Merge branch 'master' into integration_test_fix

2019-01-22 17:07:33 -08:00 · 2019-01-22 17:07:33 -08:00 · 9550f338fa
--- a/asa-manager/scripts/build
+++ b/asa-manager/scripts/build
@ -21,10 +21,7 @@ PCS_CACHE="/tmp/azure/iotpcs/.cache"

 compile() {
    check_dependency_dotnet
-
-    cd $APP_HOME
-    ./scripts/env-vars-check
-
+    
    header "Downloading dependencies..."
    dotnet restore

@ -37,10 +34,13 @@ run_tests() {

    cd $APP_HOME
    header "Running tests..."
-    PROJECTS=$(dotnet sln list | grep 'csproj$' | grep '\.Test')
+    PROJECTS=$(dotnet sln asa-manager.sln list | grep '\.Test')
+
    for PROJ in $PROJECTS; do
-        echo "-- $PROJ"
-        dotnet test --configuration $CONFIGURATION $PROJ
+	PROJ=${PROJ//\\/\/}
+	PROJ=$(echo $PROJ | sed 's/[^a-zA-Z\.\/]//g')
+	echo "-- $PROJ"
+	dotnet test --configuration $CONFIGURATION $PROJ
    done
 }

--- a/auth/scripts/build
+++ b/auth/scripts/build
@ -34,10 +34,13 @@ run_tests() {

    cd $APP_HOME
    header "Running tests..."
-    PROJECTS=$(dotnet sln list | grep 'csproj$' | grep '\.Test')
+    PROJECTS=$(dotnet sln auth.sln list | grep '\.Test')
+
    for PROJ in $PROJECTS; do
-        echo "-- $PROJ"
-        dotnet test --configuration $CONFIGURATION $PROJ
+	PROJ=${PROJ//\\/\/}
+	PROJ=$(echo $PROJ | sed 's/[^a-zA-Z\.\/]//g')
+	echo "-- $PROJ"
+	dotnet test --configuration $CONFIGURATION $PROJ
    done
 }

--- a/config/WebService.Test/Controllers/PackageControllerTest.cs
+++ b/config/WebService.Test/Controllers/PackageControllerTest.cs
@ -45,7 +45,8 @@ namespace WebService.Test.Controllers
            IFormFile file = null;
            if (isValidFileProvided)
            {
-                file = this.CreateSampleFile(filename);
+                bool isEdgePackage = (type == "EdgeManifest") ? true : false;
+                file = this.CreateSampleFile(filename, isEdgePackage);
            }

            Enum.TryParse(type, out PackageType pckgType);
@ -195,13 +196,20 @@ namespace WebService.Test.Controllers
                    Times.Once);
        }

-        private FormFile CreateSampleFile(string filename)
+        private FormFile CreateSampleFile(string filename, bool isEdgePackage)
        {
+            var admPackage = "{\"id\":\"dummy\",\"content\":{\"deviceContent\":{}}}";
+            var edgePackage = "{\"id\":\"dummy\",\"content\":{\"modulesContent\":{}}}";
+
            var stream = new MemoryStream();
-            stream.WriteByte(100);
-            stream.Flush();
+            var writer = new StreamWriter(stream);
+            var package = isEdgePackage ? edgePackage : admPackage;
+
+            writer.Write(package);
+            writer.Flush();
            stream.Position = 0;
-            return new FormFile(stream, 0, 1, "file", filename);
+            
+            return new FormFile(stream, 0, package.Length, "file", filename);
        }
    }
 }
--- a/config/scripts/build
+++ b/config/scripts/build
@ -33,10 +33,13 @@ run_tests() {

    cd $APP_HOME
    header "Running tests..."
-    PROJECTS=$(dotnet sln list | grep 'csproj$' | grep '\.Test')
+    PROJECTS=$(dotnet sln config.sln list | grep '\.Test')
+    
    for PROJ in $PROJECTS; do
-        echo "-- $PROJ"
-        dotnet test --configuration $CONFIGURATION $PROJ
+	PROJ=${PROJ//\\/\/}
+	PROJ=$(echo $PROJ | sed 's/[^a-zA-Z\.\/]//g')
+	echo "-- $PROJ"
+	dotnet test --configuration $CONFIGURATION $PROJ
    done
 }

--- a/config/scripts/docker/run
+++ b/config/scripts/docker/run
@ -13,14 +13,22 @@ run_container() {

    echo "Starting Config service ..."
    docker run -it -p 9005:9005 \
+        -e PCS_AUTH_WEBSERVICE_URL \
        -e PCS_STORAGEADAPTER_WEBSERVICE_URL \
        -e PCS_DEVICESIMULATION_WEBSERVICE_URL \
        -e PCS_TELEMETRY_WEBSERVICE_URL \
-        -e PCS_AUTH_WEBSERVICE_URL \
+        -e PCS_SOLUTION_TYPE \
+        -e PCS_AZUREMAPS_KEY \
+        -e PCS_AUTH_ISSUER \
+        -e PCS_AUTH_AUDIENCE \
+        -e PCS_AUTH_REQUIRED \
+        -e PCS_CORS_WHITELIST \
+        -e PCS_APPLICATION_SECRET \
        -e PCS_OFFICE365_CONNECTION_URL \
        -e PCS_SOLUTION_NAME \
        -e PCS_SUBSCRIPTION_ID \
        -e PCS_ARM_ENDPOINT_URL \
+        -e PCS_SEED_TEMPLATE \
        "$DOCKER_IMAGE:testing"
 }

--- a/config/scripts/docker/run.cmd
+++ b/config/scripts/docker/run.cmd
@ -19,14 +19,22 @@ IF %ERRORLEVEL% NEQ 0 GOTO FAIL
 :: Start the application
 echo Starting Config web service ...
 docker run -it -p 9005:9005 ^
+    -e PCS_AUTH_WEBSERVICE_URL ^
    -e PCS_STORAGEADAPTER_WEBSERVICE_URL ^
    -e PCS_DEVICESIMULATION_WEBSERVICE_URL ^
    -e PCS_TELEMETRY_WEBSERVICE_URL ^
-    -e PCS_AUTH_WEBSERVICE_URL ^
+    -e PCS_SOLUTION_TYPE ^
+    -e PCS_AZUREMAPS_KEY ^
+    -e PCS_AUTH_ISSUER ^
+    -e PCS_AUTH_AUDIENCE ^
+    -e PCS_AUTH_REQUIRED ^
+    -e PCS_CORS_WHITELIST ^
+    -e PCS_APPLICATION_SECRET ^
    -e PCS_OFFICE365_CONNECTION_URL ^
    -e PCS_SOLUTION_NAME ^
    -e PCS_SUBSCRIPTION_ID ^
    -e PCS_ARM_ENDPOINT_URL ^
+    -e PCS_SEED_TEMPLATE ^
    %DOCKER_IMAGE%:testing

 :: - - - - - - - - - - - - - -
--- a/device-telemetry/Services.Test/AlarmsTest.cs
+++ b/device-telemetry/Services.Test/AlarmsTest.cs
@ -2,9 +2,6 @@

 using System;
 using System.Collections.Generic;
-using System.Net;
-using System.Net.Http.Headers;
-using System.Reflection;
 using System.Threading.Tasks;
 using Microsoft.Azure.Documents;
 using Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services;
@ -129,5 +126,25 @@ namespace Services.Test
            this.logger.Verify(l => l.Error(It.IsAny<string>(), It.IsAny<Func<object>>()), Times.Once);
            this.logger.Verify(l => l.Warn(It.IsAny<string>(), It.IsAny<Func<object>>()), Times.Exactly(2));
        }
+
+        [Fact, Trait(Constants.TYPE, Constants.UNIT_TEST)]
+        public async Task ThrowsOnInvalidInput()
+        {
+            // Arrange
+            var xssString = "<body onload=alert('test1')>";
+            var xssList = new List<string>
+            {
+                "<body onload=alert('test1')>",
+                "<IMG SRC=j&#X41vascript:alert('test2')>"
+            };
+
+            // Act & Assert
+            await Assert.ThrowsAsync<InvalidInputException>(async () => await this.alarms.DeleteAsync(xssString));
+            await Assert.ThrowsAsync<InvalidInputException>(async () => await this.alarms.Delete(xssList));
+            await Assert.ThrowsAsync<InvalidInputException>(async () => await this.alarms.UpdateAsync(xssString, xssString));
+            Assert.Throws<InvalidInputException>(() => this.alarms.GetCountByRule(xssString, DateTimeOffset.MaxValue, DateTimeOffset.MaxValue, xssList.ToArray()));
+            Assert.Throws<InvalidInputException>(() => this.alarms.List(null, null, xssString, 0, 1, xssList.ToArray()));
+            Assert.Throws<InvalidInputException>(() => this.alarms.ListByRule(xssString, DateTimeOffset.MaxValue, DateTimeOffset.MaxValue, xssString, 0, 1, xssList.ToArray()));
+        }
    }
 }
--- a/device-telemetry/Services.Test/MessagesTest.cs
+++ b/device-telemetry/Services.Test/MessagesTest.cs
@ -4,7 +4,12 @@ using System;
 using System.Collections.Generic;
 using System.Threading.Tasks;
 using Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services;
+using Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services.Diagnostics;
+using Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services.Exceptions;
 using Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services.Models;
+using Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services.Runtime;
+using Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services.Storage.CosmosDB;
+using Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services.Storage.TimeSeries;
 using Moq;
 using Newtonsoft.Json.Linq;
 using Services.Test.helpers;
@ -17,11 +22,23 @@ namespace Services.Test
        private const int SKIP = 0;
        private const int LIMIT = 1000;

-        private readonly Mock<IMessages> messages;
+        private readonly Mock<IStorageClient> storageClient;
+        private readonly Mock<ITimeSeriesClient> timeSeriesClient;
+        private readonly Mock<ILogger> logger;
+
+        private readonly IMessages messages;

        public MessagesTest()
        {
-            this.messages = new Mock<IMessages>();
+            var servicesConfig = new ServicesConfig()
+            {
+                MessagesConfig = new StorageConfig("database", "collection"),
+                StorageType = "tsi"
+            };
+            this.storageClient = new Mock<IStorageClient>();
+            this.timeSeriesClient = new Mock<ITimeSeriesClient>();
+            this.logger = new Mock<ILogger>();
+            this.messages = new Messages(servicesConfig, this.storageClient.Object, this.timeSeriesClient.Object, this.logger.Object);
        }

        [Fact, Trait(Constants.TYPE, Constants.UNIT_TEST)]
@ -29,9 +46,10 @@ namespace Services.Test
        {
            // Arrange
            this.ThereAreNoMessagesInStorage();
+            var devices = new string[] { "device1" };

            // Act
-            var list = await this.messages.Object.ListAsync(null, null, null, SKIP, LIMIT, null);
+            var list = await this.messages.ListAsync(null, null, "asc", SKIP, LIMIT, devices);

            // Assert
            Assert.Empty(list.Messages);
@ -43,18 +61,34 @@ namespace Services.Test
        {
            // Arrange
            this.ThereAreSomeMessagesInStorage();
+            var devices = new string[] { "device1" };

            // Act
-            var list = await this.messages.Object.ListAsync(null, null, null, SKIP, LIMIT, null);
+            var list = await this.messages.ListAsync(null, null, "asc", SKIP, LIMIT, devices);

            // Assert
            Assert.NotEmpty(list.Messages);
            Assert.NotEmpty(list.Properties);
        }

