From 2774ab11649e08d79afe67ebfcdddf68f0a2ab84 Mon Sep 17 00:00:00 2001
From: "k.kedron" <k.kedron@partner.samsung.com>
Date: Thu, 26 Mar 2020 11:13:46 +0100
Subject: [PATCH] Updated sdc cert.

Updated truststore/keystore password for sdc cert.
Added truststore/keystore password to chef AUTO.json.
Updated deployment.yaml files to mount the cert files.

Issue-ID: SDC-2855
Signed-off-by: Krystian Kedron <k.kedron@partner.samsung.com>
Change-Id: Ifd0d45cc591a0624005f86d2e67e3c0bc490efd3
---
 docs/oom_hardcoded_certificates.rst                |   2 ++
 .../sdc/charts/sdc-be/templates/deployment.yaml    |  39 ++++++++++++++++++--
 kubernetes/sdc/charts/sdc-be/values.yaml           |   4 +--
 kubernetes/sdc/charts/sdc-cs/values.yaml           |   4 +--
 .../charts/sdc-dcae-be/templates/deployment.yaml   |  40 +++++++++++++++++++--
 kubernetes/sdc/charts/sdc-dcae-be/values.yaml      |   4 +--
 .../charts/sdc-dcae-dt/templates/deployment.yaml   |  39 ++++++++++++++++++--
 kubernetes/sdc/charts/sdc-dcae-dt/values.yaml      |   2 +-
 .../charts/sdc-dcae-fe/templates/deployment.yaml   |  39 ++++++++++++++++++--
 kubernetes/sdc/charts/sdc-dcae-fe/values.yaml      |   2 +-
 .../sdc/charts/sdc-fe/templates/deployment.yaml    |  39 ++++++++++++++++++--
 kubernetes/sdc/charts/sdc-fe/values.yaml           |   2 +-
 .../sdc-onboarding-be/templates/deployment.yaml    |  37 ++++++++++++++++++-
 .../sdc/charts/sdc-onboarding-be/values.yaml       |   4 +--
 .../charts/sdc-wfd-be/templates/deployment.yaml    |  11 ++++++
 kubernetes/sdc/charts/sdc-wfd-be/values.yaml       |   4 +--
 .../charts/sdc-wfd-fe/templates/deployment.yaml    |   9 +++++
 kubernetes/sdc/charts/sdc-wfd-fe/values.yaml       |   2 +-
 kubernetes/sdc/resources/cert/org.onap.sdc.p12     | Bin 0 -> 4443 bytes
 .../sdc/resources/cert/org.onap.sdc.trust.jks      | Bin 0 -> 1413 bytes
 .../sdc/resources/config/environments/AUTO.json    |   4 +++
 kubernetes/sdc/templates/secrets.yaml              |  16 ++++++++-
 kubernetes/sdc/values.yaml                         |   5 +--
 23 files changed, 279 insertions(+), 29 deletions(-)
 create mode 100644 kubernetes/sdc/resources/cert/org.onap.sdc.p12
 create mode 100644 kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks

diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst
index 74a292cef4..0745ec0df4 100644
--- a/docs/oom_hardcoded_certificates.rst
+++ b/docs/oom_hardcoded_certificates.rst
@@ -24,6 +24,8 @@ Here's the list of these certificates:
  +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
  | AAI/MODEL-LOADER | Yes              | Yes              | No              | aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore |
  +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SDC              | Yes              | No?              | No?             | kubernetes/sdc/resources/cert                                            |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
  | SO               | Yes              | No?              | Yes             | kubernetes/so/resources/config/certificates                              |
  +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
  | SO/BPMN          | Yes              | No?              | Yes             | kubernetes/so/resources/config/certificates                              |
diff --git a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
index 87fed417e6..423e813e40 100644
--- a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
@@ -60,6 +60,30 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+      - name: {{ include "common.name" . }}-update-config
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+        - sh
+        args:
+        - -c
+        - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
+        env:
+        - name: KEYSTORE_PASS
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "common.release" . }}-sdc-cs-secrets
+              key: keystore_password
+        - name: TRUSTSTORE_PASS
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "common.release" . }}-sdc-cs-secrets
+              key: truststore_password
+        volumeMounts:
+        - name: {{ include "common.fullname" . }}-environments
+          mountPath: /config-input/
+        - name: sdc-environments-output
+          mountPath: /config-output/
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -98,8 +122,14 @@ spec:
               fieldRef:
                 fieldPath: status.podIP
           volumeMounts:
-          - name: {{ include "common.fullname" . }}-environments
+          - name: sdc-environments-output
             mountPath: /var/lib/jetty/chef-solo/environments/
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12
+            subPath: org.onap.sdc.p12
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks
+            subPath: org.onap.sdc.trust.jks
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
             readOnly: true
@@ -128,6 +158,9 @@ spec:
       - name: {{ include "common.fullname" . }}-localtime
         hostPath:
           path: /etc/localtime
+      - name: sdc-cert
+        secret:
+          secretName: sdc-cert
       - name: {{ include "common.fullname" . }}-filebeat-conf
         configMap:
           name: {{ include "common.release" . }}-sdc-filebeat-configmap
@@ -140,7 +173,9 @@ spec:
         configMap:
           name: {{ include "common.release" . }}-sdc-environments-configmap
           defaultMode: 0755
-      - name:  {{ include "common.fullname" . }}-logs
+      - name: sdc-environments-output
+        emptyDir: { medium: "Memory" }
+      - name: {{ include "common.fullname" . }}-logs
         emptyDir: {}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-be/values.yaml b/kubernetes/sdc/charts/sdc-be/values.yaml
index b6bc635071..c263eb1e2f 100644
--- a/kubernetes/sdc/charts/sdc-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-be/values.yaml
@@ -28,8 +28,8 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/sdc-backend:1.6.3
-backendInitImage: onap/sdc-backend-init:1.6.3
+image: onap/sdc-backend:1.6.4
+backendInitImage: onap/sdc-backend-init:1.6.4
 pullPolicy: Always
 
