[POLICY] certInit support + refactoring

Several changes are including in this patch:
- certInitializer support (POLICY-2615, REQ-361)
- renamed policy objects to start with "policy-"
  prefix (POLICY-1000)
- add resources section to components that did not
  have or had it incorrectly set up rendering null
  (POLICY-2502)
- Removal of legacy policy-engine components (POLICY-2743)
- Miscellaneous refactoring of charts (POLICY-2745)
- update pdp legacy reference to policy-xacml-pdp from
  pdp (legacy)

Issue-ID: POLICY-2615
Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
Change-Id: I8b6984a663bbb14d331a366ec02b6dd38755cde7
Signed-off-by: jhh <jorge.hernandez-herrero@att.com>

11 files changed, 666 insertions, 0 deletions

diff --git a/kubernetes/policy/components/policy-apex-pdp/Chart.yaml b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml
new file mode 100755
index 0000000000..d63683ed62
--- /dev/null
+++ b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml
@@ -0,0 +1,22 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2018 Ericsson. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP Policy APEX PDP
+name: policy-apex-pdp
+version: 6.0.0
diff --git a/kubernetes/policy/components/policy-apex-pdp/requirements.yaml b/kubernetes/policy/components/policy-apex-pdp/requirements.yaml
new file mode 100755
index 0000000000..86751eae3c
--- /dev/null
+++ b/kubernetes/policy/components/policy-apex-pdp/requirements.yaml
@@ -0,0 +1,26 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2018 Ericsson. All rights reserved.
+#   Modifications Copyright © 2020 AT&T. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
new file mode 100755
index 0000000000..767d1452cc
--- /dev/null
+++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
@@ -0,0 +1,44 @@
+{
+    "name":"OnapPfParameterGroup",
+    "restServerParameters": {
+      "host": "0.0.0.0",
+      "port": 6969,
+      "userName": "${RESTSERVER_USER}",
+      "password": "${RESTSERVER_PASSWORD}",
+      "https": true
+    },
+    "pdpStatusParameters":{
+        "pdpGroup": "defaultGroup",
+        "timeIntervalMs": 120000,
+        "pdpType":"apex",
+        "description":"Pdp Heartbeat",
+        "supportedPolicyTypes": [
+            {
+                "name": "onap.policies.controlloop.operational.Apex",
+                "version": "1.0.0"
+            },
+            {
+                "name": "onap.policies.native.Apex",
+                "version": "1.0.0"
+            },
+            {
+              "name": "onap.policies.controlloop.operational.common.Apex",
+              "version": "1.0.0"
+            }
+        ]
+    },
+    "topicParameterGroup": {
+        "topicSources" : [{
+            "topic" : "POLICY-PDP-PAP",
+            "servers" : [ "message-router" ],
+            "useHttps" : true,
+            "topicCommInfrastructure" : "dmaap"
+        }],
+        "topicSinks" : [{
+            "topic" : "POLICY-PDP-PAP",
+            "servers" : [ "message-router" ],
+            "useHttps" : true,
+            "topicCommInfrastructure" : "dmaap"
+        }]
+    }
+}
diff --git a/kubernetes/policy/components/policy-apex-pdp/resources/config/config.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/config.json
new file mode 100755
index 0000000000..5df0a26596
--- /dev/null
+++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/config.json
@@ -0,0 +1,64 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2018 Ericsson. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+{
+  "javaProperties" : [
+    ["javax.net.ssl.trustStore", "/opt/app/policy/apex-pdp/etc/ssl/policy-truststore"],
+    ["javax.net.ssl.trustStorePassword", "${TRUSTSTORE_PASSWORD_BASE64}"]
+  ],
+  "engineServiceParameters": {
+    "name": "MyApexEngine",
+    "version": "0.0.1",
+    "id": 45,
+    "instanceCount": 4,
+    "deploymentPort": 12345,
+    "policyModelFileName": "examples/models/SampleDomain/SamplePolicyModelJAVASCRIPT.json",
+    "engineParameters": {
+      "executorParameters": {
+        "JAVASCRIPT": {
+          "parameterClassName": "org.onap.policy.apex.plugins.executor.javascript.JavascriptExecutorParameters"
+        }
+      }
+    }
+  },
+  "eventOutputParameters": {
+    "FirstProducer": {
+      "carrierTechnologyParameters": {
+        "carrierTechnology": "FILE",
+        "parameters": {
+          "standardIo": true
+        }
+      },
+      "eventProtocolParameters": {
+        "eventProtocol": "JSON"
+      }
+    }
+  },
+  "eventInputParameters": {
+    "FirstConsumer": {
+      "carrierTechnologyParameters": {
+        "carrierTechnology": "FILE",
+        "parameters": {
+          "standardIo": true
+        }
+      },
+      "eventProtocolParameters": {
+        "eventProtocol": "JSON"
+      }
+    }
+  }
+}
diff --git a/kubernetes/policy/components/policy-apex-pdp/resources/config/logback.xml b/kubernetes/policy/components/policy-apex-pdp/resources/config/logback.xml
new file mode 100755
index 0000000000..83261220c9
--- /dev/null
+++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/logback.xml
@@ -0,0 +1,103 @@
+<!--
+  ============LICENSE_START=======================================================
+   Copyright (C) 2020 Bell Canada. All rights reserved.