+        [Fact, Trait(Constants.TYPE, Constants.UNIT_TEST)]
+        public async Task ThrowsOnInvalidInput()
+        {
+            // Arrange
+            var xssString = "<body onload=alert('test1')>";
+            var xssList = new List<string>
+            {
+                "<body onload=alert('test1')>",
+                "<IMG SRC=j&#X41vascript:alert('test2')>"
+            };
+
+            // Act & Assert
+            await Assert.ThrowsAsync<InvalidInputException>(async () => await this.messages.ListAsync(null, null, xssString, 0, LIMIT, xssList.ToArray()));
+        }
+
        private void ThereAreNoMessagesInStorage()
        {
-            this.messages.Setup(x => x.ListAsync(null, null, null, SKIP, LIMIT, null))
+            this.timeSeriesClient.Setup(x => x.QueryEventsAsync(null, null, It.IsAny<string>(), SKIP, LIMIT, It.IsAny<string[]>()))
                .ReturnsAsync(new MessageList());
        }

@ -75,7 +109,7 @@ namespace Services.Test
            sampleProperties.Add("data.sample_unit");
            sampleProperties.Add("data.sample_speed");

-            this.messages.Setup(x => x.ListAsync(null, null, null, SKIP, LIMIT, null))
+            this.timeSeriesClient.Setup(x => x.QueryEventsAsync(null, null, It.IsAny<string>(), SKIP, LIMIT, It.IsAny<string[]>()))
                .ReturnsAsync(new MessageList(sampleMessages, sampleProperties));
        }
    }
--- a/device-telemetry/Services.Test/RulesTest.cs
+++ b/device-telemetry/Services.Test/RulesTest.cs
@ -18,7 +18,6 @@ using Moq;
 using Newtonsoft.Json;
 using Services.Test.helpers;
 using Xunit;
-using Type = System.Type;

 namespace Services.Test
 {
@ -405,6 +404,74 @@ namespace Services.Test
            this.httpClientMock.Verify(x => x.PostAsync(It.IsAny<HttpRequest>()), Times.Exactly(4));
        }

+        [Fact, Trait(Constants.TYPE, Constants.UNIT_TEST)]
+        public async Task ThrowsOnInvalidInput()
+        {
+            // Arrange
+            var xssString = "<body onload=alert('test1')>";
+            var xssList = new List<string>
+            {
+                "<body onload=alert('test1')>",
+                "<IMG SRC=j&#X41vascript:alert('test2')>"
+            };
+
+            var rule = new Rule()
+            {
+                ETag = xssString,
+                Id = xssString,
+                Name = xssString,
+                DateCreated = xssString,
+                DateModified = xssString,
+                Enabled = true,
+                Description = xssString,
+                GroupId = xssString,
+                Severity = SeverityType.Critical,
+                Conditions = new List<Condition>
+                {
+                    new Condition()
+                    {
+                        Field = "sample_conddition",
+                        Operator = OperatorType.Equals,
+                        Value = "1"
+                    }
+                },
+                Actions = new List<IAction>
+                {
+                    new EmailAction(
+                        new Dictionary<string, object>
+                        {
+                            { "recipients", new Newtonsoft.Json.Linq.JArray(){ "sampleEmail@gmail.com", "sampleEmail2@gmail.com" } },
+                            { "subject", "Test Email" },
+                            { "notes", "Test Email Notes." }
+                        })
+                }
+            };
+
+            // Act & Assert
+            await Assert.ThrowsAsync<InvalidInputException>(async () => await this.rules.DeleteAsync(xssString));
+            await Assert.ThrowsAsync<InvalidInputException>(async () => await this.rules.DeleteAsync(xssString));
+            await Assert.ThrowsAsync<InvalidInputException>(async () => await this.rules.GetAsync(xssString));
+            await Assert.ThrowsAsync<InvalidInputException>(async () => await this.rules.GetListAsync(xssString, 0, 1, xssString, false));
+            await Assert.ThrowsAsync<InvalidInputException>(async () => await this.rules.GetAlarmCountForListAsync(null, null, xssString, 0, LIMIT, xssList.ToArray()));
+            await Assert.ThrowsAsync<InvalidInputException>(async () => await this.rules.CreateAsync(rule));
+            await Assert.ThrowsAsync<InvalidInputException>(async () => await this.rules.UpsertIfNotDeletedAsync(rule));
+        }
+
+        [Fact, Trait(Constants.TYPE, Constants.UNIT_TEST)]
+        public void InputValidationPassesWithValidRule()
+        {
+            // Arrange
+            this.ThereAreSomeRulesInStorage();
+
+            List<Rule> rulesList = this.GetSampleRulesList();
+
+            // Act & Assert
+            foreach (var rule in rulesList)
+            {
+                rule.Validate();
+            }
+        }
+
        private void ThereAreNoRulessInStorage()
        {
            this.rulesMock.Setup(x => x.GetListAsync(null, 0, LIMIT, null, false))
@ -412,6 +479,14 @@ namespace Services.Test
        }

        private void ThereAreSomeRulesInStorage()
+        {
+            var sampleRules = this.GetSampleRulesList();
+
+            this.rulesMock.Setup(x => x.GetListAsync(null, 0, LIMIT, null, false))
+                .ReturnsAsync(sampleRules);
+        }
+
+        private List<Rule> GetSampleRulesList()
        {
            var sampleConditions = new List<Condition>
            {
@ -440,7 +515,7 @@ namespace Services.Test
                {
                    Name = "Sample 1",
                    Enabled = true,
-                    Description = "Sample description 1",
+                    Description = "Sample description 1 -- Pressure >= 298",
                    GroupId = "Prototyping devices",
                    Severity = SeverityType.Critical,
                    Conditions = sampleConditions,
@ -455,11 +530,22 @@ namespace Services.Test
                    Severity =  SeverityType.Warning,
                    Conditions = sampleConditions,
                    Actions = sampleActions
+                },
+                new Rule()
+                {
+                    ETag = "*",
+                    Name = "Sample 3",
+                    Enabled = true,
+                    Calculation = CalculationType.Instant,
+                    Description = "Sample description 2.",
+                    GroupId =  "Chillers",
+                    Severity =  SeverityType.Warning,
+                    Conditions = sampleConditions,
+                    Actions = sampleActions
                }
            };

-            this.rulesMock.Setup(x => x.GetListAsync(null, 0, LIMIT, null, false))
-                .ReturnsAsync(sampleRules);
+            return sampleRules;
        }

        /**
--- a/device-telemetry/Services/Alarms.cs
+++ b/device-telemetry/Services/Alarms.cs
@ -2,10 +2,7 @@

 using System;
 using System.Collections.Generic;
-using System.Diagnostics;
-using System.Linq;
 using System.Net;
-using System.Text.RegularExpressions;
 using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.Azure.Documents;
@ -55,8 +52,6 @@ namespace Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services

    public class Alarms : IAlarms
    {
-        private const string INVALID_CHARACTER = @"[^A-Za-z0-9:;.,_\-]";
-
        private readonly ILogger log;
        private readonly IStorageClient storageClient;

@ -90,11 +85,6 @@ namespace Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services

        public Alarm Get(string id)
        {
-            if (Regex.IsMatch(id, INVALID_CHARACTER))
-            {
-                throw new InvalidInputException("id contains illegal characters.");
-            }
-
            Document doc = this.GetDocumentById(id);
            return new Alarm(doc);
        }
@ -160,11 +150,6 @@ namespace Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services
                limit,
                devices, DEVICE_ID_KEY);

-            if (Regex.IsMatch(id, INVALID_CHARACTER))
-            {
-                throw new InvalidInputException("id contains illegal characters.");
-            }
-
            this.log.Debug("Created Alarm By Rule Query", () => new { sql });

            FeedOptions queryOptions = new FeedOptions();
@ -220,10 +205,8 @@ namespace Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services

        public async Task<Alarm> UpdateAsync(string id, string status)
        {
-            if (Regex.IsMatch(id, INVALID_CHARACTER))
-            {
-                throw new InvalidInputException("id contains illegal characters.");
-            }
+            InputValidator.Validate(id);
+            InputValidator.Validate(status);

            Document document = this.GetDocumentById(id);
            document.SetPropertyValue(STATUS_KEY, status);
@ -238,10 +221,7 @@ namespace Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services

        private Document GetDocumentById(string id)
        {
-            if (Regex.IsMatch(id, INVALID_CHARACTER))
-            {
-                throw new InvalidInputException("id contains illegal characters.");
-            }
+            InputValidator.Validate(id);

            var query = new SqlQuerySpec(
                "SELECT * FROM c WHERE c.id=@id",
@ -268,6 +248,11 @@ namespace Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services

        public async Task Delete(List<string> ids)
        {
+            foreach(var id in ids)
+            {
+                InputValidator.Validate(id);
+            }
+
            Task[] taskList = new Task[ids.Count];
            for (int i = 0; i < ids.Count; i++)
            {
@ -292,6 +277,8 @@ namespace Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services
         */
        public async Task DeleteAsync(string id)
        {
+            InputValidator.Validate(id);
+
            int retryCount = 0;
            while (retryCount < this.maxDeleteRetryCount)
            {
--- a/device-telemetry/Services/Helpers/InputValidator.cs
+++ b/device-telemetry/Services/Helpers/InputValidator.cs
@ -0,0 +1,19 @@
+using System.Text.RegularExpressions;
+using Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services.Exceptions;
+
+namespace Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services.Helpers
+{
+    public class InputValidator
+    {
+        private const string INVALID_CHARACTER = @"[^A-Za-z0-9:;.!,_\-* ]";
+
+        // Check illegal characters in input
+        public static void Validate(string input)
+        {
+            if (Regex.IsMatch(input.Trim(), INVALID_CHARACTER))
+            {
+                throw new InvalidInputException($"Input '{input}' contains invalid characters.");
+            }
+        }
+    }
+}
--- a/device-telemetry/Services/Helpers/QueryBuilder.cs
+++ b/device-telemetry/Services/Helpers/QueryBuilder.cs
@ -32,7 +32,12 @@ namespace Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services.Helpers
            ValidateInput(ref schemaName);
            ValidateInput(ref fromProperty);
            ValidateInput(ref toProperty);
+            ValidateInput(ref order);
            ValidateInput(ref orderProperty);
+            for (int i = 0; i < devices.Length; i++)
+            {
+                ValidateInput(ref devices[i]);
+            }
            ValidateInput(ref devicesProperty);

            var sqlParameterCollection = new SqlParameterCollection();
--- a/device-telemetry/Services/Messages.cs
+++ b/device-telemetry/Services/Messages.cs
@ -1,8 +1,8 @@
 // Copyright (c) Microsoft. All rights reserved.

