From fd672dfa475a9105df56ce812c686e0f9df05529 Mon Sep 17 00:00:00 2001
From: Richard Conway <richard@rconway.co.uk>
Date: Mon, 3 Aug 2020 11:16:19 +0000
Subject: [PATCH 1/9] Quickfix for the download of the kubectl terraform
 provider - now pinned to a specific release tag

---
 terraform/test/deployEOEPCA.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/terraform/test/deployEOEPCA.sh b/terraform/test/deployEOEPCA.sh
index e289bbcd..5d2eed94 100755
--- a/terraform/test/deployEOEPCA.sh
+++ b/terraform/test/deployEOEPCA.sh
@@ -61,7 +61,7 @@ KUBECTL_PLUGIN="terraform-provider-kubectl"
 if [ ! -x "$KUBECTL_PLUGIN" ]
 then
   echo Installing $KUBECTL_PLUGIN
-  curl -Ls https://api.github.com/repos/gavinbunney/terraform-provider-kubectl/releases/latest \
+  curl -Ls https://api.github.com/repos/gavinbunney/terraform-provider-kubectl/releases/tags/v1.5.1 \
     | jq -r '.assets[] | .browser_download_url | select(contains("linux-amd64"))' \
     | xargs -n 1 curl -Lo "$KUBECTL_PLUGIN"
   chmod +x "$KUBECTL_PLUGIN"

From fee2151d2b430a09106d2bc28c0d80dc58ced013 Mon Sep 17 00:00:00 2001
From: Richard Conway <richard@rconway.co.uk>
Date: Tue, 4 Aug 2020 14:35:48 +0000
Subject: [PATCH 2/9] Added install of chrome webdriver for acceptance tests

---
 test/acceptance/acceptance_tests.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/test/acceptance/acceptance_tests.sh b/test/acceptance/acceptance_tests.sh
index 71139f28..ddd472f5 100755
--- a/test/acceptance/acceptance_tests.sh
+++ b/test/acceptance/acceptance_tests.sh
@@ -26,6 +26,7 @@ function setup_venv() {
 }
 
 function install_robot_framework() {
+  # python components
   echo "INFO: Installing/updating Robot Framework and dependencies..."
   pip install -U robotframework \
   && pip install -U docutils \
@@ -33,6 +34,9 @@ function install_robot_framework() {
   && pip install -U robotframework-seleniumlibrary \
   && pip install -U robotframework-sshlibrary \
   && pip install -U webdrivermanager
+  # Chrome driver
+  echo "INFO: Installing chrome webdriver..."
+  webdrivermanager chrome:83.0.4103.39
 }
 
 function install_test_requirements() {

From 4911730030e844c35e8e4118a97ec31c9cf0f1ac Mon Sep 17 00:00:00 2001
From: Richard Conway <richard@rconway.co.uk>
Date: Tue, 4 Aug 2020 15:07:09 +0000
Subject: [PATCH 3/9] Updated paths in READMEs

---
 creodias/README.md   | 4 ++--
 kubernetes/README.md | 5 +++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/creodias/README.md b/creodias/README.md
index 81fefad6..387b849a 100644
--- a/creodias/README.md
+++ b/creodias/README.md
@@ -12,7 +12,7 @@ Terraform must be installed. See [terraform website](https://www.terraform.io/)
 
 Alternatively, use helper script [install-terraform.sh](../bin/install-terraform.sh)...
 ```
-$ ../bin/install-terraform.sh
+$ bin/install-terraform.sh
 ```
 
 ## OpenStack Client
@@ -53,7 +53,7 @@ The clouds.yaml must be placed in one of the following locations:
 
 ## Deployment Configuration
 
-Before initiating deployment, the file [eoepca.tfvars](./eoepca.tfvars) should be tailored to fit the specific needs of your target environment.
+Before initiating deployment, the file [creodias/eoepca.tfvars](./eoepca.tfvars) should be tailored to fit the specific needs of your target environment.
 
 ## Initiate Deployment
 
diff --git a/kubernetes/README.md b/kubernetes/README.md
index 749e629d..df0c6149 100644
--- a/kubernetes/README.md
+++ b/kubernetes/README.md
@@ -20,7 +20,7 @@ RKE must be installed. See [Rancher website](https://rancher.com/products/rke/)
 
 Alternatively, use helper script [install-rke.sh](../bin/install-rke.sh)...
 ```
-$ ../bin/install-rke.sh
+$ bin/install-rke.sh
 ```
 
 ## RKE Configuration
@@ -35,7 +35,8 @@ The helper script [create-cluster-config.sh](create-cluster-config.sh) automatic
 * configuration of connection via bastion
 
 ```
-$ ./create-cluster-config.sh
+$ cd kubernetes
+$ create-cluster-config.sh
 ```
 
 ## Create Kubernetes Cluster

From ecff8d08575c55f82012ea087526733436cd241d Mon Sep 17 00:00:00 2001
From: Richard Conway <richard@rconway.co.uk>
Date: Tue, 4 Aug 2020 15:08:42 +0000
Subject: [PATCH 4/9] Updated minikube setup to account for running natively in
 a VM

---
 minikube/README.md         | 10 ++++++++--
 minikube/setup-minikube.sh | 25 +++++++++++++++++++++----
 2 files changed, 29 insertions(+), 6 deletions(-)

diff --git a/minikube/README.md b/minikube/README.md
index af7cfa21..fb49103b 100644
--- a/minikube/README.md
+++ b/minikube/README.md
@@ -10,7 +10,7 @@ For k8s cluster adminstration the kubectl command must be installed. See [Kubern
 
 Alternatively, use helper script [install-kubectl.sh](../bin/install-kubectl.sh)...
 ```
-$ ../bin/install-kubectl.sh
+$ bin/install-kubectl.sh
 ```
 
 ## Install minikube
@@ -19,7 +19,13 @@ Minikube can be installed by following the instructions on the [Minikube website
 
 Alternatively, use helper script [setup-minikube.sh](./setup-minikube.sh) to download and install Minikube...
 ```
-$ ./setup-minikube.sh
+$ minikube/setup-minikube.sh
+```
+
+NOTE for running minikube in a VM...<br>
+The setup-minikube.sh script retains the default (preferred) dpeloyment of minikube as a docker container. This is not ideal if running minikube inside a VM. In this case it is better to run minikube natively inside VM using the 'none' driver, rather than the 'docker' driver. This can be achieved by running the script as follows...
+```
+$ minikube/setup-minikube.sh native
 ```
 
 ## Next Steps
diff --git a/minikube/setup-minikube.sh b/minikube/setup-minikube.sh
index 5e30617a..cb3f656b 100755
--- a/minikube/setup-minikube.sh
+++ b/minikube/setup-minikube.sh
@@ -13,9 +13,26 @@ echo "Download minikube..."
 curl -sLo $HOME/.local/bin/minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 \
   && chmod +x $HOME/.local/bin/minikube
 
-# start minikube
-# - default container runtime is docker - see https://minikube.sigs.k8s.io/docs/handbook/config/#runtime-configuration
-echo "Start minikube, and wait for cluster..."
-minikube start --addons ingress --wait "all"
+# minikube (native)
+if [ "$1" = "native" ]
+then
+  if hash conntrack
+  then
+    # start minikube
+    # - default container runtime is docker - see https://minikube.sigs.k8s.io/docs/handbook/config/#runtime-configuration
+    echo "Start minikube (native), and wait for cluster..."
+    sudo -E $HOME/.local/bin/minikube start --driver=none --addons ingress --wait "all"
+    sudo chown -R $USER $HOME/.kube $HOME/.minikube
+  else
+    echo "ERROR: conntrack must be installed for minikube driver='none', e.g. 'sudo apt install conntrack'. Aborting..."
+    exit 1
+  fi
+# minikube docker
+else
+  # start minikube
+  # - default container runtime is docker - see https://minikube.sigs.k8s.io/docs/handbook/config/#runtime-configuration
+  echo "Start minikube (default), and wait for cluster..."
+  minikube start --addons ingress --wait "all"
+fi
 
 echo "...READY"

From 6737b128c50ec38ea0b0041c15d708e7b6012e75 Mon Sep 17 00:00:00 2001
From: Richard Conway <richard@rconway.co.uk>
Date: Tue, 4 Aug 2020 15:44:03 +0000
Subject: [PATCH 5/9] Define static PersistentVolumes of type standard for
 proc, resman and userman.

---
 terraform/global/storage/processing.tf        | 25 ++++++++++++++++++-
 .../global/storage/resource-management.tf     | 25 ++++++++++++++++++-
 terraform/global/storage/user-management.tf   | 25 ++++++++++++++++++-
 3 files changed, 72 insertions(+), 3 deletions(-)

diff --git a/terraform/global/storage/processing.tf b/terraform/global/storage/processing.tf
index 4b4fe527..cd250fdd 100644
--- a/terraform/global/storage/processing.tf
+++ b/terraform/global/storage/processing.tf
@@ -1,5 +1,5 @@
 resource "kubernetes_persistent_volume" "eoepca_proc_pv" {
-  count = "${var.nfs_server_address == "none" ? 0 : 1}"
+  count = "${var.storage_class == "eoepca-nfs" ? 1 : 0}"
   metadata {
     name = "eoepca-proc-pv"
     labels = {
@@ -21,6 +21,29 @@ resource "kubernetes_persistent_volume" "eoepca_proc_pv" {
   }
 }
 
+resource "kubernetes_persistent_volume" "eoepca_proc_pv_host" {
+  count = "${var.storage_class == "standard" ? 1 : 0}"
+  metadata {
+    name = "eoepca-proc-pv-host"
+    labels = {
+      eoepca_type = "proc"
+    }
+  }
+  spec {
+    storage_class_name = "standard"
+    access_modes       = ["ReadWriteMany"]
+    capacity = {
+      storage = "5Gi"
+    }
+    persistent_volume_source {
+      host_path {
+        path = "/kubedata/proc"
+        type = "DirectoryOrCreate"
+      }
+    }
+  }
+}
+
 resource "kubernetes_persistent_volume_claim" "eoepca_pvc" {
   metadata {
     name = "eoepca-pvc"
diff --git a/terraform/global/storage/resource-management.tf b/terraform/global/storage/resource-management.tf
index b95cfdc7..a9342df8 100644
--- a/terraform/global/storage/resource-management.tf
+++ b/terraform/global/storage/resource-management.tf
@@ -1,5 +1,5 @@
 resource "kubernetes_persistent_volume" "eoepca_resman_pv" {
-  count = "${var.nfs_server_address == "none" ? 0 : 1}"
+  count = "${var.storage_class == "eoepca-nfs" ? 1 : 0}"
   metadata {
     name = "eoepca-resman-pv"
     labels = {
@@ -21,6 +21,29 @@ resource "kubernetes_persistent_volume" "eoepca_resman_pv" {
   }
 }
 