 # flag to enable debugging - application support required
diff --git a/kubernetes/sdc/charts/sdc-cs/values.yaml b/kubernetes/sdc/charts/sdc-cs/values.yaml
index ddc194654d..6c63927cf5 100644
--- a/kubernetes/sdc/charts/sdc-cs/values.yaml
+++ b/kubernetes/sdc/charts/sdc-cs/values.yaml
@@ -28,8 +28,8 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.6.3
-cassandraInitImage: onap/sdc-cassandra-init:1.6.3
+image: onap/sdc-cassandra:1.6.4
+cassandraInitImage: onap/sdc-cassandra-init:1.6.4
 
 pullPolicy: Always
 
diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml
index 6072148d07..de80c7a0de 100644
--- a/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml
@@ -59,7 +59,30 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-
+      - name: {{ include "common.name" . }}-update-config
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+          - sh
+        args:
+          - -c
+          - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
+        env:
+          - name: KEYSTORE_PASS
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "common.release" . }}-sdc-cs-secrets
+                key: keystore_password
+          - name: TRUSTSTORE_PASS
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "common.release" . }}-sdc-cs-secrets
+                key: truststore_password
+        volumeMounts:
+          - name: {{ include "common.fullname" . }}-environments
+            mountPath: /config-input/
+          - name: sdc-environments-output
+            mountPath: /config-output/
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -91,8 +114,14 @@ spec:
               fieldRef:
                 fieldPath: status.podIP
           volumeMounts:
-          - name: {{ include "common.fullname" . }}-environments
+          - name: sdc-environments-output
             mountPath: /var/lib/jetty/chef-solo/environments/
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12
+            subPath: org.onap.sdc.p12
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks
+            subPath: org.onap.sdc.trust.jks
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
             readOnly: true
@@ -132,6 +161,9 @@ spec:
       - name: {{ include "common.fullname" . }}-localtime
         hostPath:
           path: /etc/localtime
+      - name: sdc-cert
+        secret:
+          secretName: sdc-cert
       - name: {{ include "common.fullname" . }}-filebeat-conf
         configMap:
           name: {{ include "common.release" . }}-sdc-filebeat-configmap
@@ -144,7 +176,9 @@ spec:
         configMap:
           name: {{ include "common.release" . }}-sdc-environments-configmap
           defaultMode: 0755
-      - name:  {{ include "common.fullname" . }}-logs
+      - name: sdc-environments-output
+        emptyDir: { medium: "Memory" }
+      - name: {{ include "common.fullname" . }}-logs
         emptyDir: {}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml
index 051c076ea1..d1fe131f82 100644
--- a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml
@@ -27,9 +27,9 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/dcae-be:1.3.3
+image: onap/dcae-be:1.3.4
 pullPolicy: Always
-backendInitImage: onap/dcae-tools:v1.3.3
+backendInitImage: onap/dcae-tools:1.3.4
 
