1860 files changed, 19704 insertions, 15306 deletions

diff --git a/.gitignore b/.gitignore
index fcf3cdd96f..11c7e801d7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,9 +1,15 @@
+# auto generated certificates
+kubernetes/platform/components/oom-cert-service/resources/*.jks
+kubernetes/platform/components/oom-cert-service/resources/*.p12
+kubernetes/platform/components/oom-cert-service/resources/*.crt
+
 # Unit tests
 __snapshot__
 
 # Application
 kubernetes/config/onap-parameters.yaml
 kubernetes/dist/*
+kubernetes/common/dist/*
 requirements.lock
 **/charts/*.tgz
 *.orig
diff --git a/docs/environments_onap_demo.yaml b/docs/environments_onap_demo.yaml
index 9846e3717e..cbb8f01d22 100644
--- a/docs/environments_onap_demo.yaml
+++ b/docs/environments_onap_demo.yaml
@@ -13,7 +13,7 @@ global:
   repository: nexus3.onap.org:10001
   repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
   # readiness check
-  readinessRepository: oomk8s
+  readinessImage: onap/oom/readiness:3.0.1
   # logging agent
   loggingRepository: docker.elastic.co
 
diff --git a/docs/hardcoded_certificates.csv b/docs/hardcoded_certificates.csv
new file mode 100644
index 0000000000..762956febd
--- /dev/null
+++ b/docs/hardcoded_certificates.csv
@@ -0,0 +1,32 @@
+Project,ONAP Certificate,Own Certificate,MSB Certificate,Path
+AAF,No,Yes,No,aaf/charts/aaf-cert-service/resources/
+AAF,Yes,No,No,aaf/components/aaf-sms/resources/certs/intermediate_root_ca.pem
+AAI,Yes,No,No,aai/oom/resources/config/haproxy/aai.pem
+AAI,Yes,No,No,aai/oom/resources/config/aai/aai_keystore
+AAI/SEARCH-DATA,Yes,No,No,aai/oom/components/aai-search-data/resources/config/auth/tomcat_keystore
+AAI/SPARKY-BE,Yes,No,No,aai/oom/components/aai-spary-be/resources/config/auth/org.onap.aai.p12
+AAI/BABEL,No,Yes,No,aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore
+AAI/MODEL-LOADER,Yes,Yes,No,aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore
+APPC,Yes,No,No,kubernetes/appc/resources/config/certs/org.onap.appc.keyfile
+APPC,Yes,No,No,kubernetes/appc/resources/config/certs/org.onap.appc.p12
+certInitializer,Yes,No,No,kubernetes/common/certInitializer/resources
+MSB,Yes,No?,Yes,kubernetes/msb/resources/config/certificates
+MUSIC,Yes,No?,No?,kubernetes/common/music/charts/music/resources/keys/
+SDC,Yes,No?,No?,kubernetes/sdc/resources/cert
+SO,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/BPMN,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/Catalog,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/Monitoring,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/OpenStack,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/RequestDb,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/SDC,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/SDNC,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/VE/VNFM,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/VFC,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/VNFM,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/VNFM,No,Yes?,Yes,kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks
+VID,No,Yes,No,kubernetes/vid/resources/cert
+OOF/OOF-CMSO,Yes,No,No,kubernetes/oof/charts/oof-cmso/resources/certs
+OOF/OOF-HAS,Yes,No,No,kubernetes/oof/charts/oof-has/resources/config
+OOF/OOF-OSDF,Yes,No,No,kubernetes/oof/resources/config
+CLI,No,Yes,No,kubernetes/cli/resources/certificates
diff --git a/docs/index.rst b/docs/index.rst
index c933a726fb..c3902ecae0 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -1,6 +1,7 @@
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
 .. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2018 Amdocs, Bell Canada
+.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung
 .. _master_index:
 
 
diff --git a/docs/oom_cloud_setup_guide.rst b/docs/oom_cloud_setup_guide.rst
index 2c6eb9a5f8..9a34036727 100644
--- a/docs/oom_cloud_setup_guide.rst
+++ b/docs/oom_cloud_setup_guide.rst
@@ -1,7 +1,7 @@
 .. This work is licensed under a Creative Commons Attribution 4.0
 .. International License.
 .. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2019 Amdocs, Bell Canada
+.. Copyright 2019-2020 Amdocs, Bell Canada, Orange, Samsung
 .. _oom_cloud_setup_guide:
 
 .. Links
@@ -92,9 +92,9 @@ Cloud Installation
 ..    - IBM, and
 ..    - `Openstack`_.
 ..
-.. #. Alternatively, OOM can be deployed on a private set of physical hosts or VMs
-..    (or even a combination of the two). The following guides describe how to
-..    create a Kubernetes cluster with popular tools:
+.. #. Alternatively, OOM can be deployed on a private set of physical hosts or
+..    VMs (or even a combination of the two). The following guides describe how
+..    to create a Kubernetes cluster with popular tools:
 ..
 ..    - `Setting up Kubernetes with Rancher`_ (recommended)
 ..    - `Setting up Kubernetes with Kubeadm`_
@@ -104,4 +104,5 @@ OOM can be deployed on a private set of physical hosts or VMs (or even a
 combination of the two). The following guide describe the recommended method to
 setup a Kubernetes cluster: :ref:`onap-on-kubernetes-with-rancher`.
 
-There are alternative deployment methods described on the `Cloud Native Deployment Wiki`_
+There are alternative deployment methods described on the
+`Cloud Native Deployment Wiki`_
diff --git a/docs/oom_developer_guide.rst b/docs/oom_developer_guide.rst
index 3cced83f62..fccf453925 100644
--- a/docs/oom_developer_guide.rst
+++ b/docs/oom_developer_guide.rst
@@ -1,6 +1,7 @@
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
 .. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2018 Amdocs, Bell Canada
+.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung
 
 .. Links
 .. _Helm: https://docs.helm.sh/
@@ -164,7 +165,8 @@ components and in themselves can be quite complex.
 You can use either `charts` or `components` folder for your subcomponents.
 `charts` folder means that the subcomponent will always been deployed.
 
-`components` folders means we can choose if we want to deploy the sub component.
+`components` folders means we can choose if we want to deploy the
+subcomponent.
 
 This choice is done in root `values.yaml`:
 
@@ -451,10 +453,10 @@ It would render the following Service Resource (for a component named
       app.kubernetes.io/instance:  my-deployment-name-of-my-component
     type: NodePort
 
-In the deployment or statefulSet file, you needs to set the good labels in order
-for the service to match the pods.
+In the deployment or statefulSet file, you needs to set the good labels in
+order for the service to match the pods.
 
-here's an example to be sure it matchs (for a statefulSet):
+here's an example to be sure it matches (for a statefulSet):
 
 .. code-block:: yaml
 
@@ -637,7 +639,7 @@ SO deployment specification excerpt:
       spec:
         initContainers:
         - command:
-          - /root/ready.py
+          - /app/ready.py
           args:
           - --container-name
           - so-mariadb
@@ -1010,7 +1012,7 @@ MSB service discovery. The following is a brief description of how this
 integration will be done:
 
 A registrator to push the service endpoint info to MSB service
-discovery. 
+discovery.
 
 -  The needed service endpoint info is put into the kubernetes yaml file
    as annotation, including service name, Protocol,version, visual
diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst
index d853244283..9f6aa1ff0e 100644
--- a/docs/oom_hardcoded_certificates.rst
+++ b/docs/oom_hardcoded_certificates.rst
@@ -1,9 +1,10 @@
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
 .. http://creativecommons.org/licenses/by/4.0
 .. Copyright 2018 Amdocs, Bell Canada, 2020 Nokia Solutions and Networks
 
 .. Links
-.. _hardcoded-certiticates-label:
+.. _hardcoded-certificates-label:
 
 ONAP Hardcoded certificates
 ###########################
@@ -11,68 +12,5 @@ ONAP Hardcoded certificates
 ONAP current installation have hardcoded certificates.
 Here's the list of these certificates:
 
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | Project          | ONAP Certificate | Own Certificate  | MSB Certificate | Path                                                                     |
- +==================+==================+==================+=================+==========================================================================+
- | AAF              | No               | Yes              | No              | aaf/charts/aaf-cert-service/resources/                                   |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | AAF              | Yes              | No               | No              | aaf/components/aaf-sms/resources/certs/intermediate_root_ca.pem          |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | AAI              | Yes              | No               | No              | aai/oom/resources/config/haproxy/aai.pem                                 |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | AAI              | Yes              | No               | No              | aai/oom/resources/config/aai/aai_keystore                                |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | AAI/SEARCH-DATA  | Yes              | No               | No              | aai/oom/components/aai-search-data/resources/config/auth/tomcat_keystore |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | AAI/SPARKY-BE    | Yes              | No               | No              | aai/oom/components/aai-spary-be/resources/config/auth/org.onap.aai.p12   |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | AAI/BABEL        | No               | Yes              | No              | aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore       |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | AAI/MODEL-LOADER | Yes              | Yes              | No              | aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | APPC             | Yes              | No               | No              | kubernetes/appc/resources/config/certs/org.onap.appc.keyfile             |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | APPC             | Yes              | No               | No              | kubernetes/appc/resources/config/certs/org.onap.appc.p12                 |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | certInitializer  | Yes              | No               | No              | kubernetes/common/certInitializer/resources                              |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | MSB              | Yes              | No?              | Yes             | kubernetes/msb/resources/config/certificates                             |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | MUSIC            | Yes              | No?              | No?             | kubernetes/common/music/charts/music/resources/keys/                     |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SDC              | Yes              | No?              | No?             | kubernetes/sdc/resources/cert                                            |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO               | Yes              | No?              | Yes             | kubernetes/so/resources/config/certificates                              |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/BPMN          | Yes              | No?              | Yes             | kubernetes/so/resources/config/certificates                              |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/Catalog       | Yes              | No?              | Yes             | kubernetes/so/resources/config/certificates                              |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/Monitoring    | Yes              | No?              | Yes             | kubernetes/so/resources/config/certificates                              |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/OpenStack     | Yes              | No?              | Yes             | kubernetes/so/resources/config/certificates                              |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/RequestDb     | Yes              | No?              | Yes             | kubernetes/so/resources/config/certificates                              |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/SDC           | Yes              | No?              | Yes             | kubernetes/so/resources/config/certificates                              |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/SDNC          | Yes              | No?              | Yes             | kubernetes/so/resources/config/certificates                              |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/VE/VNFM       | Yes              | No?              | Yes             | kubernetes/so/resources/config/certificates                              |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/VFC           | Yes              | No?              | Yes             | kubernetes/so/resources/config/certificates                              |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/VNFM          | Yes              | No?              | Yes             | kubernetes/so/resources/config/certificates                              |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/VNFM          | No               | Yes?             | Yes             | kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks    |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | VID              | No               | Yes              | No              | kubernetes/vid/resources/cert                                            |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | OOF/OOF-CMSO     | Yes              | No               | No              | kubernetes/oof/charts/oof-cmso/resources/certs                           |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | OOF/OOF-HAS      | Yes              | No               | No              | kubernetes/oof/charts/oof-has/resources/config                           |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | OOF/OOF-OSDF     | Yes              | No               | No              | kubernetes/oof/resources/config                                          |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | CLI              | No               | Yes              | No              | kubernetes/cli/resources/certificates                                    |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
+.. csv-table::
+  :file: hardcoded_certificates.csv
diff --git a/docs/oom_project_description.rst b/docs/oom_project_description.rst
index 034d0a48c9..f1587b4eeb 100644
--- a/docs/oom_project_description.rst
+++ b/docs/oom_project_description.rst
@@ -1,6 +1,7 @@
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
 .. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2018 Amdocs, Bell Canada
+.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung
 .. _oom_project_description:
 
 ONAP Operations Manager Project
@@ -23,23 +24,28 @@ In summary OOM provides the following capabilities:
 
 - **Deploy** - with built-in component dependency management
 - **Configure** - unified configuration across all ONAP components
-- **Monitor** - real-time health monitoring feeding to a Consul UI and Kubernetes
+- **Monitor** - real-time health monitoring feeding to a Consul UI and
+  Kubernetes
 - **Heal**- failed ONAP containers are recreated automatically
 - **Scale** - cluster ONAP services to enable seamless scaling
-- **Upgrade** - change-out containers or configuration with little or no service impact
+- **Upgrade** - change-out containers or configuration with little or no
+  service impact
 - **Delete** - cleanup individual containers or entire deployments
 
 OOM supports a wide variety of Kubernetes private clouds - built with Rancher,
-Kubeadm or Cloudify - and public cloud infrastructures such as: Microsoft Azure,
-Amazon AWS, Google GCD, VMware VIO, and Openstack.
+Kubeadm or Cloudify - and public cloud infrastructures such as: Microsoft
+Azure, Amazon AWS, Google GCD, VMware VIO, and OpenStack.
 
-The OOM documentation is broken into four different areas each targeted at a different user:
+The OOM documentation is broken into four different areas each targeted at a
+different user:
 
 - :ref:`quick-start-label` - deploy ONAP on an existing cloud
 - :ref:`user-guide-label` - a guide for operators of an ONAP instance
 - :ref:`developer-guide-label` - a guide for developers of OOM and ONAP
-- :ref:`cloud-setup-guide-label` - a guide for those setting up cloud environments that ONAP will use
-- :ref:`hardcoded-certiticates-label` - the list of all hardcoded certificates sets in ONAP installation
+- :ref:`cloud-setup-guide-label` - a guide for those setting up cloud
+  environments that ONAP will use
+- :ref:`hardcoded-certificates-label` - the list of all hardcoded certificates
+  set in ONAP installation
 
 The :ref:`release_notes` for OOM describe the incremental features per release.
 
diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst
index 78af191872..5c0d5127bd 100644
--- a/docs/oom_quickstart_guide.rst
+++ b/docs/oom_quickstart_guide.rst
@@ -1,7 +1,7 @@
 .. This work is licensed under a
 .. Creative Commons Attribution 4.0 International License.
 .. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2019 Amdocs, Bell Canada
+.. Copyright 2019-2020 Amdocs, Bell Canada, Orange, Samsung
 .. _oom_quickstart_guide:
 .. _quick-start-label:
 
@@ -11,7 +11,7 @@ OOM Quick Start Guide
 .. figure:: oomLogoV2-medium.png
    :align: right
 
-Once a kubernetes environment is available (follow the instructions in
+Once a Kubernetes environment is available (follow the instructions in
 :ref:`cloud-setup-guide-label` if you don't have a cloud environment
 available), follow the following instructions to deploy ONAP.
 
@@ -20,7 +20,7 @@ available), follow the following instructions to deploy ONAP.
   > git clone -b <BRANCH> http://gerrit.onap.org/r/oom --recurse-submodules
   > cd oom/kubernetes
 
-where <BRANCH> can be an offical release tag, such as
+where <BRANCH> can be an official release tag, such as
 
 * 4.0.0-ONAP for Dublin
 * 5.0.1-ONAP for El Alto
@@ -31,9 +31,9 @@ where <BRANCH> can be an offical release tag, such as
   > sudo cp -R ~/oom/kubernetes/helm/plugins/ ~/.helm
 
 
-**Step 3.** Customize the helm charts like `oom/kubernetes/onap/values.yaml` or an override
-file like `onap-all.yaml`, `onap-vfw.yaml` or `openstack.yaml` file to suit your deployment
-with items like the OpenStack tenant information.
+**Step 3.** Customize the Helm charts like `oom/kubernetes/onap/values.yaml` or
+an override file like `onap-all.yaml`, `onap-vfw.yaml` or `openstack.yaml` file
+to suit your deployment with items like the OpenStack tenant information.
 
 .. note::
   Standard and example override files (e.g. `onap-all.yaml`, `openstack.yaml`) can be found in
@@ -44,15 +44,15 @@ with items like the OpenStack tenant information.
     the ``enabled: true/false`` flags.
 
 
- b. Encrypt the OpenStack password using the shell tool for robot and put it in
-    the robot helm charts or robot section of `openstack.yaml`
+ b. Encrypt the OpenStack password using the shell tool for Robot and put it in
+    the Robot Helm charts or Robot section of `openstack.yaml`
 
 
- c. Encrypt the OpenStack password using the java based script for SO helm charts
+ c. Encrypt the OpenStack password using the java based script for SO Helm charts
     or SO section of `openstack.yaml`.
 
 
- d. Update the OpenStack parameters that will be used by robot, SO and APPC helm
+ d. Update the OpenStack parameters that will be used by Robot, SO and APPC Helm
     charts or use an override file to replace them.
 
  e. Add in the command line a value for the global master password (global.masterPassword).
@@ -68,11 +68,11 @@ We have different values file available for different contexts.
 
 
 b. Generating ROBOT Encrypted Password:
-The ROBOT encrypted Password uses the same encryption.key as SO but an
+The Robot encrypted Password uses the same encryption.key as SO but an
 openssl algorithm that works with the python based Robot Framework.
 
 .. note::
-  To generate ROBOT ``openStackEncryptedPasswordHere``::
+  To generate Robot ``openStackEncryptedPasswordHere``::
 
     cd so/resources/config/mso/
     /oom/kubernetes/so/resources/config/mso# echo -n "<openstack tenant password>" | openssl aes-128-ecb -e -K `cat encryption.key` -nosalt | xxd -c 256 -p``
@@ -80,7 +80,7 @@ openssl algorithm that works with the python based Robot Framework.
 c. Generating SO Encrypted Password:
 The SO Encrypted Password uses a java based encryption utility since the
 Java encryption library is not easy to integrate with openssl/python that
-ROBOT uses in Dublin and upper versions.
+Robot uses in Dublin and upper versions.
 
 .. note::
   To generate SO ``openStackEncryptedPasswordHere`` and ``openStackSoEncryptedPassword``
@@ -101,32 +101,33 @@ ROBOT uses in Dublin and upper versions.
 
 d. Update the OpenStack parameters:
 
-There are assumptions in the demonstration VNF heat templates about the networking
-available in the environment. To get the most value out of these templates and the
-automation that can help confirm the setup is correct, please observe the following
-constraints.
+There are assumptions in the demonstration VNF Heat templates about the
+networking available in the environment. To get the most value out of these
+templates and the automation that can help confirm the setup is correct, please
+observe the following constraints.
 