+resource "kubernetes_persistent_volume" "eoepca_resman_pv_host" {
+  count = "${var.storage_class == "standard" ? 1 : 0}"
+  metadata {
+    name = "eoepca-resman-pv-host"
+    labels = {
+      eoepca_type = "resman"
+    }
+  }
+  spec {
+    storage_class_name = "standard"
+    access_modes       = ["ReadWriteMany"]
+    capacity = {
+      storage = "5Gi"
+    }
+    persistent_volume_source {
+      host_path {
+        path = "/kubedata/resman"
+        type = "DirectoryOrCreate"
+      }
+    }
+  }
+}
+
 resource "kubernetes_persistent_volume_claim" "eoepca_resman_pvc" {
   metadata {
     name = "eoepca-resman-pvc"
diff --git a/terraform/global/storage/user-management.tf b/terraform/global/storage/user-management.tf
index ae481e1b..9511a730 100644
--- a/terraform/global/storage/user-management.tf
+++ b/terraform/global/storage/user-management.tf
@@ -1,5 +1,5 @@
 resource "kubernetes_persistent_volume" "eoepca_userman_pv" {
-  count = "${var.nfs_server_address == "none" ? 0 : 1}"
+  count = "${var.storage_class == "eoepca-nfs" ? 1 : 0}"
   metadata {
     name = "eoepca-userman-pv"
     labels = {
@@ -21,6 +21,29 @@ resource "kubernetes_persistent_volume" "eoepca_userman_pv" {
   }
 }
 
+resource "kubernetes_persistent_volume" "eoepca_userman_pv_host" {
+  count = "${var.storage_class == "standard" ? 1 : 0}"
+  metadata {
+    name = "eoepca-userman-pv-host"
+    labels = {
+      eoepca_type = "userman"
+    }
+  }
+  spec {
+    storage_class_name = "standard"
+    access_modes       = ["ReadWriteMany"]
+    capacity = {
+      storage = "5Gi"
+    }
+    persistent_volume_source {
+      host_path {
+        path = "/kubedata/userman"
+        type = "DirectoryOrCreate"
+      }
+    }
+  }
+}
+
 resource "kubernetes_persistent_volume_claim" "eoepca_userman_pvc" {
   metadata {
     name = "eoepca-userman-pvc"

From 3d076b6256546ea89e78c1fdaf6083d0d4054e24 Mon Sep 17 00:00:00 2001
From: Richard Conway <richard@rconway.co.uk>
Date: Tue, 4 Aug 2020 19:01:20 +0000
Subject: [PATCH 6/9] Fixes for running in minikube.

---
 minikube/setup-minikube.sh                      | 6 +++++-
 terraform/global/storage/processing.tf          | 8 ++++----
 terraform/global/storage/resource-management.tf | 8 ++++----
 terraform/global/storage/user-management.tf     | 8 ++++----
 terraform/test/deployEOEPCA.sh                  | 4 ++--
 test/acceptance/acceptance_tests.sh             | 7 +++++--
 6 files changed, 24 insertions(+), 17 deletions(-)

diff --git a/minikube/setup-minikube.sh b/minikube/setup-minikube.sh
index cb3f656b..63d98fbf 100755
--- a/minikube/setup-minikube.sh
+++ b/minikube/setup-minikube.sh
@@ -13,8 +13,12 @@ echo "Download minikube..."
 curl -sLo $HOME/.local/bin/minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 \
   && chmod +x $HOME/.local/bin/minikube
 
+# If MINIKUBE_MODE is not set, and USER is vagrant, deduce we are running in a VM, so use 'native' mode
+MINIKUBE_MODE="$1"
+if [ -z "${MINIKUBE_MODE}" -a "${USER}" = "vagrant" ]; then MINIKUBE_MODE="native"; fi
+
 # minikube (native)
-if [ "$1" = "native" ]
+if [ "${MINIKUBE_MODE}" = "native" ]
 then
   if hash conntrack
   then
diff --git a/terraform/global/storage/processing.tf b/terraform/global/storage/processing.tf
index cd250fdd..228f275b 100644
--- a/terraform/global/storage/processing.tf
+++ b/terraform/global/storage/processing.tf
@@ -15,14 +15,14 @@ resource "kubernetes_persistent_volume" "eoepca_proc_pv" {
     persistent_volume_source {
       nfs {
         server = var.nfs_server_address
-        path = "/data/proc"
+        path   = "/data/proc"
       }
     }
   }
 }
 
 resource "kubernetes_persistent_volume" "eoepca_proc_pv_host" {
-  count = "${var.storage_class == "standard" ? 1 : 0}"
+  count = "${var.storage_class == "eoepca-nfs" ? 0 : 1}"
   metadata {
     name = "eoepca-proc-pv-host"
     labels = {
@@ -30,7 +30,7 @@ resource "kubernetes_persistent_volume" "eoepca_proc_pv_host" {
     }
   }
   spec {
-    storage_class_name = "standard"
+    storage_class_name = var.storage_class
     access_modes       = ["ReadWriteMany"]
     capacity = {
       storage = "5Gi"
@@ -53,7 +53,7 @@ resource "kubernetes_persistent_volume_claim" "eoepca_pvc" {
   }
   spec {
     storage_class_name = var.storage_class
-    access_modes = ["ReadWriteMany"]
+    access_modes       = ["ReadWriteMany"]
     resources {
       requests = {
         storage = "3Gi"
diff --git a/terraform/global/storage/resource-management.tf b/terraform/global/storage/resource-management.tf
index a9342df8..56701a7d 100644
--- a/terraform/global/storage/resource-management.tf
+++ b/terraform/global/storage/resource-management.tf
@@ -15,14 +15,14 @@ resource "kubernetes_persistent_volume" "eoepca_resman_pv" {
     persistent_volume_source {
       nfs {
         server = var.nfs_server_address
-        path = "/data/resman"
+        path   = "/data/resman"
       }
     }
   }
 }
 
 resource "kubernetes_persistent_volume" "eoepca_resman_pv_host" {
-  count = "${var.storage_class == "standard" ? 1 : 0}"
+  count = "${var.storage_class == "eoepca-nfs" ? 0 : 1}"
   metadata {
     name = "eoepca-resman-pv-host"
     labels = {
@@ -30,7 +30,7 @@ resource "kubernetes_persistent_volume" "eoepca_resman_pv_host" {
     }
   }
   spec {
-    storage_class_name = "standard"
+    storage_class_name = var.storage_class
     access_modes       = ["ReadWriteMany"]
     capacity = {
       storage = "5Gi"
@@ -53,7 +53,7 @@ resource "kubernetes_persistent_volume_claim" "eoepca_resman_pvc" {
   }
   spec {
     storage_class_name = var.storage_class
-    access_modes = ["ReadWriteMany"]
+    access_modes       = ["ReadWriteMany"]
     resources {
       requests = {
         storage = "3Gi"
diff --git a/terraform/global/storage/user-management.tf b/terraform/global/storage/user-management.tf
index 9511a730..b2ee2d6b 100644
--- a/terraform/global/storage/user-management.tf
+++ b/terraform/global/storage/user-management.tf
@@ -15,14 +15,14 @@ resource "kubernetes_persistent_volume" "eoepca_userman_pv" {
     persistent_volume_source {
       nfs {
         server = var.nfs_server_address
-        path = "/data/userman"
+        path   = "/data/userman"
       }
     }
   }
 }
 
 resource "kubernetes_persistent_volume" "eoepca_userman_pv_host" {
-  count = "${var.storage_class == "standard" ? 1 : 0}"
+  count = "${var.storage_class == "eoepca-nfs" ? 0 : 1}"
   metadata {
     name = "eoepca-userman-pv-host"
     labels = {
@@ -30,7 +30,7 @@ resource "kubernetes_persistent_volume" "eoepca_userman_pv_host" {
     }
   }
   spec {
-    storage_class_name = "standard"
+    storage_class_name = var.storage_class
     access_modes       = ["ReadWriteMany"]
     capacity = {
       storage = "5Gi"
@@ -53,7 +53,7 @@ resource "kubernetes_persistent_volume_claim" "eoepca_userman_pvc" {
   }
   spec {
     storage_class_name = var.storage_class
-    access_modes = ["ReadWriteMany"]
+    access_modes       = ["ReadWriteMany"]
     resources {
       requests = {
         storage = "3Gi"
diff --git a/terraform/test/deployEOEPCA.sh b/terraform/test/deployEOEPCA.sh
index 5d2eed94..28215825 100755
--- a/terraform/test/deployEOEPCA.sh
+++ b/terraform/test/deployEOEPCA.sh
@@ -46,10 +46,10 @@ echo "Using PUBLIC_IP=${PUBLIC_IP}"
 echo "Using NFS_SERVER_ADDRESS=${NFS_SERVER_ADDRESS}"
 
 # Storage class
-# If using minikube then set storage class to 'standard' (host storage OK for dev testing)
+# If using minikube then set storage class to 'eoepca-host' (host storage OK for dev testing)
 if [ "${PUBLIC_IP}" = "${MINIKUBE_IP}" ]
 then
-  STORAGE_CLASS="${STORAGE_CLASS:-standard}"
+  STORAGE_CLASS="${STORAGE_CLASS:-eoepca-host}"
   echo "INFO: using minikube with IP ${MINIKUBE_IP} and storage class ${STORAGE_CLASS}"
 fi
 if [ -n "${STORAGE_CLASS}" ]; then VAR_STORAGE_CLASS="--var=storage_class=${STORAGE_CLASS}"; fi
diff --git a/test/acceptance/acceptance_tests.sh b/test/acceptance/acceptance_tests.sh
index ddd472f5..d271dd59 100755
--- a/test/acceptance/acceptance_tests.sh
+++ b/test/acceptance/acceptance_tests.sh
@@ -35,8 +35,11 @@ function install_robot_framework() {
   && pip install -U robotframework-sshlibrary \
   && pip install -U webdrivermanager
   # Chrome driver
-  echo "INFO: Installing chrome webdriver..."
-  webdrivermanager chrome:83.0.4103.39
+  if ! hash chromedriver 2>/dev/null
+  then
+    echo "INFO: Installing chrome webdriver..."
+    webdrivermanager chrome:83.0.4103.39
+  fi
 }
 
 function install_test_requirements() {

From a833a061fc8d51027c9128cb572a695bac4a2408 Mon Sep 17 00:00:00 2001
From: Richard Conway <richard@rconway.co.uk>
Date: Wed, 5 Aug 2020 08:39:50 +0000
Subject: [PATCH 7/9] Fix links in READMEs

---
 kubernetes/README.md     | 2 +-
 terraform/test/README.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/kubernetes/README.md b/kubernetes/README.md
index df0c6149..41bad80b 100644
--- a/kubernetes/README.md
+++ b/kubernetes/README.md
@@ -74,7 +74,7 @@ NOTE that, in order to use kubectl from your local platform, it is necessary to
 
 ## Access via Bastion host
 
-For administration the deployment VMs must be accessed through the bastion host (via its public floating IP). The default deployment installs the public key of the user as an authorized key in each VM to facilitate this. Further information [here](../creodias/README.md#access_via_bastion_host).
+For administration the deployment VMs must be accessed through the bastion host (via its public floating IP). The default deployment installs the public key of the user as an authorized key in each VM to facilitate this. Further information [here](../creodias/README.md#access-via-bastion-host).
 