 using System;
-using System.Linq;
 using System.Collections.Generic;
+using System.Linq;
 using System.Threading.Tasks;
 using Microsoft.Azure.Documents;
 using Microsoft.Azure.Documents.Client;
@ -68,6 +68,12 @@ namespace Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services
            int limit,
            string[] devices)
        {
+            InputValidator.Validate(order);
+            foreach (var device in devices)
+            {
+                InputValidator.Validate(device);
+            }
+
            return this.timeSeriesEnabled ? 
                await this.GetListFromTimeSeriesAsync(from, to, order, skip, limit, devices) : 
                this.GetListFromCosmosDb(from, to, order, skip, limit, devices);
--- a/device-telemetry/Services/Models/Rule.cs
+++ b/device-telemetry/Services/Models/Rule.cs
@ -2,6 +2,7 @@

 using System;
 using System.Collections.Generic;
+using Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services.Helpers;
 using Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services.Models.Actions;
 using Newtonsoft.Json;
 using Newtonsoft.Json.Converters;
@ -11,6 +12,7 @@ namespace Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services.Models
    public class Rule : IComparable<Rule>
    {
        private const string DATE_FORMAT = "yyyy-MM-dd'T'HH:mm:sszzz";
+
        // Comes from the StorageAdapter document and not the serialized rule
        [JsonIgnore]
        public string ETag { get; set; } = string.Empty;
@ -41,6 +43,11 @@ namespace Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services.Models
            return DateTimeOffset.Parse(other.DateCreated)
                .CompareTo(DateTimeOffset.Parse(this.DateCreated));
        }
+
+        public void Validate()
+        {
+            InputValidator.Validate(this.Id);
+        }
    }

    public enum CalculationType
--- a/device-telemetry/Services/Rules.cs
+++ b/device-telemetry/Services/Rules.cs
@ -4,7 +4,6 @@ using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Reflection;
-using System.Text.RegularExpressions;
 using System.Threading.Tasks;
 using Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services.Diagnostics;
 using Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services.Exceptions;
@ -49,7 +48,6 @@ namespace Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services
    public class Rules : IRules
    {
        private const string STORAGE_COLLECTION = "rules";
-        private const string INVALID_CHARACTER = @"[^A-Za-z0-9:;.,_\-]";
        private const string DATE_FORMAT = "yyyy-MM-dd'T'HH:mm:sszzz";

        private readonly IStorageAdapterClient storage;
@ -91,6 +89,8 @@ namespace Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services

        public async Task DeleteAsync(string id)
        {
+            InputValidator.Validate(id);
+
            Rule existing;
            try
            {
@ -125,11 +125,7 @@ namespace Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services

        public async Task<Rule> GetAsync(string id)
        {
-            if (Regex.IsMatch(id, INVALID_CHARACTER))
-            {
-                this.log.Debug("id contains illegal characters.", () => new { id });
-                throw new InvalidInputException("id contains illegal characters.");
-            }
+            InputValidator.Validate(id);

            var item = await this.storage.GetAsync(STORAGE_COLLECTION, id);
            var rule = this.Deserialize(item.Data);
@ -147,6 +143,12 @@ namespace Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services
            string groupId,
            bool includeDeleted)
        {
+            InputValidator.Validate(order);
+            if (!string.IsNullOrEmpty(groupId))
+            {
+                InputValidator.Validate(groupId);
+            }
+
            var data = await this.storage.GetAllAsync(STORAGE_COLLECTION);
            var ruleList = new List<Rule>();
            foreach (var item in data.Items)
@ -205,6 +207,12 @@ namespace Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services
            int limit,
            string[] devices)
        {
+            InputValidator.Validate(order);
+            foreach (var device in devices)
+            {
+                InputValidator.Validate(device);
+            }
+
            var alarmCountByRuleList = new List<AlarmCountByRule>();

            // get list of rules
@ -246,6 +254,7 @@ namespace Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services
            {
                throw new InvalidInputException("Rule not provided.");
            }
+            rule.Validate();

            // Ensure dates are correct
            rule.DateCreated = DateTimeOffset.UtcNow.ToString(DATE_FORMAT);
@ -265,6 +274,8 @@ namespace Microsoft.Azure.IoTSolutions.DeviceTelemetry.Services

        public async Task<Rule> UpsertIfNotDeletedAsync(Rule rule)
        {
+            rule.Validate();
+
            if (rule == null)
            {
                throw new InvalidInputException("Rule not provided.");
--- a/device-telemetry/scripts/build
+++ b/device-telemetry/scripts/build
@ -22,9 +22,6 @@ PCS_CACHE="/tmp/azure/iotpcs/.cache"
 compile() {
    check_dependency_dotnet

-    cd $APP_HOME
-    ./scripts/env-vars-check
-
    header "Downloading dependencies..."
    dotnet restore

@ -37,10 +34,13 @@ run_tests() {

    cd $APP_HOME
    header "Running tests..."
-    PROJECTS=$(dotnet sln list | grep 'csproj$' | grep '\.Test')
+    PROJECTS=$(dotnet sln telemetry.sln list | grep '\.Test')
+
    for PROJ in $PROJECTS; do
-        echo "-- $PROJ"
-        dotnet test --configuration $CONFIGURATION $PROJ
+	PROJ=${PROJ//\\/\/}
+	PROJ=$(echo $PROJ | sed 's/[^a-zA-Z\.\/]//g')
+	echo "-- $PROJ"
+	dotnet test --configuration $CONFIGURATION $PROJ
    done
 }

--- a/device-telemetry/scripts/docker/run
+++ b/device-telemetry/scripts/docker/run
@ -16,11 +16,15 @@ run_container() {

    echo "Starting Telemetry service..."
    docker run -it -p 9004:9004 \
-        -e PCS_TELEMETRY_DOCUMENTDB_CONNSTRING \
-        -e PCS_STORAGEADAPTER_WEBSERVICE_URL \
        -e PCS_AUTH_WEBSERVICE_URL \
+        -e PCS_STORAGEADAPTER_WEBSERVICE_URL \
+        -e PCS_DIAGNOSTICS_WEBSERVICE_URL \
+        -e PCS_TELEMETRY_DOCUMENTDB_CONNSTRING \
        -e PCS_AUTH_ISSUER \
        -e PCS_AUTH_AUDIENCE \
+        -e PCS_AUTH_REQUIRED \
+        -e PCS_CORS_WHITELIST \
+        -e PCS_APPLICATION_SECRET \
        -e PCS_AAD_TENANT \
        -e PCS_AAD_APPID \
        -e PCS_AAD_APPSECRET \
@ -30,7 +34,7 @@ run_container() {
        -e PCS_ACTION_EVENTHUB_CONNSTRING \
        -e PCS_ACTION_EVENTHUB_NAME \
        -e PCS_LOGICAPP_ENDPOINT_URL \
-        -e PCS_SOLUTION_NAME \
+        -e PCS_SOLUTION_WEBSITE_URL \
        "$DOCKER_IMAGE:testing"
 }

--- a/device-telemetry/scripts/docker/run.cmd
+++ b/device-telemetry/scripts/docker/run.cmd
@ -21,11 +21,15 @@ IF %ERRORLEVEL% NEQ 0 GOTO FAIL
 :: Start the application
 echo Starting Telemetry service...
 docker run -it -p 9004:9004 ^
-    -e PCS_TELEMETRY_DOCUMENTDB_CONNSTRING ^
-    -e PCS_STORAGEADAPTER_WEBSERVICE_URL ^
    -e PCS_AUTH_WEBSERVICE_URL ^
+    -e PCS_STORAGEADAPTER_WEBSERVICE_URL ^
+    -e PCS_DIAGNOSTICS_WEBSERVICE_URL ^
+    -e PCS_TELEMETRY_DOCUMENTDB_CONNSTRING ^
    -e PCS_AUTH_ISSUER ^
    -e PCS_AUTH_AUDIENCE ^
+    -e PCS_AUTH_REQUIRED ^
+    -e PCS_CORS_WHITELIST ^
+    -e PCS_APPLICATION_SECRET ^
    -e PCS_AAD_TENANT ^
    -e PCS_AAD_APPID ^
    -e PCS_AAD_APPSECRET ^
@ -35,7 +39,7 @@ docker run -it -p 9004:9004 ^
    -e PCS_ACTION_EVENTHUB_CONNSTRING ^
    -e PCS_ACTION_EVENTHUB_NAME ^
    -e PCS_LOGICAPP_ENDPOINT_URL ^
-    -e PCS_SOLUTION_NAME ^
+    -e PCS_SOLUTION_WEBSITE_URL ^
    %DOCKER_IMAGE%:testing

 :: - - - - - - - - - - - - - -
--- a/docs/CICD.md
+++ b/docs/CICD.md
@ -0,0 +1,2 @@
+ CI/CD for Remote Monitoring
+ ===
--- a/iothub-manager/RecurringTasksAgent/Agent.cs
+++ b/iothub-manager/RecurringTasksAgent/Agent.cs
@ -1,4 +1,5 @@
-// Copyright (c) Microsoft. All rights reserved.
+
+// Copyright (c) Microsoft. All rights reserved.

 using System;
 using System.Threading;
@ -22,9 +23,10 @@ namespace Microsoft.Azure.IoTSolutions.IotHubManager.RecurringTasksAgent

        // When generating the cache, allow some time to finish, at least one minute
        private const int CACHE_TIMEOUT_SECS = 90;
-        
+
        private readonly IDeviceProperties deviceProperties;
        private readonly ILogger log;
+        private Timer cacheUpdateTimer;

        public Agent(
            IDeviceProperties deviceProperties,
@ -66,7 +68,7 @@ namespace Microsoft.Azure.IoTSolutions.IotHubManager.RecurringTasksAgent
            try
            {
                this.log.Info("Scheduling a DeviceProperties cache update", () => new { CACHE_UPDATE_SECS });
-                var unused = new Timer(
+                this.cacheUpdateTimer = new Timer(
                    this.UpdateDevicePropertiesCache,
                    null,
                    1000 * CACHE_UPDATE_SECS,
--- a/iothub-manager/scripts/build
+++ b/iothub-manager/scripts/build
@ -20,9 +20,6 @@ PCS_CACHE="/tmp/azure/iotpcs/.cache"
 compile() {
    check_dependency_dotnet

-    cd $APP_HOME
-    ./scripts/env-vars-check
-
    header "Downloading dependencies..."
    dotnet restore

@ -35,10 +32,13 @@ run_tests() {

    cd $APP_HOME
    header "Running tests..."
-    PROJECTS=$(dotnet sln list | grep 'csproj$' | grep '\.Test')
+    PROJECTS=$(dotnet sln iothub-manager.sln list | grep '\.Test')
+
    for PROJ in $PROJECTS; do
-        echo "-- $PROJ"
-        dotnet test --configuration $CONFIGURATION $PROJ
+	PROJ=${PROJ//\\/\/}
+	PROJ=$(echo $PROJ | sed 's/[^a-zA-Z\.\/]//g')
+	echo "-- $PROJ"
+	dotnet test --configuration $CONFIGURATION $PROJ
    done
 }