 
 ``openStackPublicNetId:``
-  This network should allow heat templates to add interfaces.
-  This need not be an external network, floating IPs can be assigned to the ports on
-  the VMs that are created by the heat template but its important that neutron allow
-  ports to be created on them.
+  This network should allow Heat templates to add interfaces.
+  This need not be an external network, floating IPs can be assigned to the
+  ports on the VMs that are created by the heat template but its important that
+  neutron allow ports to be created on them.
 
 ``openStackPrivateNetCidr: "10.0.0.0/16"``
-  This ip address block is used to assign OA&M addresses on VNFs to allow ONAP connectivity.
-  The demonstration heat templates assume that 10.0 prefix can be used by the VNFs and the
-  demonstration ip addressing plan embodied in the preload template prevent conflicts when
-  instantiating the various VNFs. If you need to change this, you will need to modify the preload
-  data in the robot helm chart like integration_preload_parametes.py and the demo/heat/preload_data
-  in the robot container. The size of the CIDR should be sufficient for ONAP and the VMs you expect
-  to create.
+  This ip address block is used to assign OA&M addresses on VNFs to allow ONAP
+  connectivity. The demonstration Heat templates assume that 10.0 prefix can be
+  used by the VNFs and the demonstration ip addressing plan embodied in the
+  preload template prevent conflicts when instantiating the various VNFs. If
+  you need to change this, you will need to modify the preload data in the
+  Robot Helm chart like integration_preload_parameters.py and the
+  demo/heat/preload_data in the Robot container. The size of the CIDR should
+  be sufficient for ONAP and the VMs you expect to create.
 
 ``openStackOamNetworkCidrPrefix: "10.0"``
-  This ip prefix mush match the openStackPrivateNetCidr and is a helper variable to some of the
-  robot scripts for demonstration. A production deployment need not worry about this
-  setting but for the demonstration VNFs the ip asssignment strategy assumes 10.0 ip prefix.
-
+  This ip prefix mush match the openStackPrivateNetCidr and is a helper
+  variable to some of the Robot scripts for demonstration. A production
+  deployment need not worry about this setting but for the demonstration VNFs
+  the ip asssignment strategy assumes 10.0 ip prefix.
 
 Example Keystone v2.0
 
@@ -156,7 +157,11 @@ follows::
 
 **Step 6.** Build a local Helm repository (from the kubernetes directory)::
 
-  > make SKIP_LINT=TRUE all; make SKIP_LINT=TRUE onap
+  > make SKIP_LINT=TRUE [HELM_BIN=<HELM_PATH>] all ; make SKIP_LINT=TRUE [HELM_BIN=<HELM_PATH>] onap
+
+`HELM_BIN`
+  Sets the helm binary to be used. The default value use helm from PATH. Allow the user to have
+  multiple version of helm in operating system and choose which one to use.
 
 **Step 7.** Display the onap charts that available to be deployed::
 
@@ -165,7 +170,9 @@ follows::
 .. literalinclude:: helm-search.txt
 
 .. note::
-  The setup of the Helm repository is a one time activity. If you make changes to your deployment charts or values be sure to use ``make`` to update your local Helm repository.
+  The setup of the Helm repository is a one time activity. If you make changes
+  to your deployment charts or values be sure to use ``make`` to update your
+  local Helm repository.
 
 **Step 8.** Once the repo is setup, installation of ONAP can be done with a
 single command
@@ -189,26 +196,35 @@ To deploy all ONAP applications use this command::
     > cd oom/kubernetes
     >  helm deploy dev local/onap --namespace onap --set global.masterPassword=myAwesomePasswordThatINeedToChange -f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/environment.yaml -f onap/resources/overrides/openstack.yaml --timeout 900
 
-All override files may be customized (or replaced by other overrides) as per needs.
+All override files may be customized (or replaced by other overrides) as per
+needs.
 
 `onap-all.yaml`
-  Enables the modules in the ONAP deployment. As ONAP is very modular, it is possible to customize ONAP and disable some components through this configuration file.
+  Enables the modules in the ONAP deployment. As ONAP is very modular, it is
+  possible to customize ONAP and disable some components through this
+  configuration file.
 
 `onap-all-ingress-nginx-vhost.yaml`
-  Alternative version of the `onap-all.yaml` but with global ingress controller enabled. It requires the cluster configured with the nginx ingress controller and load balancer.
-  Please use this file instad `onap-all.yaml` if you want to use experimental ingress controller feature.
+  Alternative version of the `onap-all.yaml` but with global ingress controller
+  enabled. It requires the cluster configured with the nginx ingress controller
+  and load balancer. Please use this file instead `onap-all.yaml` if you want
+  to use experimental ingress controller feature.
 
 `environment.yaml`
   Includes configuration values specific to the deployment environment.
 
-  Example: adapt readiness and liveness timers to the level of performance of your infrastructure
+  Example: adapt readiness and liveness timers to the level of performance of
+  your infrastructure
 
 `openstack.yaml`
-  Includes all the Openstack related information for the default target tenant you want to use to deploy VNFs from ONAP and/or additional parameters for the embedded tests.
+  Includes all the OpenStack related information for the default target tenant
+  you want to use to deploy VNFs from ONAP and/or additional parameters for the
+  embedded tests.
 
 **Step 9.** Verify ONAP installation
 
-Use the following to monitor your deployment and determine when ONAP is ready for use::
+Use the following to monitor your deployment and determine when ONAP is ready
+for use::
 
   > kubectl get pods -n onap -o=wide
 
@@ -219,7 +235,8 @@ Use the following to monitor your deployment and determine when ONAP is ready fo
 
     > ~/oom/kubernetes/robot/ete-k8s.sh onap health
 
-**Step 10.** Undeploy ONAP::
+**Step 10.** Undeploy ONAP
+::
 
   > helm undeploy dev --purge
 
diff --git a/docs/oom_setup_ingress_controller.rst b/docs/oom_setup_ingress_controller.rst
index a4abc2b390..c15171c7be 100644
--- a/docs/oom_setup_ingress_controller.rst
+++ b/docs/oom_setup_ingress_controller.rst
@@ -1,4 +1,5 @@
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
 .. http://creativecommons.org/licenses/by/4.0
 .. Copyright 2020, Samsung Electronics
 
@@ -20,9 +21,10 @@
 Ingress controller setup on HA Kubernetes Cluster
 #################################################
 
-This guide provides instruction how to setup experimental ingress controller feature.
-For this, we are hosting our cluster on OpenStack VMs and using the Rancher Kubernetes Engine (RKE)
-to deploy and manage our Kubernetes Cluster and ingress controller
+This guide provides instruction how to setup experimental ingress controller
+feature. For this, we are hosting our cluster on OpenStack VMs and using the
+Rancher Kubernetes Engine (RKE) to deploy and manage our Kubernetes Cluster and
+ingress controller
 
 .. contents::
    :depth: 1
@@ -33,127 +35,148 @@ The result at the end of this tutorial will be:
 
 #. Customization of the cluster.yaml file for ingress controller support
 
-#. Installation and configuration test DNS server for ingress host resolution on testing machines
+#. Installation and configuration test DNS server for ingress host resolution
+   on testing machines
 
-#. Instalation and configuration MLB (Metal Load Balancer) required for exposing ingress service
+#. Installation and configuration MLB (Metal Load Balancer) required for
+   exposing ingress service
 
-#. Instalation and configuration NGINX ingress controller
+#. Installation and configuration NGINX ingress controller
 
-#. Additional info howto deploy onap with services exposed via Ingress controller
+#. Additional info how to deploy ONAP with services exposed via Ingress
+   controller
 
 Customize cluster.yml file
-===========================
-Before setup cluster for ingress purposes DNS cluster IP and ingress provider should be configured and follwing:
+==========================
+Before setup cluster for ingress purposes DNS cluster IP and ingress provider
+should be configured and following:
 
 .. code-block:: yaml
-	<...>
-	restore:
-  		restore: false
-  		snapshot_name: ""
-	ingress:
-		provider: none
-	dns:
-		provider: coredns
-		upstreamnameservers:
-			- <custer_dns_ip>:31555
-
-Where the <cluster_dns_ip> should be set to the same IP as the CONTROLPANE node.
-
-For external load balacer purposes minimum one of the worker node should be configured with external IP
-address accessible outside the cluster. It can be done using the following example node configuration:
+
+  ---
+  <...>
+  restore:
+    restore: false
+    snapshot_name: ""
+  ingress:
+    provider: none
+  dns:
+    provider: coredns
+    upstreamnameservers:
+      - <custer_dns_ip>:31555
+
+Where the <cluster_dns_ip> should be set to the same IP as the CONTROLPANE
+node.
+
+For external load balancer purposes, minimum one of the worker node should be
+configured with external IP address accessible outside the cluster. It can be
+done using the following example node configuration:
 
 .. code-block:: yaml
-	<...>
-	- address: <external_ip>
-	  internal_address: <internal_ip>
-	  port: "22"
-	  role:
-	  - worker
-	  hostname_override: "onap-worker-0"
-	  user: ubuntu
-	  ssh_key_path: "~/.ssh/id_rsa"
-    <...>
 
-Where the <external_ip> is external worker node IP address, and <internal_ip> is internal node IP address if it is required
+  ---
+  <...>
+  - address: <external_ip>
+    internal_address: <internal_ip>
+    port: "22"
+    role:
+      - worker
+    hostname_override: "onap-worker-0"
+    user: ubuntu
+    ssh_key_path: "~/.ssh/id_rsa"
+    <...>
 
+Where the <external_ip> is external worker node IP address, and <internal_ip>
+is internal node IP address if it is required.
 
 
-DNS server configuration and instalation
-========================
-DNS server deployed on the Kubernetes cluster makes it easy to use services exposed through ingress controller because it
-resolves all subdomain related to the onap cluster to the load balancer IP.
-Testing ONAP cluster requires a lot of entries on the target machines in the /etc/hosts.
-Adding many entries into the configuration files on testing machines is quite problematic and error prone.
-The better wait is to create central DNS server with entries for all virtual host pointed to simpledemo.onap.org and add custom DNS server as a target DNS server for testing machines and/or as external DNS for kubernetes cluster.
+DNS server configuration and installation
+=========================================
+DNS server deployed on the Kubernetes cluster makes it easy to use services
+exposed through ingress controller because it resolves all subdomain related to
+the ONAP cluster to the load balancer IP. Testing ONAP cluster requires a lot
+of entries on the target machines in the /etc/hosts. Adding many entries into
+the configuration files on testing machines is quite problematic and error
+prone. The better wait is to create central DNS server with entries for all
+virtual host pointed to simpledemo.onap.org and add custom DNS server as a
+target DNS server for testing machines and/or as external DNS for Kubernetes
+cluster.
 
-DNS server has automatic instalation and configuration script, so instalation is quite easy::
+DNS server has automatic installation and configuration script, so installation
+is quite easy::
 
-	> cd kubernetes/contrib/dns-server-for-vhost-ingress-testing
+  > cd kubernetes/contrib/dns-server-for-vhost-ingress-testing
 
-	> ./deploy\_dns.sh
+  > ./deploy\_dns.sh
 
 After DNS deploy you need to setup DNS entry on the target testing machine.
 Because DNS listen on non standard port configuration require iptables rules
-on the target machine. Please follow the configuation proposed by the deploy scripts
+on the target machine. Please follow the configuration proposed by the deploy
+scripts.
 Example output depends on the IP address and example output looks like bellow::
 
-
-	DNS server already deployed:
-	1. You can add the DNS server to the target machine using following commands:
-			sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
-			sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
-			sudo sysctl -w net.ipv4.conf.all.route_localnet=1
-			sudo sysctl -w net.ipv4.ip_forward=1
-	2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine
+  DNS server already deployed:
+  1. You can add the DNS server to the target machine using following commands:
+    sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
+    sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
+    sudo sysctl -w net.ipv4.conf.all.route_localnet=1
+    sudo sysctl -w net.ipv4.ip_forward=1
+  2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine
 
 
-MetalLB Load Balancer instalation and configuration
+MetalLB Load Balancer installation and configuration
 ====================================================
 
-By default pure Kubernetes cluster requires external load balancer if we want to expose
-external port using LoadBalancer settings. For this purpose MetalLB can be used.
-Before installing the MetalLB you need to ensure that at least one worker has assigned IP acessible outside the cluster.
+By default pure Kubernetes cluster requires external load balancer if we want
+to expose external port using LoadBalancer settings. For this purpose MetalLB
+can be used. Before installing the MetalLB you need to ensure that at least one
+worker has assigned IP accessible outside the cluster.
 
-MetalLB Load balanancer can be easily installed using automatic install script::
+MetalLB Load balancer can be easily installed using automatic install script::
 
-	> cd kubernetes/contrib/metallb-loadbalancer-inst
+  > cd kubernetes/contrib/metallb-loadbalancer-inst
 
-	> ./install-metallb-on-cluster.sh
+  > ./install-metallb-on-cluster.sh
 
 
-Configuration NGINX ingress controller
+Configuration Ngninx ingress controller
 =======================================
 
-After installation DNS server and ingress controller we can install and configure ingress controller.
+After installation DNS server and ingress controller we can install and
+configure ingress controller.
 It can be done using the following commands::
 
-	> cd kubernetes/contrib/ingress-nginx-post-inst
+  > cd kubernetes/contrib/ingress-nginx-post-inst
 
-	> kubectl apply -f nginx_ingress_cluster_config.yaml
+  > kubectl apply -f nginx_ingress_cluster_config.yaml
 
-	> kubectl apply -f nginx_ingress_enable_optional_load_balacer_service.yaml
+  > kubectl apply -f nginx_ingress_enable_optional_load_balacer_service.yaml
 
-After deploy NGINX ingress controller you can ensure that the ingress port is exposed as load balancer service
-with external IP address::
+After deploy NGINX ingress controller you can ensure that the ingress port is
+exposed as load balancer service with external IP address::
 
-	> kubectl get svc -n ingress-nginx
-	NAME                   TYPE           CLUSTER-IP      EXTERNAL-IP      PORT(S)                      AGE
-	default-http-backend   ClusterIP      10.10.10.10   <none>           80/TCP                       25h
-	ingress-nginx          LoadBalancer   10.10.10.11    10.12.13.14   80:31308/TCP,443:30314/TCP   24h
+  > kubectl get svc -n ingress-nginx
+  NAME                   TYPE           CLUSTER-IP      EXTERNAL-IP      PORT(S)                      AGE
+  default-http-backend   ClusterIP      10.10.10.10   <none>           80/TCP                       25h
+  ingress-nginx          LoadBalancer   10.10.10.11    10.12.13.14   80:31308/TCP,443:30314/TCP   24h
 
 
 ONAP with ingress exposed services
-=====================================
-If you want to deploy onap with services exposed through ingress controller you can use full onap deploy script::
-	> onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
+==================================
+If you want to deploy onap with services exposed through ingress controller you
+can use full onap deploy script::
+
+  > onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
 
 Ingress also can be enabled on any onap setup override using following code:
 
 .. code-block:: yaml
-	<...>
-	#ingress virtualhost based configuration
-	global:
-    <...>
-	  ingress:
-		enabled: true
+
+  ---
+  <...>
+  #ingress virtualhost based configuration
+  global:
+  <...>
+    ingress:
+      enabled: true
 
diff --git a/docs/oom_setup_kubernetes_rancher.rst b/docs/oom_setup_kubernetes_rancher.rst
index de6324e585..eea46c0e51 100644
--- a/docs/oom_setup_kubernetes_rancher.rst
+++ b/docs/oom_setup_kubernetes_rancher.rst
@@ -1,6 +1,7 @@
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
 .. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2018 Amdocs, Bell Canada
+.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung
 
 .. Links
 .. _HELM Best Practices Guide: https://docs.helm.sh/chart_best_practices/#requirements
@@ -19,9 +20,9 @@
 ONAP on HA Kubernetes Cluster
 #############################
 
-This guide provides instructions on how to setup a Highly-Available Kubernetes Cluster.
-For this, we are hosting our cluster on OpenStack VMs and using the Rancher Kubernetes Engine (RKE)
-to deploy and manage our Kubernetes Cluster.
+This guide provides instructions on how to setup a Highly-Available Kubernetes
+Cluster. For this, we are hosting our cluster on OpenStack VMs and using the
+Rancher Kubernetes Engine (RKE) to deploy and manage our Kubernetes Cluster.
 
 .. contents::
    :depth: 1
@@ -40,12 +41,14 @@ The result at the end of this tutorial will be:
 
 #. Installation and configuration of kubectl
 
-#. Installation and configuration of helm
+#. Installation and configuration of Helm
 
 #. Creation of an NFS Server to be used by ONAP as shared persistance
 
-There are many ways one can execute the above steps. Including automation through the use of HEAT to setup the OpenStack VMs.
-To better illustrate the steps involved, we have captured the manual creation of such an environment using the ONAP Wind River Open Lab.
+There are many ways one can execute the above steps. Including automation
+through the use of HEAT to setup the OpenStack VMs. To better illustrate the
+steps involved, we have captured the manual creation of such an environment
+using the ONAP Wind River Open Lab.
 
 Create Key Pair
 ===============
@@ -57,10 +60,12 @@ Use an existing key pair, import one or create a new one to assign.
 .. image:: images/keys/key_pair_1.png
 
 .. Note::
-  If you're creating a new Key Pair, ensure to create a local copy of the Private Key through the use of "Copy Private Key to Clipboard".
+  If you're creating a new Key Pair, ensure to create a local copy of the
+  Private Key through the use of "Copy Private Key to Clipboard".
 
 For the purpose of this guide, we will assume a new local key called "onap-key"
-has been downloaded and is copied into **~/.ssh/**, from which it can be referenced.
+has been downloaded and is copied into **~/.ssh/**, from which it can be
+referenced.
 
 Example::
 
@@ -175,16 +180,17 @@ Launch Instance
 Create Kubernetes Worker VMs
 ============================
 The following instructions describe how to create OpenStack VMs to host the
-Highly-Available Kubernetes Workers. ONAP workloads will only be scheduled on these nodes.
+Highly-Available Kubernetes Workers. ONAP workloads will only be scheduled on
+these nodes.
 
 Launch new VM instances
 -----------------------
 
-The number and size of Worker VMs is depenedent on the size of the ONAP deployment.
-By default, all ONAP applications are deployed. It's possible to customize the deployment
-and enable a subset of the ONAP applications. For the purpose of this guide, however,
-we will deploy 12 Kubernetes Workers that have been sized to handle the entire ONAP
-application workload.
+The number and size of Worker VMs is dependent on the size of the ONAP
+deployment. By default, all ONAP applications are deployed. It's possible to
+customize the deployment and enable a subset of the ONAP applications. For the
+purpose of this guide, however, we will deploy 12 Kubernetes Workers that have
+been sized to handle the entire ONAP application workload.
 