 The ssh connection to the bastion can be used to establish a VPN from your local platform to the cluster using [sshuttle](https://sshuttle.readthedocs.io/en/stable/), for example...
 ```
diff --git a/terraform/test/README.md b/terraform/test/README.md
index 9cf742ea..d6201dac 100644
--- a/terraform/test/README.md
+++ b/terraform/test/README.md
@@ -33,7 +33,7 @@ There are some additional environment variables whose value is automatically ded
 
 ## Initiate Deployment
 
-The deployment uses the Terraform Kubernetes provider, that relies upon a working kubectl connection to the k8s cluster. Thus it is necessary to ensure that [Access via Bastion host](../../kubernetes/README.md#access_via_bastion_host) is established.
+The deployment uses the Terraform Kubernetes provider, that relies upon a working kubectl connection to the k8s cluster. Thus it is necessary to ensure that [Access via Bastion host](../../kubernetes/README.md#access-via-bastion-host) is established.
 
 Once the appropriate environment variables are configured, then the script is executed to initiate deployment...
 ```

From 24a568cf25358502fa193a1ecaae6240a3d17396 Mon Sep 17 00:00:00 2001
From: Richard Conway <richard@rconway.co.uk>
Date: Thu, 6 Aug 2020 10:57:55 +0100
Subject: [PATCH 8/9] Backport system-integration fixes from 'develop' into
 release/v0.1

---
 bin/install-terraform.sh                      |  2 +-
 minikube/setup-minikube.sh                    |  6 +-
 terraform/global/proc-ades/dependencies.tf    | 11 +---
 terraform/global/proc-ades/main.tf            |  4 +-
 terraform/global/rm-workspace/dependencies.tf | 11 +---
 terraform/global/rm-workspace/main.tf         | 19 +++++-
 .../global/rm-workspace/workspace-ingress.tf  |  1 -
 .../um-login-service/config/load-config.tf    | 16 +++--
 .../um-login-service/ldap/dependencies.tf     | 19 +-----
 .../um-login-service/ldap/opendj-init.tf      | 28 +++++---
 .../um-login-service/ldap/persistence.tf      |  8 ++-
 terraform/global/um-login-service/main.tf     |  2 +-
 .../um-login-service/nginx/dependencies.tf    | 23 +------
 .../global/um-login-service/nginx/nginx.tf    | 48 +++++++-------
 .../um-login-service/nginx/tls-secrets.tf     | 28 +++-----
 .../um-login-service/nginx/variables.tf       | 10 +--
 .../um-login-service/oxauth/dependencies.tf   |  9 +--
 .../um-login-service/oxauth/oxauth-np.tf      |  4 +-
 .../global/um-login-service/oxauth/oxauth.tf  | 32 ++++++----
 .../oxpassport/dependencies.tf                |  9 +--
 .../um-login-service/oxpassport/oxpassport.tf | 22 +++++--
 .../um-login-service/oxpassport/variables.tf  | 10 +--
 .../um-login-service/oxtrust/dependencies.tf  | 18 +-----
 .../um-login-service/oxtrust/oxtrust.tf       | 22 +++++--
 .../um-login-service/oxtrust/variables.tf     | 10 +--
 .../um-pep-engine/config/dependencies.tf      |  7 --
 .../global/um-pep-engine/config/variables.tf  | 12 ----
 .../global/um-pep-engine/dependencies.tf      |  3 +
 terraform/global/um-pep-engine/main.tf        |  6 --
 .../um-pep-engine/{config => }/pep-engine.tf  | 64 ++++++++++++++-----
 terraform/global/um-pep-engine/variables.tf   |  7 +-
 .../um-user-profile/config/dependencies.tf    |  8 ---
 .../um-user-profile/config/variables.tf       | 16 -----
 .../global/um-user-profile/dependencies.tf    |  3 +
 terraform/global/um-user-profile/main.tf      |  7 --
 .../{config => }/user-profile.tf              | 57 +++++++++--------
 terraform/global/um-user-profile/variables.tf |  9 ++-
 terraform/test/README.md                      |  3 +-
 terraform/test/main.tf                        | 11 ++--
 39 files changed, 281 insertions(+), 304 deletions(-)
 delete mode 100755 terraform/global/um-pep-engine/config/dependencies.tf
 delete mode 100755 terraform/global/um-pep-engine/config/variables.tf
 create mode 100755 terraform/global/um-pep-engine/dependencies.tf
 delete mode 100755 terraform/global/um-pep-engine/main.tf
 rename terraform/global/um-pep-engine/{config => }/pep-engine.tf (63%)
 delete mode 100755 terraform/global/um-user-profile/config/dependencies.tf
 delete mode 100755 terraform/global/um-user-profile/config/variables.tf
 create mode 100755 terraform/global/um-user-profile/dependencies.tf
 delete mode 100755 terraform/global/um-user-profile/main.tf
 rename terraform/global/um-user-profile/{config => }/user-profile.tf (76%)

diff --git a/bin/install-terraform.sh b/bin/install-terraform.sh
index 66095f86..f673be5a 100755
--- a/bin/install-terraform.sh
+++ b/bin/install-terraform.sh
@@ -13,7 +13,7 @@ if ! unzip --help >/dev/null 2>&1
 then
   sudo apt-get -y install unzip
 fi
-curl -sLo terraform.zip https://releases.hashicorp.com/terraform/0.12.26/terraform_0.12.26_linux_amd64.zip
+curl -sLo terraform.zip https://releases.hashicorp.com/terraform/0.12.29/terraform_0.12.29_linux_amd64.zip
 unzip terraform.zip
 rm -f terraform.zip
 chmod +x terraform
diff --git a/minikube/setup-minikube.sh b/minikube/setup-minikube.sh
index 63d98fbf..cd238100 100755
--- a/minikube/setup-minikube.sh
+++ b/minikube/setup-minikube.sh
@@ -10,7 +10,7 @@ mkdir -p $HOME/.local/bin
 
 # minikube: download and install locally
 echo "Download minikube..."
-curl -sLo $HOME/.local/bin/minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 \
+curl -sLo $HOME/.local/bin/minikube https://github.com/kubernetes/minikube/releases/download/v1.12.1/minikube-linux-amd64 \
   && chmod +x $HOME/.local/bin/minikube
 
 # If MINIKUBE_MODE is not set, and USER is vagrant, deduce we are running in a VM, so use 'native' mode
@@ -20,13 +20,13 @@ if [ -z "${MINIKUBE_MODE}" -a "${USER}" = "vagrant" ]; then MINIKUBE_MODE="nativ
 # minikube (native)
 if [ "${MINIKUBE_MODE}" = "native" ]
 then
-  if hash conntrack
+  if hash conntrack 2>/dev/null
   then
     # start minikube
     # - default container runtime is docker - see https://minikube.sigs.k8s.io/docs/handbook/config/#runtime-configuration
     echo "Start minikube (native), and wait for cluster..."
+    export CHANGE_MINIKUBE_NONE_USER=true
     sudo -E $HOME/.local/bin/minikube start --driver=none --addons ingress --wait "all"
-    sudo chown -R $USER $HOME/.kube $HOME/.minikube
   else
     echo "ERROR: conntrack must be installed for minikube driver='none', e.g. 'sudo apt install conntrack'. Aborting..."
     exit 1
diff --git a/terraform/global/proc-ades/dependencies.tf b/terraform/global/proc-ades/dependencies.tf
index 778aa568..9ca150e9 100644
--- a/terraform/global/proc-ades/dependencies.tf
+++ b/terraform/global/proc-ades/dependencies.tf
@@ -1,8 +1,3 @@
-resource "null_resource" "waitfor-login-service" {
-  depends_on = [ var.module_depends_on ]
-  provisioner "local-exec" {
-    command = <<EOT
-    until [ `kubectl logs service/oxauth | grep "Server:main: Started" | wc -l` -ge 1 ]; do echo "Waiting for Login Service" && sleep 30; done
-EOT
-  }
-}
\ No newline at end of file
+resource "null_resource" "waitfor-module-depends" {
+  depends_on = [var.module_depends_on]
+}
diff --git a/terraform/global/proc-ades/main.tf b/terraform/global/proc-ades/main.tf
index b9069185..e6608ff0 100644
--- a/terraform/global/proc-ades/main.tf
+++ b/terraform/global/proc-ades/main.tf
@@ -6,7 +6,7 @@ resource "kubernetes_deployment" "ades" {
       app = "ades"
     }
   }
-  depends_on = [ var.module_depends_on, null_resource.waitfor-login-service ]
+  depends_on = [null_resource.waitfor-module-depends]
 
   spec {
     replicas = 1
@@ -62,7 +62,7 @@ resource "kubernetes_service" "ades" {
       app = "ades"
     }
   }
-  depends_on = [ var.module_depends_on, null_resource.waitfor-login-service ]
+  depends_on = [kubernetes_deployment.ades]
 
   spec {
     port {
diff --git a/terraform/global/rm-workspace/dependencies.tf b/terraform/global/rm-workspace/dependencies.tf
index 778aa568..9ca150e9 100644
--- a/terraform/global/rm-workspace/dependencies.tf
+++ b/terraform/global/rm-workspace/dependencies.tf
@@ -1,8 +1,3 @@
-resource "null_resource" "waitfor-login-service" {
-  depends_on = [ var.module_depends_on ]
-  provisioner "local-exec" {
-    command = <<EOT
-    until [ `kubectl logs service/oxauth | grep "Server:main: Started" | wc -l` -ge 1 ]; do echo "Waiting for Login Service" && sleep 30; done
-EOT
-  }
-}
\ No newline at end of file
+resource "null_resource" "waitfor-module-depends" {
+  depends_on = [var.module_depends_on]
+}
diff --git a/terraform/global/rm-workspace/main.tf b/terraform/global/rm-workspace/main.tf
index 151c230c..1ed3f32e 100644
--- a/terraform/global/rm-workspace/main.tf
+++ b/terraform/global/rm-workspace/main.tf
@@ -6,7 +6,7 @@ resource "kubernetes_deployment" "workspace" {
       app = "workspace"
     }
   }
-  depends_on = [ var.module_depends_on, null_resource.waitfor-login-service ]
+  depends_on = [null_resource.waitfor-module-depends]
 
