: /etc/localtime
+            name: localtime
+            readOnly: true
+          - mountPath: {{ .Values.config.appDir }}/application.properties
+            name: root-config-app-prop
+            subPath: application.properties
+          - mountPath: {{ .Values.config.configDir }}/
+            name: properties
+          - mountPath: {{ .Values.config.configAuthDir }}/
+            name: config-auth
+          - mountPath: {{ .Values.config.configTopicsDir }}/
+            name: config-topics
+          resources:
+{{ toYaml .Values.resources | indent 12 }}
+        {{- if .Values.nodeSelector }}
+        nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+        {{- end -}}
+        {{- if .Values.affinity }}
+        affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+        {{- end }}
+
+      volumes:
+        - name: localtime
+          hostPath:
+            path: /etc/localtime
+        - name: root-config-app-prop
+          configMap:
+            name: {{ include "common.fullname" . }}-root-config
+            defaultMode: 0644
+        - name: properties
+          configMap:
+            name: {{ include "common.fullname" . }}-config-properties
+            defaultMode: 0644
+            items:
+            - key: validation-service.properties
+              path: validation-service.properties
+            - key: validation-service-auth.properties
+              path: validation-service-auth.properties
+            - key: rule-indexing.properties
+              path: rule-indexing.properties
+            - key: aai-environment.properties
+              path: aai-environment.properties
+            - key: schemaIngest.properties
+              path: schemaIngest.properties
+            - key: auth_policy.json
+              path: auth_policy.json
+        - name: config-auth
+          secret:
+            secretName: {{ include "common.fullname" . }}-config-auth-secret
+            items:
+            - key: tomcat_keystore
+              path: tomcat_keystore
+            - key: client-cert-onap.p12
+              path: client-cert-onap.p12
+        - name: config-topics
+          configMap:
+            name: {{ include "common.fullname" . }}-config-topics
+            defaultMode: 0644
+            items:
+            - key: topic-poa-audit-result.properties
+              path: topic-poa-audit-result.properties
+            - key: topic-poa-rule-validation.properties
+              path: topic-poa-rule-validation.properties
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/pomba/charts/pomba-validation-service/templates/secrets.yaml b/kubernetes/pomba/charts/pomba-validation-service/templates/secrets.yaml
new file mode 100644
index 0000000000..323596762d
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-validation-service/templates/secrets.yaml
@@ -0,0 +1,22 @@
+# Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-config-auth-secret
+  namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ (.Files.Glob "resources/appconfig/auth/*").AsSecrets | indent 2 }}
diff --git a/kubernetes/pomba/charts/pomba-validation-service/templates/service.yaml b/kubernetes/pomba/charts/pomba-validation-service/templates/service.yaml
new file mode 100644
index 0000000000..11195dafeb
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-validation-service/templates/service.yaml
@@ -0,0 +1,41 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.servicename" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    {{if eq .Values.service.type "NodePort" -}}
+    - port: {{ .Values.service.externalPort }}
+      #Example internal target port if required
+      #targetPort: {{ .Values.service.internalPort }}
+      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+      name: {{ .Values.service.portName | default "http" }}
+    {{- else -}}
+    - port: {{ .Values.service.externalPort }}
+      targetPort: {{ .Values.service.internalPort }}
+      name: {{ .Values.service.portName | default "http" }}
+    {{- end}}
+  selector:
+    app: {{ include "common.name" . }}
+    release: {{ .Release.Name }}
diff --git a/kubernetes/pomba/charts/pomba-validation-service/values.yaml b/kubernetes/pomba/charts/pomba-validation-service/values.yaml
new file mode 100644
index 0000000000..775527f4b8
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-validation-service/values.yaml
@@ -0,0 +1,106 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+  nodePortPrefix: 302
+  repository: nexus3.onap.org:10001
+#  readinessRepository: oomk8s
+#  readinessImage: readiness-check:2.0.0
+#  loggingRepository: docker.elastic.co
+#  loggingImage: beats/filebeat:5.5.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+#repository: nexus3.onap.org:10001
+repository: nexus3.onap.org:10001
+image:  onap/validation:1.3-STAGING-latest
+#pullPolicy: Always
+pullPolicy: IfNotPresent
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+# Example:
+config:
+  appDir: /opt/app/validation-service
+  configDir: /opt/app/validation-service/appconfig
+  configAuthDir: /opt/app/validation-service/appconfig/auth
+  configTopicsDir: /opt/app/validation-service/appconfig/topics
+  maxHeap: 1024
+#  username: myusername
+#  password: mypassword
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 10
+  periodSeconds: 10
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: false
+
+readiness:
+  initialDelaySeconds: 10
+  periodSeconds: 10
+  enabled: false
+
+#Example service definition with external, internal and node ports.
+service:
+  # The default service name (exposed in the service.yaml) will be the same
+  # name as the chart. If the service name needs to be overriden (such as
+  # when a subchart is shared), uncomment the value below.
+  #name: validation-service
+
+  #Services may use any combination of ports depending on the 'type' of
+  #service being defined.
+  type: ClusterIP
+  externalPort: 9529
+  internalPort: 8080
+#  nodePort: <replace with unused node port suffix eg. 23>
+  # optional port name override - default can be defined in service.yaml
+  #portName: http
+
+ingress:
+  enabled: false
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  #
+  # Example:
+  # Configure resource requests and limits
+  # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+  # Minimum memory for development is 2 CPU cores and 4GB memory
+  # Minimum memory for production is 4 CPU cores and 8GB memory
+#resources:
+#  limits:
+#    cpu: 2
+#    memory: 4Gi
+#  requests:
+#    cpu: 2
+#    memory: 4Gi
-- 
2.16.6