 # flag to enable debugging - application support required
 debugEnabled: false
diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml
index f3c44f0e54..77a835ccb7 100644
--- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml
@@ -59,6 +59,30 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+      - name: {{ include "common.name" . }}-update-config
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+          - sh
+        args:
+          - -c
+          - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
+        env:
+          - name: KEYSTORE_PASS
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "common.release" . }}-sdc-cs-secrets
+                key: keystore_password
+          - name: TRUSTSTORE_PASS
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "common.release" . }}-sdc-cs-secrets
+                key: truststore_password
+        volumeMounts:
+          - name: {{ include "common.fullname" . }}-environments
+            mountPath: /config-input/
+          - name: sdc-environments-output
+            mountPath: /config-output/
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -89,8 +113,14 @@ spec:
               fieldRef:
                 fieldPath: status.podIP
           volumeMounts:
-          - name: {{ include "common.fullname" . }}-environments
+          - name: sdc-environments-output
             mountPath: /var/lib/jetty/chef-solo/environments/
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.p12
+            subPath: org.onap.sdc.p12
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.trust.jks
+            subPath: org.onap.sdc.trust.jks
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
             readOnly: true
@@ -126,6 +156,9 @@ spec:
         - name: {{ include "common.fullname" . }}-localtime
           hostPath:
             path: /etc/localtime
+        - name: sdc-cert
+          secret:
+            secretName: sdc-cert
         - name: {{ include "common.fullname" . }}-filebeat-conf
           configMap:
             name: {{ include "common.release" . }}-sdc-filebeat-configmap
@@ -138,7 +171,9 @@ spec:
           configMap:
             name: {{ include "common.release" . }}-sdc-environments-configmap
             defaultMode: 0755
-        - name:  {{ include "common.fullname" . }}-logs
+        - name: sdc-environments-output
+          emptyDir: { medium: "Memory" }
+        - name: {{ include "common.fullname" . }}-logs
           emptyDir: {}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml
index c3a2159d2e..ad46842393 100644
--- a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml
@@ -27,7 +27,7 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/dcae-dt:1.3.3
+image: onap/dcae-dt:1.3.4
 pullPolicy: IfNotPresent
 config:
   javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-dt/logback-spring.xml
diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml
index a70f485153..d5861fadfc 100644
--- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml
@@ -59,6 +59,30 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+      - name: {{ include "common.name" . }}-update-config
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+          - sh
+        args:
+          - -c
+          - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
+        env:
+          - name: KEYSTORE_PASS
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "common.release" . }}-sdc-cs-secrets
+                key: keystore_password
+          - name: TRUSTSTORE_PASS
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "common.release" . }}-sdc-cs-secrets
+                key: truststore_password
+        volumeMounts:
+          - name: {{ include "common.fullname" . }}-environments
+            mountPath: /config-input/
+          - name: sdc-environments-output
+            mountPath: /config-output/
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -89,8 +113,14 @@ spec:
               fieldRef:
                 fieldPath: status.podIP
           volumeMounts:
-          - name: {{ include "common.fullname" . }}-environments
+          - name: sdc-environments-output
             mountPath: /var/lib/jetty/chef-solo/environments/
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12
+            subPath: org.onap.sdc.p12
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks
+            subPath: org.onap.sdc.trust.jks
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
             readOnly: true
@@ -130,6 +160,9 @@ spec:
         - name: {{ include "common.fullname" . }}-localtime
           hostPath:
             path: /etc/localtime
+        - name: sdc-cert
+          secret:
+            secretName: sdc-cert
         - name: {{ include "common.fullname" . }}-filebeat-conf
           configMap:
             name: {{ include "common.release" . }}-sdc-filebeat-configmap
@@ -142,7 +175,9 @@ spec:
           configMap:
             name: {{ include "common.release" . }}-sdc-environments-configmap
             defaultMode: 0755
-        - name:  {{ include "common.fullname" . }}-logs
+        - name: sdc-environments-output
+          emptyDir: { medium: "Memory" }
+        - name: {{ include "common.fullname" . }}-logs
           emptyDir: {}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml
index 28181d1c6a..b6572f5d3d 100644
--- a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml
@@ -27,7 +27,7 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/dcae-fe:1.3.3
+image: onap/dcae-fe:1.3.4
 pullPolicy: Always
 config:
   javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-fe/logback-spring.xml
diff --git a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml
index 8e19489f9a..7a11ef927e 100644
--- a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml
@@ -46,6 +46,30 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+      - name: {{ include "common.name" . }}-update-config
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+          - sh
+        args:
+          - -c
+          - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
+        env:
+          - name: KEYSTORE_PASS
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "common.release" . }}-sdc-cs-secrets
+                key: keystore_password
+          - name: TRUSTSTORE_PASS
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "common.release" . }}-sdc-cs-secrets
+                key: truststore_password
+        volumeMounts:
+          - name: {{ include "common.fullname" . }}-environments
+            mountPath: /config-input/
+          - name: sdc-environments-output
+            mountPath: /config-output/
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -79,8 +103,14 @@ spec:
           - name: JAVA_OPTIONS
             value: {{ .Values.config.javaOptions }}
           volumeMounts:
-          - name: {{ include "common.fullname" . }}-environments
+          - name: sdc-environments-output
             mountPath: /var/lib/jetty/chef-solo/environments/
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12
+            subPath: org.onap.sdc.p12
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks
+            subPath: org.onap.sdc.trust.jks
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
             readOnly: true
@@ -112,6 +142,9 @@ spec:
         - name: {{ include "common.fullname" . }}-localtime
           hostPath:
             path: /etc/localtime
+        - name: sdc-cert
+          secret:
+            secretName: sdc-cert
         - name: {{ include "common.fullname" . }}-filebeat-conf
           configMap:
             name: {{ include "common.release" . }}-sdc-filebeat-configmap
@@ -128,7 +161,9 @@ spec:
           configMap:
             name: {{ include "common.release" . }}-sdc-environments-configmap
             defaultMode: 0755
-        - name:  {{ include "common.fullname" . }}-logs
+        - name: sdc-environments-output
+          emptyDir: { medium: "Memory" }
+        - name: {{ include "common.fullname" . }}-logs
           emptyDir: {}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-fe/values.yaml b/kubernetes/sdc/charts/sdc-fe/values.yaml
index 64ccaa81b1..f5d1956f18 100644
--- a/kubernetes/sdc/charts/sdc-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-fe/values.yaml
@@ -28,7 +28,7 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/sdc-frontend:1.6.3
+image: onap/sdc-frontend:1.6.4
 pullPolicy: Always
 