   spec {
     replicas = 1
@@ -75,7 +75,7 @@ resource "kubernetes_service" "workspace" {
       app = "workspace"
     }
   }
-  depends_on = [ var.module_depends_on, null_resource.waitfor-login-service ]
+  depends_on = [kubernetes_deployment.workspace]
 
   spec {
     port {
@@ -91,4 +91,19 @@ resource "kubernetes_service" "workspace" {
 
     type = "NodePort"
   }
+
+  provisioner "local-exec" {
+    command = <<-EOT
+      interval=$(( 5 ))
+      msgInterval=$(( 30 ))
+      step=$(( msgInterval / interval ))
+      count=$(( 0 ))
+      until kubectl logs service/workspace 2>/dev/null | grep "Nextcloud was successfully installed" >/dev/null 2>&1
+      do
+        test $(( count % step )) -eq 0 && echo "Waiting for service/workspace"
+        sleep $interval
+        count=$(( count + interval ))
+      done
+      EOT
+  }
 }
diff --git a/terraform/global/rm-workspace/workspace-ingress.tf b/terraform/global/rm-workspace/workspace-ingress.tf
index 3b7daf68..8c684e64 100644
--- a/terraform/global/rm-workspace/workspace-ingress.tf
+++ b/terraform/global/rm-workspace/workspace-ingress.tf
@@ -18,4 +18,3 @@ resource "kubernetes_ingress" "workspace" {
     }
   }
 }
-
diff --git a/terraform/global/um-login-service/config/load-config.tf b/terraform/global/um-login-service/config/load-config.tf
index 41ded5e6..f46fc263 100755
--- a/terraform/global/um-login-service/config/load-config.tf
+++ b/terraform/global/um-login-service/config/load-config.tf
@@ -2,7 +2,7 @@ resource "kubernetes_job" "config_init_load_job" {
   metadata {
     name = "config-init-load-job"
   }
-  depends_on = [ kubernetes_config_map.config-cm ]
+  depends_on = [kubernetes_config_map.config-cm]
 
   spec {
     template {
@@ -39,11 +39,11 @@ resource "kubernetes_job" "config_init_load_job" {
             name  = "GLUU_SECRET_ADAPTER"
             value = "kubernetes"
           }
-          
+
           volume_mount {
-            name       = "config-cm"
-            mount_path = "/opt/config-init/db/generate.json"
-            sub_path   = "generate.json"
+            name              = "config-cm"
+            mount_path        = "/opt/config-init/db/generate.json"
+            sub_path          = "generate.json"
             mount_propagation = "HostToContainer"
           }
         }
@@ -52,5 +52,9 @@ resource "kubernetes_job" "config_init_load_job" {
       }
     }
   }
+  wait_for_completion = true
+  timeouts {
+    create = "5m"
+    update = "5m"
+  }
 }
-
diff --git a/terraform/global/um-login-service/ldap/dependencies.tf b/terraform/global/um-login-service/ldap/dependencies.tf
index 40438b0e..9ca150e9 100644
--- a/terraform/global/um-login-service/ldap/dependencies.tf
+++ b/terraform/global/um-login-service/ldap/dependencies.tf
@@ -1,18 +1,3 @@
-resource "null_resource" "waitfor-opendj-init" {
-  depends_on = [ var.module_depends_on ]
-  provisioner "local-exec" {
-    command = <<EOT
-    until kubectl logs opendj-init-0 | grep "The Directory Server has started successfully"; do echo "Waiting for opendj-init0" && sleep 30; done
-EOT
-  } 
+resource "null_resource" "waitfor-module-depends" {
+  depends_on = [var.module_depends_on]
 }
-
-resource "null_resource" "waitfor-config-init" {
-  depends_on = [ var.module_depends_on ]
-
-  provisioner "local-exec" {
-    command = <<EOT
-    until kubectl get pods | grep "config-init" | grep "Completed"; do echo "Waiting for config-init pod" && sleep 30; done
-EOT
-  } # kubectl wait --for=condition=complete job/config-init-load-job --timeout=5m
-}
\ No newline at end of file
diff --git a/terraform/global/um-login-service/ldap/opendj-init.tf b/terraform/global/um-login-service/ldap/opendj-init.tf
index fda3a50f..492fc0e2 100755
--- a/terraform/global/um-login-service/ldap/opendj-init.tf
+++ b/terraform/global/um-login-service/ldap/opendj-init.tf
@@ -3,13 +3,11 @@ resource "kubernetes_config_map" "opendj_init_cm" {
     name = "opendj-init-cm"
   }
 
-  depends_on = [ null_resource.waitfor-config-init ]
-
   data = {
-    GLUU_CONFIG_ADAPTER = "kubernetes"
+    GLUU_CONFIG_ADAPTER      = "kubernetes"
     GLUU_LDAP_ADVERTISE_ADRR = "opendj"
     GLUU_LDAP_AUTO_REPLICATE = "false"
-    GLUU_SECRET_ADAPTER = "kubernetes"
+    GLUU_SECRET_ADAPTER      = "kubernetes"
   }
 }
 
@@ -22,10 +20,10 @@ resource "kubernetes_service" "opendj" {
     }
   }
 
-  depends_on = [ null_resource.waitfor-config-init ]
+  depends_on = [null_resource.waitfor-module-depends]
 
   spec {
-    
+
     port {
       name        = "ldaps"
       protocol    = "TCP"
@@ -67,7 +65,7 @@ resource "kubernetes_stateful_set" "opendj_init" {
     name = "opendj-init"
   }
 
-  depends_on = [ null_resource.waitfor-config-init ]
+  depends_on = [kubernetes_service.opendj]
 
   spec {
     replicas = 1
@@ -181,5 +179,19 @@ resource "kubernetes_stateful_set" "opendj_init" {
 
     service_name = "opendj"
   }
-}
 
+  provisioner "local-exec" {
+    command = <<-EOT
+      interval=$(( 5 ))
+      msgInterval=$(( 30 ))
+      step=$(( msgInterval / interval ))
+      count=$(( 0 ))
+      until kubectl logs opendj-init-0 2>/dev/null | grep "The Directory Server has started successfully" >/dev/null 2>&1
+      do
+        test $(( count % step )) -eq 0 && echo "Waiting for opendj-init0"
+        sleep $interval
+        count=$(( count + interval ))
+      done
+      EOT
+  }
+}
diff --git a/terraform/global/um-login-service/ldap/persistence.tf b/terraform/global/um-login-service/ldap/persistence.tf
index db4cf1c8..4839e5e8 100755
--- a/terraform/global/um-login-service/ldap/persistence.tf
+++ b/terraform/global/um-login-service/ldap/persistence.tf
@@ -3,7 +3,7 @@ resource "kubernetes_job" "um_login_persistence" {
     name = "um-login-persistence"
   }
 
-  depends_on = [ null_resource.waitfor-config-init, null_resource.waitfor-opendj-init ]
+  depends_on = [null_resource.waitfor-module-depends, kubernetes_stateful_set.opendj_init]
 
   spec {
     backoff_limit = 1
@@ -70,5 +70,9 @@ resource "kubernetes_job" "um_login_persistence" {
       }
     }
   }
+  wait_for_completion = true
+  timeouts {
+    create = "5m"
+    update = "5m"
+  }
 }
-
diff --git a/terraform/global/um-login-service/main.tf b/terraform/global/um-login-service/main.tf
index 7e4f3d24..b669719b 100644
--- a/terraform/global/um-login-service/main.tf
+++ b/terraform/global/um-login-service/main.tf
@@ -34,7 +34,7 @@ module "nginx" {
   source            = "./nginx"
   nginx_ip          = var.nginx_ip
   hostname          = var.hostname
-  module_depends_on = [module.ldap.ldap-up]
+  module_depends_on = [module.config.config-done]
 }
 
 module "oxauth" {
diff --git a/terraform/global/um-login-service/nginx/dependencies.tf b/terraform/global/um-login-service/nginx/dependencies.tf
index 392bf2ea..5ec1c1b6 100644
--- a/terraform/global/um-login-service/nginx/dependencies.tf
+++ b/terraform/global/um-login-service/nginx/dependencies.tf
@@ -1,20 +1,3 @@
-resource "null_resource" "waitfor-tls-secrets" {
-  depends_on = [ var.module_depends_on ]
-  provisioner "local-exec" {
-    command = <<EOT
-    #until kubectl get pods | grep "config-init" | grep "Completed"; do echo "Waiting for config-init pod" && sleep 30; done
-    
-EOT
-  } 
-} # kubectl wait --for=condition=complete job/config-init-load-job --timeout=10m
-# ../global/um-login-service/nginx/tls-secrets.sh
-
-resource "null_resource" "waitfor-persistence" {
-  depends_on = [ var.module_depends_on ]
-  provisioner "local-exec" {
-    command = <<EOT
-    until kubectl get pods | grep "persistence" | grep "Completed"; do echo "Waiting for persistence" && sleep 30; done
-    
-EOT
-  } 
-}# kubectl wait --for=condition=complete pod  -l job-name=persistence --timeout=10m
\ No newline at end of file
+resource "null_resource" "waitfor-config-init" {
+  depends_on = [var.module_depends_on]
+}
diff --git a/terraform/global/um-login-service/nginx/nginx.tf b/terraform/global/um-login-service/nginx/nginx.tf
index 58501797..c3378676 100755
--- a/terraform/global/um-login-service/nginx/nginx.tf
+++ b/terraform/global/um-login-service/nginx/nginx.tf
@@ -17,7 +17,7 @@ resource "kubernetes_ingress" "gluu_ingress_base" {
 
   spec {
     tls {
-      hosts       = [ var.hostname ]
+      hosts       = [var.hostname]
       secret_name = "tls-certificate"
     }
 