--- a/scripts/cd/asamanager/.helmignore
+++ b/scripts/cd/asamanager/.helmignore
@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- a/scripts/cd/asamanager/Chart.yaml
+++ b/scripts/cd/asamanager/Chart.yaml
@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: asamanager
+version: 0.1.0
--- a/scripts/cd/asamanager/templates/NOTES.txt
+++ b/scripts/cd/asamanager/templates/NOTES.txt
@ -0,0 +1,19 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "asamanager.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get svc -w {{ template "asamanager.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "asamanager.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "asamanager.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl port-forward $POD_NAME 9024:9024
+{{- end }}
--- a/scripts/cd/asamanager/templates/_helpers.tpl
+++ b/scripts/cd/asamanager/templates/_helpers.tpl
@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "asamanager.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "asamanager.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "asamanager.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
--- a/scripts/cd/asamanager/templates/deployment.yaml
+++ b/scripts/cd/asamanager/templates/deployment.yaml
@ -0,0 +1,76 @@
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  name: {{ template "asamanager.fullname" . }}
+  labels:
+    app: {{ template "asamanager.name" . }}
+    chart: {{ template "asamanager.chart" . }}
+    draft: {{ default "draft-app" .Values.draft }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ template "asamanager.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "asamanager.name" . }}
+        draft: {{ default "draft-app" .Values.draft }}
+        release: {{ .Release.Name }}
+      annotations:
+        buildID: {{ .Values.buildID }}
+    spec:
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.internalPort }} 
+              protocol: TCP
+          {{- if not .Values.disableProbes }}
+          livenessProbe:
+            httpGet:
+              path: /v1/status
+              port: http
+              periodSeconds: 120
+              initialDelaySeconds: 300
+          readinessProbe:
+            httpGet:
+              path: /v1/status
+              port: http
+              periodSeconds: 120
+              initialDelaySeconds: 300
+          {{- end }}
+          env:
+            {{- $root := . }}
+            {{- range $ref, $values := .Values.secrets }}
+            {{- range $key, $value := $values }}
+            - name: {{ $key }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "asamanager.fullname" $root }}-{{ $ref | lower }}
+                  key: {{ $key }}
+            {{- end }}
+            {{- end }}
+          resources:
+{{ toYaml .Values.resources | indent 12 }}
+    {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
--- a/scripts/cd/asamanager/templates/ingress.yaml
+++ b/scripts/cd/asamanager/templates/ingress.yaml
@ -0,0 +1,39 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "asamanager.fullname" . -}}
+{{- $servicePort := .Values.service.port -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    app: {{ template "asamanager.name" . }}
+    chart: {{ template "asamanager.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ . }}
+      http:
+        paths:
+          - path: {{ $ingressPath }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: http
+  {{- end }}
+{{- end }}
--- a/scripts/cd/asamanager/templates/secrets.yaml
+++ b/scripts/cd/asamanager/templates/secrets.yaml
@ -0,0 +1,12 @@
+{{- $root := . }}
+{{- range $name, $values := .Values.secrets }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "asamanager.fullname" $root }}-{{ $name | lower }}
+data:
+  {{- range $key, $value := $values }}
+  {{ $key }}: {{ $value | b64enc }}
+  {{- end }}
+---
+{{- end }}
--- a/scripts/cd/asamanager/templates/service.yaml
+++ b/scripts/cd/asamanager/templates/service.yaml
@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "asamanager.fullname" . }}
+  labels:
+    app: {{ template "asamanager.name" . }}
+    chart: {{ template "asamanager.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.externalPort }}
+      targetPort: {{ .Values.service.internalPort }}
+      protocol: TCP
+      name: http
+  selector:
+    app: {{ template "asamanager.name" . }}
+    release: {{ .Release.Name }}
--- a/scripts/cd/asamanager/values.yaml
+++ b/scripts/cd/asamanager/values.yaml
@ -0,0 +1,75 @@
+# Default values for asamanager.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+fullnameOverride: asamanager
+replicaCount: 1
+image:
+  repository: azureiotpcs/asa-manager-dotnet 
+  tag: testing
+  pullPolicy: Always
+imagePullSecrets: []
+  # Optionally specify an array of imagePullSecrets.
+  # Secrets must be manually created in the namespace.
+  # ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
+  #
+  # This uses credentials from secret "myRegistryKeySecretName".
+  # - name: myRegistryKeySecretName
+service:
+  type: ClusterIP
+  externalPort: 80
+  internalPort: 9024
+
+ingress:
+  enabled: true
+  #annotations:
+  # kubernetes.io/ingress.class: addon-http-application-routing
+    # kubernetes.io/tls-acme: "true"
+  path: /asamanager
+  hosts:
+    - DNSNAME 
+  # hosts:
+  #   - chart-example.local
+  tls: []
+    # - secretName: chart-example-tls
+    #   hosts:
+    #     - chart-example.local
+secrets:
+  asamanager:
+    PCS_TELEMETRY_DOCUMENTDB_CONNSTRING: PCS_TELEMETRY_DOCUMENTDB_CONNSTRING
+    PCS_TELEMETRY_WEBSERVICE_URL: PCS_TELEMETRY_WEBSERVICE_URL
+    PCS_CONFIG_WEBSERVICE_URL: PCS_CONFIG_WEBSERVICE_URL
+    PCS_IOTHUBMANAGER_WEBSERVICE_URL: PCS_IOTHUBMANAGER_WEBSERVICE_URL
+    PCS_ASA_DATA_AZUREBLOB_ACCOUNT: PCS_ASA_DATA_AZUREBLOB_ACCOUNT
+    PCS_ASA_DATA_AZUREBLOB_KEY: PCS_ASA_DATA_AZUREBLOB_KEY
+    PCS_ASA_DATA_AZUREBLOB_ENDPOINT_SUFFIX: PCS_ASA_DATA_AZUREBLOB_ENDPOINT_SUFFIX
+    PCS_EVENTHUB_CONNSTRING: PCS_EVENTHUB_CONNSTRING
+    PCS_EVENTHUB_NAME: PCS_EVENTHUB_NAME
+    PCS_TELEMETRY_STORAGE_TYPE: PCS_TELEMETRY_STORAGE_TYPE
+    PCS_AUTH_REQUIRED: PCS_AUTH_REQUIRED
+  # Optionally specify a set of secret objects whose values
+  # will be injected as environment variables by default.
+  # You should add this section to a file like secrets.yaml
+  # that is explicitly NOT committed to source code control
+  # and then include it as part of your helm install step.
+  # ref: https://kubernetes.io/docs/concepts/configuration/secret/
+  #
+  # This creates a secret "mysecret" and injects "mypassword"
+  # as the environment variable mysecret_mypassword=password.
+  # mysecret:
+  #   mypassword: password
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #  cpu: 100m
+  #  memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 128Mi
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
--- a/scripts/cd/auth/.helmignore
+++ b/scripts/cd/auth/.helmignore
@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- a/scripts/cd/auth/Chart.yaml
+++ b/scripts/cd/auth/Chart.yaml
@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: auth
+version: 0.1.0
--- a/scripts/cd/auth/templates/NOTES.txt
+++ b/scripts/cd/auth/templates/NOTES.txt
@ -0,0 +1,19 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "auth.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get svc -w {{ template "auth.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "auth.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "auth.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl port-forward $POD_NAME 8080:80
+{{- end }}
--- a/scripts/cd/auth/templates/_helpers.tpl
+++ b/scripts/cd/auth/templates/_helpers.tpl
@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "auth.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "auth.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "auth.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
--- a/scripts/cd/auth/templates/deployment.yaml
+++ b/scripts/cd/auth/templates/deployment.yaml
@ -0,0 +1,76 @@
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  name: {{ template "auth.fullname" . }}
+  labels:
+    app: {{ template "auth.name" . }}
+    chart: {{ template "auth.chart" . }}
+    draft: {{ default "draft-app" .Values.draft }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ template "auth.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "auth.name" . }}
+        draft: {{ default "draft-app" .Values.draft }}
+        release: {{ .Release.Name }}
+      annotations:
+        buildID: {{ .Values.buildID }}
+    spec:
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.internalPort }} 
+              protocol: TCP
+          {{- if not .Values.disableProbes }}
+          livenessProbe:
+            httpGet:
+              path: /v1/status
+              port: http
+              periodSeconds: 120
+              initialDelaySeconds: 300
+          readinessProbe:
+            httpGet:
+              path: /v1/status
+              port: http
+              periodSeconds: 120
+              initialDelaySeconds: 300
+          {{- end }}
+          env:
+            {{- $root := . }}
+            {{- range $ref, $values := .Values.secrets }}
+            {{- range $key, $value := $values }}
+            - name: {{ $key }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "auth.fullname" $root }}-{{ $ref | lower }}
+                  key: {{ $key }}
+            {{- end }}
+            {{- end }}
+          resources:
+{{ toYaml .Values.resources | indent 12 }}
+    {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
--- a/scripts/cd/auth/templates/ingress.yaml
+++ b/scripts/cd/auth/templates/ingress.yaml
@ -0,0 +1,39 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "auth.fullname" . -}}
+{{- $servicePort := .Values.service.port -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    app: {{ template "auth.name" . }}
+    chart: {{ template "auth.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ . }}
+      http:
+        paths:
+          - path: {{ $ingressPath }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: http
+  {{- end }}
+{{- end }}
--- a/scripts/cd/auth/templates/secrets.yaml
+++ b/scripts/cd/auth/templates/secrets.yaml
@ -0,0 +1,12 @@
+{{- $root := . }}
+{{- range $name, $values := .Values.secrets }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "auth.fullname" $root }}-{{ $name | lower }}
+data:
+  {{- range $key, $value := $values }}
+  {{ $key }}: {{ $value | b64enc }}
+  {{- end }}
+---
+{{- end }}
--- a/scripts/cd/auth/templates/service.yaml
+++ b/scripts/cd/auth/templates/service.yaml
@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "auth.fullname" . }}
+  labels:
+    app: {{ template "auth.name" . }}
+    chart: {{ template "auth.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.externalPort }}
+      targetPort: {{ .Values.service.internalPort }}
+      protocol: TCP
+      name: http
+  selector:
+    app: {{ template "auth.name" . }}
+    release: {{ .Release.Name }}
--- a/scripts/cd/auth/values.yaml
+++ b/scripts/cd/auth/values.yaml
@ -0,0 +1,66 @@
+# Default values for auth.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+fullnameOverride: auth
+replicaCount: 1
+image:
+  repository: azureiotpcs/pcs-auth-dotnet
+  tag: testing
+  pullPolicy: Always
+imagePullSecrets: []
+  # Optionally specify an array of imagePullSecrets.
+  # Secrets must be manually created in the namespace.
+  # ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
+  #
+  # This uses credentials from secret "myRegistryKeySecretName".
+  # - name: myRegistryKeySecretName
+service:
+  type: ClusterIP
+  externalPort: 80
+  internalPort: 9001
+
+ingress:
+  enabled: true
+  #annotations:
+  #kubernetes.io/ingress.class: addon-http-application-routing
+    # kubernetes.io/tls-acme: "true"
+  path: /auth
+  hosts:
+    - DNSNAME
+  # hosts:
+  #   - chart-example.local
+  tls: []