 config:
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
index 75779a319c..3db3685b86 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
@@ -46,6 +46,30 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+      - name: {{ include "common.name" . }}-update-config
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+          - sh
+        args:
+          - -c
+          - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
+        env:
+          - name: KEYSTORE_PASS
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "common.release" . }}-sdc-cs-secrets
+                key: keystore_password
+          - name: TRUSTSTORE_PASS
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "common.release" . }}-sdc-cs-secrets
+                key: truststore_password
+        volumeMounts:
+          - name: {{ include "common.fullname" . }}-environments
+            mountPath: /config-input/
+          - name: sdc-environments-output
+            mountPath: /config-output/
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -93,8 +117,14 @@ spec:
           - name: SDC_CERT_DIR
             value: {{ .Values.cert.certDir }}
           volumeMounts:
-          - name: {{ include "common.fullname" . }}-environments
+          - name: sdc-environments-output
             mountPath: /var/lib/jetty/chef-solo/environments/
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12
+            subPath: org.onap.sdc.p12
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks
+            subPath: org.onap.sdc.trust.jks
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
             readOnly: true
@@ -125,6 +155,9 @@ spec:
       - name: {{ include "common.fullname" . }}-localtime
         hostPath:
           path: /etc/localtime
+      - name: sdc-cert
+        secret:
+          secretName: sdc-cert
       - name: {{ include "common.fullname" . }}-filebeat-conf
         configMap:
           name: {{ include "common.release" . }}-sdc-filebeat-configmap
@@ -137,6 +170,8 @@ spec:
         configMap:
           name: {{ include "common.release" . }}-sdc-environments-configmap
           defaultMode: 0755
+      - name: sdc-environments-output
+        emptyDir: { medium: "Memory" }
       - name:  {{ include "common.fullname" . }}-logs
         emptyDir: {}
       - name:  {{ include "common.fullname" . }}-cert-storage
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
index b15f784dee..946cb3491f 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
@@ -28,8 +28,8 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/sdc-onboard-backend:1.6.3
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.3
+image: onap/sdc-onboard-backend:1.6.4
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.4
 pullPolicy: Always
 
 # flag to enable debugging - application support required
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
index 7490b47cef..be2eeb6e96 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
@@ -115,5 +115,16 @@ spec:
           - name: SERVER_SSL_TRUST_PASSWORD
             valueFrom:
               secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: truststore_password}
+          volumeMounts:
+          - name: sdc-cert
+            mountPath: /keystore
+            subPath: org.onap.sdc.p12
+          - name: sdc-cert
+            mountPath: /truststore
+            subPath: org.onap.sdc.trust.jks
+      volumes:
+        - name: sdc-cert
+          secret:
+            secretName: sdc-cert
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
index 78fdb32dcc..8bab2c84ea 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
@@ -28,8 +28,8 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/workflow-backend:1.6.2
-configInitImage: onap/workflow-init:1.6.2
+image: onap/workflow-backend:1.6.4
+configInitImage: onap/workflow-init:1.6.4
 pullPolicy: Always
 
 initJob:
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
index f419d61291..180c427f1e 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
@@ -90,6 +90,12 @@ spec:
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
             readOnly: true
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/etc/org.onap.sdc.p12
+            subPath: org.onap.sdc.p12
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/etc/org.onap.sdc.trust.jks
+            subPath: org.onap.sdc.trust.jks
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -116,6 +122,9 @@ spec:
         - name: {{ include "common.fullname" . }}-localtime
           hostPath:
             path: /etc/localtime
+        - name: sdc-cert
+          secret:
+            secretName: sdc-cert
         - name: {{ include "common.fullname" . }}-filebeat-conf
           configMap:
             name: {{ include "common.release" . }}-sdc-filebeat-configmap
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
index 6b0669b5b6..359c33ab61 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
@@ -28,7 +28,7 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/workflow-frontend:1.6.2
+image: onap/workflow-frontend:1.6.4
 pullPolicy: Always
 