 .. image:: images/wk_vms/worker_1.png
 
@@ -223,8 +229,8 @@ Assign the key pair that was created/selected previously (e.g. onap_key).
 Apply customization script for Kubernetes VM(s)
 -----------------------------------------------
 
-Click :download:`openstack-k8s-workernode.sh <openstack-k8s-workernode.sh>` to download the
-script.
+Click :download:`openstack-k8s-workernode.sh <openstack-k8s-workernode.sh>` to
+download the script.
 
 .. literalinclude:: openstack-k8s-workernode.sh
    :language: bash
@@ -347,8 +353,8 @@ Download and install kubectl. Binaries can be found here for Linux and Mac:
 https://storage.googleapis.com/kubernetes-release/release/v1.15.11/bin/linux/amd64/kubectl
 https://storage.googleapis.com/kubernetes-release/release/v1.15.11/bin/darwin/amd64/kubectl
 
-You only need to install kubectl where you'll launch kubernetes command. This
-can be any machines of the kubernetes cluster or a machine that has IP access
+You only need to install kubectl where you'll launch Kubernetes command. This
+can be any machines of the Kubernetes cluster or a machine that has IP access
 to the APIs.
 Usually, we use the first controller as it has also access to internal
 Kubernetes services, which can be convenient.
@@ -460,8 +466,8 @@ Assign the key pair that was created/selected previously (e.g. onap_key).
 Apply customization script for NFS Server VM
 --------------------------------------------
 
-Click :download:`openstack-nfs-server.sh <openstack-nfs-server.sh>` to download the
-script.
+Click :download:`openstack-nfs-server.sh <openstack-nfs-server.sh>` to download
+the script.
 
 .. literalinclude:: openstack-nfs-server.sh
    :language: bash
@@ -516,7 +522,7 @@ the NFS Master node as input, e.g.::
 
 ONAP Deployment via OOM
 =======================
-Now that kubernetes and Helm are installed and configured you can prepare to
+Now that Kubernetes and Helm are installed and configured you can prepare to
 deploy ONAP. Follow the instructions in the README.md_ or look at the official
 documentation to get started:
 
diff --git a/docs/oom_user_guide.rst b/docs/oom_user_guide.rst
index 847795dc17..74f24dab62 100644
--- a/docs/oom_user_guide.rst
+++ b/docs/oom_user_guide.rst
@@ -1,6 +1,7 @@
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
 .. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2018 Amdocs, Bell Canada
+.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung
 .. _oom_user_guide:
 
 .. Links
@@ -36,7 +37,8 @@ The following sections describe the life-cycle operations:
 - Monitor_ - real-time health monitoring feeding to a Consul UI and Kubernetes
 - Heal_- failed ONAP containers are recreated automatically
 - Scale_ - cluster ONAP services to enable seamless scaling
-- Upgrade_ - change-out containers or configuration with little or no service impact
+- Upgrade_ - change-out containers or configuration with little or no service
+  impact
 - Delete_ - cleanup individual containers or entire deployments
 
 .. figure:: oomLogoV2-Deploy.png
@@ -137,7 +139,11 @@ To get a list of all of the available Helm chart repositories::
 
 Then build your local Helm repository::
 
-  > make SKIP_LINT=TRUE all
+  > make SKIP_LINT=TRUE [HELM_BIN=<HELM_PATH>] all
+
+`HELM_BIN`
+  Sets the helm binary to be used. The default value use helm from PATH. Allow the user to have
+  multiple version of helm in operating system and choose which one to use.
 
 The Helm search command reads through all of the repositories configured on the
 system, and looks for matches::
@@ -365,19 +371,19 @@ Accessing the ONAP Portal using OOM and a Kubernetes Cluster
 ------------------------------------------------------------
 
 The ONAP deployment created by OOM operates in a private IP network that isn't
-publicly accessible (i.e. Openstack VMs with private internal network) which
+publicly accessible (i.e. OpenStack VMs with private internal network) which
 blocks access to the ONAP Portal. To enable direct access to this Portal from a
 user's own environment (a laptop etc.) the portal application's port 8989 is
 exposed through a `Kubernetes LoadBalancer`_ object.
 
 Typically, to be able to access the Kubernetes nodes publicly a public address
-is assigned. In Openstack this is a floating IP address.
+is assigned. In OpenStack this is a floating IP address.
 
 When the `portal-app` chart is deployed a Kubernetes service is created that
 instantiates a load balancer.  The LB chooses the private interface of one of
 the nodes as in the example below (10.0.0.4 is private to the K8s cluster only).
 Then to be able to access the portal on port 8989 from outside the K8s &
-Openstack environment, the user needs to assign/get the floating IP address that
+OpenStack environment, the user needs to assign/get the floating IP address that
 corresponds to the private IP as follows::
 
   > kubectl -n onap get services|grep "portal-app"
@@ -386,7 +392,7 @@ corresponds to the private IP as follows::
 
 In this example, use the 10.0.0.4 private address as a key find the
 corresponding public address which in this example is 10.12.6.155. If you're
-using OpenStack you'll do the lookup with the horizon GUI or the Openstack CLI
+using OpenStack you'll do the lookup with the horizon GUI or the OpenStack CLI
 for your tenant (openstack server list).  That IP is then used in your
 `/etc/hosts` to map the fixed DNS aliases required by the ONAP Portal as shown
 below::
@@ -451,8 +457,8 @@ Monitor
 
 All highly available systems include at least one facility to monitor the
 health of components within the system.  Such health monitors are often used as
-inputs to distributed coordination systems (such as etcd, zookeeper, or consul)
-and monitoring systems (such as nagios or zabbix). OOM provides two mechanisms
+inputs to distributed coordination systems (such as etcd, Zookeeper, or Consul)
+and monitoring systems (such as Nagios or Zabbix). OOM provides two mechanisms
 to monitor the real-time health of an ONAP deployment:
 
 - a Consul GUI for a human operator or downstream monitoring systems and
@@ -609,7 +615,7 @@ Kubernetes and replaced with a new container with the new environment value.
 
 To upgrade a component to a new version with a new configuration file enter::
 
-  > helm deploy onbap onap/so --version 2.0.2 -f environments/demo.yaml
+  > helm deploy onap onap/so --version 2.0.2 -f environments/demo.yaml
 
 To fetch release history enter::
 
diff --git a/docs/release-notes-dublin.rst b/docs/release-notes-dublin.rst
index 6201f56350..e948af5ebb 100644
--- a/docs/release-notes-dublin.rst
+++ b/docs/release-notes-dublin.rst
@@ -26,10 +26,12 @@ Summary
 **Platform Resiliency**
 
 * Documenation of a Highly-Available Kubernetes Cluster Deployment
-* Availability of a Default Storage Class Provisioner for improved Persistent Storage resiliency
+* Availability of a Default Storage Class Provisioner for improved Persistent
+  Storage resiliency
 * Availability of a CNI reference integration for Multi-site support
 
-  * applications can take advantage of multi-site by using POD and/or Node (anti)affinity, taints/tolerations, labels per application
+  * applications can take advantage of multi-site by using POD and/or Node
+    (anti)affinity, taints/tolerations, labels per application
 
 **Footprint Optimization**
 
diff --git a/docs/release-notes-elalto.rst b/docs/release-notes-elalto.rst
index f23751d0ed..435889ef32 100644
--- a/docs/release-notes-elalto.rst
+++ b/docs/release-notes-elalto.rst
@@ -24,7 +24,8 @@ Version 5.0.1 (El Alto Release)
 Summary
 -------
 
-The focus of this release was on maintanence and as such no new features were delivered.
+The focus of this release was on maintanence and as such no new features were
+delivered.
 A list of issues resolved in this release can be found here: https://jira.onap.org/projects/OOM/versions/10726
 
 **New Features**
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index 5570d4d722..382b49961d 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -133,7 +133,7 @@ Workarounds
   version 2.2.2 in global part of override file if the new check is needed.
 - `OOM-2421 <https://jira.onap.org/browse/OOM-2421>`_ Workaround is to
   undeploy/redeploy NBI.
-- `OOM-2422 <https://jira.onap.org/browse/OOM-2421>`_ Workaround is to create
+- `OOM-2422 <https://jira.onap.org/browse/OOM-2422>`_ Workaround is to create
   first portal app service with service type Cluster IP then changing it to
   NodePort or LoadBalancer so all the port are available.
 
diff --git a/kubernetes/Makefile b/kubernetes/Makefile
index b25381fd81..08b028afe1 100644
--- a/kubernetes/Makefile
+++ b/kubernetes/Makefile
@@ -19,9 +19,15 @@ ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
 OUTPUT_DIR := $(ROOT_DIR)/dist
 PACKAGE_DIR := $(OUTPUT_DIR)/packages
 SECRET_DIR := $(OUTPUT_DIR)/secrets
+HELM_BIN := helm
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+# use this if you would like to push onap charts to repo with other name
+# WARNING: Helm v3+ only
+# WARNING: Make sure to edit also requirements files
+HELM_REPO := local
 
 ifneq ($(SKIP_LINT),TRUE)
-	HELM_LINT_CMD := helm lint
+	HELM_LINT_CMD := $(HELM_BIN) lint
 else
 	HELM_LINT_CMD := echo "Skipping linting of"
 endif
@@ -30,9 +36,9 @@ SUBMODS := robot aai
 EXCLUDES := config oneclick readiness test dist helm $(PARENT_CHART) dcae $(SUBMODS)
 HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) $(PARENT_CHART)
 
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+.PHONY: $(EXCLUDES) $(HELM_CHARTS) check-for-staging-images
 
-all: $(COMMON_CHARTS_DIR) $(SUBMODS) $(HELM_CHARTS) plugins
+all: $(COMMON_CHARTS_DIR) $(SUBMODS) $(HELM_CHARTS) helm-repo-update plugins
 
 $(COMMON_CHARTS):
 	@echo "\n[$@]"
@@ -58,15 +64,19 @@ make-%:
 	@if [ -f $*/Makefile ]; then make -C $*; fi
 
 dep-%: make-%
-	@if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
 
 lint-%: dep-%
 	@if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
 
 package-%: lint-%
 	@mkdir -p $(PACKAGE_DIR)
-	@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
-	@helm repo index $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+	@if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME $(HELM_REPO); fi
+else
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+endif
 
 clean:
 	@rm -f */requirements.lock
@@ -75,19 +85,30 @@ clean:
 
 # publish helm plugins via distrubtion directory
 plugins:
-	@cp -R helm $(PACKAGE_DIR)/
+	@cp -R $(HELM_BIN) $(PACKAGE_DIR)/
 
 # start up a local helm repo to serve up helm chart packages
+# WARNING: Only helm < v3 supported
 repo:
 	@mkdir -p $(PACKAGE_DIR)
-	@helm serve --repo-path $(PACKAGE_DIR) &
+	@$(HELM_BIN) serve --repo-path $(PACKAGE_DIR) &
 	@sleep 3
-	@helm repo index $(PACKAGE_DIR)
-	@helm repo add local http://127.0.0.1:8879
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+	@$(HELM_BIN) repo add local http://127.0.0.1:8879
 