+    # - secretName: chart-example-tls
+    #   hosts:
+    #     - chart-example.local
+secrets: 
+  auth:
+    PCS_AUTH_AUDIENCE: PCS_AUTH_AUDIENCE
+    PCS_AUTH_ISSUER: PCS_AUTH_ISSUER
+  # Optionally specify a set of secret objects whose values
+  # will be injected as environment variables by default.
+  # You should add this section to a file like secrets.yaml
+  # that is explicitly NOT committed to source code control
+  # and then include it as part of your helm install step.
+  # ref: https://kubernetes.io/docs/concepts/configuration/secret/
+  #
+  # This creates a secret "mysecret" and injects "mypassword"
+  # as the environment variable mysecret_mypassword=password.
+  # mysecret:
+  #   mypassword: password
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #  cpu: 100m
+  #  memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 128Mi
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
--- a/scripts/cd/config/.helmignore
+++ b/scripts/cd/config/.helmignore
@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- a/scripts/cd/config/Chart.yaml
+++ b/scripts/cd/config/Chart.yaml
@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: config
+version: 0.1.0
--- a/scripts/cd/config/templates/NOTES.txt
+++ b/scripts/cd/config/templates/NOTES.txt
@ -0,0 +1,19 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "config.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get svc -w {{ template "config.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "config.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "config.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl port-forward $POD_NAME 8080:80
+{{- end }}
--- a/scripts/cd/config/templates/_helpers.tpl
+++ b/scripts/cd/config/templates/_helpers.tpl
@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "config.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "config.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "config.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
--- a/scripts/cd/config/templates/deployment.yaml
+++ b/scripts/cd/config/templates/deployment.yaml
@ -0,0 +1,76 @@
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  name: {{ template "config.fullname" . }}
+  labels:
+    app: {{ template "config.name" . }}
+    chart: {{ template "config.chart" . }}
+    draft: {{ default "draft-app" .Values.draft }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ template "config.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "config.name" . }}
+        draft: {{ default "draft-app" .Values.draft }}
+        release: {{ .Release.Name }}
+      annotations:
+        buildID: {{ .Values.buildID }}
+    spec:
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.internalPort }}
+              protocol: TCP
+          {{- if not .Values.disableProbes }}
+          livenessProbe:
+            httpGet:
+              path: /v1/status
+              port: http
+              periodSeconds: 120
+              initialDelaySeconds: 300
+          readinessProbe:
+            httpGet:
+              path: /v1/status
+              port: http
+              periodSeconds: 120
+              initialDelaySeconds: 300
+          {{- end }}
+          env:
+            {{- $root := . }}
+            {{- range $ref, $values := .Values.secrets }}
+            {{- range $key, $value := $values }}
+            - name: {{ $key }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "config.fullname" $root }}-{{ $ref | lower }}
+                  key: {{ $key }}
+            {{- end }}
+            {{- end }}
+          resources:
+{{ toYaml .Values.resources | indent 12 }}
+    {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
--- a/scripts/cd/config/templates/ingress.yaml
+++ b/scripts/cd/config/templates/ingress.yaml
@ -0,0 +1,39 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "config.fullname" . -}}
+{{- $servicePort := .Values.service.port -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    app: {{ template "config.name" . }}
+    chart: {{ template "config.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ . }}
+      http:
+        paths:
+          - path: {{ $ingressPath }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: http
+  {{- end }}
+{{- end }}
--- a/scripts/cd/config/templates/secrets.yaml
+++ b/scripts/cd/config/templates/secrets.yaml
@ -0,0 +1,12 @@
+{{- $root := . }}
+{{- range $name, $values := .Values.secrets }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "config.fullname" $root }}-{{ $name | lower }}
+data:
+  {{- range $key, $value := $values }}
+  {{ $key }}: {{ $value | b64enc }}
+  {{- end }}
+---
+{{- end }}
--- a/scripts/cd/config/templates/service.yaml
+++ b/scripts/cd/config/templates/service.yaml
@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "config.fullname" . }}
+  labels:
+    app: {{ template "config.name" . }}
+    chart: {{ template "config.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.externalPort }}
+      targetPort: {{ .Values.service.internalPort }}
+      protocol: TCP
+      name: http
+  selector:
+    app: {{ template "config.name" . }}
+    release: {{ .Release.Name }}
--- a/scripts/cd/config/values.yaml
+++ b/scripts/cd/config/values.yaml
@ -0,0 +1,70 @@
+# Default values for config.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+fullnameOverride: config
+replicaCount: 1
+image:
+  repository: azureiotpcs/pcs-config-dotnet
+  tag: testing
+  pullPolicy: Always
+imagePullSecrets: []
+  # Optionally specify an array of imagePullSecrets.
+  # Secrets must be manually created in the namespace.
+  # ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
+  #
+  # This uses credentials from secret "myRegistryKeySecretName".
+  # - name: myRegistryKeySecretName
+service:
+  type: ClusterIP
+  externalPort: 80
+  internalPort: 9005
+
+ingress:
+  enabled: true
+  #annotations:
+  #kubernetes.io/ingress.class: addon-http-application-routing
+    # kubernetes.io/tls-acme: "true"
+  path: /config
+  hosts:
+    - DNSNAME
+  # hosts:
+  #   - chart-example.local
+  tls: []
+    # - secretName: chart-example-tls
+    #   hosts:
+    #     - chart-example.local
+secrets: 
+  config:
+    PCS_STORAGEADAPTER_WEBSERVICE_URL: PCS_STORAGEADAPTER_WEBSERVICE_URL
+    PCS_DEVICESIMULATION_WEBSERVICE_URL: PCS_DEVICESIMULATION_WEBSERVICE_URL
+    PCS_TELEMETRY_WEBSERVICE_URL: PCS_TELEMETRY_WEBSERVICE_URL
+    PCS_AZUREMAPS_KEY: PCS_AZUREMAPS_KEY
+    PCS_AUTH_WEBSERVICE_URL: PCS_AUTH_WEBSERVICE_URL
+    PCS_AUTH_REQUIRED: PCS_AUTH_REQUIRED
+  # Optionally specify a set of secret objects whose values
+  # will be injected as environment variables by default.
+  # You should add this section to a file like secrets.yaml
+  # that is explicitly NOT committed to source code control
+  # and then include it as part of your helm install step.
+  # ref: https://kubernetes.io/docs/concepts/configuration/secret/
+  #
+  # This creates a secret "mysecret" and injects "mypassword"
+  # as the environment variable mysecret_mypassword=password.
+  # mysecret:
+  #   mypassword: password
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #  cpu: 100m
+  #  memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 128Mi
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
--- a/scripts/cd/delete.sh
+++ b/scripts/cd/delete.sh
@ -0,0 +1,26 @@
+#!/bin/bash
+####### helm delete release
+echo "Config current context"
+kubectl config current-context 
+
+echo "Deleting services from above context"
+helm delete storageadapter
+helm delete telemetry
+helm delete iothubmanager
+helm delete simulation
+helm delete auth
+helm delete webui
+helm delete asamanager
+helm delete config
+####### helm purgedelete to ensure if above cmds don't work
+helm del --purge storageadapter
+helm del --purge telemetry
+helm del --purge iothubmanager
+helm del --purge simulation
+helm del --purge auth
+helm del --purge webui
+helm del --purge asamanager
+helm del --purge config
+##################### Delete any other resources
+kubectl delete secret storageadapter-storageadapter
+exit 0
--- a/scripts/cd/deploy.sh
+++ b/scripts/cd/deploy.sh
@ -0,0 +1,39 @@
+#!/bin/bash
+source .env
+####### Install helm charts
+install() {
+#	helm install --name storageadapter storageadapter/charts/storageadapter/ --set secrets.storageadapter.PCS_STORAGEADAPTER_DOCUMENTDB_CONNSTRING=${PCS_STORAGEADAPTER_DOCUMENTDB_CONNSTRING} --set-string secrets.storageadapter.PCS_AUTH_REQUIRED=${PCS_AUTH_REQUIRED}
+
+	helm install --name telemetry telemetry/charts/devicetelemetry/ --set secrets.devicetelemetry.PCS_TELEMETRY_DOCUMENTDB_CONNSTRING=${PCS_TELEMETRY_DOCUMENTDB_CONNSTRING} --set secrets.devicetelemetry.PCS_STORAGEADAPTER_WEBSERVICE_URL=${PCS_STORAGEADAPTER_WEBSERVICE_URL} --set secrets.devicetelemetry.PCS_STORAGEADAPTER_WEBSERVICE_URL=${PCS_STORAGEADAPTER_WEBSERVICE_URL} --set secrets.devicetelemetry.PCS_AUTH_WEBSERVICE_URL=${PCS_AUTH_WEBSERVICE_URL} --set secrets.devicetelemetry.PCS_AAD_TENANT=${PCS_AAD_TENANT} --set secrets.devicetelemetry.PCS_AAD_APPID=${PCS_AAD_APPID} --set secrets.devicetelemetry.PCS_AAD_APPSECRET=${PCS_AAD_APPSECRET} --set secrets.devicetelemetry.PCS_TELEMETRY_STORAGE_TYPE=${PCS_TELEMETRY_STORAGE_TYPE} --set secrets.devicetelemetry.PCS_TSI_FQDN=${PCS_TSI_FQDN} --set-string secrets.devicetelemetry.PCS_AUTH_REQUIRED=${PCS_AUTH_REQUIRED}
+
+	helm install --name iothubmanager iothubmanager/charts/iothubmanager/ --set secrets.iothubmanager.PCS_IOTHUB_CONNSTRING=${PCS_IOTHUB_CONNSTRING} --set secrets.iothubmanager.PCS_AUTH_WEBSERVICE_URL=${PCS_AUTH_WEBSERVICE_URL} --set secrets.iothubmanager.PCS_STORAGEADAPTER_WEBSERVICE_URL=${PCS_STORAGEADAPTER_WEBSERVICE_URL} --set-string secrets.iothubmanager.PCS_AUTH_REQUIRED=${PCS_AUTH_REQUIRED}
+
+	helm install --name simulation simulation/charts/simulation/ --set secrets.simulation.PCS_IOTHUB_CONNSTRING=${PCS_IOTHUB_CONNSTRING} --set secrets.simulation.PCS_STORAGEADAPTER_WEBSERVICE_URL=${PCS_STORAGEADAPTER_WEBSERVICE_URL} --set-string secrets.simulation.PCS_AUTH_REQUIRED=${PCS_AUTH_REQUIRED} 
+
+	helm install --name config config/charts/config --set secrets.config.PCS_DEVICESIMULATION_WEBSERVICE_URL=${PCS_DEVICESIMULATION_WEBSERVICE_URL} --set secrets.config.PCS_STORAGEADAPTER_WEBSERVICE_URL=${PCS_STORAGEADAPTER_WEBSERVICE_URL} --set secrets.config.PCS_TELEMETRY_WEBSERVICE_URL=${PCS_TELEMETRY_WEBSERVICE_URL} --set secrets.config.PCS_AZUREMAPS_KEY=${PCS_AZUREMAPS_KEY} --set secrets.config.PCS_AUTH_WEBSERVICE_URL=${PCS_AUTH_WEBSERVICE_URL} --set-string secrets.config.PCS_AUTH_REQUIRED=${PCS_AUTH_REQUIRED} --debug
+
+	helm install --name asamanager asamanager/charts/asamanager/ --set secrets.asamanager.PCS_ASA_DATA_AZUREBLOB_ACCOUNT=${PCS_ASA_DATA_AZUREBLOB_ACCOUNT} --set secrets.asamanager.PCS_ASA_DATA_AZUREBLOB_KEY=${PCS_ASA_DATA_AZUREBLOB_KEY} --set secrets.asamanager.PCS_ASA_DATA_AZUREBLOB_ENDPOINT_SUFFIX=${PCS_ASA_DATA_AZUREBLOB_ENDPOINT_SUFFIX} --set secrets.asamanager.PCS_EVENTHUB_CONNSTRING=${PCS_EVENTHUB_CONNSTRING} --set secrets.asamanager.PCS_EVENTHUB_NAME=${PCS_EVENTHUB_NAME} --set secrets.asamanager.PCS_TELEMETRY_DOCUMENTDB_CONNSTRING=${PCS_TELEMETRY_DOCUMENTDB_CONNSTRING} --set secrets.asamanager.PCS_TELEMETRY_WEBSERVICE_URL=${PCS_TELEMETRY_WEBSERVICE_URL} --set secrets.asamanager.PCS_CONFIG_WEBSERVICE_URL=${PCS_CONFIG_WEBSERVICE_URL} --set secrets.asamanager.PCS_IOTHUBMANAGER_WEBSERVICE_URL=${PCS_IOTHUBMANAGER_WEBSERVICE_URL} --set secrets.asamanager.PCS_TELEMETRY_STORAGE_TYPE=${PCS_TELEMETRY_STORAGE_TYPE} --set-string secrets.asamanager.PCS_AUTH_REQUIRED=${PCS_AUTH_REQUIRED} --debug
+
+	helm install --name auth auth/charts/auth/ --set secrets.auth.PCS_AUTH_AUDIENCE=${PCS_AUTH_AUDIENCE} --set secrets.auth.PCS_AUTH_ISSUER=${PCS_AUTH_ISSUER}
+
+	helm install --name webui webui/charts/webui/ --set REACT_APP_BASE_SERVICE_URL=${REACT_APP_BASE_SERVICE_URL}
+
+	helm install --name reverse-proxy reverse-proxy/charts/reverse-proxy/