 # flag to enable debugging - application support required
diff --git a/kubernetes/sdc/resources/cert/org.onap.sdc.p12 b/kubernetes/sdc/resources/cert/org.onap.sdc.p12
new file mode 100644
index 0000000000000000000000000000000000000000..446856071b3803dbafd2f94dfec5f62e06e8155b
GIT binary patch
literal 4443
zcmY+EXE+-U*T#cbQ3SE~Y*8eHQd(PU#V%U4XKb~#Dxvmj?Z&PVJ9bsA+9S5o*ri34
zqV|0M&wD-Z^IY$TbKU2<?{lAzKPZ~cl$eMFilzgTQHn%9jy$0zA}7j6(-8sD;43H^
zd<I36zWRR=sRs~Eiu}iR{AX;*sQ%r$1tKEOM*}aQXy6G{m<;rP_CL?rfe@b`M(k1=
zH$O44A8=!1h~LLo*UiKvfNp&t8aU9KO@Zw0m06j6yF;3sRV~0l3*#%uh|a8}y=7pr
zdh9BXuwhnN9Ruw9HgXJ-D)%PPdtXp_l`o5bewp}k<FuxJ?_kj$AJ1$A^<>_H5_hD5
za`Ni$Zd_^;?Am+d-T4$2diJ}l4<OS|h2TwFUZdc_!)W?&&YOD_u3y&AUr@(bT5Z>9
zn0%CtUtmM!Jyuc!i_zw^J3ivHXW<mHAr(moY&`3?KRjJnq$pqR>R~i9{?szmP$-rJ
z_&q4TQ$iU6EU<&ysV^&KJc^9)#4Fyw8Eb~ywhIlcVnL#c;9+69hrl>D9La}0LOLjw
zQ<FXbnL<}G|H-`T;$9vxvp3?wut6AiwttuNN`~FTQNfN`6^WY)Nkbg1-_iEc^O7AZ
zM_)IL3~SBDPa28mMK2|s9Zj>KlbuCda8D}deQ>`s7k^Fb7uT^8lLPu<x7ALR>49A3
zg$#1GvFSJ`aYuTGGvH0V*-Aw53}vuM%;d#nFw~y8aA|y9Q$#zTxQ>s=+@|5!COQ#&
zm*=9A=wn&YJ6RJ2v=8)xpv9|Xv`k?qxp+%Tzkee%mVJtgrd|(+2*n62cmjGB*Y6q9
zS{WXNVJ-8w{qJZkv-KjU_|`zwA6DF9c2FkQ(_Nm>=~Jlly9s1|PS7L3IgYL@FTAtJ
zN*m&d2g_>P((Eepey0&f%{ElZQhvi&*0fVzp48N3K6s(H^y`3Wm#=`I_wOi9P#SN7
zOw+@}o6rmBFB@TlrQv0>-8vQPSYe+P7WqQHx`uPu%Kc>+Z^ZQ-{v_XtJbwj6oJR#Q
z@lAR88S(S|LgD?_J|1*c0UN)X*x8z&0t#Y#|L)cQidan`ANIn)iVv2@l`7<|K2Q?i
z48G|b6Q9YSDJ0FYT8rq}e^4uy88Q&b$ab<3NSl3n`Yq$sxK$tGPp)bqlGnG36TGu1
z+;;^<(Uy5PUz5zjQoPuT2-a(BHW%}l;bc^w#o2QZ6O`qBNOUb}$!`wUpdc!bbnjMe
z*=Kj5*Y=va%lE_<950t<j%*bXCoI#m)ufZJ_(=vvPWB5-t390V!vcNeq})&9_O!jD
zP~6)ZRksT;EETz8#uHDOU6C!C;t81vrX5Uj=sD7le|Ht-<I?>5XR$bIYBum=1W|ST
z;lxxMv|oGEzoLT0vTNgK%x|(OJ#Qx;xl$pwXiE>31gF@+z4@_eqHy<Mqf7$VgAEr%
zKO8QqQekAKmH$}vEr~bZ=i5i`8|{@Jo6#}ceq)TTnT)v8ZD!O?7yQH;^Wal`jgDoG
z1259H6Gr-XOXqUnEybgCM7a)=B)<p3W4>lk{d%|8(ZhWp?OGFk3K+2bwbBzB`Ln~h
zKxQj?3bmo)>d=)WxQP=UP*9D19$AdiMW{d1kO)rR^7hy*-C(Y==vnD(+(N#JKEA*C
z0yqFRG>)S!lIC;nYg@p$M7|xqA?xRf3<*=HLg)eKGRTbn@>hW!T&Aikj`d9+l=gj7