@@ -36,7 +36,7 @@ resource "kubernetes_ingress" "gluu_ingress_base" {
       }
     }
   }
-  depends_on = [ null_resource.waitfor-tls-secrets, null_resource.waitfor-persistence ]
+  depends_on = [kubernetes_secret.tls-certificate]
 }
 
 resource "kubernetes_ingress" "gluu_ingress_openid_configuration" {
@@ -58,12 +58,12 @@ resource "kubernetes_ingress" "gluu_ingress_openid_configuration" {
 
   spec {
     tls {
-      hosts       = [ var.hostname ]
+      hosts       = [var.hostname]
       secret_name = "tls-certificate"
     }
 
     rule {
-      host =  var.hostname 
+      host = var.hostname
 
       http {
         path {
@@ -77,7 +77,6 @@ resource "kubernetes_ingress" "gluu_ingress_openid_configuration" {
       }
     }
   }
-  depends_on = [ null_resource.waitfor-tls-secrets, null_resource.waitfor-persistence ]
 }
 
 resource "kubernetes_ingress" "gluu_ingress_uma_2__configuration" {
@@ -99,12 +98,12 @@ resource "kubernetes_ingress" "gluu_ingress_uma_2__configuration" {
 
   spec {
     tls {
-      hosts       = [ var.hostname ]
+      hosts       = [var.hostname]
       secret_name = "tls-certificate"
     }
 
     rule {
-      host =  var.hostname 
+      host = var.hostname
 
       http {
         path {
@@ -118,7 +117,7 @@ resource "kubernetes_ingress" "gluu_ingress_uma_2__configuration" {
       }
     }
   }
-  depends_on = [ null_resource.waitfor-tls-secrets, null_resource.waitfor-persistence ]
+  depends_on = [kubernetes_secret.tls-certificate]
 }
 
 resource "kubernetes_ingress" "gluu_ingress_webfinger" {
@@ -140,12 +139,12 @@ resource "kubernetes_ingress" "gluu_ingress_webfinger" {
 
   spec {
     tls {
-      hosts       = [ var.hostname ]
+      hosts       = [var.hostname]
       secret_name = "tls-certificate"
     }
 
     rule {
-      host =  var.hostname 
+      host = var.hostname
 
       http {
         path {
@@ -159,7 +158,7 @@ resource "kubernetes_ingress" "gluu_ingress_webfinger" {
       }
     }
   }
-  depends_on = [ null_resource.waitfor-tls-secrets, null_resource.waitfor-persistence ]
+  depends_on = [kubernetes_secret.tls-certificate]
 }
 
 resource "kubernetes_ingress" "gluu_ingress_simple_web_discovery" {
@@ -181,12 +180,12 @@ resource "kubernetes_ingress" "gluu_ingress_simple_web_discovery" {
 
   spec {
     tls {
-      hosts       = [ var.hostname ]
+      hosts       = [var.hostname]
       secret_name = "tls-certificate"
     }
 
     rule {
-      host =  var.hostname 
+      host = var.hostname
 
       http {
         path {
@@ -200,7 +199,7 @@ resource "kubernetes_ingress" "gluu_ingress_simple_web_discovery" {
       }
     }
   }
-  depends_on = [ null_resource.waitfor-tls-secrets, null_resource.waitfor-persistence ]
+  depends_on = [kubernetes_secret.tls-certificate]
 }
 
 resource "kubernetes_ingress" "gluu_ingress_scim_configuration" {
@@ -222,12 +221,12 @@ resource "kubernetes_ingress" "gluu_ingress_scim_configuration" {
 
   spec {
     tls {
-      hosts       = [ var.hostname ]
+      hosts       = [var.hostname]
       secret_name = "tls-certificate"
     }
 
     rule {
-      host =  var.hostname 
+      host = var.hostname
 
       http {
         path {
@@ -241,7 +240,7 @@ resource "kubernetes_ingress" "gluu_ingress_scim_configuration" {
       }
     }
   }
-  depends_on = [ null_resource.waitfor-tls-secrets, null_resource.waitfor-persistence ]
+  depends_on = [kubernetes_secret.tls-certificate]
 }
 
 resource "kubernetes_ingress" "gluu_ingress_fido_u_2_f_configuration" {
@@ -263,12 +262,12 @@ resource "kubernetes_ingress" "gluu_ingress_fido_u_2_f_configuration" {
 
   spec {
     tls {
-      hosts       = [ var.hostname ]
+      hosts       = [var.hostname]
       secret_name = "tls-certificate"
     }
 
     rule {
-      host =  var.hostname 
+      host = var.hostname
 
       http {
         path {
@@ -282,7 +281,7 @@ resource "kubernetes_ingress" "gluu_ingress_fido_u_2_f_configuration" {
       }
     }
   }
-  depends_on = [ null_resource.waitfor-tls-secrets, null_resource.waitfor-persistence ]
+  depends_on = [kubernetes_secret.tls-certificate]
 }
 
 resource "kubernetes_ingress" "gluu_ingress" {
@@ -300,12 +299,12 @@ resource "kubernetes_ingress" "gluu_ingress" {
 
   spec {
     tls {
-      hosts       = [ var.hostname ]
+      hosts       = [var.hostname]
       secret_name = "tls-certificate"
     }
 
     rule {
-      host =  var.hostname 
+      host = var.hostname
 
       http {
         path {
@@ -319,7 +318,7 @@ resource "kubernetes_ingress" "gluu_ingress" {
       }
     }
   }
-  depends_on = [ null_resource.waitfor-tls-secrets, null_resource.waitfor-persistence ]
+  depends_on = [kubernetes_secret.tls-certificate]
 }
 
 resource "kubernetes_ingress" "gluu_ingress_stateful" {
@@ -382,6 +381,5 @@ resource "kubernetes_ingress" "gluu_ingress_stateful" {
       }
     }
   }
-  depends_on = [ null_resource.waitfor-tls-secrets, null_resource.waitfor-persistence ]
+  depends_on = [kubernetes_secret.tls-certificate]
 }
-
diff --git a/terraform/global/um-login-service/nginx/tls-secrets.tf b/terraform/global/um-login-service/nginx/tls-secrets.tf
index 85f29c87..8fa9ac15 100644
--- a/terraform/global/um-login-service/nginx/tls-secrets.tf
+++ b/terraform/global/um-login-service/nginx/tls-secrets.tf
@@ -7,43 +7,37 @@ resource "tls_private_key" "key" {
 # Instead, generate a private key file outside of Terraform and distribute it securely to the system where Terraform will be run.
 
 resource "local_file" "dhparam_pem" {
-  content = tls_private_key.key.public_key_pem
+  content  = tls_private_key.key.public_key_pem
   filename = "./dhparam.pem"
 }
 
 resource "kubernetes_secret" "tls-dhparam" {
   metadata {
-     name = "tls-dhparam"
-   }
-  
+    name = "tls-dhparam"
+  }
+
   data = {
     "dhparam.pem" = local_file.dhparam_pem.content
   }
 
   type = "kubernetes.io/generic"
-
-  depends_on = [ null_resource.waitfor-tls-secrets, null_resource.waitfor-persistence ]
 } # secret generic tls-dhparam --from-file=dhparam.pem
 
 data "kubernetes_secret" "gluu" {
   metadata {
     name = "gluu"
   }
-  depends_on = [ null_resource.waitfor-tls-secrets, null_resource.waitfor-persistence ]
-} 
+  depends_on = [null_resource.waitfor-config-init]
+}
 
 resource "local_file" "ingress_crt" {
-  content = data.kubernetes_secret.gluu.data.ssl_cert
+  content  = data.kubernetes_secret.gluu.data.ssl_cert
   filename = "./ingress.crt"
-
-  depends_on = [ null_resource.waitfor-tls-secrets, null_resource.waitfor-persistence ]
-}# kubectl get secret gluu -o json | grep '\"ssl_cert' | awk -F '"' '{print $4}' | base64 --decode > ingress.crt
+} # kubectl get secret gluu -o json | grep '\"ssl_cert' | awk -F '"' '{print $4}' | base64 --decode > ingress.crt
 
 resource "local_file" "ingress_key" {
-  content = data.kubernetes_secret.gluu.data.ssl_key
+  content  = data.kubernetes_secret.gluu.data.ssl_key
   filename = "./ingress.key"
-
-  depends_on = [ null_resource.waitfor-tls-secrets, null_resource.waitfor-persistence ]
 } # kubectl get secret gluu -o json | grep '\"ssl_key' | awk -F '"' '{print $4}' | base64 --decode > ingress.key
 
 resource "kubernetes_secret" "tls-certificate" {
@@ -57,6 +51,4 @@ resource "kubernetes_secret" "tls-certificate" {
   }
 
   type = "kubernetes.io/tls"
-
-  depends_on = [ null_resource.waitfor-tls-secrets, null_resource.waitfor-persistence ]
-} # kubectl create secret tls tls-certificate --key ingress.key --cert ingress.crt
\ No newline at end of file
+} # kubectl create secret tls tls-certificate --key ingress.key --cert ingress.crt
diff --git a/terraform/global/um-login-service/nginx/variables.tf b/terraform/global/um-login-service/nginx/variables.tf
index ef50be86..edf9ca16 100644
--- a/terraform/global/um-login-service/nginx/variables.tf
+++ b/terraform/global/um-login-service/nginx/variables.tf
@@ -1,9 +1,9 @@
 variable "nginx_ip" {
-    type = string
+  type = string
 }
 
 variable "hostname" {
-    type = string
+  type = string
 }
 
 variable "module_depends_on" {
@@ -11,6 +11,6 @@ variable "module_depends_on" {
 }
 
 output "nginx-done" {
-  value = true
-  depends_on = [ kubernetes_ingress.gluu_ingress_scim_configuration ]
-}
\ No newline at end of file
+  value      = true
+  depends_on = [kubernetes_ingress.gluu_ingress_scim_configuration]
+}
diff --git a/terraform/global/um-login-service/oxauth/dependencies.tf b/terraform/global/um-login-service/oxauth/dependencies.tf
index 571fca1e..9ca150e9 100644
--- a/terraform/global/um-login-service/oxauth/dependencies.tf
+++ b/terraform/global/um-login-service/oxauth/dependencies.tf
@@ -1,8 +1,3 @@
-resource "null_resource" "waitfor-persistence" {
-  depends_on = [ var.module_depends_on ]
-  provisioner "local-exec" {
-    command = <<EOT
-    until kubectl get pods | grep "persistence" | grep "Completed"; do echo "Waiting for persistence" && sleep 30; done
-EOT
-  } 
+resource "null_resource" "waitfor-module-depends" {
+  depends_on = [var.module_depends_on]
 }
diff --git a/terraform/global/um-login-service/oxauth/oxauth-np.tf b/terraform/global/um-login-service/oxauth/oxauth-np.tf
index 30720b35..4281d5a3 100755
--- a/terraform/global/um-login-service/oxauth/oxauth-np.tf
+++ b/terraform/global/um-login-service/oxauth/oxauth-np.tf
@@ -5,8 +5,8 @@
 #     name = "oxauth-np"
 #   }
 
