VOL-3145 - remove etcd operator usage

- removed dependencies as they are not part of VOLTHA
- removed RBAC config (no longer used)
- put each resources in separate file (best practice)
- added security context for containers (best practice)

Change-Id: If9e250ebe998369cb973561d1406517ea622e670
diff --git a/voltha/Chart.yaml b/voltha/Chart.yaml
index dc435be..31481dd 100644
--- a/voltha/Chart.yaml
+++ b/voltha/Chart.yaml
@@ -12,13 +12,24 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
-name: voltha
-description: A Helm chart for Voltha based on K8S resources in Voltha project
-icon: https://guide.opencord.org/logos/cord.svg
-
-version: 2.4.6
+apiVersion: "v1"
+name: "voltha"
+version: "2.4.7"
+description: "A Helm chart for Voltha based on K8S resources in Voltha project"
+keywords:
+  - "onf"
+  - "voltha"
+home: "https://www.opennetworking.org/voltha"
+icon: "https://guide.opencord.org/logos/cord.svg"
+sources:
+  - "https://github.com/opencord/voltha-go"
+  - "https://github.com/opencord/ofagent-go"
+  - "https://gerrit.opencord.org/#/admin/projects/ofagent-py"
+maintainers:
+  - name: "Open Networking Foundation"
+    email: "info@opennetworking.org"
+    url: "https://www.opennetworking.org"
 