 # stop local helm repo
+# WARNING: Only helm < v3 supported
 repo-stop:
-	@pkill helm
-	@helm repo remove local
+	@pkill $(HELM_BIN)
+	@$(HELM_BIN) repo remove local
+
+check-for-staging-images:
+	$(ROOT_DIR)/contrib/tools/check-for-staging-images.sh
+
+helm-repo-update:
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+	@$(HELM_BIN) repo update
+endif
+
 %:
 	@:
diff --git a/kubernetes/aaf/components/aaf-cert-service/.helmignore b/kubernetes/a1policymanagement/.helmignore
index 50af031725..50af031725 100644
--- a/kubernetes/aaf/components/aaf-cert-service/.helmignore
+++ b/kubernetes/a1policymanagement/.helmignore
diff --git a/kubernetes/a1policymanagement/Chart.yaml b/kubernetes/a1policymanagement/Chart.yaml
new file mode 100644
index 0000000000..ba51af4c6c
--- /dev/null
+++ b/kubernetes/a1policymanagement/Chart.yaml
@@ -0,0 +1,21 @@
+################################################################################
+#   Copyright (c) 2020 Nordix Foundation.                                      #
+#                                                                              #
+#   Licensed under the Apache License, Version 2.0 (the "License");            #
+#   you may not use this file except in compliance with the License.           #
+#   You may obtain a copy of the License at                                    #
+#                                                                              #
+#       http://www.apache.org/licenses/LICENSE-2.0                             #
+#                                                                              #
+#   Unless required by applicable law or agreed to in writing, software        #
+#   distributed under the License is distributed on an "AS IS" BASIS,          #
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+#   See the License for the specific language governing permissions and        #
+#   limitations under the License.                                             #
+################################################################################
+
+apiVersion: v1
+appVersion: "1.0.0"
+description: A Helm chart for A1 Policy Management Service
+name: a1policymanagement
+version: 6.0.0
diff --git a/kubernetes/a1policymanagement/requirements.yaml b/kubernetes/a1policymanagement/requirements.yaml
new file mode 100644
index 0000000000..7257fcf4f3
--- /dev/null
+++ b/kubernetes/a1policymanagement/requirements.yaml
@@ -0,0 +1,23 @@
+################################################################################
+#   Copyright (c) 2020 Nordix Foundation.                                      #
+#                                                                              #
+#   Licensed under the Apache License, Version 2.0 (the "License");            #
+#   you may not use this file except in compliance with the License.           #
+#   You may obtain a copy of the License at                                    #
+#                                                                              #
+#       http://www.apache.org/licenses/LICENSE-2.0                             #
+#                                                                              #
+#   Unless required by applicable law or agreed to in writing, software        #
+#   distributed under the License is distributed on an "AS IS" BASIS,          #
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+#   See the License for the specific language governing permissions and        #
+#   limitations under the License.                                             #
+################################################################################
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/a1policymanagement/resources/config/application_configuration.json b/kubernetes/a1policymanagement/resources/config/application_configuration.json
new file mode 100644
index 0000000000..64c42e6cd1
--- /dev/null
+++ b/kubernetes/a1policymanagement/resources/config/application_configuration.json
@@ -0,0 +1,39 @@
+{
+  "config": {
+    "controller": [
+      {
+        "name": "controller1",
+        "baseUrl": "{{ .Values.sdncLink }}",
+        "userName": "${A1CONTROLLER_USER}",
+        "password": "${A1CONTROLLER_PASSWORD}"
+      }
+    ],
+    "ric": [
+      {
+        "name": "ric1",
+        "baseUrl": "{{ .Values.ricLink }}",
+        "controller": "controller1",
+        "managedElementIds": [
+          "kista_1",
+          "kista_2"
+        ]
+      }
+    ],
+    "streams_publishes": {
+      "dmaap_publisher": {
+        "type": "message_router",
+        "dmaap_info": {
+          "topic_url": "{{ .Values.streamPublish }}"
+        }
+      }
+    },
+    "streams_subscribes": {
+      "dmaap_subscriber": {
+        "type": "message_router",
+        "dmaap_info": {
+          "topic_url": "{{ .Values.streamSubscribe }}"
+        }
+      }
+    }
+  }
+}
diff --git a/kubernetes/a1policymanagement/resources/envsubst/daemon.sh b/kubernetes/a1policymanagement/resources/envsubst/daemon.sh
new file mode 100644
index 0000000000..6d239f1ec8
--- /dev/null
+++ b/kubernetes/a1policymanagement/resources/envsubst/daemon.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+terminate() {
+  echo "$(date) | INFO | Terminating child processes"
+  pids="$(jobs -p)"
+  if [ "$pids" != "" ]; then
+    kill -TERM $pids >/dev/null 2>/dev/null
+  fi
+  wait
+}
+
+trap terminate TERM
+echo "$(date) | INFO | Started monitoring /config-input/ directory"
+inotifyd /tmp/scripts/update_files /config-input/ &
+wait
diff --git a/kubernetes/a1policymanagement/resources/envsubst/update_files b/kubernetes/a1policymanagement/resources/envsubst/update_files
new file mode 100644
index 0000000000..754bb55432
--- /dev/null
+++ b/kubernetes/a1policymanagement/resources/envsubst/update_files
@@ -0,0 +1,27 @@
+#!/bin/sh
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+if [ "$1" == "y" ] && [ "$3" == "..data" ]; then
+  echo "$(date) | INFO | Configmap has been reloaded"
+  cd /config-input
+  for file in $(ls -1); do
+    if [ "$file" -nt "/config/$file" ]; then
+      echo "$(date) | INFO | Templating /config/$file"
+      envsubst <$file >/config/$file
+    fi
+  done
+fi
diff --git a/kubernetes/a1policymanagement/templates/configmap.yaml b/kubernetes/a1policymanagement/templates/configmap.yaml
new file mode 100644
index 0000000000..e84beac2ab
--- /dev/null
+++ b/kubernetes/a1policymanagement/templates/configmap.yaml
@@ -0,0 +1,24 @@
+{{/*
+################################################################################
+#   Copyright (c) 2020 Nordix Foundation.                                      #
+#                                                                              #
+#   Licensed under the Apache License, Version 2.0 (the "License");            #
+#   you may not use this file except in compliance with the License.           #
+#   You may obtain a copy of the License at                                    #
+#                                                                              #
+#       http://www.apache.org/licenses/LICENSE-2.0                             #
+#                                                                              #
+#   Unless required by applicable law or agreed to in writing, software        #
+#   distributed under the License is distributed on an "AS IS" BASIS,          #
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+#   See the License for the specific language governing permissions and        #
+#   limitations under the License.                                             #
+################################################################################
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+  name: {{ include "common.fullname" . }}-policy-conf
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/a1policymanagement/templates/deployment.yaml b/kubernetes/a1policymanagement/templates/deployment.yaml
new file mode 100644
index 0000000000..ce2e2732e6
--- /dev/null
+++ b/kubernetes/a1policymanagement/templates/deployment.yaml
@@ -0,0 +1,103 @@
+{{/*
+################################################################################
+#   Copyright (c) 2020 Nordix Foundation.                                      #
+#   Copyright © 2020 Samsung Electronics, Modifications                        #
+#                                                                              #
+#   Licensed under the Apache License, Version 2.0 (the "License");            #
+#   you may not use this file except in compliance with the License.           #
+#   You may obtain a copy of the License at                                    #
+#                                                                              #
+#       http://www.apache.org/licenses/LICENSE-2.0                             #
+#                                                                              #
+#   Unless required by applicable law or agreed to in writing, software        #
+#   distributed under the License is distributed on an "AS IS" BASIS,          #
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+#   See the License for the specific language governing permissions and        #
+#   limitations under the License.                                             #
+################################################################################
+*/}}
+
+kind: Deployment
+apiVersion: apps/v1
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+  replicas: {{ index .Values.replicaCount }}
+  selector: {{- include "common.selectors" . | nindent 4 }}
+  template:
+    metadata:
+      labels: {{- include "common.labels" . | nindent 8 }}
+    spec:
+      initContainers:
+      - name: {{ include "common.name" . }}-bootstrap-config
+        image: {{ include "repositoryGenerator.image.envsubst" . }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+        - sh
+        args:
+        - -c
+        - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; chmod o+w /config/${PFILE}; done"
+        env:
+        - name: A1CONTROLLER_USER
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }}
+        - name: A1CONTROLLER_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }}
+        volumeMounts:
+        - mountPath: /config-input
+          name: {{ include "common.fullname" . }}-policy-conf-input
+        - mountPath: /config
+          name: config
+      containers:
+      - name: {{ include "common.name" . }}-update-config
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        securityContext:
+          runAsGroup: {{ .Values.groupID }}
+          runAsUser: {{ .Values.userID }}
+          runAsNonRoot: true
+        command:
+        - sh
+        args:
+        - /tmp/scripts/daemon.sh
+        env:
+        - name: A1CONTROLLER_USER
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }}
+        - name: A1CONTROLLER_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }}
+        volumeMounts:
+        - mountPath: /tmp/scripts
+          name: {{ include "common.fullname" . }}-envsubst-scripts
+        - mountPath: /config-input
+          name: {{ include "common.fullname" . }}-policy-conf-input
+        - mountPath: /config
+          name: config
+      - name: {{ include "common.name" . }}
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        ports: {{ include "common.containerPorts" . | nindent 10  }}
+        readinessProbe:
+          tcpSocket:
+            port: {{ .Values.readiness.port }}
+          initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.liveness.periodSeconds }}
+        livenessProbe:
+          httpGet:
+            path: /status
+            port: {{ .Values.liveness.port }}
+            scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
+          initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.liveness.periodSeconds }}
+        volumeMounts:
+        - name: config
+          mountPath: /opt/app/policy-agent/data
+        resources: {{ include "common.resources" . | nindent 10 }}
+      volumes:
+        - name: {{ include "common.fullname" . }}-policy-conf-input
+          configMap:
+            name: {{ include "common.fullname" . }}-policy-conf
+            defaultMode: 0555
+        - name: {{ include "common.fullname" . }}-envsubst-scripts
+          configMap:
+            name: {{ include "common.fullname" . }}-envsubst-scripts
+        - name: config
+          emptyDir:
+            medium: Memory
diff --git a/kubernetes/a1policymanagement/templates/envsubst-configmap.yaml b/kubernetes/a1policymanagement/templates/envsubst-configmap.yaml
new file mode 100644
index 0000000000..99449638f4
--- /dev/null
+++ b/kubernetes/a1policymanagement/templates/envsubst-configmap.yaml
@@ -0,0 +1,23 @@
+{{/*
+################################################################################
+#   Copyright © 2020 Samsung Electronics                                       #
+#                                                                              #
+#   Licensed under the Apache License, Version 2.0 (the "License");            #
+#   you may not use this file except in compliance with the License.           #
+#   You may obtain a copy of the License at                                    #
+#                                                                              #
+#       http://www.apache.org/licenses/LICENSE-2.0                             #
+#                                                                              #
+#   Unless required by applicable law or agreed to in writing, software        #
+#   distributed under the License is distributed on an "AS IS" BASIS,          #
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+#   See the License for the specific language governing permissions and        #
+#   limitations under the License.                                             #
+################################################################################
+*/}}
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+  name: {{ include "common.fullname" . }}-envsubst-scripts
+data:
+{{ tpl (.Files.Glob "resources/envsubst/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/a1policymanagement/templates/secrets.yaml b/kubernetes/a1policymanagement/templates/secrets.yaml
new file mode 100644
index 0000000000..55e465c373
--- /dev/null
+++ b/kubernetes/a1policymanagement/templates/secrets.yaml
@@ -0,0 +1,19 @@
+{{/*
+################################################################################
+#   Copyright (c) 2020 Nordix Foundation.                                      #
+#                                                                              #
+#   Licensed under the Apache License, Version 2.0 (the "License");            #
+#   you may not use this file except in compliance with the License.           #
+#   You may obtain a copy of the License at                                    #
+#                                                                              #
+#       http://www.apache.org/licenses/LICENSE-2.0                             #
+#                                                                              #
+#   Unless required by applicable law or agreed to in writing, software        #
+#   distributed under the License is distributed on an "AS IS" BASIS,          #
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+#   See the License for the specific language governing permissions and        #
+#   limitations under the License.                                             #
+################################################################################
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/a1policymanagement/templates/service.yaml b/kubernetes/a1policymanagement/templates/service.yaml
new file mode 100644
index 0000000000..f13c16105b
--- /dev/null
+++ b/kubernetes/a1policymanagement/templates/service.yaml
@@ -0,0 +1,19 @@
+{{/*
+################################################################################
+#   Copyright (c) 2020 Nordix Foundation.                                      #
+#                                                                              #
+#   Licensed under the Apache License, Version 2.0 (the "License");            #
+#   you may not use this file except in compliance with the License.           #
+#   You may obtain a copy of the License at                                    #
+#                                                                              #
+#       http://www.apache.org/licenses/LICENSE-2.0                             #
+#                                                                              #
+#   Unless required by applicable law or agreed to in writing, software        #
+#   distributed under the License is distributed on an "AS IS" BASIS,          #
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+#   See the License for the specific language governing permissions and        #
+#   limitations under the License.                                             #
+################################################################################
+*/}}
+
+{{ include "common.service" . }}
diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml
new file mode 100644
index 0000000000..a1602c569c
--- /dev/null
+++ b/kubernetes/a1policymanagement/values.yaml
@@ -0,0 +1,90 @@
+################################################################################
+#   Copyright (c) 2020 Nordix Foundation.                                      #
+#   Copyright © 2020 Samsung Electronics, Modifications                        #
+#                                                                              #
+#   Licensed under the Apache License, Version 2.0 (the "License");            #
+#   you may not use this file except in compliance with the License.           #
+#   You may obtain a copy of the License at                                    #
+#                                                                              #
+#       http://www.apache.org/licenses/LICENSE-2.0                             #
+#                                                                              #
+#   Unless required by applicable law or agreed to in writing, software        #
+#   distributed under the License is distributed on an "AS IS" BASIS,          #
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+#   See the License for the specific language governing permissions and        #
+#   limitations under the License.                                             #
+################################################################################
+# Default values for Policy Management Service.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+global:
+  nodePortPrefix: 302
+
+secrets:
+  - uid: controller-secret
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.a1controller.credsExternalSecret) . }}'
+    login: '{{ .Values.a1controller.user }}'
+    password: '{{ .Values.a1controller.password }}'
+    passwordPolicy: required
+
+image: onap/ccsdk-oran-a1policymanagementservice:1.0.1
+userID: 1000 #Should match with image-defined user ID
+groupID: 999 #Should match with image-defined group ID
+pullPolicy: IfNotPresent
+replicaCount: 1
+
+service:
+  type: NodePort
+  name: a1policymanagement
+  both_tls_and_plain: true
+  ports:
+    - name: api
+      port: 8433
+      plain_port: 8081
+      port_protocol: http
+      nodePort: '94'
+
+# SDNC Credentials are used here
+a1controller:
+  user: admin
+  password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+
+sdncLink: https://sdnc.onap:8443
+# Add your own A1 Mediator link. Supports both STD & OSC Version. ex. http://<ip>:<port>
+# Alternatively you can also use the A1 simulator available in ORAN. It provides STD  & OSC Version for A1 termination.
+# Refer source code & run in docker container : https://gerrit.o-ran-sc.org/r/admin/repos/sim/a1-interface
+# Refer it/dep repo for k8's deployment: https://gerrit.o-ran-sc.org/r/admin/repos/it/dep
+ricLink:
+streamPublish: http://message-router:3904/events/A1-POLICY-AGENT-WRITE
+streamSubscribe: http://message-router:3904/events/A1-POLICY-AGENT-READ/users/policy-agent?timeout=15000&limit=100
+
+liveness:
+  port: api
+  initialDelaySeconds: 60
+  periodSeconds: 10
+readiness:
+  port: api
+  initialDelaySeconds: 60
+  periodSeconds: 10
+
+#Resource Limit flavor -By Default using small
+flavor: small
+
+resources:
+  small:
+    limits:
+      cpu: 2
+      memory: 4Gi
+    requests:
+      cpu: 1
+      memory: 2Gi
+  large:
+    limits:
+      cpu: 4
+      memory: 8Gi
+    requests:
+      cpu: 2
+      memory: 4Gi
+  unlimited: {}
diff --git a/kubernetes/aaf/.helmignore b/kubernetes/aaf/.helmignore
index 542b3390d8..7ddbad7ef4 100644
--- a/kubernetes/aaf/.helmignore
+++ b/kubernetes/aaf/.helmignore
@@ -1,21 +1,22 @@
-# Patterns to ignore when building packages.

-# This supports shell glob matching, relative path matching, and

-# negation (prefixed with !). Only one pattern per line.

-.DS_Store

-# Common VCS dirs

-.git/

-.gitignore

-.bzr/

-.bzrignore

-.hg/

-.hgignore

-.svn/

-# Common backup files

-*.swp

-*.bak

-*.tmp

-*~

-# Various IDEs

-.project

-.idea/

-*.tmproj
\ No newline at end of file
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+components/
diff --git a/kubernetes/aaf/Makefile b/kubernetes/aaf/Makefile
index 9396001ebc..764533e624 100644
--- a/kubernetes/aaf/Makefile
+++ b/kubernetes/aaf/Makefile
@@ -18,6 +18,7 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages
 SECRET_DIR := $(OUTPUT_DIR)/secrets
 
 EXCLUDES := dist resources templates charts
+HELM_BIN := helm
 HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
 
 .PHONY: $(EXCLUDES) $(HELM_CHARTS)
@@ -32,15 +33,15 @@ make-%:
 	@if [ -f $*/Makefile ]; then make -C $*; fi
 
 dep-%: make-%
-	@if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
 
 lint-%: dep-%
-	@if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
 
 package-%: lint-%
 	@mkdir -p $(PACKAGE_DIR)
-	@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
-	@helm repo index $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
 
 clean:
 	@rm -f */requirements.lock
diff --git a/kubernetes/aaf/components/Makefile b/kubernetes/aaf/components/Makefile
index 2fc0cbe4ab..bf267b7720 100644
--- a/kubernetes/aaf/components/Makefile
+++ b/kubernetes/aaf/components/Makefile
@@ -18,6 +18,7 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages
 SECRET_DIR := $(OUTPUT_DIR)/secrets
 
 EXCLUDES :=
+HELM_BIN := helm
 HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
 
 .PHONY: $(EXCLUDES) $(HELM_CHARTS)
@@ -32,15 +33,15 @@ make-%:
 	@if [ -f $*/Makefile ]; then make -C $*; fi
 
 dep-%: make-%
-	@if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
 
 lint-%: dep-%
-	@if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
 
 package-%: lint-%
 	@mkdir -p $(PACKAGE_DIR)
-	@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
-	@helm repo index $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
 
 clean:
 	@rm -f */requirements.lock
diff --git a/kubernetes/aaf/components/aaf-cass/requirements.yaml b/kubernetes/aaf/components/aaf-cass/requirements.yaml
index 6afaa06e8a..7a4543d57d 100644
--- a/kubernetes/aaf/components/aaf-cass/requirements.yaml
+++ b/kubernetes/aaf/components/aaf-cass/requirements.yaml
@@ -16,3 +16,6 @@
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml b/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml
index 309a9f38c6..461553c469 100644
--- a/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml
+++ b/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications © 2020 Orange
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -31,7 +33,7 @@ spec:
         - |
           chown -R 1000:1000 /opt/app/aaf/status
           chown -R 1000:1000 /var/lib/cassandra
-        image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+        image: {{ include "repositoryGenerator.image.busybox" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
           - mountPath: /var/lib/cassandra
@@ -45,7 +47,7 @@ spec:
             memory: 100Mi
       containers:
       - name: {{ include "common.name" . }}
-        image: {{ include "common.repository" . }}/{{ .Values.image }}
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         # installing with cmd "onap" will not only initialize the DB, but add ONAP bootstrap data as well
         command: ["/bin/bash","/opt/app/aaf/cass_init/cmd.sh","onap"]
diff --git a/kubernetes/aaf/components/aaf-cass/templates/service.yaml b/kubernetes/aaf/components/aaf-cass/templates/service.yaml
index 8f80ee12a2..149a8708a6 100644
--- a/kubernetes/aaf/components/aaf-cass/templates/service.yaml
+++ b/kubernetes/aaf/components/aaf-cass/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications © 2020 Orange
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.service" . }}
diff --git a/kubernetes/aaf/components/aaf-cass/values.yaml b/kubernetes/aaf/components/aaf-cass/values.yaml
index c5e5811fd1..525674434e 100644
--- a/kubernetes/aaf/components/aaf-cass/values.yaml
+++ b/kubernetes/aaf/components/aaf-cass/values.yaml
@@ -14,23 +14,10 @@
 # limitations under the License.
 global:
   nodePortPrefix: 302
-  # Readiness image
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  # Ubuntu Init image
-  ubuntuInitRepository: registry.hub.docker.com
-  ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
-  # Logging image
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  # BusyBox image
-  busyboxRepository: registry.hub.docker.com
-  busyboxImage: library/busybox:1.31
   persistence:
     enabled: true
   # Standard OOM
   pullPolicy: "Always"
-  repository: "nexus3.onap.org:10001"
 
 flavor: small
 
diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks
deleted file mode 100644
index e7da9a7d44..0000000000
--- a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks
+++ /dev/null
diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks
deleted file mode 100644
index f47adb614f..0000000000
--- a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks
+++ /dev/null
diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12
deleted file mode 100644
index 9b90af6499..0000000000
--- a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12
+++ /dev/null
diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/root.crt b/kubernetes/aaf/components/aaf-cert-service/resources/root.crt
deleted file mode 100644
index b5e75dadd6..0000000000
--- a/kubernetes/aaf/components/aaf-cert-service/resources/root.crt
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFnjCCA4agAwIBAgIEDQtWKTANBgkqhkiG9w0BAQwFADB3MQswCQYDVQQGEwJV

-UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZyYW5jaXNjbzEZ

-MBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05BUDERMA8GA1UE

-AxMIb25hcC5vcmcwHhcNMjAwNzA5MDgwNDE1WhcNMzAwNzA3MDgwNDE1WjB3MQsw

-CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZy

-YW5jaXNjbzEZMBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05B

-UDERMA8GA1UEAxMIb25hcC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK

-AoICAQCkxel9G29Hgy9j7cEQ0BGlPrP9s1SF3ADe7f56jTjQd/jFUsN67Da+l9Dt

-vy1yUwPnTr3krpXOHwQKplsuBDMoa0ayRhqUpp6fuSuu/zgGJOQIe7NlJh9FbYfq

-ax0nHO8qtwd+eTUCqkwVfOFZpDFwR7Ss73Z++14Em8TgFiIsTlBV1sa/xRWLT9JL

-Sqnr0tQiUJewO6sCUsis+U7kEf+QCueJAktMxR70rQcAJ2gd/zlnIaoaL4rF+MU8

-xlbEfMK/rxC6jeVm3oJu4ihjDKj1V6PDyEtzjsWQFtM+y6wgd98Kxt+0mHW3mZZ0

-+Ul0fHSE0fRNp8qEMOUKYFbCffWBrMBZaOaUy6FSnnGi8frv7WqJXNiO2lClhsN1

-2yA1HgiorhK9sXjVdwsjTmJhOdvn5sla22+QXrobNflHZHo8JhWHpZ9RbBWAZdaa

-FrEizBoDnkpdaNb2PykYjqPo8D1Y/lOSDOg32wOW50F6bZg3yyQzFe0+PsAPK/u+

-b8THRJhkbXYvcAoDQv785aXoaa0mVg+yAvz6dorchJkViaOvUlNl+DNNKGJb1hWc

-KWLU1SpH7I9QWQYGExFEzsg4Wv2ErGponSoecAm+IM23mn/fhGrwv1r/bl5WR++5

-5nUIAbPysz3yQoMllSsBBOpuSsCLo1KQqQeQxnTwFxLS0Ag2SwIDAQABozIwMDAd

-BgNVHQ4EFgQUff+Pkp90yZtYsNvFGhq6SBdL+f0wDwYDVR0TAQH/BAUwAwEB/zAN

-BgkqhkiG9w0BAQwFAAOCAgEAAWzAQxiJb+3WiXnVC0AeQ2GBnj3JNWI13WE1VJ1a

-+hsKAGHk6ACzsGfN0BiGp81Bt/4y+AinWTPI0xnuYqfJHS8/7sEvC7aSzmR0TsuM

-u7xOYCiczoEwlM2YoFt1dRWt+ve6EZgTXzBSm75to7F3HS0dZzRaEKxyOA3ONFHT

-tGgT+u7851qJQvNVwTOt54C7/PZ9Me5y98sosiGbp0USKroJbiMXHzIligp8s1uT

-+Pm581C8YTVHKciR/4fhChu+tx39ZR2p4AoJFjEvgcWqYy+sOyn+Z8sWWLoj3dFk

-xjdpSRLPI771ihGdV2JXwgzN1ei8OvUzrW1a1gLZkZ1ZWtK4rwpJteFh4YW/wuDb

-dKElfqXJITmOEO+uT4cJ5+hGa3rl6asxbEJ6vhy7SZPOzgM1uAjRT1MpBtG/ZPY5

-mOkjzNbjlNsgwJNkuXCi4+3DWNC3QNrIqm825Wdr79TM3kYGfkK/ngargA0z0KYc

-7sF6P0tGo6gLACbx+dO9KFpjBIqVaw9AUwb/IOGm1Yv+QutEISqgDQTKzT0iv2Pt

-eSkR2IzaEvH0VmBnTHoHQwrV7x10cMxhwoA1mRvdt8L+gKC91CbVirIiRGCrJabO

-GiKKZ+pD5kVi9gy7omrjw2kH6Vu4aQGySGBhzpIZ977oO9u+jaTdMHBtladqVvWd

-sIM=
------END CERTIFICATE-----
diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks b/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks
deleted file mode 100644
index 90dfcb937c..0000000000
--- a/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks
+++ /dev/null
diff --git a/kubernetes/aaf/components/aaf-cm/requirements.yaml b/kubernetes/aaf/components/aaf-cm/requirements.yaml
index 08ef7fe836..004107e10f 100644
--- a/kubernetes/aaf/components/aaf-cm/requirements.yaml
+++ b/kubernetes/aaf/components/aaf-cm/requirements.yaml
@@ -16,6 +16,9 @@
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
   - name: aaf-templates
     version: ~6.x-0
     repository: 'file://../aaf-templates'
diff --git a/kubernetes/aaf/components/aaf-cm/templates/deployment.yaml b/kubernetes/aaf/components/aaf-cm/templates/deployment.yaml
index 5074c8bc08..656aa1746d 100644
--- a/kubernetes/aaf/components/aaf-cm/templates/deployment.yaml
+++ b/kubernetes/aaf/components/aaf-cm/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs
 # Modifications © 2020 Orange
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "aaf.deployment" . }}
diff --git a/kubernetes/aaf/components/aaf-cm/templates/service.yaml b/kubernetes/aaf/components/aaf-cm/templates/service.yaml
index e54c4f3057..ea95e44497 100644
--- a/kubernetes/aaf/components/aaf-cm/templates/service.yaml
+++ b/kubernetes/aaf/components/aaf-cm/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Orange
 # Modifications © 2020 Orange
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.service" . }}
diff --git a/kubernetes/aaf/components/aaf-cm/values.yaml b/kubernetes/aaf/components/aaf-cm/values.yaml
index 0997c7db41..964b5c1002 100644
--- a/kubernetes/aaf/components/aaf-cm/values.yaml
+++ b/kubernetes/aaf/components/aaf-cm/values.yaml
@@ -15,25 +15,13 @@
 