+}
+##########################
+
+upgrade() {
+	helm upgrade --install --force storageadapter storageadapter/ --set secrets.storageadapter.PCS_STORAGEADAPTER_DOCUMENTDB_CONNSTRING=${PCS_STORAGEADAPTER_DOCUMENTDB_CONNSTRING} --set-string secrets.storageadapter.PCS_AUTH_REQUIRED=${PCS_AUTH_REQUIRED} --debug
+}
+
+
+must_run_once_more(){
+   #### Thisstep is required due to bug in helm https://github.com/helm/helm/issues/1479
+    helm install --name storageadapter storageadapter/ --set secrets.storageadapter.PCS_STORAGEADAPTER_DOCUMENTDB_CONNSTRING=${PCS_STORAGEADAPTER_DOCUMENTDB_CONNSTRING} --set-string secrets.storageadapter.PCS_AUTH_REQUIRED=${PCS_AUTH_REQUIRED}
+    exit 0
+}
+
+
+must_run_once_more
+
+install
--- a/scripts/cd/devicetelemetry/.helmignore
+++ b/scripts/cd/devicetelemetry/.helmignore
@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- a/scripts/cd/devicetelemetry/Chart.yaml
+++ b/scripts/cd/devicetelemetry/Chart.yaml
@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: devicetelemetry
+version: 0.1.0
--- a/scripts/cd/devicetelemetry/templates/NOTES.txt
+++ b/scripts/cd/devicetelemetry/templates/NOTES.txt
@ -0,0 +1,19 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "devicetelemetry.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get svc -w {{ template "devicetelemetry.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "devicetelemetry.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "devicetelemetry.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl port-forward $POD_NAME 8080:80
+{{- end }}
--- a/scripts/cd/devicetelemetry/templates/_helpers.tpl
+++ b/scripts/cd/devicetelemetry/templates/_helpers.tpl
@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "devicetelemetry.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "devicetelemetry.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "devicetelemetry.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
--- a/scripts/cd/devicetelemetry/templates/deployment.yaml
+++ b/scripts/cd/devicetelemetry/templates/deployment.yaml
@ -0,0 +1,79 @@
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  name: {{ template "devicetelemetry.fullname" . }}
+  labels:
+    app: {{ template "devicetelemetry.name" . }}
+    chart: {{ template "devicetelemetry.chart" . }}
+    draft: {{ default "draft-app" .Values.draft }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ template "devicetelemetry.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "devicetelemetry.name" . }}
+        draft: {{ default "draft-app" .Values.draft }}
+        release: {{ .Release.Name }}
+      annotations:
+        buildID: {{ .Values.buildID }}
+    spec:
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.internalPort }}
+              protocol: TCP
+	  {{- if .Values.probes.enabled }}
+          livenessProbe:
+            httpGet:
+              path: /v1/status
+              port: http
+              periodSeconds: 900
+              timeoutSeconds: 300
+              successThreshold: 60
+              initialDelaySeconds: 900
+          readinessProbe:
+            httpGet:
+              path: /v1/status
+              port: http
+              periodSeconds: 900
+              timeoutSeconds: 300 
+              initialDelaySeconds: 900
+	  {{- end }}
+          env:
+            {{- $root := . }}
+            {{- range $ref, $values := .Values.secrets }}
+            {{- range $key, $value := $values }}
+            - name: {{ $key }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "devicetelemetry.fullname" $root }}-{{ $ref | lower }}
+                  key: {{ $key }}
+            {{- end }}
+            {{- end }}
+          resources:
+{{ toYaml .Values.resources | indent 12 }}
+    {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
--- a/scripts/cd/devicetelemetry/templates/ingress.yaml
+++ b/scripts/cd/devicetelemetry/templates/ingress.yaml
@ -0,0 +1,39 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "devicetelemetry.fullname" . -}}
+{{- $servicePort := .Values.service.externalPort -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    app: {{ template "devicetelemetry.name" . }}
+    chart: {{ template "devicetelemetry.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ . }}
+      http:
+        paths:
+          - path: {{ $ingressPath }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: {{ $servicePort }}
+  {{- end }}
+{{- end }}
--- a/scripts/cd/devicetelemetry/templates/secrets.yaml
+++ b/scripts/cd/devicetelemetry/templates/secrets.yaml
@ -0,0 +1,12 @@
+{{- $root := . }}
+{{- range $name, $values := .Values.secrets }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "devicetelemetry.fullname" $root }}-{{ $name | lower }}
+data:
+  {{- range $key, $value := $values }}
+  {{ $key }}: {{ $value | b64enc}}
+  {{- end }}
+---
+{{- end }}
--- a/scripts/cd/devicetelemetry/templates/service.yaml
+++ b/scripts/cd/devicetelemetry/templates/service.yaml
@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "devicetelemetry.fullname" . }}
+  labels:
+    app: {{ template "devicetelemetry.name" . }}
+    chart: {{ template "devicetelemetry.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.externalPort }}
+      targetPort: {{ .Values.service.internalPort }}
+      protocol: TCP
+      name: http
+  selector:
+    app: {{ template "devicetelemetry.name" . }}
+    release: {{ .Release.Name }}
--- a/scripts/cd/devicetelemetry/values.yaml
+++ b/scripts/cd/devicetelemetry/values.yaml
@ -0,0 +1,80 @@
+# Default values for devicetelemetry.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+fullnameOverride: devicetelemetry
+replicaCount: 1
+image:
+  repository: azureiotpcs/telemetry-dotnet
+  tag: testing
+  pullPolicy: Always
+imagePullSecrets: []
+  # Optionally specify an array of imagePullSecrets.
+  # Secrets must be manually created in the namespace.
+  # ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
+  #
+  # This uses credentials from secret "myRegistryKeySecretName".
+  # - name: myRegistryKeySecretName
+service:
+  type: ClusterIP
+  externalPort: 80
+  internalPort: 9004
+
+#disableProbes:
+#  enabled: false
+ingress:
+  enabled: true
+  #annotations:
+    #kubernetes.io/ingress.class: addon-http-application-routing
+    # kubernetes.io/tls-acme: "true"
+  path: /devicetelemetry
+  hosts:
+    - DNSNAME 
+  # hosts:
+  #   - chart-example.local
+  tls: []
+    # - secretName: chart-example-tls
+    #   hosts:
+    #     - chart-example.local
+secrets:
+  devicetelemetry:
+    PCS_TELEMETRY_DOCUMENTDB_CONNSTRING: PCS_TELEMETRY_DOCUMENTDB_CONNSTRING
+    PCS_STORAGEADAPTER_WEBSERVICE_URL: PCS_STORAGEADAPTER_WEBSERVICE_URL
+    PCS_AUTH_WEBSERVICE_URL: PCS_AUTH_WEBSERVICE_URL
+    PCS_AAD_TENANT: PCS_AAD_TENANT
+    PCS_AAD_APPID: PCS_AAD_APPID
+    PCS_AAD_APPSECRET: PCS_AAD_APPSECRET
+    PCS_TELEMETRY_STORAGE_TYPE: PCS_TELEMETRY_STORAGE_TYPE
+    PCS_TSI_FQDN: PCS_TSI_FQDN
+    PCS_DIAGNOSTICS_WEBSERVICE_URL: PCS_DIAGNOSTICS_WEBSERVICE_URL
+    PCS_AUTH_REQUIRED: PCS_AUTH_REQUIRED
+  # Optionally specify a set of secret objects whose values
+  # will be injected as environment variables by default.
+  # You should add this section to a file like secrets.yaml
+  # that is explicitly NOT committed to source code control
+  # and then include it as part of your helm install step.
+  # ref: https://kubernetes.io/docs/concepts/configuration/secret/
+  #
+  # This creates a secret "mysecret" and injects "mypassword"
+  # as the environment variable mysecret_mypassword=password.
+  # mysecret:
+  #   mypassword: password
+  #
+probes:
+  enabled: false
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #  cpu: 100m
+  #  memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 128Mi
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
--- a/scripts/cd/helm_install.sh
+++ b/scripts/cd/helm_install.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+
+sh delete.sh
+sleep 5
+sh deploy.sh
--- a/scripts/cd/ingress/certificates.yaml
+++ b/scripts/cd/ingress/certificates.yaml
@ -0,0 +1,17 @@
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: Certificate
+metadata:
+  name: tls-secret
+spec:
+  secretName: tls-secret
+  dnsNames:
+  - DNSGIVENNAME.REGION.cloudapp.azure.com 
+  acme:
+    config:
+    - http01:
+        ingressClass: nginx
+      domains:
+      - DNSGIVENNAME.REGION.cloudapp.azure.com
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
--- a/scripts/cd/ingress/cluster-issuer.yaml
+++ b/scripts/cd/ingress/cluster-issuer.yaml
@ -0,0 +1,11 @@
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: nobody@nobody.com
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    http01: {}
--- a/scripts/cd/ingress/configure-dns.sh
+++ b/scripts/cd/ingress/configure-dns.sh
@ -0,0 +1,13 @@
+#!/bin/bash
+
+# Public IP address of your ingress controller
+IP="NGINXIP"
+
+# Name to associate with public IP address
+DNSNAME="DNSGIVENNAME"
+
+# Get the resource-id of the public ip
+PUBLICIPID=$(az network public-ip list --query "[?ipAddress!=null]|[?contains(ipAddress, '$IP')].[id]" --output tsv)
+
+# Update public ip address with DNS name
+az network public-ip update --ids $PUBLICIPID --dns-name $DNSNAME
--- a/scripts/cd/ingress/helm-rbac.yaml
+++ b/scripts/cd/ingress/helm-rbac.yaml
@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tiller
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: tiller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: tiller
+    namespace: kube-system
--- a/scripts/cd/ingress/helm-setup.sh
+++ b/scripts/cd/ingress/helm-setup.sh
@ -0,0 +1,7 @@
+#!/bin/bash
+
+
+kubectl create -f helm-rbac.yaml
+
+helm init --service-account tiller
+
--- a/scripts/cd/ingress/install-nginx-ingress.sh
+++ b/scripts/cd/ingress/install-nginx-ingress.sh
@ -0,0 +1,58 @@
+#!/bin/bash
+
+
+helm install stable/nginx-ingress --namespace kube-system
+
+echo "Waiting for nginx controller to acquire PUBLIC ip ....."
+sleep 20
+###########
+###HTTPS Controller
+##########
+
+IP=`kubectl get service -l app=nginx-ingress --namespace kube-system | sed -n '/controller/s/ \+/ /gp' | cut -d" " -f4`
+
+echo "INGRESS NGINX public IP is:"
+echo $IP
+
+sed -i.bak s/NGINXIP/$IP/g configure-dns.sh
+
+sed -i.bak1 s/DNSGIVENNAME/$1/g configure-dns.sh
+
+echo "Configuring DNS ...."
+sh configure-dns.sh
+
+mv configure-dns.sh.bak configure-dns.sh
+
+rm -rf configure-dns.sh.bak1
+
+echo "Installing cert manager"
+
+helm install stable/cert-manager --set ingressShim.defaultIssuerName=letsencrypt --set ingressShim.defaultIssuerKind=ClusterIssuer
+
+echo "Creating SSL cert issuer in cluster ..."
+
+kubectl apply -f cluster-issuer.yaml
+
+sed -i.bak s/DNSGIVENNAME/$1/g certificates.yaml
+
+sed -i.bak1 s/REGION/$2/g certificates.yaml
+
+mv certificates.yaml.bak certificates.yaml
+
+rm -rf certificates.yaml.bak1
+
+echo "Creating certificates resources ...."
+
+kubectl apply -f certificates.yaml
+
+echo "Creating Remote Monitoring Nginx controller"
+
+sed -i.bak s/DNSGIVENNAME/$1/g rm-ingress.yaml
+
+sed -i.bak s/REGION/$2/g rm-ingress.yaml
+
+kubectl apply -f rm-ingress.yaml
+
+mv rm-ingress.yaml.bak rm-ingress.yaml
+
+rm -rf rm-ingress.yaml.bak1
--- a/scripts/cd/ingress/rm-ingress.yaml
+++ b/scripts/cd/ingress/rm-ingress.yaml
@ -0,0 +1,53 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: rm-ingress
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    certmanager.k8s.io/cluster-issuer: letsencrypt-prod
+    nginx.ingress.kubernetes.io/rewrite-target: /
+spec:
+  backend:
+    serviceName: webui
+    servicePort: 10080
+  tls:
+  - hosts:
+    - DNSGIVENNAME.REGION.cloudapp.azure.com 
+    secretName: tls-secret
+  rules:
+  - host: DNSGIVENNAME.REGION.cloudapp.azure.com
+    http:
+      paths:
+      - path: /storageadapter/(.*)
+        backend:
+          serviceName: storageadapter
+          servicePort: 80
+      - path: /iothubmanager/*