 # app version applies to multiple components with potentially different
 # container image versions
-appVersion: 2.4
+appVersion: "2.4"
diff --git a/voltha/templates/10-rbac.yaml b/voltha/templates/10-rbac.yaml
deleted file mode 100644
index 430f842..0000000
--- a/voltha/templates/10-rbac.yaml
+++ /dev/null
@@ -1,72 +0,0 @@
-# Copyright 2019-present Open Networking Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: voltha-serviceaccount
-
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: pod-reader
-rules:
-  - apiGroups: [""]
-    resources: ["pods", "nodes"]
-    verbs: ["get", "watch", "list"]
-
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: Role
-metadata:
-  name: voltha-role
-  namespace: {{ .Release.Namespace }}
-rules:
-  - apiGroups: [""]
-    resources: ["pods", "secrets", "namespaces", "endpoints"]
-    verbs: ["get"]
-  - apiGroups: [""]
-    resources: ["configmaps"]
-    verbs: ["get", "update", "create"]
-
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
-metadata:
-  name: voltha-role-nisa-binding
-  namespace: {{ .Release.Namespace }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: voltha-role
-subjects:
-  - kind: ServiceAccount
-    name: voltha-serviceaccount
-    namespace: {{ .Release.Namespace }}
-
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  name: voltha-clusterrole-nisa-binding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: pod-reader
-subjects:
-  - kind: ServiceAccount
-    name: voltha-serviceaccount
-    namespace: {{ .Release.Namespace }}
diff --git a/voltha/requirements.yaml b/voltha/templates/api-svc.yaml
similarity index 66%
copy from voltha/requirements.yaml
copy to voltha/templates/api-svc.yaml
index a6e50db..04f8dea 100644
--- a/voltha/requirements.yaml
+++ b/voltha/templates/api-svc.yaml
@@ -11,14 +11,15 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
 ---
-dependencies:
-  - name: kafka
-    repository: https://kubernetes-charts-incubator.storage.googleapis.com
-    version: 0.15.3
-    condition: private_kafka_cluster
-  - name: voltha-etcd-cluster
-    repository: file://../voltha-etcd-cluster
-    version: 2.2.0
-    condition: private_etcd_cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: voltha-api
+spec:
+  ports:
+    - name: grpc
+      port: 55555
+      targetPort: 50057
+  selector:
+    app: rw-core
diff --git a/voltha/templates/rw-core.yaml b/voltha/templates/core-deploy.yaml
similarity index 79%
rename from voltha/templates/rw-core.yaml
rename to voltha/templates/core-deploy.yaml
index 3e71aa7..1a805ec 100644
--- a/voltha/templates/rw-core.yaml
+++ b/voltha/templates/core-deploy.yaml
@@ -13,57 +13,10 @@
 # limitations under the License.
 {{- $log_level := tpl .Values.rw_core.log_level . | upper }}
 ---
-apiVersion: v1
-kind: Service
-metadata:
-  name: voltha-api
-  serviceAccountName: {{ .Values.serviceaccount }}
-spec:
-  serviceAccountName: {{ .Values.serviceaccount }}
-  ports:
-    - name: grpc
-      port: 55555
-      targetPort: 50057
-  selector:
-    app: rw-core
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: voltha-rw-core
-  serviceAccountName: {{ .Values.serviceaccount }}
-spec:
-  serviceAccountName: {{ .Values.serviceaccount }}
-  clusterIP: None
-  ports:
-    - name: grpc
-      port: 50057
-      targetPort: 50057
-  selector:
-    app: rw-core
----
-{{- if .Values.profiler.enabled }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: voltha-rw-core-profiler
-  serviceAccountName: {{ .Values.serviceaccount }}
-spec:
-  serviceAccountName: {{ .Values.serviceaccount }}
-  clusterIP: None
-  ports:
-    - name: rw-core-profiler
-      port: 6060
-      targetPort: 6060
-  selector:
-    app: rw-core
----
-{{- end }}
 apiVersion: apps/v1beta1
 kind: Deployment
 metadata:
   name: voltha-rw-core
-  serviceAccountName: {{ .Values.serviceaccount }}
   {{- if or (hasKey .Values "extra_deployment_labels") (hasKey .Values "rw_core_deployment_labels") }}
   labels:
     {{- if hasKey .Values "extra_deployment_labels" }}
@@ -99,10 +52,13 @@
         {{ $key }}: {{ $val | quote }}
         {{- end }}
         {{- end }}
-      annotations:
-        cni: "calico"
     spec:
-      serviceAccountName: {{ .Values.serviceaccount }}
+      {{- if .Values.securityContext.enabled }}
+      securityContext:
+        runAsUser: {{ .Values.securityContext.runAsUser }}
+        runAsGroup: {{ .Values.securityContext.runAsGroup }}
+        fsGroup: {{ .Values.securityContext.fsGroup }}
+      {{- end }}
       containers:
         - name: voltha
           image: '{{ tpl .Values.images.rw_core.registry . }}{{ tpl .Values.images.rw_core.repository . }}:{{ tpl .Values.images.rw_core.tag . }}'
@@ -142,6 +98,10 @@
           ports:
             - containerPort: 50057
               name: grpc
+          {{- if .Values.securityContext.enabled }}
+          securityContext:
+            allowPrivilegeEscalation: false
+          {{- end }}
           livenessProbe:
             httpGet:
               path: /healthz
diff --git a/voltha/requirements.yaml b/voltha/templates/core-profile-svc.yaml
similarity index 66%
rename from voltha/requirements.yaml
rename to voltha/templates/core-profile-svc.yaml
index a6e50db..967d4ab 100644
--- a/voltha/requirements.yaml
+++ b/voltha/templates/core-profile-svc.yaml
@@ -11,14 +11,18 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+{{- if .Values.profiler.enabled }}
 ---
-dependencies:
-  - name: kafka
-    repository: https://kubernetes-charts-incubator.storage.googleapis.com
-    version: 0.15.3
-    condition: private_kafka_cluster
-  - name: voltha-etcd-cluster
-    repository: file://../voltha-etcd-cluster
-    version: 2.2.0
-    condition: private_etcd_cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: voltha-rw-core-profiler
+spec:
+  clusterIP: None
+  ports:
+    - name: rw-core-profiler
+      port: 6060
+      targetPort: 6060