 global:
   nodePortPrefix: 302
-  # Readiness image
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  # Ubuntu Init image
-  ubuntuInitRepository: registry.hub.docker.com
-  ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
-  # Logging image
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  # BusyBox image
-  busyboxRepository: registry.hub.docker.com
-  busyboxImage: library/busybox:1.31
   persistence:
     enabled: true
   # Standard OOM
   pullPolicy: "Always"
-  repository: "nexus3.onap.org:10001"
 
   aaf:
+    image: onap/aaf/aaf_core:2.1.23
     config:
       image: onap/aaf/aaf_config:2.1.23
 
diff --git a/kubernetes/aaf/components/aaf-fs/requirements.yaml b/kubernetes/aaf/components/aaf-fs/requirements.yaml
index 08ef7fe836..c7e2dcaa11 100644
--- a/kubernetes/aaf/components/aaf-fs/requirements.yaml
+++ b/kubernetes/aaf/components/aaf-fs/requirements.yaml
@@ -16,6 +16,9 @@
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
   - name: aaf-templates
     version: ~6.x-0
-    repository: 'file://../aaf-templates'
+    repository: 'file://../aaf-templates'
\ No newline at end of file
diff --git a/kubernetes/aaf/components/aaf-fs/templates/deployment.yaml b/kubernetes/aaf/components/aaf-fs/templates/deployment.yaml
index c36750809c..5d40538e49 100644
--- a/kubernetes/aaf/components/aaf-fs/templates/deployment.yaml
+++ b/kubernetes/aaf/components/aaf-fs/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Orange
 # Modifications © 2020 Orange
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "aaf.deployment" . }}
diff --git a/kubernetes/aaf/components/aaf-fs/templates/service.yaml b/kubernetes/aaf/components/aaf-fs/templates/service.yaml
index e54c4f3057..ea95e44497 100644
--- a/kubernetes/aaf/components/aaf-fs/templates/service.yaml
+++ b/kubernetes/aaf/components/aaf-fs/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Orange
 # Modifications © 2020 Orange
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.service" . }}
diff --git a/kubernetes/aaf/components/aaf-fs/values.yaml b/kubernetes/aaf/components/aaf-fs/values.yaml
index 9bffb95724..e911a10828 100644
--- a/kubernetes/aaf/components/aaf-fs/values.yaml
+++ b/kubernetes/aaf/components/aaf-fs/values.yaml
@@ -15,25 +15,13 @@
 
 global:
   nodePortPrefix: 302
-  # Readiness image
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  # Ubuntu Init image
-  ubuntuInitRepository: registry.hub.docker.com
-  ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
-  # Logging image
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  # BusyBox image
-  busyboxRepository: registry.hub.docker.com
-  busyboxImage: library/busybox:1.31
   persistence:
     enabled: true
   # Standard OOM
   pullPolicy: "Always"
-  repository: "nexus3.onap.org:10001"
 
   aaf:
+    image: onap/aaf/aaf_core:2.1.23
     config:
       image: onap/aaf/aaf_config:2.1.23
 
diff --git a/kubernetes/aaf/components/aaf-gui/requirements.yaml b/kubernetes/aaf/components/aaf-gui/requirements.yaml
index 08ef7fe836..004107e10f 100644
--- a/kubernetes/aaf/components/aaf-gui/requirements.yaml
+++ b/kubernetes/aaf/components/aaf-gui/requirements.yaml
@@ -16,6 +16,9 @@
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
   - name: aaf-templates
     version: ~6.x-0
     repository: 'file://../aaf-templates'
diff --git a/kubernetes/aaf/components/aaf-gui/templates/deployment.yaml b/kubernetes/aaf/components/aaf-gui/templates/deployment.yaml
index c36750809c..5d40538e49 100644
--- a/kubernetes/aaf/components/aaf-gui/templates/deployment.yaml
+++ b/kubernetes/aaf/components/aaf-gui/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Orange
 # Modifications © 2020 Orange
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "aaf.deployment" . }}
diff --git a/kubernetes/aaf/components/aaf-gui/templates/service.yaml b/kubernetes/aaf/components/aaf-gui/templates/service.yaml
index e54c4f3057..ea95e44497 100644
--- a/kubernetes/aaf/components/aaf-gui/templates/service.yaml
+++ b/kubernetes/aaf/components/aaf-gui/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Orange
 # Modifications © 2020 Orange
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.service" . }}
diff --git a/kubernetes/aaf/components/aaf-gui/values.yaml b/kubernetes/aaf/components/aaf-gui/values.yaml
index 8639d6c0f0..e239e615ed 100644
--- a/kubernetes/aaf/components/aaf-gui/values.yaml
+++ b/kubernetes/aaf/components/aaf-gui/values.yaml
@@ -15,25 +15,13 @@
 
 global:
   nodePortPrefix: 302
-  # Readiness image
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  # Ubuntu Init image
-  ubuntuInitRepository: registry.hub.docker.com
-  ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
-  # Logging image
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  # BusyBox image
-  busyboxRepository: registry.hub.docker.com
-  busyboxImage: library/busybox:1.31
   persistence:
     enabled: true
   # Standard OOM
   pullPolicy: "Always"
-  repository: "nexus3.onap.org:10001"
 
   aaf:
+    image: onap/aaf/aaf_core:2.1.23
     config:
       image: onap/aaf/aaf_config:2.1.23
 
diff --git a/kubernetes/aaf/components/aaf-hello/requirements.yaml b/kubernetes/aaf/components/aaf-hello/requirements.yaml
index 08ef7fe836..004107e10f 100644
--- a/kubernetes/aaf/components/aaf-hello/requirements.yaml
+++ b/kubernetes/aaf/components/aaf-hello/requirements.yaml
@@ -16,6 +16,9 @@
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
   - name: aaf-templates
     version: ~6.x-0
     repository: 'file://../aaf-templates'
diff --git a/kubernetes/aaf/components/aaf-hello/templates/deployment.yaml b/kubernetes/aaf/components/aaf-hello/templates/deployment.yaml
index 891b829f43..60e7c6bcc8 100644
--- a/kubernetes/aaf/components/aaf-hello/templates/deployment.yaml
+++ b/kubernetes/aaf/components/aaf-hello/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications © 2020 Orange
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: apps/v1
 kind: Deployment
 metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
@@ -26,7 +28,7 @@ spec:
       containers:
       - name: {{ include "common.name" . }}
         command: ["bash","-c","cd /opt/app/aaf && if [ ! -d /opt/app/osaaf/etc ]; then cp -Rf etc logs /opt/app/osaaf; fi && exec bin/hello"]
-        image: {{ .Values.global.repository }}/{{.Values.image }}
+        image: {{ include "repositoryGenerator.repository" . }}/{{.Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         ports: {{ include "common.containerPorts" . | nindent 10  }}
         volumeMounts:  {{ include "common.aaf-config-volume-mountpath" . | nindent 8 }}
diff --git a/kubernetes/aaf/components/aaf-hello/templates/secret.yaml b/kubernetes/aaf/components/aaf-hello/templates/secret.yaml
index f8c32e0670..9a3f011e80 100644
--- a/kubernetes/aaf/components/aaf-hello/templates/secret.yaml
+++ b/kubernetes/aaf/components/aaf-hello/templates/secret.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/aaf/components/aaf-hello/templates/service.yaml b/kubernetes/aaf/components/aaf-hello/templates/service.yaml
index 8f80ee12a2..149a8708a6 100644
--- a/kubernetes/aaf/components/aaf-hello/templates/service.yaml
+++ b/kubernetes/aaf/components/aaf-hello/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications © 2020 Orange
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.service" . }}
diff --git a/kubernetes/aaf/components/aaf-locate/requirements.yaml b/kubernetes/aaf/components/aaf-locate/requirements.yaml
index 08ef7fe836..004107e10f 100644
--- a/kubernetes/aaf/components/aaf-locate/requirements.yaml
+++ b/kubernetes/aaf/components/aaf-locate/requirements.yaml
@@ -16,6 +16,9 @@
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
   - name: aaf-templates
     version: ~6.x-0
     repository: 'file://../aaf-templates'
diff --git a/kubernetes/aaf/components/aaf-locate/templates/deployment.yaml b/kubernetes/aaf/components/aaf-locate/templates/deployment.yaml
index 5074c8bc08..656aa1746d 100644
--- a/kubernetes/aaf/components/aaf-locate/templates/deployment.yaml
+++ b/kubernetes/aaf/components/aaf-locate/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs
 # Modifications © 2020 Orange
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "aaf.deployment" . }}
diff --git a/kubernetes/aaf/components/aaf-locate/templates/service.yaml b/kubernetes/aaf/components/aaf-locate/templates/service.yaml
index e54c4f3057..ea95e44497 100644
--- a/kubernetes/aaf/components/aaf-locate/templates/service.yaml
+++ b/kubernetes/aaf/components/aaf-locate/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Orange
 # Modifications © 2020 Orange
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.service" . }}
diff --git a/kubernetes/aaf/components/aaf-locate/values.yaml b/kubernetes/aaf/components/aaf-locate/values.yaml
index 7bcf10dabb..0a3e4d432b 100644
--- a/kubernetes/aaf/components/aaf-locate/values.yaml
+++ b/kubernetes/aaf/components/aaf-locate/values.yaml
@@ -15,25 +15,13 @@
 
 global:
   nodePortPrefix: 302
-  # Readiness image
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  # Ubuntu Init image
-  ubuntuInitRepository: registry.hub.docker.com
-  ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
-  # Logging image
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  # BusyBox image
-  busyboxRepository: registry.hub.docker.com
-  busyboxImage: library/busybox:1.31
   persistence:
     enabled: true
   # Standard OOM
   pullPolicy: "Always"
-  repository: "nexus3.onap.org:10001"
 
   aaf:
+    image: onap/aaf/aaf_core:2.1.23
     config:
       image: onap/aaf/aaf_config:2.1.23
 
diff --git a/kubernetes/aaf/components/aaf-oauth/requirements.yaml b/kubernetes/aaf/components/aaf-oauth/requirements.yaml
index 08ef7fe836..004107e10f 100644
--- a/kubernetes/aaf/components/aaf-oauth/requirements.yaml
+++ b/kubernetes/aaf/components/aaf-oauth/requirements.yaml
@@ -16,6 +16,9 @@
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
   - name: aaf-templates
     version: ~6.x-0
     repository: 'file://../aaf-templates'
diff --git a/kubernetes/aaf/components/aaf-oauth/templates/deployment.yaml b/kubernetes/aaf/components/aaf-oauth/templates/deployment.yaml
index 5074c8bc08..656aa1746d 100644
--- a/kubernetes/aaf/components/aaf-oauth/templates/deployment.yaml
+++ b/kubernetes/aaf/components/aaf-oauth/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs
 # Modifications © 2020 Orange
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "aaf.deployment" . }}
diff --git a/kubernetes/aaf/components/aaf-oauth/templates/service.yaml b/kubernetes/aaf/components/aaf-oauth/templates/service.yaml
index e54c4f3057..ea95e44497 100644
--- a/kubernetes/aaf/components/aaf-oauth/templates/service.yaml
+++ b/kubernetes/aaf/components/aaf-oauth/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Orange
 # Modifications © 2020 Orange
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.service" . }}
diff --git a/kubernetes/aaf/components/aaf-oauth/values.yaml b/kubernetes/aaf/components/aaf-oauth/values.yaml
index 8771041778..2e9b6d42fa 100644
--- a/kubernetes/aaf/components/aaf-oauth/values.yaml
+++ b/kubernetes/aaf/components/aaf-oauth/values.yaml
@@ -15,25 +15,13 @@
 
 global:
   nodePortPrefix: 302
-  # Readiness image
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  # Ubuntu Init image
-  ubuntuInitRepository: registry.hub.docker.com
-  ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
-  # Logging image
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  # BusyBox image
-  busyboxRepository: registry.hub.docker.com
-  busyboxImage: library/busybox:1.31
   persistence:
     enabled: true
   # Standard OOM
   pullPolicy: "Always"
-  repository: "nexus3.onap.org:10001"
 
   aaf:
+    image: onap/aaf/aaf_core:2.1.23
     config:
       image: onap/aaf/aaf_config:2.1.23
 
diff --git a/kubernetes/aaf/components/aaf-service/requirements.yaml b/kubernetes/aaf/components/aaf-service/requirements.yaml
index 08ef7fe836..004107e10f 100644
--- a/kubernetes/aaf/components/aaf-service/requirements.yaml
+++ b/kubernetes/aaf/components/aaf-service/requirements.yaml
@@ -16,6 +16,9 @@
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
   - name: aaf-templates
     version: ~6.x-0
     repository: 'file://../aaf-templates'
diff --git a/kubernetes/aaf/components/aaf-service/templates/deployment.yaml b/kubernetes/aaf/components/aaf-service/templates/deployment.yaml
index 5074c8bc08..656aa1746d 100644
--- a/kubernetes/aaf/components/aaf-service/templates/deployment.yaml
+++ b/kubernetes/aaf/components/aaf-service/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs
 # Modifications © 2020 Orange
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "aaf.deployment" . }}
diff --git a/kubernetes/aaf/components/aaf-service/templates/service.yaml b/kubernetes/aaf/components/aaf-service/templates/service.yaml
index e54c4f3057..ea95e44497 100644
--- a/kubernetes/aaf/components/aaf-service/templates/service.yaml
+++ b/kubernetes/aaf/components/aaf-service/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Orange
 # Modifications © 2020 Orange
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.service" . }}
diff --git a/kubernetes/aaf/components/aaf-service/values.yaml b/kubernetes/aaf/components/aaf-service/values.yaml
index d924bb4f54..8d8da0db4a 100644
--- a/kubernetes/aaf/components/aaf-service/values.yaml
+++ b/kubernetes/aaf/components/aaf-service/values.yaml
@@ -15,25 +15,13 @@
 
 global:
   nodePortPrefix: 302
-  # Readiness image
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  # Ubuntu Init image
-  ubuntuInitRepository: registry.hub.docker.com
-  ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
-  # Logging image
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  # BusyBox image
-  busyboxRepository: registry.hub.docker.com
-  busyboxImage: library/busybox:1.31
   persistence:
     enabled: true
   # Standard OOM
   pullPolicy: "Always"
-  repository: "nexus3.onap.org:10001"
 
   aaf:
+    image: onap/aaf/aaf_core:2.1.23
     config:
       image: onap/aaf/aaf_config:2.1.23
 
diff --git a/kubernetes/aaf/components/aaf-sms/Makefile b/kubernetes/aaf/components/aaf-sms/Makefile
new file mode 100644
index 0000000000..4c79718d02
--- /dev/null
+++ b/kubernetes/aaf/components/aaf-sms/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/aaf/components/aaf-sms/components/Makefile b/kubernetes/aaf/components/aaf-sms/components/Makefile
new file mode 100644
index 0000000000..bf267b7720
--- /dev/null
+++ b/kubernetes/aaf/components/aaf-sms/components/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/Chart.yaml
index 2dc3d49b66..2dc3d49b66 100644
--- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml
+++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/Chart.yaml
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/requirements.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/requirements.yaml
index 7fdc969094..26bc7a64d8 100644
--- a/kubernetes/modeling/charts/modeling-etsicatalog/requirements.yaml
+++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/requirements.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2020 Samung Electronics
+ # Copyright © 2020 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -16,6 +16,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
-  - name: mariadb-galera
+  - name: repositoryGenerator
     version: ~6.x-0
     repository: '@local'
diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/resources/config/config.json
index 3a43f00019..3a43f00019 100644
--- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json
+++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/resources/config/config.json
diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/templates/configmap.yaml
index 02f1080f29..471c9094aa 100644
--- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml
+++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright 2018 Intel Corporation, Inc
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/templates/pv.yaml
index d855ae6fdf..d855ae6fdf 100644
--- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml
+++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/templates/pv.yaml
diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/templates/statefulset.yaml
index bf1179d49a..0e9e66dc47 100644
--- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml
+++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/templates/statefulset.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright 2018 Intel Corporation, Inc
 # Modifications © 2020 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: StatefulSet
@@ -28,7 +30,7 @@ spec:
   selector:
     matchLabels:
       app: {{ include "common.name" . }}
-  serviceName:
+  serviceName: {{ include "common.servicename" . }}
   template:
     metadata:
       labels:
@@ -47,14 +49,14 @@ spec:
             - |
               chmod -R 775 /quorumclient/auth
               chown -R 100:1000 /quorumclient/auth
-          image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+          image: {{ include "repositoryGenerator.image.busybox" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
             - mountPath: /quorumclient/auth
               name: {{ include "common.fullname" . }}-data
 {{- end }}
       containers:
-      - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+      - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         name: {{ include "common.name" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command: ["/quorumclient/bin/quorumclient"]
diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/values.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/values.yaml
index 1459624536..d41d31ce82 100644
--- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/values.yaml
+++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/values.yaml
@@ -23,7 +23,6 @@ global:
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
 image: onap/aaf/smsquorumclient:4.0.2
 pullPolicy: Always
 