+        backend:
+          serviceName: iothubmanager
+          servicePort: 80
+      - path: /telemetry/*
+        backend:
+          serviceName: devicetelemetry
+          servicePort: 80
+      - path: /devicesimulation/*
+        backend:
+          serviceName: simulation
+          servicePort: 80
+      - path: /config/*
+        backend:
+          serviceName: config
+          servicePort: 80
+      - path: /asamanager/(.*)
+        backend:
+          serviceName: asamanager
+          servicePort: 80
+      - path: /auth/(.*)
+        backend:
+          serviceName: auth
+          servicePort: 80
+      - path: /
+        backend:
+          serviceName: webui
+          servicePort: 10080
+
--- a/scripts/cd/iothubmanager/.helmignore
+++ b/scripts/cd/iothubmanager/.helmignore
@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- a/scripts/cd/iothubmanager/Chart.yaml
+++ b/scripts/cd/iothubmanager/Chart.yaml
@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: iothubmanager
+version: 0.1.0
--- a/scripts/cd/iothubmanager/templates/NOTES.txt
+++ b/scripts/cd/iothubmanager/templates/NOTES.txt
@ -0,0 +1,19 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "iothubmanager.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get svc -w {{ template "iothubmanager.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "iothubmanager.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "iothubmanager.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl port-forward $POD_NAME 8080:80
+{{- end }}
--- a/scripts/cd/iothubmanager/templates/_helpers.tpl
+++ b/scripts/cd/iothubmanager/templates/_helpers.tpl
@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "iothubmanager.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "iothubmanager.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "iothubmanager.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
--- a/scripts/cd/iothubmanager/templates/deployment.yaml
+++ b/scripts/cd/iothubmanager/templates/deployment.yaml
@ -0,0 +1,76 @@
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  name: {{ template "iothubmanager.fullname" . }}
+  labels:
+    app: {{ template "iothubmanager.name" . }}
+    chart: {{ template "iothubmanager.chart" . }}
+    draft: {{ default "draft-app" .Values.draft }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ template "iothubmanager.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "iothubmanager.name" . }}
+        draft: {{ default "draft-app" .Values.draft }}
+        release: {{ .Release.Name }}
+      annotations:
+        buildID: {{ .Values.buildID }}
+    spec:
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.internalPort }} 
+              protocol: TCP
+	  {{- if not .Values.disableProbes }}
+          livenessProbe:
+            httpGet:
+              path: /v1/status
+              port: http
+              periodSeconds: 120
+              initialDelaySeconds: 300
+          readinessProbe:
+            httpGet:
+              path: /v1/status
+              port: http
+              periodSeconds: 120
+              initialDelaySeconds: 300
+	  {{- end }}
+          env:
+            {{- $root := . }}
+            {{- range $ref, $values := .Values.secrets }}
+            {{- range $key, $value := $values }}
+            - name: {{ $key }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "iothubmanager.fullname" $root }}-{{ $ref | lower }}
+                  key: {{ $key }}
+            {{- end }}
+            {{- end }}
+          resources:
+{{ toYaml .Values.resources | indent 12 }}
+    {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
--- a/scripts/cd/iothubmanager/templates/ingress.yaml
+++ b/scripts/cd/iothubmanager/templates/ingress.yaml
@ -0,0 +1,39 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "iothubmanager.fullname" . -}}
+{{- $servicePort := .Values.service.port -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    app: {{ template "iothubmanager.name" . }}
+    chart: {{ template "iothubmanager.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ . }}
+      http:
+        paths:
+          - path: {{ $ingressPath }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: http
+  {{- end }}
+{{- end }}
--- a/scripts/cd/iothubmanager/templates/secrets.yaml
+++ b/scripts/cd/iothubmanager/templates/secrets.yaml
@ -0,0 +1,12 @@
+{{- $root := . }}
+{{- range $name, $values := .Values.secrets }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "iothubmanager.fullname" $root }}-{{ $name | lower }}
+data:
+  {{- range $key, $value := $values }}
+  {{ $key }}: {{ $value | b64enc }}
+  {{- end }}
+---
+{{- end }}
--- a/scripts/cd/iothubmanager/templates/service.yaml
+++ b/scripts/cd/iothubmanager/templates/service.yaml
@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "iothubmanager.fullname" . }}
+  labels:
+    app: {{ template "iothubmanager.name" . }}
+    chart: {{ template "iothubmanager.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.externalPort }}
+      targetPort: {{ .Values.service.internalPort }}
+      protocol: TCP
+      name: http
+  selector:
+    app: {{ template "iothubmanager.name" . }}
+    release: {{ .Release.Name }}
--- a/scripts/cd/iothubmanager/values.yaml
+++ b/scripts/cd/iothubmanager/values.yaml
@ -0,0 +1,68 @@
+# Default values for iothubmanager.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+fullnameOverride: iothubmanager
+replicaCount: 1
+image:
+  repository: azureiotpcs/iothub-manager-dotnet
+  tag: testing
+  pullPolicy: Always
+imagePullSecrets: []
+  # Optionally specify an array of imagePullSecrets.
+  # Secrets must be manually created in the namespace.
+  # ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
+  #
+  # This uses credentials from secret "myRegistryKeySecretName".
+  # - name: myRegistryKeySecretName
+service:
+  type: ClusterIP
+  externalPort: 80
+  internalPort: 9002
+
+ingress:
+  enabled: true
+  #annotations:
+    #kubernetes.io/ingress.class: addon-http-application-routing
+    # kubernetes.io/tls-acme: "true"
+  path: /iothubmanager
+  hosts:
+    - DNSNAME 
+  # hosts:
+  #   - chart-example.local
+  tls: []
+    # - secretName: chart-example-tls
+    #   hosts:
+    #     - chart-example.locam
+secrets: 
+  iothubmanager:
+    PCS_AUTH_WEBSERVICE_URL: PCS_AUTH_WEBSERVICE_URL
+    PCS_IOTHUB_CONNSTRING: PCS_IOTHUB_CONNSTRING
+    PCS_STORAGEADAPTER_WEBSERVICE_URL: PCS_STORAGEADAPTER_WEBSERVICE_URL
+    PCS_AUTH_REQUIRED: PCS_AUTH_REQUIRED 
+  # Optionally specify a set of secret objects whose values
+  # will be injected as environment variables by default.
+  # You should add this section to a file like secrets.yaml
+  # that is explicitly NOT committed to source code control
+  # and then include it as part of your helm install step.
+  # ref: https://kubernetes.io/docs/concepts/configuration/secret/
+  #
+  # This creates a secret "mysecret" and injects "mypassword"
+  # as the environment variable mysecret_mypassword=password.
+  # mysecret:
+  #   mypassword: password
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #  cpu: 100m
+  #  memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 128Mi
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
--- a/scripts/cd/reverse-proxy/.helmignore
+++ b/scripts/cd/reverse-proxy/.helmignore
@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- a/scripts/cd/reverse-proxy/Chart.yaml
+++ b/scripts/cd/reverse-proxy/Chart.yaml
@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: reverse-proxy
+version: 0.1.0
--- a/scripts/cd/reverse-proxy/templates/NOTES.txt
+++ b/scripts/cd/reverse-proxy/templates/NOTES.txt
@ -0,0 +1,19 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "reverse-proxy.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get svc -w {{ template "reverse-proxy.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "reverse-proxy.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "reverse-proxy.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl port-forward $POD_NAME 8080:80
+{{- end }}
--- a/scripts/cd/reverse-proxy/templates/_helpers.tpl
+++ b/scripts/cd/reverse-proxy/templates/_helpers.tpl
@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "reverse-proxy.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "reverse-proxy.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "reverse-proxy.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
--- a/scripts/cd/reverse-proxy/templates/deployment.yaml
+++ b/scripts/cd/reverse-proxy/templates/deployment.yaml
@ -0,0 +1,79 @@
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  name: {{ template "reverse-proxy.fullname" . }}
+  labels:
+    app: {{ template "reverse-proxy.name" . }}
+    chart: {{ template "reverse-proxy.chart" . }}
+    draft: {{ default "draft-app" .Values.draft }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ template "reverse-proxy.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "reverse-proxy.name" . }}
+        draft: {{ default "draft-app" .Values.draft }}
+        release: {{ .Release.Name }}
+      annotations:
+        buildID: {{ .Values.buildID }}
+    spec:
+      volumes:
+        - name: certs-volume
+          configMap:
+            name: cert-config
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          volumeMounts:
+          - name: certs-volume
+            mountPath: /app/certs
+          ports:
+            - name: http
+              containerPort: 10080
+              protocol: TCP
+          {{- if .Values.probes.enabled }}
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+          {{- end }}
+          env:
+            {{- $root := . }}
+            {{- range $ref, $values := .Values.secrets }}
+            {{- range $key, $value := $values }}
+            - name: {{ $key }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "reverse-proxy.fullname" $root }}-{{ $ref | lower }}
+                  key: {{ $key }}
+            {{- end }}
+            {{- end }}
+          resources:
+{{ toYaml .Values.resources | indent 12 }}
+    {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
--- a/scripts/cd/reverse-proxy/templates/ingress.yaml
+++ b/scripts/cd/reverse-proxy/templates/ingress.yaml
@ -0,0 +1,39 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "reverse-proxy.fullname" . -}}
+{{- $servicePort := .Values.service.port -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    app: {{ template "reverse-proxy.name" . }}
+    chart: {{ template "reverse-proxy.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ . }}
+      http:
+        paths:
+          - path: {{ $ingressPath }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: http
+  {{- end }}
+{{- end }}
--- a/scripts/cd/reverse-proxy/templates/secrets.yaml
+++ b/scripts/cd/reverse-proxy/templates/secrets.yaml
@ -0,0 +1,12 @@
+{{- $root := . }}
+{{- range $name, $values := .Values.secrets }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "reverse-proxy.fullname" $root }}-{{ $name | lower }}
+data:
+  {{- range $key, $value := $values }}
+  {{ $key }}: {{ $value | b64enc }}
+  {{- end }}
+---
+{{- end }}
--- a/scripts/cd/reverse-proxy/templates/service.yaml
+++ b/scripts/cd/reverse-proxy/templates/service.yaml
@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "reverse-proxy.fullname" . }}
+  labels:
+    app: {{ template "reverse-proxy.name" . }}
+    chart: {{ template "reverse-proxy.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.externalPort }}
+      targetPort: {{ .Values.service.internalPort }}
+      protocol: TCP
+      name: http
+    - port: {{ .Values.service.externalHttpsPort }}
+      targetPort: {{ .Values.service.internalHttpsPort }}
+      protocol: TCP
+      name: https
+  selector:
+    app: {{ template "reverse-proxy.name" . }}
+    release: {{ .Release.Name }}
--- a/scripts/cd/reverse-proxy/values.yaml
+++ b/scripts/cd/reverse-proxy/values.yaml