-#   depends_on = [ null_resource.waitfor-persistence ]
-  
+#   depends_on = [ null_resource.waitfor-module-depends ]
+
 #   spec {
 #     pod_selector {
 #       match_labels = {
diff --git a/terraform/global/um-login-service/oxauth/oxauth.tf b/terraform/global/um-login-service/oxauth/oxauth.tf
index 0cb63fa6..8be25e87 100755
--- a/terraform/global/um-login-service/oxauth/oxauth.tf
+++ b/terraform/global/um-login-service/oxauth/oxauth.tf
@@ -3,8 +3,6 @@ resource "kubernetes_config_map" "oxauth_cm" {
     name = "oxauth-cm"
   }
 
-  depends_on = [ null_resource.waitfor-persistence ]
-  
   data = {
     DOMAIN                   = var.hostname
     GLUU_CONFIG_ADAPTER      = "kubernetes"
@@ -21,8 +19,8 @@ resource "kubernetes_service" "oxauth" {
     labels = { app = "oxauth" }
   }
 
-  depends_on = [ null_resource.waitfor-persistence ]
-  
+  depends_on = [kubernetes_deployment.oxauth]
+
   spec {
     port {
       name = "oxauth"
@@ -30,10 +28,20 @@ resource "kubernetes_service" "oxauth" {
     }
     selector = { app = "oxauth" }
   }
+
   provisioner "local-exec" {
-    command = <<EOT
-      until [ `kubectl logs service/oxauth | grep "Server:main: Started" | wc -l` -ge 1 ]; do echo "Waiting for service/oxauth" && sleep 30; done
-    EOT
+    command = <<-EOT
+      interval=$(( 5 ))
+      msgInterval=$(( 30 ))
+      step=$(( msgInterval / interval ))
+      count=$(( 0 ))
+      until kubectl logs service/oxauth 2>/dev/null | grep "Server:main: Started" >/dev/null 2>&1
+      do
+        test $(( count % step )) -eq 0 && echo "Waiting for service/oxauth"
+        sleep $interval
+        count=$(( count + interval ))
+      done
+      EOT
   }
 }
 
@@ -43,8 +51,8 @@ resource "kubernetes_deployment" "oxauth" {
     labels = { app = "oxauth" }
   }
 
-  depends_on = [ null_resource.waitfor-persistence ]
-  
+  depends_on = [null_resource.waitfor-module-depends]
+
   spec {
     replicas = 1
     selector {
@@ -55,9 +63,9 @@ resource "kubernetes_deployment" "oxauth" {
         labels = { app = "oxauth" }
       }
       spec {
-  
+
         automount_service_account_token = true
-        
+
         volume {
           name = "vol-userman"
 
@@ -101,7 +109,7 @@ resource "kubernetes_deployment" "oxauth" {
         }
         host_aliases {
           ip        = var.nginx_ip
-          hostnames = [ var.hostname ]
+          hostnames = [var.hostname]
         }
       }
     }
diff --git a/terraform/global/um-login-service/oxpassport/dependencies.tf b/terraform/global/um-login-service/oxpassport/dependencies.tf
index 571fca1e..9ca150e9 100644
--- a/terraform/global/um-login-service/oxpassport/dependencies.tf
+++ b/terraform/global/um-login-service/oxpassport/dependencies.tf
@@ -1,8 +1,3 @@
-resource "null_resource" "waitfor-persistence" {
-  depends_on = [ var.module_depends_on ]
-  provisioner "local-exec" {
-    command = <<EOT
-    until kubectl get pods | grep "persistence" | grep "Completed"; do echo "Waiting for persistence" && sleep 30; done
-EOT
-  } 
+resource "null_resource" "waitfor-module-depends" {
+  depends_on = [var.module_depends_on]
 }
diff --git a/terraform/global/um-login-service/oxpassport/oxpassport.tf b/terraform/global/um-login-service/oxpassport/oxpassport.tf
index 951cdf2a..ba0aab31 100755
--- a/terraform/global/um-login-service/oxpassport/oxpassport.tf
+++ b/terraform/global/um-login-service/oxpassport/oxpassport.tf
@@ -3,8 +3,6 @@ resource "kubernetes_config_map" "oxpassport_cm" {
     name = "oxpassport-cm"
   }
 
-  depends_on = [null_resource.waitfor-persistence]
-
   data = {
     DOMAIN                = var.hostname
     GLUU_CONFIG_ADAPTER   = "kubernetes"
@@ -23,7 +21,7 @@ resource "kubernetes_service" "oxpassport" {
     }
   }
 
-  depends_on = [null_resource.waitfor-persistence]
+  depends_on = [kubernetes_deployment.oxpassport]
 
   spec {
     port {
@@ -35,6 +33,21 @@ resource "kubernetes_service" "oxpassport" {
       app = "oxpassport"
     }
   }
+
+  provisioner "local-exec" {
+    command = <<-EOT
+      interval=$(( 5 ))
+      msgInterval=$(( 30 ))
+      step=$(( msgInterval / interval ))
+      count=$(( 0 ))
+      until kubectl logs service/oxpassport 2>/dev/null | grep "Server listening on" >/dev/null 2>&1
+      do
+        test $(( count % step )) -eq 0 && echo "Waiting for service/oxpassport"
+        sleep $interval
+        count=$(( count + interval ))
+      done
+      EOT
+  }
 }
 
 resource "kubernetes_deployment" "oxpassport" {
@@ -46,7 +59,7 @@ resource "kubernetes_deployment" "oxpassport" {
     }
   }
 
-  depends_on = [null_resource.waitfor-persistence]
+  depends_on = [null_resource.waitfor-module-depends]
 
   timeouts {
     create = "10m"
@@ -116,4 +129,3 @@ resource "kubernetes_deployment" "oxpassport" {
     }
   }
 }
-
diff --git a/terraform/global/um-login-service/oxpassport/variables.tf b/terraform/global/um-login-service/oxpassport/variables.tf
index ab7ebbd1..93c96f34 100644
--- a/terraform/global/um-login-service/oxpassport/variables.tf
+++ b/terraform/global/um-login-service/oxpassport/variables.tf
@@ -1,9 +1,9 @@
 variable "nginx_ip" {
-    type = string
+  type = string
 }
 
 variable "hostname" {
-    type = string
+  type = string
 }
 
 variable "module_depends_on" {
@@ -11,6 +11,6 @@ variable "module_depends_on" {
 }
 
 output "oxpassport-up" {
-  value = true
-  depends_on = [ kubernetes_service.oxpassport ]
-}
\ No newline at end of file
+  value      = true
+  depends_on = [kubernetes_service.oxpassport]
+}
diff --git a/terraform/global/um-login-service/oxtrust/dependencies.tf b/terraform/global/um-login-service/oxtrust/dependencies.tf
index 7d6d4cba..9ca150e9 100644
--- a/terraform/global/um-login-service/oxtrust/dependencies.tf
+++ b/terraform/global/um-login-service/oxtrust/dependencies.tf
@@ -1,17 +1,3 @@
-resource "null_resource" "waitfor-persistence" {
-  depends_on = [ var.module_depends_on ]
-  provisioner "local-exec" {
-    command = <<EOT
-    until kubectl get pods | grep "persistence" | grep "Completed"; do echo "Waiting for persistence" && sleep 30; done
-EOT
-  } 
-}
-
-resource "null_resource" "waitfor-oxauth" {
-  depends_on = [ var.module_depends_on ]
-  provisioner "local-exec" {
-    command = <<EOT
-    until [ `kubectl logs service/oxauth | grep "Server:main: Started" | wc -l` -ge 1 ]; do echo "Waiting for service/oxauth" && sleep 30; done
-  EOT
-  }
+resource "null_resource" "waitfor-module-depends" {
+  depends_on = [var.module_depends_on]
 }
diff --git a/terraform/global/um-login-service/oxtrust/oxtrust.tf b/terraform/global/um-login-service/oxtrust/oxtrust.tf
index 83f07e49..f338c23c 100755
--- a/terraform/global/um-login-service/oxtrust/oxtrust.tf
+++ b/terraform/global/um-login-service/oxtrust/oxtrust.tf
@@ -3,8 +3,6 @@ resource "kubernetes_config_map" "oxtrust_cm" {
     name = "oxtrust-cm"
   }
 
-  depends_on = [null_resource.waitfor-persistence]
-
   data = {
     DOMAIN                = var.hostname
     GLUU_CONFIG_ADAPTER   = "kubernetes"
@@ -24,7 +22,7 @@ resource "kubernetes_service" "oxtrust" {
     }
   }
 
-  depends_on = [null_resource.waitfor-persistence, null_resource.waitfor-oxauth]
+  depends_on = [null_resource.waitfor-module-depends]
 
   spec {
     port {
@@ -49,7 +47,7 @@ resource "kubernetes_stateful_set" "oxtrust" {
     }
   }
 
-  depends_on = [kubernetes_service.oxtrust, null_resource.waitfor-persistence]
+  depends_on = [kubernetes_service.oxtrust]
 
   spec {
     replicas = 1
@@ -129,5 +127,19 @@ resource "kubernetes_stateful_set" "oxtrust" {
 
     service_name = "oxtrust"
   }
-}
 
+  provisioner "local-exec" {
+    command = <<-EOT
+      interval=$(( 5 ))
+      msgInterval=$(( 30 ))
+      step=$(( msgInterval / interval ))
+      count=$(( 0 ))
+      until kubectl logs service/oxtrust 2>/dev/null | grep "Server:main: Started" >/dev/null 2>&1
+      do
+        test $(( count % step )) -eq 0 && echo "Waiting for service/oxtrust"
+        sleep $interval
+        count=$(( count + interval ))
+      done
+      EOT
+  }
+}
diff --git a/terraform/global/um-login-service/oxtrust/variables.tf b/terraform/global/um-login-service/oxtrust/variables.tf
index f71e2e39..0991ac39 100644
--- a/terraform/global/um-login-service/oxtrust/variables.tf
+++ b/terraform/global/um-login-service/oxtrust/variables.tf
@@ -1,9 +1,9 @@
 variable "nginx_ip" {
-    type = string
+  type = string
 }
 
 variable "hostname" {
-    type = string
+  type = string
 }
 
 variable "module_depends_on" {
@@ -11,6 +11,6 @@ variable "module_depends_on" {
 }
 