@@ -39,6 +38,9 @@ nodeSelector: {}
 
 affinity: {}
 
+service:
+  name: aaf-sms
+
 persistence:
   enabled: true
   volumeReclaimPolicy: Retain
diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/Chart.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/Chart.yaml
index 074958ff70..074958ff70 100644
--- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/Chart.yaml
+++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/Chart.yaml
diff --git a/kubernetes/aaf/components/aaf-cert-service/requirements.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/requirements.yaml
index 6afaa06e8a..26bc7a64d8 100644
--- a/kubernetes/aaf/components/aaf-cert-service/requirements.yaml
+++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/requirements.yaml
@@ -12,7 +12,10 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
- dependencies:
+dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/configmap.yaml
index 2c70c23e03..0d09221644 100644
--- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml
+++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright 2018 Intel Corporation, Inc
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/pv.yaml
index d855ae6fdf..d855ae6fdf 100644
--- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml
+++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/pv.yaml
diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/service.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/service.yaml
index a3a7591b02..b642e39540 100644
--- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/service.yaml
+++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright 2018 Intel Corporation, Inc
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/statefulset.yaml
index 45bf399437..994e1555d3 100644
--- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml
+++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/statefulset.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright 2018 Intel Corporation, Inc
 # Modifications © 2020 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: StatefulSet
@@ -28,7 +30,7 @@ spec:
   selector:
     matchLabels:
       app: {{ include "common.name" . }}
-  serviceName:
+  serviceName: {{ include "common.servicename" . }}
   template:
     metadata:
       labels:
@@ -45,14 +47,14 @@ spec:
             - |
               chmod -R 775 /consul/data
               chown -R 100:1000 /consul/data
-          image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+          image: {{ include "repositoryGenerator.image.busybox" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
             - mountPath: /consul/data
               name: {{ include "common.fullname" . }}-data
 {{- end }}
       containers:
-      - image: "{{ include "common.repository" . }}/{{ .Values.image.vault }}"
+      - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.vault }}
         name: {{ include "common.name" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         args: ["server"]
@@ -67,7 +69,7 @@ spec:
           readOnly: true
         resources:
 {{ include "common.resources" . | indent 10 }}
-      - image: "{{ include "common.repository" . }}/{{ .Values.image.consul }}"
+      - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.consul }}
         name: {{ include "common.name" . }}-backend
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         args: ["agent","-server","-bind","0.0.0.0","-bootstrap-expect=1","-config-file","/consul/config/config.json"]
diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/values.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/values.yaml
index 7787f0b85d..750363c8f4 100644
--- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/values.yaml
+++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/values.yaml
@@ -20,7 +20,6 @@ global:
   persistence: {}
 
 # application image
-repository: nexus3.onap.org:10001
 image:
   consul: library/consul:1.7.1
   vault: library/vault:1.3.3
diff --git a/kubernetes/aaf/components/aaf-sms/requirements.yaml b/kubernetes/aaf/components/aaf-sms/requirements.yaml
index 7152c37ff0..a306ac63bf 100644
--- a/kubernetes/aaf/components/aaf-sms/requirements.yaml
+++ b/kubernetes/aaf/components/aaf-sms/requirements.yaml
@@ -16,6 +16,15 @@
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
   - name: certInitializer
     version: ~6.x-0
     repository: '@local'
+  - name: aaf-sms-quorumclient
+    version: ~6.x-0
+    repository: 'file://components/aaf-sms-quorumclient'
+  - name: aaf-sms-vault
+    version: ~6.x-0
+    repository: 'file://components/aaf-sms-vault'
diff --git a/kubernetes/aaf/components/aaf-sms/templates/deployment.yaml b/kubernetes/aaf/components/aaf-sms/templates/deployment.yaml
index 2d3b641659..cfe54cf07b 100644
--- a/kubernetes/aaf/components/aaf-sms/templates/deployment.yaml
+++ b/kubernetes/aaf/components/aaf-sms/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright 2018 Intel Corporation, Inc
 # Modifications © 2020 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -45,7 +47,7 @@ spec:
             - -c
             - |
               cat /int-certs/intermediate_root_ca.pem >> {{ .Values.certInitializer.mountPath }}/local/org.onap.aaf-sms.crt
-          image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+          image: {{ include "repositoryGenerator.image.busybox" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }}
             - mountPath: /int-certs
@@ -60,16 +62,16 @@ spec:
             - |
               chmod -R 775 /sms/auth
               chown -R 1000:1000 /sms/auth
-          image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+          image: {{ include "repositoryGenerator.image.busybox" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
             - mountPath: /sms/auth
               name: {{ include "common.fullname" . }}-auth
         - name: {{ include "common.name" . }}-readiness
-          image:  "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+          image:  {{ include "repositoryGenerator.image.readiness" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
-          - /root/ready.py
+          - /app/ready.py
           args:
           - --container-name
           - "aaf-sms-vault"
@@ -82,7 +84,7 @@ spec:
                 apiVersion: v1
                 fieldPath: metadata.namespace
       containers:
-      - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+      - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}
         command: ["/sms/bin/sms"]
diff --git a/kubernetes/aaf/components/aaf-sms/templates/job.yaml b/kubernetes/aaf/components/aaf-sms/templates/job.yaml
index 315d068676..1341889af3 100644
--- a/kubernetes/aaf/components/aaf-sms/templates/job.yaml
+++ b/kubernetes/aaf/components/aaf-sms/templates/job.yaml
@@ -25,7 +25,6 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 spec:
-  replicas: {{ .Values.replicaCount }}
   template:
     metadata:
       labels:
@@ -137,14 +136,14 @@ spec:
           name: {{ include "common.name" . }}-preload-input
         - mountPath: /config/
           name: {{ include "common.name" . }}-preload
-        image: "{{ .Values.global.envsubstImage }}"
+        image: {{ include "repositoryGenerator.image.envsubst" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-update-config
-      - image:  "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+      - image:  {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
         command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - "aaf-sms"
@@ -157,7 +156,7 @@ spec:
               apiVersion: v1
               fieldPath: metadata.namespace
       containers:
-      - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+      - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-preload
         command:
diff --git a/kubernetes/aaf/components/aaf-sms/templates/service.yaml b/kubernetes/aaf/components/aaf-sms/templates/service.yaml
index 9c94202fe3..8f30164fec 100644
--- a/kubernetes/aaf/components/aaf-sms/templates/service.yaml
+++ b/kubernetes/aaf/components/aaf-sms/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright 2018 Intel Corporation, Inc
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/aaf/components/aaf-sms/values.yaml b/kubernetes/aaf/components/aaf-sms/values.yaml
index dccf57ca96..3b777c64f6 100644
--- a/kubernetes/aaf/components/aaf-sms/values.yaml
+++ b/kubernetes/aaf/components/aaf-sms/values.yaml
@@ -18,10 +18,7 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
   persistence: {}
-  envsubstImage: dibi/envsubst
   aafEnabled: true
 
 flavor: small
@@ -58,7 +55,6 @@ certInitializer:
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
 image: onap/aaf/sms:4.0.2
 pullPolicy: Always
 
@@ -104,6 +100,11 @@ service:
   internalPort: 10443
   externalPort: 10443
 
+#define value for aaf-sms-quorumclient subchart
+aaf-sms-quorumclient:
+  service:
+    name: aaf-sms
+
 persistence:
   enabled: true
   volumeReclaimPolicy: Retain
diff --git a/kubernetes/aaf/components/aaf-sshsm/Makefile b/kubernetes/aaf/components/aaf-sshsm/Makefile
new file mode 100644
index 0000000000..4c79718d02
--- /dev/null
+++ b/kubernetes/aaf/components/aaf-sshsm/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/aaf/components/aaf-sshsm/components/Makefile b/kubernetes/aaf/components/aaf-sshsm/components/Makefile
new file mode 100644
index 0000000000..bf267b7720
--- /dev/null
+++ b/kubernetes/aaf/components/aaf-sshsm/components/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/Chart.yaml
index 499b82caaf..499b82caaf 100644
--- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/Chart.yaml
diff --git a/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/requirements.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/requirements.yaml
new file mode 100644
index 0000000000..771a327656
--- /dev/null
+++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/templates/configmap.yaml
index 99176fcdf6..8555a3c153 100644
--- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/templates/configmap.yaml
@@ -14,7 +14,7 @@
 # limitations under the License.
 */}}
 
-{{- if .Values.global.distcenter.enabled -}}
+{{- if .Values.global.tpm.enabled -}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/templates/deployment.yaml
index c624ccfc4d..a2df4e53b9 100644
--- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/templates/deployment.yaml
@@ -14,10 +14,10 @@
 # limitations under the License.
 */}}
 
-{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}}
+{{- if .Values.global.tpm.enabled  -}}
 
 apiVersion: apps/v1
-kind: StatefulSet
+kind: Deployment
 metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
 spec:
   selector: {{- include "common.selectors" . | nindent 4 }}
@@ -27,11 +27,11 @@ spec:
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
       initContainers:
-      - image:  "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+      - image:  {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-job-complete
         command:
-        - /root/job_complete.py
+        - /app/ready.py
         args:
         - -j
         - "{{ include "common.fullname" . }}-init"
@@ -49,7 +49,7 @@ spec:
             cpu: 3m
             memory: 20Mi
       containers:
-      - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+      - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         name: {{ include "common.name" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command: ["/abrmd/bin/run_abrmd.sh"]
@@ -67,14 +67,14 @@ spec:
         resources: {{ include "common.resources" . | nindent 10 }}
       nodeSelector:
         {{- if .Values.nodeSelector }}
-{{ toYaml .Values.nodeSelector | indent 8 }}
-        {{- end -}}
+        {{ toYaml .Values.nodeSelector | indent 8 | trim }}
+        {{- end }}
         {{- if .Values.global.tpm.enabled }}
         {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }}
-        {{- end -}}
-        {{- if .Values.affinity }}
-      affinity: {{ toYaml .Values.affinity | nindent 8 }}
         {{- end }}
+      {{- if .Values.affinity }}
+      affinity: {{ toYaml .Values.affinity | nindent 8 }}
+      {{- end }}
       volumes:
       - name: localtime
         hostPath:
diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/templates/job.yaml
index 23fe79d716..8a8b6bd8fe 100644
--- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/templates/job.yaml
@@ -14,7 +14,7 @@
 # limitations under the License.
 */}}
 
-{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}}
+{{- if .Values.global.tpm.enabled -}}
 
 apiVersion: batch/v1
 kind: Job
@@ -27,7 +27,7 @@ spec:
       restartPolicy: Never
       containers:
       - name: {{ include "common.name" . }}-job
-        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command: ["/abrmd/bin/initialize_tpm.sh"]
         workingDir: /abrmd/bin
@@ -48,17 +48,16 @@ spec:
         - name: {{ include "common.fullname" . }}-tpmconfig
           mountPath: "/abrmd/cred/"
           readOnly: true
-        resources: {{ toYaml .Values.resources | nindent 10 }}
+        resources: {{ include "common.resources" . | nindent 10 }}
       {{- if .Values.nodeSelector }}
       nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
-        {{- end -}}
         {{- if .Values.global.tpm.enabled }}
         {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }}
         {{- end -}}
+      {{- end -}}
         {{- if .Values.affinity }}
       affinity: {{ toYaml .Values.affinity | nindent 8 }}
         {{- end }}
-      resources: {{ include "common.resources" . | nindent 10 }}
       volumes:
       - name: {{ include "common.fullname" . }}-data
         persistentVolumeClaim:
diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/values.yaml
index 2a733632bf..e97519aa3e 100644
--- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/values.yaml
@@ -15,12 +15,18 @@
 #################################################################
 # Global configuration defaults.
 #################################################################
+global:
+  tpm:
+    enabled: true
+    # if enabled, nodeselector will use the below
+    # values in the nodeselector section of the pod
+    nodeLabel: "tpm-node"
+    nodeLabelValue: "true"
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
 image: onap/aaf/abrmd:4.0.0
 pullPolicy: Always
 
diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/Chart.yaml
index 22ba3da019..22ba3da019 100644
--- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/Chart.yaml
diff --git a/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/requirements.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/requirements.yaml
new file mode 100644
index 0000000000..771a327656
--- /dev/null
+++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/configmap.yaml
index 8d1faf7e32..2e82f5bd26 100644
--- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/configmap.yaml
@@ -14,12 +14,8 @@
 # limitations under the License.
 */}}
 
-{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}}
-
 apiVersion: v1
 kind: ConfigMap
 metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
 data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-
-{{- end -}}
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
\ No newline at end of file
diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/job.yaml
index fb48c7df4a..f74b5c8f2d 100644
--- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/job.yaml
@@ -14,13 +14,10 @@
 # limitations under the License.
 */}}
 
-{{- if .Values.global.distcenter.enabled -}}
-
 apiVersion: batch/v1
 kind: Job
 metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
 spec:
-  replicas: {{ .Values.replicaCount }}
   serviceName:
   template:
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
@@ -28,11 +25,11 @@ spec:
       restartPolicy: Never
       initContainers:
 {{- if .Values.global.tpm.enabled }}
-      - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+      - image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
         command:
-        - /root/job_complete.py
+        - /app/ready.py
         args:
         - -j
         - "{{ include "common.release" . }}-aaf-sshsm-abrmd-init"
@@ -50,7 +47,7 @@ spec:
             cpu: 3m
             memory: 20Mi
 {{ else }}
-      - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+      - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-gen-passphrase
         command: ["sh", "-c", "/usr/bin/openssl rand -base64 12 >/distcenter/data/passphrase"]
@@ -75,7 +72,7 @@ spec:
             memory: 20Mi
 {{- end }}
       containers:
-      - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+      - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         name: {{ include "common.name" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command: ["/entrypoint.sh"]
@@ -102,5 +99,3 @@ spec:
           claimName: {{ include "common.release" . }}-aaf-sshsm
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
-
-{{- end -}}
diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/pv.yaml
index bf0ef74be2..22acb2a609 100644
--- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/pv.yaml
@@ -14,6 +14,4 @@
 # limitations under the License.
 */}}
 
-{{- if .Values.global.distcenter.enabled -}}
 {{ include "common.PV" . }}
-{{- end -}}
diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/pvc.yaml
index a13b7f353b..1c7f6ffe4a 100644
--- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/pvc.yaml
@@ -14,6 +14,4 @@
 # limitations under the License.
 */}}
 
-{{- if .Values.global.distcenter.enabled -}}
 {{ include "common.PVC" . }}
-{{- end -}}
diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/values.yaml
index 94791be713..fb42843cb7 100644
--- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/values.yaml
@@ -17,12 +17,13 @@
 #################################################################
 global:
   persistence: {}
+  tpm:
+    enabled: true
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
 image: onap/aaf/distcenter:4.0.0
 pullPolicy: Always
 
diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/Chart.yaml
index b64e0c331a..b64e0c331a 100644
--- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/Chart.yaml
diff --git a/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/requirements.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/requirements.yaml
new file mode 100644
index 0000000000..771a327656
--- /dev/null
+++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/templates/job.yaml
index a64f483d74..71e7c299bc 100644
--- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/templates/job.yaml
@@ -14,23 +14,20 @@
 # limitations under the License.
 */}}
 
-{{- if .Values.global.testca.enabled -}}
-
 apiVersion: batch/v1
 kind: Job
 metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
 spec:
-  replicas: {{ .Values.replicaCount }}
   template:
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
       restartPolicy: Never
       initContainers:
-      - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+      - image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-distcenter-ready
         command:
-        - /root/job_complete.py
+        - /app/ready.py
         args:
         - -j
         - "{{ include "common.release" . }}-aaf-sshsm-distcenter"
@@ -48,7 +45,7 @@ spec:
             cpu: 3m
             memory: 20Mi
 {{- if .Values.global.tpm.enabled }}
-      - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+      - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-abrmd-ready
         command: ["sh", "/sshsm/bin/abrmd_ready.sh", "300"]
@@ -71,7 +68,7 @@ spec:
             memory: 20Mi
 {{- end }}
       containers:
-      - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+      - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         name: {{ include "common.name" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command: ["./import.sh"]
@@ -104,7 +101,7 @@ spec:
         resources: {{ include "common.resources" . | nindent 10 }}
       nodeSelector:
         {{- if .Values.nodeSelector }}
-{{ toYaml .Values.nodeSelector | indent 8 }}
+        {{ toYaml .Values.nodeSelector | indent 8 | trim }}
         {{- end -}}
         {{- if .Values.global.tpm.enabled }}
         {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }}
@@ -127,5 +124,3 @@ spec:
           secretName: {{ include "common.release" . }}-aaf-sshsm
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
-
-{{- end -}}
diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/values.yaml
index dd04c93bd7..f116c6d5e9 100644
--- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/values.yaml
@@ -16,13 +16,18 @@
 # Global configuration defaults.
 #################################################################
 