+  ================================================================================
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+       http://www.apache.org/licenses/LICENSE-2.0
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+  SPDX-License-Identifier: Apache-2.0
+  ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+    <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/apex-pdp/error.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/apex-pdp/error.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+            <level>WARN</level>
+        </filter>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="ErrorOut" />
+    </appender>
+
+    <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/apex-pdp/debug.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/apex-pdp/debug.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="DebugOut" />
+    </appender>
+
+    <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/apex-pdp/network.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/apex-pdp/network.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="NetworkOut" />
+    </appender>
+
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="STDOUT" />
+    </appender>
+
+    <logger name="network" level="INFO" additivity="false">
+        <appender-ref ref="AsyncNetworkOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </logger>
+
+    <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+        <appender-ref ref="AsyncNetworkOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </logger>
+
+    <root level="INFO">
+        <appender-ref ref="AsyncDebugOut" />
+        <appender-ref ref="AsyncErrorOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </root>
+
+</configuration>
\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/NOTES.txt b/kubernetes/policy/components/policy-apex-pdp/templates/NOTES.txt
new file mode 100755
index 0000000000..c882c3385e
--- /dev/null
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/NOTES.txt
@@ -0,0 +1,37 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2018 Ericsson. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+  http://{{ . }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
+{{- end }}
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/configmap.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/configmap.yaml
new file mode 100755
index 0000000000..d5184bb50f
--- /dev/null
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/configmap.yaml
@@ -0,0 +1,38 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2018 Ericsson. All rights reserved.
+#   Modifications Copyright (C) 2020 Nordix Foundation.
+#   Modifications Copyright (C) 2020 AT&T Intellectual Property.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+{{- with .Files.Glob "resources/config/*store" }}
+binaryData:
+{{- range $path, $bytes := . }}
+  {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
+{{- end }}
+{{- end }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }}
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/secrets.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/secrets.yaml
new file mode 100755
index 0000000000..bd7eb8ea40
--- /dev/null
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/secrets.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml
new file mode 100755
index 0000000000..adbd5ed986
--- /dev/null
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml
@@ -0,0 +1,44 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2018 Ericsson. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.servicename" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    {{if eq .Values.service.type "NodePort" -}}
+    - port: {{ .Values.service.externalPort }}
+      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+      name: {{ .Values.service.portName }}
+    {{- else -}}
+    - port: {{ .Values.service.externalPort }}
+      targetPort: {{ .Values.service.internalPort }}
+      name: {{ .Values.service.portName }}
+    {{- end}}
+  selector:
+    app: {{ include "common.name" . }}
+    release: {{ include "common.release" . }}
+  sessionAffinity: None
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
new file mode 100755
index 0000000000..4deb21a79b
--- /dev/null
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
@@ -0,0 +1,131 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2018 Ericsson. All rights reserved.