 output "oxtrust-up" {
-  value = true
-  depends_on = [ kubernetes_service.oxtrust ]
-}
\ No newline at end of file
+  value      = true
+  depends_on = [kubernetes_stateful_set.oxtrust]
+}
diff --git a/terraform/global/um-pep-engine/config/dependencies.tf b/terraform/global/um-pep-engine/config/dependencies.tf
deleted file mode 100755
index 13032490..00000000
--- a/terraform/global/um-pep-engine/config/dependencies.tf
+++ /dev/null
@@ -1,7 +0,0 @@
-resource "null_resource" "waitfor-login-service" {
-  provisioner "local-exec" {
-    command = <<EOT
-    until [ `kubectl logs service/oxauth | grep "Server:main: Started" | wc -l` -ge 1 ]; do echo "Waiting for Login Service" && sleep 30; done
-EOT
-  } 
-}
\ No newline at end of file
diff --git a/terraform/global/um-pep-engine/config/variables.tf b/terraform/global/um-pep-engine/config/variables.tf
deleted file mode 100755
index 2afa4ae0..00000000
--- a/terraform/global/um-pep-engine/config/variables.tf
+++ /dev/null
@@ -1,12 +0,0 @@
-variable "nginx_ip" {
-    type = string
-}
-
-variable "hostname" {
-    type = string
-}
-
-output "config-done" {
-  value = true
-  depends_on = [ kubernetes_service.pep-engine ]
-}
\ No newline at end of file
diff --git a/terraform/global/um-pep-engine/dependencies.tf b/terraform/global/um-pep-engine/dependencies.tf
new file mode 100755
index 00000000..9ca150e9
--- /dev/null
+++ b/terraform/global/um-pep-engine/dependencies.tf
@@ -0,0 +1,3 @@
+resource "null_resource" "waitfor-module-depends" {
+  depends_on = [var.module_depends_on]
+}
diff --git a/terraform/global/um-pep-engine/main.tf b/terraform/global/um-pep-engine/main.tf
deleted file mode 100755
index dca9ec56..00000000
--- a/terraform/global/um-pep-engine/main.tf
+++ /dev/null
@@ -1,6 +0,0 @@
-# Apply Pep Engine
-module "config" {
-  source   = "./config"
-  nginx_ip = var.nginx_ip
-  hostname = var.hostname
-}
diff --git a/terraform/global/um-pep-engine/config/pep-engine.tf b/terraform/global/um-pep-engine/pep-engine.tf
similarity index 63%
rename from terraform/global/um-pep-engine/config/pep-engine.tf
rename to terraform/global/um-pep-engine/pep-engine.tf
index 2efa18c7..eabd6ab6 100755
--- a/terraform/global/um-pep-engine/config/pep-engine.tf
+++ b/terraform/global/um-pep-engine/pep-engine.tf
@@ -2,9 +2,6 @@ resource "kubernetes_config_map" "pep_engine_cm" {
   metadata {
     name = "um-pep-engine-config"
   }
-
-  depends_on = [null_resource.waitfor-login-service]
-
   data = {
     PEP_REALM                    = "eoepca"
     PEP_AUTH_SERVER_URL          = "${join("", ["http://", var.hostname])}"
@@ -19,16 +16,14 @@ resource "kubernetes_config_map" "pep_engine_cm" {
   }
 }
 
-
-
-
 resource "kubernetes_ingress" "gluu_ingress_pep_engine" {
   metadata {
     name = "gluu-ingress-pep-engine"
 
     annotations = {
-      "kubernetes.io/ingress.class"              = "nginx"
-      "nginx.ingress.kubernetes.io/ssl-redirect" = "false"
+      "kubernetes.io/ingress.class"                = "nginx"
+      "nginx.ingress.kubernetes.io/ssl-redirect"   = "false"
+      "nginx.ingress.kubernetes.io/rewrite-target" = "/$2"
     }
   }
 
@@ -38,7 +33,7 @@ resource "kubernetes_ingress" "gluu_ingress_pep_engine" {
 
       http {
         path {
-          path = "/pep"
+          path = "/pep(/|$)(.*)"
 
           backend {
             service_name = "pep-engine"
@@ -56,7 +51,7 @@ resource "kubernetes_service" "pep-engine" {
     labels = { app = "pep-engine" }
   }
 
-  depends_on = [null_resource.waitfor-login-service]
+  depends_on = [kubernetes_deployment.pep-engine]
 
   spec {
     type = "NodePort"
@@ -74,15 +69,31 @@ resource "kubernetes_service" "pep-engine" {
     }
     selector = { app = "pep-engine" }
   }
+
+  provisioner "local-exec" {
+    command = <<-EOT
+      interval=$(( 5 ))
+      msgInterval=$(( 30 ))
+      step=$(( msgInterval / interval ))
+      count=$(( 0 ))
+      until kubectl logs service/pep-engine pep-engine 2>/dev/null | grep "Running on http://0.0.0.0" >/dev/null 2>&1
+      do
+        test $(( count % step )) -eq 0 && echo "Waiting for service/pep-engine"
+        sleep $interval
+        count=$(( count + interval ))
+      done
+      EOT
+  }
 }
 
+
 resource "kubernetes_deployment" "pep-engine" {
   metadata {
     name   = "pep-engine"
     labels = { app = "pep-engine" }
   }
 
-  depends_on = [null_resource.waitfor-login-service]
+  depends_on = [null_resource.waitfor-module-depends]
 
   spec {
     replicas = 1
@@ -99,15 +110,14 @@ resource "kubernetes_deployment" "pep-engine" {
 
         volume {
           name = "vol-userman"
-
           persistent_volume_claim {
             claim_name = "eoepca-userman-pvc"
           }
         }
-
         container {
           name  = "pep-engine"
-          image = "eoepca/um-pep-engine:v0.1.1"
+          image = "eoepca/um-pep-engine:latest"
+
           port {
             container_port = 5566
             name           = "http-pep"
@@ -123,11 +133,32 @@ resource "kubernetes_deployment" "pep-engine" {
           }
           volume_mount {
             name       = "vol-userman"
-            mount_path = "/opt/gluu/jetty/pep-engine/logs"
-            sub_path   = "pep-engine/logs"
+            mount_path = "/data/db/resource"
+            sub_path   = "pep-engine/db/resource"
           }
           image_pull_policy = "Always"
         }
+        container {
+          name  = "mongo"
+          image = "mongo"
+          port {
+            container_port = 27017
+            name           = "http-rp"
+          }
+
+          env_from {
+            config_map_ref {
+              name = "um-pep-engine-config"
+            }
+          }
+          volume_mount {
+            name       = "vol-userman"
+            mount_path = "/data/db/resource"
+            sub_path   = "pep-engine/db/resource"
+          }
+          image_pull_policy = "Always"
+        }
+
         host_aliases {
           ip        = var.nginx_ip
           hostnames = [var.hostname]
@@ -136,4 +167,3 @@ resource "kubernetes_deployment" "pep-engine" {
     }
   }
 }
-
diff --git a/terraform/global/um-pep-engine/variables.tf b/terraform/global/um-pep-engine/variables.tf
index fde1510b..7da4bbb3 100755
--- a/terraform/global/um-pep-engine/variables.tf
+++ b/terraform/global/um-pep-engine/variables.tf
@@ -1,10 +1,9 @@
 variable "nginx_ip" {
-  type    = string
-  default = "0.0.0.0"
+  type = string
 }
 
 variable "hostname" {
-  type    = string
+  type = string
 }
 
 variable "module_depends_on" {
@@ -13,5 +12,5 @@ variable "module_depends_on" {
 
 output "um-pep-engine-up" {
   value      = true
-  depends_on = [module.config]
+  depends_on = [kubernetes_service.pep-engine]
 }
diff --git a/terraform/global/um-user-profile/config/dependencies.tf b/terraform/global/um-user-profile/config/dependencies.tf
deleted file mode 100755
index b7315511..00000000
--- a/terraform/global/um-user-profile/config/dependencies.tf
+++ /dev/null
@@ -1,8 +0,0 @@
-resource "null_resource" "waitfor-login-service" {
-  depends_on = [ var.config_module_depends_on ]
-  provisioner "local-exec" {
-    command = <<EOT
-    until [ `kubectl logs service/oxauth | grep "Server:main: Started" | wc -l` -ge 1 ]; do echo "Waiting for Login Service" && sleep 30; done
-EOT
-  } 
-}
diff --git a/terraform/global/um-user-profile/config/variables.tf b/terraform/global/um-user-profile/config/variables.tf
deleted file mode 100755
index 1e12fa0b..00000000
--- a/terraform/global/um-user-profile/config/variables.tf
+++ /dev/null
@@ -1,16 +0,0 @@
-variable "nginx_ip" {
-    type = string
-}
-
-variable "hostname" {
-    type = string
-}
-
-variable "config_module_depends_on" {
-  type = any
-}
-
-output "um-user-profile-up" {
-  value = true
-  depends_on = [ kubernetes_service.user-profile ]
-}
\ No newline at end of file
diff --git a/terraform/global/um-user-profile/dependencies.tf b/terraform/global/um-user-profile/dependencies.tf
new file mode 100755
index 00000000..9ca150e9
--- /dev/null
+++ b/terraform/global/um-user-profile/dependencies.tf
@@ -0,0 +1,3 @@
+resource "null_resource" "waitfor-module-depends" {
+  depends_on = [var.module_depends_on]
+}
diff --git a/terraform/global/um-user-profile/main.tf b/terraform/global/um-user-profile/main.tf
deleted file mode 100755
index 28fb3061..00000000
--- a/terraform/global/um-user-profile/main.tf
+++ /dev/null
@@ -1,7 +0,0 @@
-# Apply User Profile
-module "config" {
-  source   = "./config"
-  nginx_ip = var.nginx_ip
-  hostname = var.hostname
-  config_module_depends_on = [ var.module_depends_on ]
-}
diff --git a/terraform/global/um-user-profile/config/user-profile.tf b/terraform/global/um-user-profile/user-profile.tf
similarity index 76%
rename from terraform/global/um-user-profile/config/user-profile.tf
rename to terraform/global/um-user-profile/user-profile.tf
index e0b5f67e..a07bdb34 100755
--- a/terraform/global/um-user-profile/config/user-profile.tf
+++ b/terraform/global/um-user-profile/user-profile.tf
@@ -2,7 +2,6 @@ resource "kubernetes_config_map" "user_profile_cm" {
   metadata {
     name = "um-user-profile-config"
   }
-  depends_on = [ null_resource.waitfor-login-service ]
 
   data = {
     UP_SSO_URL                  = var.hostname
@@ -30,20 +29,19 @@ resource "kubernetes_config_map" "user_profile_cm" {
   }
 }
 
-
 resource "kubernetes_ingress" "gluu_ingress_user_profile_static" {
   metadata {
     name = "gluu-ingress-user-profile-static"
 
     annotations = {
-      "kubernetes.io/ingress.class" = "nginx"
+      "kubernetes.io/ingress.class"              = "nginx"
       "nginx.ingress.kubernetes.io/ssl-redirect" = "false"
     }
   }
 
   spec {
     rule {
-      host =  var.hostname
+      host = var.hostname
 
       http {
         path {
@@ -59,20 +57,19 @@ resource "kubernetes_ingress" "gluu_ingress_user_profile_static" {
   }
 }
 