-enabled: true
+global:
+  tpm:
+    enabled: true
+    # if enabled, nodeselector will use the below
+    # values in the nodeselector section of the pod
+    nodeLabel: "tpm-node"
+    nodeLabelValue: "true"
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
 image: onap/aaf/testcaservice:4.0.0
 pullPolicy: Always
 
diff --git a/kubernetes/aaf/components/aaf-sshsm/requirements.yaml b/kubernetes/aaf/components/aaf-sshsm/requirements.yaml
index 0704a2c9df..bb76d59c04 100644
--- a/kubernetes/aaf/components/aaf-sshsm/requirements.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/requirements.yaml
@@ -16,3 +16,18 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
+  - name: aaf-sshsm-abrmd
+    version: ~6.x-0
+    repository: 'file://components/aaf-sshsm-abrmd'
+    condition: aaf-sshsm-abrmd.enabled
+  - name: aaf-sshsm-distcenter
+    version: ~6.x-0
+    repository: 'file://components/aaf-sshsm-distcenter'
+    condition: aaf-sshsm-distcenter.enabled
+  - name: aaf-sshsm-testca
+    version: ~6.x-0
+    repository: 'file://components/aaf-sshsm-testca'
+    condition: aaf-sshsm-testca.testca.enabled
diff --git a/kubernetes/aaf/components/aaf-sshsm/templates/secret.yaml b/kubernetes/aaf/components/aaf-sshsm/templates/secret.yaml
index 50b6f36cd3..4be63fa18b 100644
--- a/kubernetes/aaf/components/aaf-sshsm/templates/secret.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/templates/secret.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright 2018 Intel Corporation, Inc
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Secret
diff --git a/kubernetes/aaf/components/aaf-sshsm/values.yaml b/kubernetes/aaf/components/aaf-sshsm/values.yaml
index 30fb0d2f2f..7e8d4f1352 100644
--- a/kubernetes/aaf/components/aaf-sshsm/values.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/values.yaml
@@ -18,21 +18,8 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  # Readiness image
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  # Ubuntu Init image
-  ubuntuInitRepository: registry.hub.docker.com
-  ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
-  # Logging image
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  # BusyBox image
-  busyboxRepository: registry.hub.docker.com
-  busyboxImage: library/busybox:1.31
   # Standard OOM
   pullPolicy: "Always"
-  repository: "nexus3.onap.org:10001"
 
   tpm:
     enabled: false
@@ -40,14 +27,15 @@ global:
     # values in the nodeselector section of the pod
     nodeLabel: "tpm-node"
     nodeLabelValue: "true"
-  abrmd:
-    enabled: true
-  distcenter:
-    enabled: true
-  testca:
-    enabled: true
   persistence: {}
 
+aaf-sshsm-abrmd:
+  enabled: true
+aaf-sshsm-distcenter:
+  enabled: true
+aaf-sshsm-testca:
+  enabled: true
+
 persistence:
   enabled: true
   data:
diff --git a/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl b/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl
index bf6931a8e3..25a05a5e2f 100644
--- a/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl
+++ b/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl
@@ -28,7 +28,7 @@ spec:
       - name: {{ include "common.name" . }}
         workingDir: /opt/app/aaf
         command: ["bin/{{ .Values.binary }}"]
-        image: {{ include "common.repository" . }}/{{.Values.global.aaf.image}}
+        image: {{ include "repositoryGenerator.repository" . }}/{{.Values.global.aaf.image}}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         ports: {{ include "common.containerPorts" . | nindent 10  }}
         volumeMounts:
diff --git a/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl b/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl
index 43c511fd6d..7cdf4d072e 100644
--- a/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl
+++ b/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl
@@ -23,7 +23,7 @@
   - |
     chown -R 1000:1000 /opt/app/aaf
     chown -R 1000:1000 /opt/app/osaaf
-  image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+  image: {{ include "repositoryGenerator.image.busybox" . }}
   imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
   volumeMounts:
   - mountPath: /opt/app/osaaf
@@ -39,7 +39,7 @@
 
 {{- define "aaf.podConfiguration" }}
 - name: {{ include "common.name" . }}-config-container
-  image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
+  image: {{ include "repositoryGenerator.repository" . }}/{{.Values.global.aaf.config.image}}
   imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
   command:
   - /bin/bash
@@ -96,7 +96,7 @@ initContainers:
 {{-   if .Values.sequence_order }}
 - name: {{ include "common.name" . }}-aaf-readiness
   command:
-  - /root/ready.py
+  - /app/ready.py
   args:
   {{- range $container := .Values.sequence_order }}
   - --container-name
@@ -108,7 +108,7 @@ initContainers:
       fieldRef:
         apiVersion: v1
         fieldPath: metadata.namespace
-  image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+  image: {{ include "repositoryGenerator.image.readiness" . }}
   imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
   resources:
     limits:
diff --git a/kubernetes/aaf/requirements.yaml b/kubernetes/aaf/requirements.yaml
index ccbe14c7a3..7a7103fc09 100644
--- a/kubernetes/aaf/requirements.yaml
+++ b/kubernetes/aaf/requirements.yaml
@@ -1,6 +1,7 @@
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 # Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2020 Nokia
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -18,9 +19,6 @@ dependencies:
   - name: aaf-cass
     version: ~6.x-0
     repository: 'file://components/aaf-cass'
-  - name: aaf-cert-service
-    version: ~6.x-0
-    repository: 'file://components/aaf-cert-service'
   - name: aaf-cm
     version: ~6.x-0
     repository: 'file://components/aaf-cm'
diff --git a/kubernetes/aaf/values.yaml b/kubernetes/aaf/values.yaml
index df4dcf3723..9d032b599a 100644
--- a/kubernetes/aaf/values.yaml
+++ b/kubernetes/aaf/values.yaml
@@ -1,5 +1,6 @@
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications © 2020 AT&T
+# Modifications Copyright © 2020 Nokia
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -19,27 +20,10 @@
 
 global:
   nodePortPrefix: 302
-  # Readiness image
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  # Ubuntu Init image
-  ubuntuInitRepository: registry.hub.docker.com
-  ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
-  # Logging image
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  # BusyBox image
-  busyboxRepository: registry.hub.docker.com
-  busyboxImage: library/busybox:1.31
   persistence:
     enabled: true
   # Standard OOM
   pullPolicy: "Always"
-  repository: "nexus3.onap.org:10001"
-
-  # Use Local
-  #pullPolicy: IfNotPresent
-  #repository: "nexus3.onap.org:10003"
 
   cmpv2Enabled: true
   addTestingComponents: false
@@ -76,10 +60,6 @@ global:
       public_port: 31112
 #     Note: as hello is a sample app, find values in charts/aaf-hello/values.yaml
 
-    certServiceClient:
-      secret:
-        name: aaf-cert-service-client-tls-secret
-
 #################################################################
 # Application configuration defaults.
 #################################################################
diff --git a/kubernetes/aai b/kubernetes/aai
-Subproject f1e329c458c48530da36dd1c6b38b7548116bd6
+Subproject 540b846831e2053ccdcce9fa620cb7eeb7f5db4
diff --git a/kubernetes/appc/Makefile b/kubernetes/appc/Makefile
new file mode 100644
index 0000000000..4c79718d02
--- /dev/null
+++ b/kubernetes/appc/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/appc/components/Makefile b/kubernetes/appc/components/Makefile
new file mode 100644
index 0000000000..f2e7a1fb82
--- /dev/null
+++ b/kubernetes/appc/components/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := soHelpers
+HELM_BIN := helm
+HELM_CHARTS := soHelpers $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/appc/charts/appc-ansible-server/.helmignore b/kubernetes/appc/components/appc-ansible-server/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/appc/charts/appc-ansible-server/.helmignore
+++ b/kubernetes/appc/components/appc-ansible-server/.helmignore
diff --git a/kubernetes/appc/charts/appc-ansible-server/Chart.yaml b/kubernetes/appc/components/appc-ansible-server/Chart.yaml
index 9c47c9eaef..9c47c9eaef 100644
--- a/kubernetes/appc/charts/appc-ansible-server/Chart.yaml
+++ b/kubernetes/appc/components/appc-ansible-server/Chart.yaml
diff --git a/kubernetes/appc/charts/appc-ansible-server/requirements.yaml b/kubernetes/appc/components/appc-ansible-server/requirements.yaml
index 33afc43aa5..2fa99a9484 100644
--- a/kubernetes/appc/charts/appc-ansible-server/requirements.yaml
+++ b/kubernetes/appc/components/appc-ansible-server/requirements.yaml
@@ -16,3 +16,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/appc/charts/appc-ansible-server/resources/config/RestServer_config b/kubernetes/appc/components/appc-ansible-server/resources/config/RestServer_config
index 8a417fcb1f..dc0859985e 100644
--- a/kubernetes/appc/charts/appc-ansible-server/resources/config/RestServer_config
+++ b/kubernetes/appc/components/appc-ansible-server/resources/config/RestServer_config
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T, Amdocs, Bell Canada, AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 # Host definition
 ip:	0.0.0.0
diff --git a/kubernetes/appc/charts/appc-ansible-server/templates/configmap.yaml b/kubernetes/appc/components/appc-ansible-server/templates/configmap.yaml
index 103bc2fde1..3bfe84c6e7 100644
--- a/kubernetes/appc/charts/appc-ansible-server/templates/configmap.yaml
+++ b/kubernetes/appc/components/appc-ansible-server/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada, AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/appc/charts/appc-ansible-server/templates/pv.yaml b/kubernetes/appc/components/appc-ansible-server/templates/pv.yaml
index b2acf37393..b2acf37393 100644
--- a/kubernetes/appc/charts/appc-ansible-server/templates/pv.yaml
+++ b/kubernetes/appc/components/appc-ansible-server/templates/pv.yaml
diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/service.yaml b/kubernetes/appc/components/appc-ansible-server/templates/service.yaml
index 85f3840002..e952357c4c 100644
--- a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/service.yaml
+++ b/kubernetes/appc/components/appc-ansible-server/templates/service.yaml
@@ -32,4 +32,4 @@ spec:
       name: {{ .Values.service.name }}
   selector:
     app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
+    release: {{ include "common.release" . }}
\ No newline at end of file
diff --git a/kubernetes/appc/charts/appc-ansible-server/templates/statefulset.yaml b/kubernetes/appc/components/appc-ansible-server/templates/statefulset.yaml
index 882372e9c7..0e9e60ab5f 100644
--- a/kubernetes/appc/charts/appc-ansible-server/templates/statefulset.yaml
+++ b/kubernetes/appc/components/appc-ansible-server/templates/statefulset.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada, AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: StatefulSet
@@ -23,6 +25,7 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 spec:
+  serviceName: {{ include "common.servicename" . }}
   selector:
     matchLabels:
       app: {{ include "common.name" . }}
@@ -35,7 +38,7 @@ spec:
     spec:
       initContainers:
       - name: {{ include "common.name" . }}-chown
-        image: "busybox"
+        image: {{ include "repositoryGenerator.image.busybox" . }}
         command: ["sh", "-c", "chown -R {{ .Values.config.ansibleUid }}:{{ .Values.config.ansibleGid}} {{ .Values.persistence.playbookPath }}"]
         volumeMounts:
           - mountPath: {{ .Values.persistence.playbookPath }}
@@ -44,7 +47,7 @@ spec:
         - name: {{ include "common.name" . }}
           command: ["/bin/bash"]
           args: ["-c", "cd /opt/onap/ccsdk && ./startAnsibleServer.sh"]
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
diff --git a/kubernetes/appc/charts/appc-ansible-server/values.yaml b/kubernetes/appc/components/appc-ansible-server/values.yaml
index b6bf77f3f7..1588bc52d6 100644
--- a/kubernetes/appc/charts/appc-ansible-server/values.yaml
+++ b/kubernetes/appc/components/appc-ansible-server/values.yaml
@@ -17,10 +17,7 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
+  persistence: {}
 
 #################################################################
 # Application configuration defaults.
@@ -28,7 +25,6 @@ global:
 flavor: small
 
 # application image
-repository: nexus3.onap.org:10001
 image: onap/ccsdk-ansible-server-image:0.4.4
 pullPolicy: Always
 
diff --git a/kubernetes/appc/charts/appc-cdt/.helmignore b/kubernetes/appc/components/appc-cdt/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/appc/charts/appc-cdt/.helmignore
+++ b/kubernetes/appc/components/appc-cdt/.helmignore
diff --git a/kubernetes/appc/charts/appc-cdt/Chart.yaml b/kubernetes/appc/components/appc-cdt/Chart.yaml
index 3d83bc945c..3d83bc945c 100644
--- a/kubernetes/appc/charts/appc-cdt/Chart.yaml
+++ b/kubernetes/appc/components/appc-cdt/Chart.yaml
diff --git a/kubernetes/appc/charts/appc-cdt/requirements.yaml b/kubernetes/appc/components/appc-cdt/requirements.yaml
index a7089ea6b3..fa92c63e34 100644
--- a/kubernetes/appc/charts/appc-cdt/requirements.yaml
+++ b/kubernetes/appc/components/appc-cdt/requirements.yaml
@@ -16,3 +16,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/appc/charts/appc-cdt/templates/NOTES.txt b/kubernetes/appc/components/appc-cdt/templates/NOTES.txt
index 1a7dbc5d13..1a7dbc5d13 100644
--- a/kubernetes/appc/charts/appc-cdt/templates/NOTES.txt
+++ b/kubernetes/appc/components/appc-cdt/templates/NOTES.txt
diff --git a/kubernetes/appc/charts/appc-cdt/templates/deployment.yaml b/kubernetes/appc/components/appc-cdt/templates/deployment.yaml
index 9cf2a10a38..ebcabf5112 100644
--- a/kubernetes/appc/charts/appc-cdt/templates/deployment.yaml
+++ b/kubernetes/appc/components/appc-cdt/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -36,7 +38,7 @@ spec:
       initContainers:
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
           - /opt/startCdt.sh
diff --git a/kubernetes/appc/charts/appc-cdt/templates/ingress.yaml b/kubernetes/appc/components/appc-cdt/templates/ingress.yaml
index 8f87c68f1e..8f87c68f1e 100644
--- a/kubernetes/appc/charts/appc-cdt/templates/ingress.yaml
+++ b/kubernetes/appc/components/appc-cdt/templates/ingress.yaml
diff --git a/kubernetes/appc/charts/appc-cdt/templates/service.yaml b/kubernetes/appc/components/appc-cdt/templates/service.yaml
index 6affc0b421..54e239ebc5 100644
--- a/kubernetes/appc/charts/appc-cdt/templates/service.yaml
+++ b/kubernetes/appc/components/appc-cdt/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/appc/charts/appc-cdt/values.yaml b/kubernetes/appc/components/appc-cdt/values.yaml
index e8508204bc..b3dab719bd 100644
--- a/kubernetes/appc/charts/appc-cdt/values.yaml
+++ b/kubernetes/appc/components/appc-cdt/values.yaml
@@ -25,7 +25,6 @@ global:
 flavor: small
 
 # application image
-repository: nexus3.onap.org:10001
 image: onap/appc-cdt-image:1.7.2
 pullPolicy: Always
 
diff --git a/kubernetes/appc/requirements.yaml b/kubernetes/appc/requirements.yaml
index d512a7ee08..be72cc2b99 100644
--- a/kubernetes/appc/requirements.yaml
+++ b/kubernetes/appc/requirements.yaml
@@ -22,3 +22,14 @@ dependencies:
   - name: dgbuilder
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
+  - name: appc-ansible-server
+    version: ~6.x-0
+    repository: 'file://components/appc-ansible-server'
+    condition: appc-ansible-server.enabled
+  - name: appc-cdt
+    version: ~6.x-0
+    repository: 'file://components/appc-cdt'
+    condition: appc-cdt.enabled
\ No newline at end of file
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh
index 825f7ab56a..6e35ca894c 100755
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh
@@ -1,4 +1,5 @@
 #!/bin/bash -x
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 waiting_bundles=$(/opt/opendaylight/current/bin/client bundle:list | grep Waiting | wc -l)
 run_level=$(/opt/opendaylight/current/bin/client system:start-level)
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/installAppcDb.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/installAppcDb.sh
index 46d0e119be..10e538a19a 100755
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/installAppcDb.sh
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/installAppcDb.sh
@@ -1,3 +1,4 @@
+{{/*
 ###
 # ============LICENSE_START=======================================================
 # APPC
@@ -18,6 +19,7 @@
 # limitations under the License.
 # ============LICENSE_END=========================================================
 ###
+*/}}
 
 SDNC_HOME=${SDNC_HOME:-/opt/onap/ccsdk}
 APPC_HOME=${APPC_HOME:-/opt/onap/appc}
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
index 512f38020b..25a5c319bd 100755
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
@@ -1,4 +1,5 @@
 #!/bin/bash -x
+{{/*
 
 ###
 # ============LICENSE_START=======================================================
@@ -27,6 +28,7 @@
 #  if not already installed, and starts the APPC Docker Container
 #
 #set -x
+*/}}
 
 function enable_odl_cluster(){
   if [ -z $APPC_REPLICAS ]; then
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaiclient.properties b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaiclient.properties
index 70285069ff..bf5432163c 100644
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaiclient.properties
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaiclient.properties
@@ -1,3 +1,4 @@
+{{/*
 ###
 # ============LICENSE_START=======================================================
 # APPC
@@ -26,6 +27,7 @@
 #
 # Certificate keystore and truststore
 #
+*/}}
 org.onap.ccsdk.sli.adaptors.aai.ssl.trust=/opt/onap/appc/data/stores/truststoreONAPall.jks
 org.onap.ccsdk.sli.adaptors.aai.ssl.trust.psswd=changeit
 org.onap.ccsdk.sli.adaptors.aai.ssl.key=/opt/onap/appc/data/stores/truststoreONAPall.jks
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties
index 542645683e..9fa4625049 100644
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties
@@ -1,3 +1,4 @@
+{{/*
 ###
 # ============LICENSE_START=======================================================
 # APPC
@@ -19,6 +20,7 @@
 # ============LICENSE_END=========================================================
 # ECOMP is a trademark and service mark of AT&T Intellectual Property.
 ###
+*/}}
 
 ###	                                        ###
 ### Properties for demo  ###
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties
index 2986ee9e5b..1a2b1f6508 100644
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties
@@ -1,3 +1,4 @@
+{{/*
 ###
 # ============LICENSE_START=======================================================
 # APPC
@@ -18,6 +19,7 @@
 # ============LICENSE_END=========================================================
 ###
 #hostname=localhost
+*/}}
 
 cadi_loglevel=DEBUG
 cadi_bath_convert=/opt/onap/appc/data/properties/bath_config.csv
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/dblib.properties b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/dblib.properties
index 0c54883cd2..3c19fb44e3 100644
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/dblib.properties
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/dblib.properties
@@ -1,3 +1,4 @@
+{{/*
 ###
 # ============LICENSE_START=======================================================
 # APPC
@@ -18,6 +19,7 @@
 # limitations under the License.
 # ============LICENSE_END=========================================================
 ###
+*/}}
 