zA3u4M5*aNpliBv!Ohvb_nIcDB%yWf7zQ2UU{HOPy`k2D~ae2lO)xT`o+oQDz`vi&;
ziOk=%kBwZ6V^nZ`;??rsRPEWiJ?7JE(nW=I4h9;%1!uX$_Rlr<dnL@UZU0~`5oQdP
z_zx;6Auv8J9>5ELJ-`m2^ludhcmg~CHUKZczcwF$6O{MA1x6SINN?=o?!W_+mX(G|
z--AJ=WaOYwG?njvj>yUK(NqrqST@8&fPduae-onrM_saiQJ2Tmy&cu4U{RwJi@RuE
zF1Ij1DgG~Y!_ZVb(b*X<ODXvcjtc!!=f@B!4N2w@qPtBOYciI&7H-}(CW|5su3s5~
zx>Pn|Hsx{A-X`K3WRQl7^Pz8iU<r`#B%k2^kabb0`*&t+Q(#u4bP!o_7go`B5UDx8
zJ(A9;W1v76gEkGFebW6Pg+Ma;NcnH~nPPH&c5wIFrY^0?;@jq*1Fx>7%>!*Qq2@u7
z;GNcwqf)<*BJHQ6+ee95GIuT@!b6<rL+_^iMM`3w6+;D%S8pE+lrdq2>@xzA87{%Q
zBcEo9-+63uayvQEj6HNI)7(p3I14EbhTn%Bs)_NZ95HJ>$(y!%&f>>W4{TLJRF7*l
zQY72z`=#WBD$`nG<KwlGBpkzqR}EsP{az|KO%>7?C@&C=`P1gx)fPV=;VG%P^8=;h
zAvd>|pwuF@hL3XHe&5ro+hRTupPg#64bR}w*$%XP-dBM9>8Z;1oyYX$r6h&<SusZ|
zvi>I)(HS*?#-=8%`&;@93KVI)c^-8K?jxBW0dFT)J+6fqD-tcqi}KRF>CPL;BrJ9v
z<-j09?9$jlYP~Rb02ES4w0k{Y{}fDmmPH0u?v74Ei8|D-K)(Q9Rva0PopZ}An-wN;
z2H7f5yuI~ZB@mCYF8<(uLrah`em@!@D@v<DU#D*5@(2X6pj8Iz{4#9euQJiO)nihI
zG5_(f8Z55sJBHBfvE<KUbiHpi-*1sFm+zK;wgzt^=vJ`~6@l=K>nEY5;VM7<n}PH{
zD!m6BvbOzT!$y<Fv#EYV>wO6K-I_PTquMJZd!a8x3KkPTM$PNJTkFiKbB?-lNfk{=
zX#CnKqW)2FjFt3{sk7Q)Jn8q%j)$66-q>voUn&1bl@j*%r~EDjsl?A%)2pA*U7uiI
z^ICZTMKbKp16(|x`H`iIqQTk$m3SHK>rs>pu12VPFXR^Odsy<bW{p+#$(q9zzUUKg
zz?kG0l~xnhT)Z1E=X537&~U|M&vf5bFQ%s`U-5>e^wnQUKu~|9BbBIf+b+SEGqp#a
z)x{uXv*FBOHN+xMj#gL2)P=W}R5rW`TgpPL&YS$S@XU;fg;>f)QVkYypTqz1*v-Ln
z9GPQXf_SO;%ks!uGyV|H7aBIu`;f2GfLF!uN}Tx0dd@9x#*XIIu2D;$&zG|t-26Lp
zzU^9_r8K`YjEqoCZyb{A_{n0cyH08)Zh-1xUn@qz%ai|9^L<z;{p-W-u~{Q`gMw6`
z*Hl{4C)MKUz`xWZcYqfvna@@Ei;u`T-WlOZ4rNzl`st%}Y!ymfZ^84-J#!_AU;m<X
zuKcEQ{(cBspu}+NSG@uPUvpvfCQoa2nLNDPxK1oKQvJn`Z7XEf)1j`v8w8?<!0dU(
z-mqnHXgyki&B7`+d6!KPuWBY)bBGHWG}O<>9c$C{pPN+5aycKu-li-^ZY4ZX12U$U
z$#ONd`ya^11FHKT@Lx3N`s^0+7x2yg%z7Q_b~9yY9v;2etJCSV;^Z`sA@&*|r@O07
zQhkyUr=n#w&vyOwEZ(;FYtE9NFIO4%Ts2By^4ets;Mud&rjG9$uGNDeo|s=Q)VjZH
zYTeupci^oCG!aXfhaPe_mcbHt4AzP>L+7tROHsFKu+^p1v8E{`p6+G5*wBNi?>C7_
zDCUUEpMmaid6UzShi8<#GJ@>TXU1dgID$ZSmk`5fQpC5el<u(HhV2_hD_add27BY}
zwpKkf*bG*|o(g^)wOe(E&#Uf$w%fwYsNQHL{DA*m6}6K57yM1L{S0%I%n3%gH()5~