+#   Modifications Copyright (C) 2020 AT&T Intellectual Property.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  serviceName: {{ include "common.servicename" . }}
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}
+        release: {{ include "common.release" . }}
+    spec:
+      initContainers:
+      - command:
+        - sh
+        args:
+        - -c
+        - "export TRUSTSTORE_PASSWORD_BASE64=`echo -n ${TRUSTSTORE_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+        env:
+        - name: TRUSTSTORE_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 10 }}
+        - name: KEYSTORE_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 10 }}
+        - name: RESTSERVER_USER
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
+        - name: RESTSERVER_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }}
+        volumeMounts:
+        - mountPath: /config-input
+          name: apexconfig-input
+        - mountPath: /config
+          name: apexconfig
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+      containers:
+        - name: {{ include "common.name" . }}
+          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          command: ["bash","-c"]
+          args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \
+                  source {{ .Values.certInitializer.credsPath }}/.ci; fi;\
+                  /opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"]
+          ports:
+          - containerPort: {{ .Values.service.externalPort }}
+          {{- if eq .Values.liveness.enabled true }}
+          livenessProbe:
+            tcpSocket:
+              port: {{ .Values.service.externalPort }}
+            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.liveness.periodSeconds }}
+          {{- end }}
+          readinessProbe:
+            tcpSocket:
+              port: {{ .Values.service.externalPort }}
+            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.readiness.periodSeconds }}
+          env:
+          - name: REPLICAS
+            value: "{{ .Values.replicaCount }}"
+{{- if not .Values.global.aafEnabled }}
+          - name: KEYSTORE_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 12 }}
+          - name: TRUSTSTORE_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 12 }}
+{{- end }}
+          volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
+          - mountPath: /etc/localtime
+            name: localtime
+            readOnly: true
+          - mountPath: /var/log/onap
+            name: policy-logs
+          - mountPath: /home/apexuser/config
+            name: apexconfig
+          resources:
+{{ include "common.resources" . }}
+        {{- if .Values.nodeSelector }}
+        nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+        {{- end -}}
+        {{- if .Values.affinity }}
+        affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+        {{- end }}
+      volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
+        - name: localtime
+          hostPath:
+            path: /etc/localtime
+        - name: policy-logs
+          emptyDir: {}
+        - name: apexconfig-input
+          configMap:
+            name: {{ include "common.fullname" . }}-configmap
+            defaultMode: 0755
+        - name: apexconfig
+          emptyDir:
+            medium: Memory
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml
new file mode 100755
index 0000000000..21e9df41e6
--- /dev/null
+++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml
@@ -0,0 +1,142 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2018 Ericsson. All rights reserved.
+#   Modifications Copyright (C) 2019-2020 AT&T Intellectual Property.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+  nodePortPrefix: 302
+  readinessRepository: oomk8s
+  readinessImage: readiness-check:2.0.0
+  envsubstImage: dibi/envsubst
+  aafEnabled: true
+  persistence: {}
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: restserver-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+    login: '{{ .Values.restServer.user }}'
+    password: '{{ .Values.restServer.password }}'
+  - uid: truststore-pass
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+    password: '{{ .Values.certStores.trustStorePassword }}'
+    passwordPolicy: required
+  - uid: keystore-pass
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+    password: '{{ .Values.certStores.keyStorePassword }}'
+    passwordPolicy: required
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/policy-apex-pdp:2.4.0
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+
+restServer:
+  user: healthcheck
+  password: zb!XztG34
+truststore:
+  password: Pol1cy_0nap
+certStores:
+  keyStorePassword: Pol1cy_0nap
+  trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+  nameOverride: policy-apex-pdp-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  fqdn: policy
+  fqi: policy@policy.onap.org
+  public_fqdn: policy.onap.org
+  cadi_latitude: "0.0"
+  cadi_longitude: "0.0"
+  credsPath: /opt/app/osaaf/local
+  app_ns: org.osaaf.aaf
+  uid: 101
+  gid: 102
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh;
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass
+    {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+    echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
+    echo "export KEYSTORE_PASSWORD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+    chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 20
+  periodSeconds: 10
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: true
+
+readiness:
+  initialDelaySeconds: 20
+  periodSeconds: 10
+
+service:
+  type: ClusterIP
+  name: policy-apex-pdp
+  portName: policy-apex-pdp
+  externalPort: 6969
+  internalPort: 6969
+  nodePort: 37
+
+ingress:
+  enabled: false
+
+# Resource Limit flavor -By Default using small
+# Segregation for Different environment (Small and Large)
+flavor: small
+resources:
+  small:
+    limits:
+      cpu: 1
+      memory: 4Gi
+    requests:
+      cpu: 10m
+      memory: 1Gi
+  large:
+    limits:
+      cpu: 2
+      memory: 8Gi
+    requests:
+      cpu: 20m
+      memory: 2Gi
+  unlimited: {}