+  selector:
+    app: rw-core
+{{- end }}
diff --git a/voltha/templates/ofagent-go.yaml b/voltha/templates/ofagent-go-deploy.yaml
similarity index 85%
rename from voltha/templates/ofagent-go.yaml
rename to voltha/templates/ofagent-go-deploy.yaml
index 324850d..a32e19a 100644
--- a/voltha/templates/ofagent-go.yaml
+++ b/voltha/templates/ofagent-go-deploy.yaml
@@ -1,4 +1,3 @@
-{{- if and (hasKey .Values "use_ofagent_go") .Values.use_ofagent_go }}
 # Copyright 2020-present Open Networking Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -12,30 +11,13 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+{{- if .Values.use_ofagent_go }}
 {{- $log_level := tpl .Values.ofagent.log_level . | upper }}
-{{- if .Values.profiler.enabled }}
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: voltha-of-agent-profiler
-  serviceAccountName: {{ .Values.serviceaccount }}
-spec:
-  serviceAccountName: {{ .Values.serviceaccount }}
-  clusterIP: None
-  ports:
-    - name: ofagent-profiler
-      port: 6060
-      targetPort: 6060
-  selector:
-    app: ofagent
-{{- end }}
 ---
 apiVersion: apps/v1beta1
 kind: Deployment
 metadata:
   name: voltha-ofagent
-  serviceAccountName: {{ .Values.serviceaccount }}
   {{- if or (hasKey .Values "extra_deployment_labels") (hasKey .Values "ofagent_deployment_labels") }}
   labels:
     {{- if hasKey .Values "extra_deployment_labels" }}
@@ -71,11 +53,14 @@
         {{ $key }}: {{ $val | quote }}
         {{- end }}
         {{- end }}
-      annotations:
-        cni: "calico"
     spec:
       terminationGracePeriodSeconds: 10
-      serviceAccountName: {{ .Values.serviceaccount }}
+      {{- if .Values.securityContext.enabled }}
+      securityContext:
+        runAsUser: {{ .Values.securityContext.runAsUser }}
+        runAsGroup: {{ .Values.securityContext.runAsGroup }}
+        fsGroup: {{ .Values.securityContext.fsGroup }}
+      {{- end }}
       containers:
       - name: ofagent
         image: '{{ tpl .Values.images.ofagent_go.registry . }}{{ tpl .Values.images.ofagent_go.repository . }}:{{ tpl .Values.images.ofagent_go.tag . }}'
@@ -97,6 +82,10 @@
         - "--kv_store_request_timeout=60s"
         - "--log_level={{ $log_level }}"
         - "--probe=:8080"
+        {{- if .Values.securityContext.enabled }}
+        securityContext:
+          allowPrivilegeEscalation: false
+        {{- end }}
         livenessProbe:
           httpGet:
             path: /healthz
diff --git a/voltha/requirements.yaml b/voltha/templates/ofagent-go-profile-svc.yaml
similarity index 60%
copy from voltha/requirements.yaml
copy to voltha/templates/ofagent-go-profile-svc.yaml
index a6e50db..0bcbb93 100644
--- a/voltha/requirements.yaml
+++ b/voltha/templates/ofagent-go-profile-svc.yaml
@@ -1,4 +1,4 @@
-# Copyright 2019-present Open Networking Foundation
+# Copyright 2020-present Open Networking Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,14 +11,18 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+{{- if and .Values.use_ofagent_go .Values.profiler.enabled }}
 ---
-dependencies:
-  - name: kafka
-    repository: https://kubernetes-charts-incubator.storage.googleapis.com
-    version: 0.15.3
-    condition: private_kafka_cluster
-  - name: voltha-etcd-cluster
-    repository: file://../voltha-etcd-cluster
-    version: 2.2.0
-    condition: private_etcd_cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: voltha-of-agent-profiler
+spec:
+  clusterIP: None
+  ports:
+    - name: ofagent-profiler
+      port: 6060
+      targetPort: 6060
+  selector:
+    app: ofagent
+{{- end }}
diff --git a/voltha/templates/ofagent-py.yaml b/voltha/templates/ofagent-py-deploy.yaml
similarity index 86%
rename from voltha/templates/ofagent-py.yaml
rename to voltha/templates/ofagent-py-deploy.yaml
index 711c4d6..1372c18 100644
--- a/voltha/templates/ofagent-py.yaml
+++ b/voltha/templates/ofagent-py-deploy.yaml
@@ -1,4 +1,3 @@
-{{- if not (and (hasKey .Values "use_ofagent_go") .Values.use_ofagent_go) }}
 # Copyright 2019-present Open Networking Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -12,13 +11,12 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+{{- if not .Values.use_ofagent_go }}
 ---
 apiVersion: apps/v1beta1
 kind: Deployment
 metadata:
   name: voltha-ofagent
-  serviceAccountName: {{ .Values.serviceaccount }}
   {{- if or (hasKey .Values "extra_deployment_labels") (hasKey .Values "ofagent_deployment_labels") }}
   labels:
     {{- if hasKey .Values "extra_deployment_labels" }}
@@ -54,11 +52,14 @@
         {{ $key }}: {{ $val | quote }}
         {{- end }}
         {{- end }}
-      annotations:
-        cni: "calico"
     spec:
+      {{- if .Values.securityContext.enabled }}
+      securityContext:
+        runAsUser: {{ .Values.securityContext.runAsUser }}
+        runAsGroup: {{ .Values.securityContext.runAsGroup }}
+        fsGroup: {{ .Values.securityContext.fsGroup }}
+      {{- end }}
       terminationGracePeriodSeconds: 10
-      serviceAccountName: {{ .Values.serviceaccount }}
       containers:
       - name: ofagent
         image: '{{ tpl .Values.images.ofagent_py.registry . }}{{ tpl .Values.images.ofagent_py.repository . }}:{{ tpl .Values.images.ofagent_py.tag . }}'
@@ -72,6 +73,10 @@
         {{- end }}
         - "--grpc-endpoint=voltha-api.{{ .Release.Namespace }}.svc.cluster.local:55555"
         - "--probe=:8080"
+        {{- if .Values.securityContext.enabled }}
+        securityContext:
+          allowPrivilegeEscalation: false
+        {{- end }}
         livenessProbe:
           httpGet:
             path: /healthz
diff --git a/voltha/values.yaml b/voltha/values.yaml
index 4a84637..ed99cbf 100644
--- a/voltha/values.yaml
+++ b/voltha/values.yaml
@@ -13,9 +13,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-serviceaccount: voltha-serviceaccount
-private_etcd_cluster: true
-private_kafka_cluster: true
 use_ofagent_go: true
 