zATepIGBUdF%f~*&@OHrG;u&`eJ=K|rK#o9xr9;g+H2LpLumvUi&|Fu|;EDDd0`gT+
zdZotTuB0ev!SK-{a4QEy;)yssTgOXG(FSb2K&t9t-l>|ty#TND8x`f=o%0v(a<Jng
zS<Gc0Q=9*o=4_!bhiCQM7LyK@xpUE?PYB(x_7ZZn<*_asQRu_owL&UN38v+4Wj!g1
zbPprn_nqF{dZ6lVUB2EdlZ&cIJ}G$WB{bx~Pr`~tmShi6FaV2`Tl;a%*-HS2+OMz1
z$3og8LHesS@W{so8cQ9i0bh%=m(}4EdSmC^;x>C$j|7C`Mm%;_l+pr|1B8Wi7lthC
z?{mLCD6l@g0we6)&i*vtoQ~Z=qz({I20GY<xy`L@f|Co9-I0>bK_I5q`}z2aFwqgK
zU|x7P;lrA4o+HY^yU(pQc&#1qo^^#GuTow?tUt3H_<r}={hpk?`hnScNKvYQ+h?7Z
zYHbqcpnbLcXk$>3-{aV{AK+{-tyyVr@Qo_~!xU5C%<-J*+4e>cT_2RH{182Q{nlqO
z^t2BmvYM=BFt}8<OnFJsEqis?p~v4c)z~s==&hr7@=QPr<l6X9bM^bzk!1SM@0~8#
zhG{4tSSzhA##3{cXqyqj`GnqeU~H9knRFd;3%<><>Ga6Pksa<Sk4Hq!uNIjnI7^$u
zha>Y+t(RIyFeM+DcXLum^d6a27|Wh<at-H$m`K(*RR?A0*P1ND=<knFIhX{+KC%8y
z{R*dRCO=0xNtPGN)cOkivZ6=q*9VN)-`sTwxoA8+5_i-w5V=R!&u__)yP3cd635df
z>&P`h-c)b3{rK8KheqiGwYOzh{M!r^mM6bJ*+I@WMrB97jvG_nq;$<DLRJ?$k!Hsn
zIN;K<ZG06$zysyN#1EW70?yx2#BfnMPPCO}-%mhV#;JH|o4m-XnU0iHMpP>|CfI3Q
z4_37jx{XnnWCdH*(kE{XT<{_<{ygA#@GWL><@z4;g44VzL$8@#DzUNFol6oK*A8|F
zi={`5@&@h|M(~K@Kw$~WTaX8!;L~0!zd}rBmEjI|a73CLxZv1>$(aJ)Z6|g|GaWdS
z1aeYWj+w)^wsPj(WUwLE!Ypf~d|#D8Bc4GGcR4|Znaw!LVMO*6B_3*jwGq?rz5PAO
zc*E_HVq9cfdavUR+0~crG&EPMbI=oBT7s<Oje>DdRu!436E;rvAcR(N9<r;%RGOcB
zel5y%kx%dFXq>vI5b-V3(=imrvh=$sZ7jpqbkA`oO@d1cm{iLjPf&ZEclhHE1WI-;
zz3%ME?TYc2yp1Z6#24_s-OztC5hsguIz9^C!`{F3iG-cFsv&Z(JZ1@`yLoT4)t8^f
z<M55$T&Me~LH@+8Kf)Ng(WpUy2d_ivAPCO!P=EI8an|F$>5d+rB$0j;Fz<*eFS|lO
zg^;TV1zp}vyksP_r3POU!bcM7eo7@}DzU+5cdUIMmk*nzeL9nU5@=PT&uR|=|LT#r
z9u@74ksKNMF{iNko3FAk*OfV&3(<NKez0IT&NjYFc8u>F-02j;|G~9isLs%E#R==9
ztNa8iB^Eg+m9;a*YvWO@KJnUm*4pf|=2JFdca^;7^mhO!?M^&QuO$TA<fMZczpDk~
zNzlsFy~0wiM~{@`(*6Cw?zw?d+FCf85J72S)_KQ}b^Y>iHZK|SVuO}@Vz}G79bd3)
zL+|(C)Lh|TZruCuhM1a)#Vi)KywkLaA9U5l14rCJwmmQPrz0d*wP(!|XTuAF${9b<
z%qVbYdRrAXrE3MqP;c0+DlI<adICRZ@Pu>@r(`q~K*%JM8!bF!wS&|`ZZb0Zt7Gr8
z>IOHw_<}Z1KCL0@^B|c@^<jAoYN6L#$e{pLvy*sb!}8HB=gj{4k}rhTECswvrETd@
z!k1~tS~LAAlIYvS9~~|K7|5X9!mu8-goHj<f&?=!YgUA5HV5qb#Os|z3AL8oZRkTN
zFO-suRFsB<n2i(wg!ntAq&0l~v~#snUF6D;S2j(Ce+GoW!u%^(mQjt83oQc%pn%Z1
N1n+TT5~9fb{{hWzRxAJj