-
 resource "kubernetes_ingress" "gluu_ingress_user_profile" {
   metadata {
     name = "gluu-ingress-user-profile"
 
     annotations = {
-      "kubernetes.io/ingress.class" = "nginx"
+      "kubernetes.io/ingress.class"              = "nginx"
       "nginx.ingress.kubernetes.io/ssl-redirect" = "false"
     }
   }
 
   spec {
     rule {
-      host =  var.hostname 
+      host = var.hostname
 
       http {
         path {
@@ -88,32 +85,43 @@ resource "kubernetes_ingress" "gluu_ingress_user_profile" {
   }
 }
 
-
-
-
-
 resource "kubernetes_service" "user-profile" {
   metadata {
     name   = "user-profile"
     labels = { app = "user-profile" }
   }
-  depends_on = [ null_resource.waitfor-login-service ]
+  depends_on = [kubernetes_deployment.user-profile]
 
   spec {
     type = "NodePort"
 
     port {
-      name = "http-up"
-      port = 5566
+      name        = "http-up"
+      port        = 5566
       target_port = 5566
     }
     port {
-      name = "https-up"
-      port = 1028
+      name        = "https-up"
+      port        = 1028
       target_port = 443
     }
     selector = { app = "user-profile" }
   }
+
+  provisioner "local-exec" {
+    command = <<-EOT
+      interval=$(( 5 ))
+      msgInterval=$(( 30 ))
+      step=$(( msgInterval / interval ))
+      count=$(( 0 ))
+      until kubectl logs service/user-profile 2>/dev/null | grep "Running on http://0.0.0.0" >/dev/null 2>&1
+      do
+        test $(( count % step )) -eq 0 && echo "Waiting for service/user-profile"
+        sleep $interval
+        count=$(( count + interval ))
+      done
+      EOT
+  }
 }
 
 resource "kubernetes_deployment" "user-profile" {
@@ -122,7 +130,7 @@ resource "kubernetes_deployment" "user-profile" {
     name   = "user-profile"
     labels = { app = "user-profile" }
   }
-  depends_on = [ null_resource.waitfor-login-service ]
+  depends_on = [null_resource.waitfor-module-depends]
 
   spec {
     replicas = 1
@@ -134,7 +142,7 @@ resource "kubernetes_deployment" "user-profile" {
         labels = { app = "user-profile" }
       }
       spec {
-  
+
         automount_service_account_token = true
 
         volume {
@@ -156,11 +164,11 @@ resource "kubernetes_deployment" "user-profile" {
           image = "eoepca/um-user-profile:v0.1.1"
           port {
             container_port = 5566
-            name = "http-up"
+            name           = "http-up"
           }
           port {
             container_port = 443
-            name = "https-up"
+            name           = "https-up"
           }
           env_from {
             config_map_ref {
@@ -168,9 +176,9 @@ resource "kubernetes_deployment" "user-profile" {
             }
           }
           volume_mount {
-            name       = "um-user-profile-config"
-            mount_path = "/opt/user-profile/db/um-user-profile-config"
-            sub_path   = "um-user-profile-config"
+            name              = "um-user-profile-config"
+            mount_path        = "/opt/user-profile/db/um-user-profile-config"
+            sub_path          = "um-user-profile-config"
             mount_propagation = "HostToContainer"
           }
           volume_mount {
@@ -182,10 +190,9 @@ resource "kubernetes_deployment" "user-profile" {
         }
         host_aliases {
           ip        = var.nginx_ip
-          hostnames = [ var.hostname ]
+          hostnames = [var.hostname]
         }
       }
     }
   }
 }
-
diff --git a/terraform/global/um-user-profile/variables.tf b/terraform/global/um-user-profile/variables.tf
index e45d61c5..5692eb9c 100755
--- a/terraform/global/um-user-profile/variables.tf
+++ b/terraform/global/um-user-profile/variables.tf
@@ -1,10 +1,9 @@
 variable "nginx_ip" {
-  type    = string
-  default = "0.0.0.0"
+  type = string
 }
 
 variable "hostname" {
-  type    = string
+  type = string
 }
 
 variable "module_depends_on" {
@@ -12,6 +11,6 @@ variable "module_depends_on" {
 }
 
 output "um-user-profile-up" {
-  value      = module.config.um-user-profile-up
-  depends_on = [module.config]
+  value      = true
+  depends_on = [kubernetes_service.user-profile]
 }
diff --git a/terraform/test/README.md b/terraform/test/README.md
index d6201dac..9c6d20a2 100644
--- a/terraform/test/README.md
+++ b/terraform/test/README.md
@@ -22,7 +22,8 @@ The deployment is initiated via script [deployEOEPCA.sh](deployEOEPCA.sh).
 The script is configured through the following environment variables, that can be set either by editing the script directly, or exporting them before running [deployEOEPCA.sh](deployEOEPCA.sh):
 * `DOCKER_EMAIL`: Email of the account with access to the Dockerhub EOEPCA repository
 * `DOCKER_USERNAME`: User name of the account with access to the Dockerhub EOEPCA repository
-* `DOCKER_PASSWORD`: Password of the account with access to the Dockerhub EOEPCA repository
+* `DOCKER_PASSWORD`: Password of the account with access to the Dockerhub EOEPCA repository<br>
+  *NOTE that the above DOCKER_XXX environment variables are not currently used, and so can be left unset.*
 * `WSPACE_USERNAME`: User name of the account with access to the workspace. Defaults to 'eoepca' if not set
 * `WSPACE_PASSWORD`: Password of the workspace account. Defaults to 'telespazio' if not set<br>
   *NOTE that the Workspace component is a stub (using [Nextcloud](https://nextcloud.com/)) that is instantiated within the cluster to support the stage-out of the ADES component using WebDAV. Hence, the credentials used are not important.*
diff --git a/terraform/test/main.tf b/terraform/test/main.tf
index c9b4b945..4fe0e2bf 100644
--- a/terraform/test/main.tf
+++ b/terraform/test/main.tf
@@ -1,5 +1,6 @@
 provider "kubernetes" {
   # When no host is specified this provider reads ~./kube/config
+  version = "~> 1.12"
 }
 
 provider "kubectl" {
@@ -31,7 +32,7 @@ module "nfs-provisioner" {
 module "storage" {
   source             = "../global/storage"
   nfs_server_address = var.nfs_server_address
-  storage_class = var.storage_class
+  storage_class      = var.storage_class
 }
 
 module "um-login-service" {
@@ -45,14 +46,14 @@ module "um-pep-engine" {
   source            = "../global/um-pep-engine"
   nginx_ip          = var.public_ip
   hostname          = var.hostname
-  module_depends_on = [module.um-login-service]
+  module_depends_on = [module.um-login-service.um-login-service-up]
 }
 
 module "um-user-profile" {
   source            = "../global/um-user-profile"
   nginx_ip          = var.public_ip
   hostname          = var.hostname
-  module_depends_on = [module.um-login-service, module.um-pep-engine]
+  module_depends_on = [module.um-login-service.um-login-service-up]
 }
 
 module "proc-ades" {
@@ -63,7 +64,7 @@ module "proc-ades" {
   wspace_user_name     = var.wspace_user_name
   wspace_user_password = var.wspace_user_password
   hostname             = var.hostname
-  module_depends_on    = [module.um-login-service, module.um-pep-engine, module.um-user-profile]
+  module_depends_on    = []
 }
 
 module "rm-workspace" {
@@ -71,5 +72,5 @@ module "rm-workspace" {
   wspace_user_name     = var.wspace_user_name
   wspace_user_password = var.wspace_user_password
   hostname             = var.hostname
-  module_depends_on    = [module.proc-ades]
+  module_depends_on    = []
 }

From ff174b9454ffac53e55b94817568e15cc45a2927 Mon Sep 17 00:00:00 2001
From: Richard Conway <richard@rconway.co.uk>
Date: Thu, 6 Aug 2020 11:47:29 +0100
Subject: [PATCH 9/9] System release 0.1.1

---
 README.md                                                | 3 ++-
 release-notes/release-0.1.1.md                           | 9 +++++++++
 .../01__ADES/eo_metadata_generation_1_0.json             | 2 +-
 3 files changed, 12 insertions(+), 2 deletions(-)
 create mode 100644 release-notes/release-0.1.1.md

diff --git a/README.md b/README.md
index 5c8c77d6..0ca43593 100644
--- a/README.md
+++ b/README.md
@@ -71,7 +71,7 @@ The EOEPCA system deployment comprises several steps. Instructions are provided
 
 The first step is to clone this repository to your local platform...
 ```
-$ git clone --branch v0.1 git@github.com:EOEPCA/eoepca.git
+$ git clone --branch v0.1.1 git@github.com:EOEPCA/eoepca.git
 ```
 NOTE that this clones the specific tag that is well tested. For the latest development branch the `--branch` option should be omitted.
 
@@ -124,6 +124,7 @@ Not started yet
 
 EOEPCA system releases are made to provide integrated deployments of the developed building blocks. The release history is as follows:
 
+* 06/08/2020 - [Release 0.1.1](release-notes/release-0.1.1.md)
 * 22/06/2020 - [Release 0.1](release-notes/release-0.1.md)
 
 <!-- ISSUES -->
diff --git a/release-notes/release-0.1.1.md b/release-notes/release-0.1.1.md
new file mode 100644
index 00000000..341f4238
--- /dev/null
+++ b/release-notes/release-0.1.1.md
@@ -0,0 +1,9 @@
+# EOEPCA System - Release 0.1.1
+
+Release 0.1.1 is a minor version release that includes system-level integration and deployment fixes back-ported from the main development branch.
+
+The scope & functionality, and hence the component versions, are unchanged from release 0.1 whose description is in the [Release 0.1 Release Note](release-0.1.md).
+
+## Further Information
+
+For further project information, including details of how to make a deployment of the EOEPCA system, please see the [main project page](../README.md).
diff --git a/test/acceptance/02__Processing/01__ADES/eo_metadata_generation_1_0.json b/test/acceptance/02__Processing/01__ADES/eo_metadata_generation_1_0.json
index 557a0569..95c8d59e 100644
--- a/test/acceptance/02__Processing/01__ADES/eo_metadata_generation_1_0.json
+++ b/test/acceptance/02__Processing/01__ADES/eo_metadata_generation_1_0.json
@@ -7,7 +7,7 @@
           "mimeType": "application/xml"
         },
         "value": {
-          "inlineValue": "https://raw.githubusercontent.com/EOEPCA/eoepca/v0.1/test/acceptance/02__Processing/01__ADES/eo_metadata_generation_1_0.xml"
+          "inlineValue": "https://raw.githubusercontent.com/EOEPCA/eoepca/v0.1.1/test/acceptance/02__Processing/01__ADES/eo_metadata_generation_1_0.xml"
         }
       }
     }