@ -0,0 +1,70 @@
+# Default values for reverse-proxy.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+fullnameOverride: reverse-proxy
+replicaCount: 1
+image:
+  repository: azureiotpcs/remote-monitoring-nginx
+  tag: testing
+  pullPolicy: Always
+imagePullSecrets: []
+  # Optionally specify an array of imagePullSecrets.
+  # Secrets must be manually created in the namespace.
+  # ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
+  #
+  # This uses credentials from secret "myRegistryKeySecretName".
+  # - name: myRegistryKeySecretName
+  #
+probes:
+  enabled: false
+
+service:
+  type: ClusterIP
+  internalPort: 80
+  externalPort: 10080
+  internalHttpsPort: 443
+  externalHttpsPort: 10443
+
+
+ingress:
+  enabled: false
+  #annotations:
+  #kubernetes.io/ingress.class: addon-http-application-routing
+    # kubernetes.io/tls-acme: "true"
+  path: /
+  hosts:
+    - rm-aks-test.eastus.cloudapp.azure.com
+  # hosts:
+  #   - chart-example.local
+  tls: []
+    # - secretName: chart-example-tls
+    #   hosts:
+    #     - chart-example.local
+secrets: {}
+  # Optionally specify a set of secret objects whose values
+  # will be injected as environment variables by default.
+  # You should add this section to a file like secrets.yaml
+  # that is explicitly NOT committed to source code control
+  # and then include it as part of your helm install step.
+  # ref: https://kubernetes.io/docs/concepts/configuration/secret/
+  #
+  # This creates a secret "mysecret" and injects "mypassword"
+  # as the environment variable mysecret_mypassword=password.
+  # mysecret:
+  #   mypassword: password
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #  cpu: 100m
+  #  memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 128Mi
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
--- a/scripts/cd/simulation/.helmignore
+++ b/scripts/cd/simulation/.helmignore
@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- a/scripts/cd/simulation/Chart.yaml
+++ b/scripts/cd/simulation/Chart.yaml
@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: simulation
+version: 0.1.0
--- a/scripts/cd/simulation/templates/NOTES.txt
+++ b/scripts/cd/simulation/templates/NOTES.txt
@ -0,0 +1,19 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "simulation.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get svc -w {{ template "simulation.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "simulation.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "simulation.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl port-forward $POD_NAME 8080:80
+{{- end }}
--- a/scripts/cd/simulation/templates/_helpers.tpl
+++ b/scripts/cd/simulation/templates/_helpers.tpl
@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "simulation.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "simulation.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "simulation.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
--- a/scripts/cd/simulation/templates/deployment.yaml
+++ b/scripts/cd/simulation/templates/deployment.yaml
@ -0,0 +1,79 @@
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  name: {{ template "simulation.fullname" . }}
+  labels:
+    app: {{ template "simulation.name" . }}
+    chart: {{ template "simulation.chart" . }}
+    draft: {{ default "draft-app" .Values.draft }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ template "simulation.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "simulation.name" . }}
+        draft: {{ default "draft-app" .Values.draft }}
+        release: {{ .Release.Name }}
+      annotations:
+        buildID: {{ .Values.buildID }}
+    spec:
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.internalPort }} 
+              protocol: TCP
+	  {{- if .Values.probes.enabled }}
+          livenessProbe:
+            httpGet:
+              path: /v1/status
+              port: http
+              periodSeconds: 600
+              timeoutSeconds: 10
+              successThreshold: 5
+              initialDelaySeconds: 300
+          readinessProbe:
+            httpGet:
+              path: /v1/status
+              port: http
+              periodSeconds: 600
+              timeoutSeconds: 10
+              initialDelaySeconds: 300
+	  {{- end }}
+          env:
+            {{- $root := . }}
+            {{- range $ref, $values := .Values.secrets }}
+            {{- range $key, $value := $values }}
+            - name: {{ $key }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "simulation.fullname" $root }}-{{ $ref | lower }}
+                  key: {{ $key }}
+            {{- end }}
+            {{- end }}
+          resources:
+{{ toYaml .Values.resources | indent 12 }}
+    {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
--- a/scripts/cd/simulation/templates/ingress.yaml
+++ b/scripts/cd/simulation/templates/ingress.yaml
@ -0,0 +1,39 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "simulation.fullname" . -}}
+{{- $servicePort := .Values.service.port -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    app: {{ template "simulation.name" . }}
+    chart: {{ template "simulation.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ . }}
+      http:
+        paths:
+          - path: {{ $ingressPath }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: http
+  {{- end }}
+{{- end }}
--- a/scripts/cd/simulation/templates/secrets.yaml
+++ b/scripts/cd/simulation/templates/secrets.yaml
@ -0,0 +1,12 @@
+{{- $root := . }}
+{{- range $name, $values := .Values.secrets }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "simulation.fullname" $root }}-{{ $name | lower }}
+data:
+  {{- range $key, $value := $values }}
+  {{ $key }}: {{ $value | b64enc }}
+  {{- end }}
+---
+{{- end }}
--- a/scripts/cd/simulation/templates/service.yaml
+++ b/scripts/cd/simulation/templates/service.yaml
@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "simulation.fullname" . }}
+  labels:
+    app: {{ template "simulation.name" . }}
+    chart: {{ template "simulation.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.externalPort }}
+      targetPort: {{ .Values.service.internalPort }}
+      protocol: TCP
+      name: http
+  selector:
+    app: {{ template "simulation.name" . }}
+    release: {{ .Release.Name }}
--- a/scripts/cd/simulation/values.yaml
+++ b/scripts/cd/simulation/values.yaml
@ -0,0 +1,72 @@
+# Default values for simulation.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+fullnameOverride: simulation
+replicaCount: 1
+image:
+  repository: azureiotpcs/device-simulation-dotnet 
+  tag: DS-1.0.2
+  pullPolicy: Always
+imagePullSecrets: []
+  # Optionally specify an array of imagePullSecrets.
+  # Secrets must be manually created in the namespace.
+  # ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
+  #
+  # This uses credentials from secret "myRegistryKeySecretName".
+  # - name: myRegistryKeySecretName
+service:
+  type: ClusterIP
+  externalPort: 80
+  internalPort: 9003
+
+ingress:
+  enabled: true
+  #annotations:
+    #kubernetes.io/ingress.class: addon-http-application-routing
+    # kubernetes.io/tls-acme: "true"
+  path: /simulation
+  hosts:
+    - DNSNAME
+  # hosts:
+  #   - chart-example.local
+  tls: []
+    # - secretName: chart-example-tls
+    #   hosts:
+    #     - chart-example.local
+secrets:
+  simulation: 
+    PCS_IOTHUB_CONNSTRING: PCS_IOTHUB_CONNSTRING
+    PCS_STORAGEADAPTER_WEBSERVICE_URL: PCS_STORAGEADAPTER_WEBSERVICE_URL
+    PCS_AUTH_REQUIRED: PCS_AUTH_REQUIRED
+  # Optionally specify a set of secret objects whose values
+  # will be injected as environment variables by default.
+  # You should add this section to a file like secrets.yaml
+  # that is explicitly NOT committed to source code control
+  # and then include it as part of your helm install step.
+  # ref: https://kubernetes.io/docs/concepts/configuration/secret/
+  #
+  # This creates a secret "mysecret" and injects "mypassword"
+  # as the environment variable mysecret_mypassword=password.
+  # mysecret:
+  #   mypassword: password
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #  cpu: 100m
+  #  memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 128Mi
+  #
+probes:
+  enabled: false
+
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
--- a/scripts/cd/storageadapter/.helmignore
+++ b/scripts/cd/storageadapter/.helmignore
@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- a/scripts/cd/storageadapter/Chart.yaml
+++ b/scripts/cd/storageadapter/Chart.yaml
@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: storageadapter
+version: 0.1.0
--- a/scripts/cd/storageadapter/templates/NOTES.txt
+++ b/scripts/cd/storageadapter/templates/NOTES.txt
@ -0,0 +1,19 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "storageadapter.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get svc -w {{ template "storageadapter.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "storageadapter.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "storageadapter.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl port-forward $POD_NAME 8080:80
+{{- end }}
--- a/scripts/cd/storageadapter/templates/_helpers.tpl
+++ b/scripts/cd/storageadapter/templates/_helpers.tpl
@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "storageadapter.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "storageadapter.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "storageadapter.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
--- a/scripts/cd/storageadapter/templates/deployment.yaml
+++ b/scripts/cd/storageadapter/templates/deployment.yaml
@ -0,0 +1,77 @@
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  name: {{ template "storageadapter.fullname" . }}
+  labels:
+    app: {{ template "storageadapter.name" . }}
+    chart: {{ template "storageadapter.chart" . }}
+    draft: {{ default "draft-app" .Values.draft }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ template "storageadapter.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "storageadapter.name" . }}
+        draft: {{ default "draft-app" .Values.draft }}
+        release: {{ .Release.Name }}
+      annotations:
+        buildID: {{ .Values.buildID }}
+    spec:
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.internalPort }} 
+              protocol: TCP
+          {{- if not .Values.disableProbes }}
+          livenessProbe:
+            httpGet:
+              path: /v1/status
+              port: http
+              periodSeconds: 120
+              initialDelaySeconds: 300
+          readinessProbe:
+            httpGet:
+              path: /v1/status
+              port: http
+              periodSeconds: 120
+              initialDelaySeconds: 300
+          {{- end }}
+          env:
+            {{- $root := . }}
+            {{- range $ref, $values := .Values.secrets }}
+            {{- range $key, $value := $values }}
+            - name: {{ $key }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "storageadapter.fullname" $root }}-{{ $ref | lower }}
+                  key: {{ $key }}
+            {{- end }}
+            {{- end }}
+          resources:
+{{ toYaml .Values.resources | indent 12 }}
+    {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    
--- a/scripts/cd/storageadapter/templates/ingress.yaml
+++ b/scripts/cd/storageadapter/templates/ingress.yaml
@ -0,0 +1,39 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "storageadapter.fullname" . -}}
+{{- $servicePort := .Values.service.externalPort -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    app: {{ template "storageadapter.name" . }}
+    chart: {{ template "storageadapter.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ . }}
+      http:
+        paths:
+          - path: {{ $ingressPath }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: {{ $servicePort }}
+  {{- end }}
+{{- end }}
--- a/Показать больше
+++ b/Показать больше