literal 0
HcmV?d00001

diff --git a/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks b/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks
new file mode 100644
index 0000000000000000000000000000000000000000..e6686cc08c39d81b6d3e68ec85ad14fbef710823
GIT binary patch
literal 1413
zcmb7DYdF&j9Ntw2vn4fa2$8dPsQ;|h6m3@IxP&wl!YZtCNgcUA*s+DkEw?h)j_ZoW
zTyh`fz9vsPc`zRJq#PzxQs!`;^Pvyt%lYto-sgRP@AG?pAKq6!FP{g2K#<J=|AR^w
znVx=u7ny#Zz@`+0=-OBY!CelJ022@hP6OER;{Y3KPzZ&9ArM7S{-gPhGO>^cs3<7n
zxmMgSDqyfO90V8=kN`pfN{1;U;Py`D=9UB%KzWNRAz=2W%^e8JfZ`TaP=nB&fIaFe
z1Tt_4AQ27`NXBGWbrm8RAQB1x(*Jpl4cYtSJ772n%7&mo02`tNVMD;64wF(V)!JGn
zCSXrjI_rsM&J`<+ldh}AdEvL!$cj2%gB6`74_~E{UnVxYv-0QBP-?YZ4%lK+X+dov
zTc+F>kGs5T$Xn>N<+U|6v4T{`oo$C=^<Af;Nk3~pqdik#mjw4reSf=Ov)%}%xIGOb
z@*MWLMDxH6He|QndOGW!BE{44yfY15BuRf9Jv_(PYeCt%H}PWC(^BlK`M9~m{5I~m
zBI+0`KDgLxE#pH9ti@L+X{;nOFM@Q!bFpUtp;?LZXzN7xv^yr=iP~_+P0XYPE;T;3
zh&vtcT-GWKPrB8azJc-<PQ7**72MV->!P*{TCeSkye4C3gqiCx@0ewYc2wHa4{I3N
zt_cP^?(SQp{l1Lgx^!|I!nCKn>Pa!{#j1{Ci}E9WwPR(Yj5qdBAKMWUdA4oo&0;A#
z_Y2lR<fkB+fMoAX9RD=jH{6#^5=2d@F}@)4B*dyH<@-p6K2xQ;3SU_h_`1$|i0lq)
zMfWFBg3(MwrOI!DOe*GbwAq-<fZ-C9KT(+6T5sv94u~^~myZbWeKxk+*3SEiL&8~f
zsqo;l=}aqn!9bMRh1$4>C3>Tm3;~h5@Ogj2iSN^i`F62)Kb}Au+-?D+sehVDwv+ML
z<dtglQGO<B+ziuB*#2mwof+o*HA?Z_kely=v#Jm%7z8f42rvPy%?N5CVQAP+CpvM-
zW=`TL=nTEri6cbFKFt3LXm73cU>E=$^WO&4mO%{+-hjaY=q3QjEdjM9z%~oQ{V|4{
zt=Nnq7(~(TWmSh3*ws+5zD(0Lqcgod+pfqhYe<vv0eZxP;^mwXXikWN|C*{21(~i<
z7#nTV<0(qVG7_)m2r@Xd18!OE3u|%%-DaHtR_g*K&*9qh5#y!nE7jda^8-8^kx%xg
zM?h+B*x)YmF*mL6(f;Q;4LW%1Sue_Ag+Vtaci#w2x}W#Zf?4v-x__{y!`-5yDBn#j
zV_;uZ%zLV++gMr~bd6Kj+(_1WdRv;J&w1mJtV#(jEGS(PzYL9-z1o|Csd~jv<b?>k
z_Jk)G(5<VRT5V1Z2I_)8_SRdDWFw^^37<(%u&_GY2L-pT!10k0$A*j}apy--$d!rD
zQ!%^Va*SLjVQ@i60P}c<Q(CGCH>;hGD#goVqB-Wy2ETk9Tn$d;@5BWpay<NH7uZ;7
zlJ-V<Sp}N-R2jF7n+TAkmu~n)n_vZL#AJ>BkVaFS&R@m3r__YRgEKx-FN*2O(gzi~
z47K4lU)oz%A-H0-e`btQ-?9Iz*rxEcOV*hp-rVU4kk-SZ#hYFYvltdzb9nS9L&l>9
z<$gXJC7HhdxXjL7Uy`u5`Q9q(eh+_oLNja5_@}fwn%_ye1Euj^J6g9pZt|+5_c>n<
zRXjt9UcZpUFx~M96Dhahiv=9LGpQvck>-=}h?}VQ=-rX;c(NC-E^Dd>b632|s!Q<Y
RvH`??f9*!>c!cY^$KO_qW0n8_

literal 0
HcmV?d00001

diff --git a/kubernetes/sdc/resources/config/environments/AUTO.json b/kubernetes/sdc/resources/config/environments/AUTO.json
index 57d774e59b..2bd165b723 100755
--- a/kubernetes/sdc/resources/config/environments/AUTO.json
+++ b/kubernetes/sdc/resources/config/environments/AUTO.json
@@ -104,6 +104,10 @@
             "username": "user1@sdc.com",
             "password": "password=="
          }
+      },
+      "jetty": {
+         "keystore_pwd": "${KEYSTORE_PASS}",
+         "truststore_pwd": "${TRUSTSTORE_PASS}"
       }
     }
 }
diff --git a/kubernetes/sdc/templates/secrets.yaml b/kubernetes/sdc/templates/secrets.yaml
index ba2ec86951..6187104ce6 100644
--- a/kubernetes/sdc/templates/secrets.yaml
+++ b/kubernetes/sdc/templates/secrets.yaml
@@ -35,4 +35,18 @@ data:
   truststore_password: "{{ .Values.global.secrets.truststore_password }}"
   keystore_password: "{{ .Values.global.secrets.keystore_password }}"
   # workflow
-  wf_external_user_password: "{{ .Values.global.secrets.wf_external_user_password }}"
\ No newline at end of file
+  wf_external_user_password: "{{ .Values.global.secrets.wf_external_user_password }}"
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: sdc-cert
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/cert/*").AsSecrets . | indent 2 }}
diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml
index dfbd8c80df..5701a91f27 100644
--- a/kubernetes/sdc/values.yaml
+++ b/kubernetes/sdc/values.yaml
@@ -23,8 +23,8 @@ global:
     #Should be the password of shared cassandra instance/chart
     cs_password: Y2Fzc2FuZHJh
     cs_truststore_password: XS5dW3hndHplXWhCaHoqd3ldfW0jbGYq
-    truststore_password: XS5dW3hndHplXWhCaHoqd3ldfW0jbGYq
-    keystore_password: IXBwSi5KdlduMGhHaClvVkZdKFtLdile
+    truststore_password: eitLRWo7dCssS05eaWltU2lTODllI3Aw
+    keystore_password: PyhrUCFZdXIhWyohWTUhRV5mKFpLYzMx
     wf_external_user_password: S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==
   ubuntuInitRepository: oomk8s
   ubuntuInitImage: ubuntu-init:1.0.0
@@ -41,6 +41,7 @@ global:
    dataCenter: Pod
   security:
     disableHttp: true
+  envsubstImage: dibi/envsubst
 config:
   logstashServiceName: log-ls
   logstashPort: 5044
-- 
2.16.6