 # Default Values
@@ -30,40 +27,30 @@
   rw_core:
     timeout: "8000"
 
-# Configure the Kafka sub-chart (if it is used)
-kafka:
-  configurationOverrides:
-    # Increase replication factor along with Replicas for HA
-    "default.replication.factor": 1
-    "offsets.topic.replication.factor": 1
-    "log.retention.hours": 4
-    "log.message.timestamp.type": "LogAppendTime"
-  persistence:
-    enabled: false
-  zookeeper:
-    replicaCount: 1
-    persistence:
-      enabled: false
-  replicas: 1
+securityContext:
+  enabled: true
+  fsGroup: 1001
+  runAsUser: 1001
+  runAsGroup: 1001
 
 # Define connectivity to services on which VOLTHA depends
 services:
   kafka:
     adapter:
-      service: voltha-kafka.voltha.svc.cluster.local
+      service: kafka
       port: 9092
     cluster:
-      service: voltha-kafka.voltha.svc.cluster.local
+      service: kafka
       port: 9092
 
   # Define connectivity to etcd
   etcd:
-    service: voltha-etcd-cluster-client.voltha.svc.cluster.local
+    service: etcd
     port: 2379
 
   # Define the list of controllers to connect to
   controller:
-    - service: onos-openflow.default.svc.cluster.local
+    - service: onos-openflow
       port: 6653
 
 # Expose the golang pprof webserver, if enabled
@@ -79,7 +66,6 @@
   # For everything else replicas are replicas
   ofagent: 1
 
-
 rw_core:
   log_level: '{{ .Values.defaults.log_level }}'
   core_timeout: '{{ .Values.defaults.rw_core.timeout }}'