 # dblib.properrties
 org.onap.ccsdk.sli.dbtype=jdbc
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/svclogic.properties b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/svclogic.properties
index 7bec30d11e..95f672c2e2 100644
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/svclogic.properties
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/svclogic.properties
@@ -1,3 +1,4 @@
+{{/*
 ###
 # ============LICENSE_START=======================================================
 # APPC
@@ -18,6 +19,7 @@
 # limitations under the License.
 # ============LICENSE_END=========================================================
 ###
+*/}}
 
 org.onap.ccsdk.sli.dbtype = dblib
 #Note : the next 4 fields are only used if org.onap.ccsdk.sli.dbtype = jdbc
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/svclogic/bin/showActiveGraphs.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/svclogic/bin/showActiveGraphs.sh
index 79acc4042c..5e5103066b 100755
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/svclogic/bin/showActiveGraphs.sh
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/svclogic/bin/showActiveGraphs.sh
@@ -1,3 +1,4 @@
+{{/*
 ###
 # ============LICENSE_START=======================================================
 # APPC
@@ -19,6 +20,7 @@
 # ============LICENSE_END=========================================================
 # ECOMP is a trademark and service mark of AT&T Intellectual Property.
 ###
+*/}}
 
 MYSQL_USER=${SDNC_DB_USER}
 MYSQL_PWD=${SDNC_DB_PASSWD}
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/svclogic/config/svclogic.properties b/kubernetes/appc/resources/config/appc/opt/onap/appc/svclogic/config/svclogic.properties
index 2a4b4328f4..a6f7f50026 100644
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/svclogic/config/svclogic.properties
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/svclogic/config/svclogic.properties
@@ -1,3 +1,4 @@
+{{/*
 ###
 # ============LICENSE_START=======================================================
 # APPC
@@ -19,6 +20,7 @@
 # ============LICENSE_END=========================================================
 # ECOMP is a trademark and service mark of AT&T Intellectual Property.
 ###
+*/}}
 
 org.onap.ccsdk.sli.dbtype = jdbc
 org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh
index 6e9eef33ac..29761a0200 100755
--- a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh
+++ b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
+{{/*
 
 ###
 # ============LICENSE_START=======================================================
@@ -21,6 +22,7 @@
 # limitations under the License.
 # ============LICENSE_END=========================================================
 ###
+*/}}
 
 SDNC_HOME=${SDNC_HOME:-/opt/onap/ccsdk}
 MYSQL_PASSWD=${MYSQL_ROOT_PASSWORD}
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/aaiclient.properties b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/aaiclient.properties
index 80c470310f..9e76b27acf 100644
--- a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/aaiclient.properties
+++ b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/aaiclient.properties
@@ -1,3 +1,4 @@
+{{/*
 ###
 # ============LICENSE_START=======================================================
 # APPC
@@ -18,6 +19,7 @@
 # limitations under the License.
 # ============LICENSE_END=========================================================
 ###
+*/}}
 
 #
 # Configuration file for A&AI Client
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/dblib.properties b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/dblib.properties
index 5d65be7c28..a46920f001 100644
--- a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/dblib.properties
+++ b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/dblib.properties
@@ -1,3 +1,4 @@
+{{/*
 ###
 # ============LICENSE_START=======================================================
 # openECOMP : SDN-C
@@ -19,6 +20,7 @@
 # limitations under the License.
 # ============LICENSE_END=========================================================
 ###
+*/}}
 
 # dblib.properrties
 org.onap.ccsdk.sli.dbtype=jdbc
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/svclogic.properties b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/svclogic.properties
index 485b935459..a0df862636 100644
--- a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/svclogic.properties
+++ b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/svclogic.properties
@@ -1,3 +1,4 @@
+{{/*
 ###
 # ============LICENSE_START=======================================================
 # openECOMP : SDN-C
@@ -19,6 +20,7 @@
 # limitations under the License.
 # ============LICENSE_END=========================================================
 ###
+*/}}
 
 org.onap.ccsdk.sli.dbtype = dblib
 #Note : the next 4 fields are only used if org.onap.ccsdk.sli.dbtype = jdbc
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/svclogic/bin/showActiveGraphs.sh b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/svclogic/bin/showActiveGraphs.sh
index 9359530a1a..72c5c8f482 100755
--- a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/svclogic/bin/showActiveGraphs.sh
+++ b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/svclogic/bin/showActiveGraphs.sh
@@ -1,3 +1,4 @@
+{{/*
 ###
 # ============LICENSE_START=======================================================
 # openECOMP : SDN-C
@@ -19,6 +20,7 @@
 # limitations under the License.
 # ============LICENSE_END=========================================================
 ###
+*/}}
 
 MYSQL_USER=${SDNC_DB_USER}
 MYSQL_PWD=${SDNC_DB_PASSWD}
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/svclogic/config/svclogic.properties b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/svclogic/config/svclogic.properties
index 1ec9f48758..5be5b8ddab 100644
--- a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/svclogic/config/svclogic.properties
+++ b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/svclogic/config/svclogic.properties
@@ -1,3 +1,4 @@
+{{/*
 ###
 # ============LICENSE_START=======================================================
 # openECOMP : SDN-C
@@ -19,6 +20,7 @@
 # limitations under the License.
 # ============LICENSE_END=========================================================
 ###
+*/}}
 
 org.onap.ccsdk.sli.dbtype = jdbc
 org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
diff --git a/kubernetes/appc/resources/config/log/filebeat/filebeat.yml b/kubernetes/appc/resources/config/log/filebeat/filebeat.yml
index 85293c8275..98df709639 100644
--- a/kubernetes/appc/resources/config/log/filebeat/filebeat.yml
+++ b/kubernetes/appc/resources/config/log/filebeat/filebeat.yml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 filebeat.prospectors:
 #it is mandatory, in our case it's log
diff --git a/kubernetes/appc/resources/config/log/org.ops4j.pax.logging.cfg b/kubernetes/appc/resources/config/log/org.ops4j.pax.logging.cfg
index e68057f87a..b74cc995fd 100644
--- a/kubernetes/appc/resources/config/log/org.ops4j.pax.logging.cfg
+++ b/kubernetes/appc/resources/config/log/org.ops4j.pax.logging.cfg
@@ -1,3 +1,4 @@
+{{/*
 ################################################################################
 #
 #  ============LICENSE_START=======================================================
@@ -19,6 +20,7 @@
 #  ============LICENSE_END=========================================================
 #
 ################################################################################
+*/}}
 
 # Common pattern layout for appenders
 log4j2.pattern = %d{ISO8601} | %-5p | %-16t | %-32c{1} | %X{bundle.id} - %X{bundle.name} - %X{bundle.version} | %m%n
diff --git a/kubernetes/appc/templates/configmap.yaml b/kubernetes/appc/templates/configmap.yaml
index fe206a9322..6ebf0b1026 100644
--- a/kubernetes/appc/templates/configmap.yaml
+++ b/kubernetes/appc/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/appc/templates/secrets.yaml b/kubernetes/appc/templates/secrets.yaml
index c6aeb1e102..3cccd128eb 100644
--- a/kubernetes/appc/templates/secrets.yaml
+++ b/kubernetes/appc/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
 ---
diff --git a/kubernetes/appc/templates/service.yaml b/kubernetes/appc/templates/service.yaml
index bd181e1e57..eb95ffc405 100644
--- a/kubernetes/appc/templates/service.yaml
+++ b/kubernetes/appc/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/appc/templates/statefulset.yaml b/kubernetes/appc/templates/statefulset.yaml
index d9617fd299..208315495b 100644
--- a/kubernetes/appc/templates/statefulset.yaml
+++ b/kubernetes/appc/templates/statefulset.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: StatefulSet
@@ -67,13 +69,13 @@ spec:
           name: onap-sdnc-data-properties
         - mountPath: /config/sdnc-svclogic-config
           name: onap-sdnc-svclogic-config
-        image: "{{ .Values.global.envsubstImage }}"
+        image: {{ include "repositoryGenerator.image.envsubst" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-update-config
 
       - name: {{ include "common.name" . }}-readiness
         command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - {{.Values.config.mariadbGaleraContName}}
@@ -83,17 +85,17 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
       - name: {{ include "common.name" . }}-chown
-        image: "busybox"
+        image: {{ include "repositoryGenerator.image.busybox" . }}
         command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }}"]
         volumeMounts:
           - mountPath: {{ .Values.persistence.mdsalPath }}
             name: {{ include "common.fullname" . }}-data
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
           - /opt/appc/bin/startODL.sh
diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml
index 1386a06493..92c9985c35 100644
--- a/kubernetes/appc/values.yaml
+++ b/kubernetes/appc/values.yaml
@@ -18,13 +18,7 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
   centralizedLoggingEnabled: false
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  # envsusbt
-  envsubstImage: dibi/envsubst
   persistence:
     mountPath: /dockerdata-nfs
 
@@ -56,7 +50,6 @@ secrets:
 #################################################################
 flavor: small
 # application image
-repository: nexus3.onap.org:10001
 image: onap/appc-image:1.7.2
 pullPolicy: Always
 
@@ -112,12 +105,16 @@ config:
   dmaapServicePassword: onapappc
 
 appc-ansible-server:
+  enabled: true
   service:
     name: appc-ansible-server
     internalPort: 8000
   config:
     mysqlServiceName: appc-dbhost
 
+appc-cdt:
+  enabled: true
+
 mariadb-galera:
   nameOverride: appc-db
   config:
@@ -134,6 +131,8 @@ mariadb-galera:
 
 dgbuilder:
   nameOverride: appc-dgbuilder
+  certInitializer:
+    nameOverride: appc-dgbuilder-cert-initializer
   config:
     db:
       rootPasswordExternalSecret: '{{ include "common.release" . }}-appc-db-root-pass'
diff --git a/kubernetes/cds/Makefile b/kubernetes/cds/Makefile
new file mode 100644
index 0000000000..4c79718d02
--- /dev/null
+++ b/kubernetes/cds/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/cds/charts/cds-sdc-listener/values.yaml b/kubernetes/cds/charts/cds-sdc-listener/values.yaml
deleted file mode 100644
index 30f9451673..0000000000
--- a/kubernetes/cds/charts/cds-sdc-listener/values.yaml
+++ /dev/null
@@ -1,100 +0,0 @@
-# Copyright (c) 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
-  # Change to an unused port prefix range to prevent port conflicts
-  # with other instances running within the same k8s cluster
-  nodePortPrefix: 302
-
-  # image repositories
-  repository: nexus3.onap.org:10001
-
-  # readiness check
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-
-  # image pull policy
-  pullPolicy: Always
-
-  persistence:
-    mountPath: /dockerdata-nfs
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/ccsdk-sdclistener:0.7.5
-name: sdc-listener
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
-  appConfigDir: /opt/app/onap/config
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
-  initialDelaySeconds: 10
-  periodSeconds: 10
-  # necessary to disable liveness probe when setting breakpoints
-  # in debugger so K8s doesn't restart unresponsive container
-  enabled: true
-
-readiness:
-  initialDelaySeconds: 10
-  periodSeconds: 10
-
-service:
-  type: ClusterIP
-  http:
-    portName: cds-sdc-listener-http
-    internalPort: 8080
-    externalPort: 8080
-
-persistence:
-  enabled: true
-
-ingress:
-  enabled: false
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  #
-  # Example:
-  # Configure resource requests and limits
-  # ref: http://kubernetes.io/docs/user-guide/compute-resources/
-  # Minimum memory for development is 2 CPU cores and 4GB memory
-# Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-#  limits:
-#    cpu: 2
-#    memory: 4Gi
-#  requests:
-#    cpu: 2
-#    memory: 4Gi
diff --git a/kubernetes/cds/components/Makefile b/kubernetes/cds/components/Makefile
new file mode 100644
index 0000000000..f2e7a1fb82
--- /dev/null
+++ b/kubernetes/cds/components/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := soHelpers
+HELM_BIN := helm
+HELM_CHARTS := soHelpers $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/cds/charts/cds-blueprints-processor/Chart.yaml b/kubernetes/cds/components/cds-blueprints-processor/Chart.yaml
index 64e3a952bc..64e3a952bc 100755
--- a/kubernetes/cds/charts/cds-blueprints-processor/Chart.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/Chart.yaml
diff --git a/kubernetes/cds/components/cds-blueprints-processor/requirements.yaml b/kubernetes/cds/components/cds-blueprints-processor/requirements.yaml
new file mode 100755
index 0000000000..b3805c7e41
--- /dev/null
+++ b/kubernetes/cds/components/cds-blueprints-processor/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright (c) 2019 IBM, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/ONAP_RootCA.cer b/kubernetes/cds/components/cds-blueprints-processor/resources/config/ONAP_RootCA.cer
index e9a50d7ea0..e9a50d7ea0 100755
--- a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/ONAP_RootCA.cer
+++ b/kubernetes/cds/components/cds-blueprints-processor/resources/config/ONAP_RootCA.cer
diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties
index 453f906101..a3d32a9a03 100755
--- a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties
+++ b/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties
@@ -1,3 +1,4 @@
+{{/*
 #
 #  Copyright (c) 2017-2019 AT&T, IBM, Bell Canada, Nordix Foundation.
 #
@@ -16,6 +17,7 @@
 # Web server config
 ### START -Controller Blueprints Properties
 # Load Resource Source Mappings
+*/}}
 resourceSourceMappings=processor-db=source-db,input=source-input,default=source-default,sdnc=source-rest,aai-data=source-rest,capability=source-capability,rest=source-rest,vault-data=source-rest,script=source-capability
 
 # Blueprint Processor File Execution and Handling Properties
@@ -151,3 +153,9 @@ cdslistener.healthcheck.mapping-service-name-with-service-link=[SDC Listener ser
 #Actuator properties
 management.endpoints.web.exposure.include=*
 management.endpoint.health.show-details=always
+
+#K8s Plugin properties
+#Credentials are placeholders as k8s plugin has not authentication atm
+blueprintprocessor.k8s.plugin.username=unused
+blueprintprocessor.k8s.plugin.password=unused
+blueprintprocessor.k8s.plugin.url=http://multicloud-k8s:9015/
diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/error-messages_en.properties b/kubernetes/cds/components/cds-blueprints-processor/resources/config/error-messages_en.properties
index ef398784dd..0c657f1b4f 100644
--- a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/error-messages_en.properties
+++ b/kubernetes/cds/components/cds-blueprints-processor/resources/config/error-messages_en.properties
@@ -1,3 +1,4 @@
+{{/*
 #
 # Copyright © 2020 IBM, Bell Canada
 #
@@ -13,6 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+*/}}
 org.onap.ccsdk.cds.blueprintsprocessor.generic_failure=cause=Internal error in Blueprint Processor run time.,action=Contact CDS administrator team.
 org.onap.ccsdk.cds.blueprintsprocessor.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time.
 org.onap.ccsdk.cds.blueprintsprocessor.resource_writing_fail=cause=Fail to write resources files.,action=Please reload your files and make sure it is in the right format.
diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/hazelcast.yaml b/kubernetes/cds/components/cds-blueprints-processor/resources/config/hazelcast.yaml
index 3a3a1ce095..3a3a1ce095 100755
--- a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/hazelcast.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/resources/config/hazelcast.yaml
diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/logback.xml b/kubernetes/cds/components/cds-blueprints-processor/resources/config/logback.xml
index 349336ee79..88ac8d98df 100755
--- a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/logback.xml
+++ b/kubernetes/cds/components/cds-blueprints-processor/resources/config/logback.xml
@@ -30,13 +30,13 @@
         </encoder>
     </appender>
 
-    <logger name="org.springframework" level="info"/>
-    <logger name="org.springframework.web" level="info"/>
-    <logger name="org.springframework.security.web.authentication" level="warn"/>
-    <logger name="org.hibernate" level="error"/>
-    <logger name="org.onap.ccsdk.cds" level="info"/>
+    <logger name="org.springframework" level="{{ .Values.logback.logger.springframework }}"/>
+    <logger name="org.springframework.web" level="{{ .Values.logback.logger.springframeworkWeb }}"/>
+    <logger name="org.springframework.security.web.authentication" level="{{ .Values.logback.logger.springframeworkSecurityWebauthentication }}"/>
+    <logger name="org.hibernate" level="{{ .Values.logback.logger.hibernate }}"/>
+    <logger name="org.onap.ccsdk.cds" level="{{ .Values.logback.logger.onapCcsdkCds }}"/>
 
-    <root level="info">
+    <root level="{{ .Values.logback.rootLogLevel }}">
         <appender-ref ref="STDOUT"/>
     </root>
 
diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/configmap.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/configmap.yaml
index 873acee237..15f611478b 100755
--- a/kubernetes/cds/charts/cds-blueprints-processor/templates/configmap.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright (c) 2019 IBM, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
index dbf531796d..f321e54fd1 100755
--- a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright (c) 2019 IBM, Bell Canada
 # Copyright (c) 2020 Samsung Electronics
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -67,12 +69,12 @@ spec:
           subPath: application.properties
         - mountPath: /config
           name: processed-config
-        image: "{{ .Values.global.envsubstImage }}"
+        image: {{ include "repositoryGenerator.image.envsubst" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-update-config
 
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - cds-db
@@ -86,7 +88,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       - name: fix-permission
@@ -95,14 +97,14 @@ spec:
         - -R
         - 1000:1000
         - /opt/app/onap/blueprints/deploy
-        image: busybox:latest
+        image: {{ include "repositoryGenerator.image.busybox" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - mountPath: {{ .Values.persistence.deployedBlueprint }}
           name: {{ include "common.fullname" . }}-blueprints
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           env:
           - name: APP_CONFIG_HOME
diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/ingress.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/ingress.yaml
index 8f87c68f1e..8f87c68f1e 100644
--- a/kubernetes/cds/charts/cds-blueprints-processor/templates/ingress.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/ingress.yaml
diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/pv.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/pv.yaml
index 6155ee9e28..6155ee9e28 100755
--- a/kubernetes/cds/charts/cds-blueprints-processor/templates/pv.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/pv.yaml
diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/pvc.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/pvc.yaml
index 9da36c85e4..9da36c85e4 100755
--- a/kubernetes/cds/charts/cds-blueprints-processor/templates/pvc.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/pvc.yaml
diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/secrets.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/secrets.yaml
index 34932b713d..34932b713d 100644
--- a/kubernetes/sdnc/charts/sdnc-portal/templates/secrets.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/secrets.yaml
diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/service.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/service.yaml
index 14c8b22121..5d2e438e1e 100755
--- a/kubernetes/cds/charts/cds-blueprints-processor/templates/service.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright (c) 2019 IBM, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/components/cds-blueprints-processor/values.yaml
index 2de835492f..629b8252cc 100755
--- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/values.yaml
@@ -21,22 +21,12 @@ global:
   # with other instances running within the same k8s cluster
   nodePortPrefixExt: 304
 
-  # image repositories
-  repository: nexus3.onap.org:10001
-
-  # readiness check
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-
   # image pull policy
   pullPolicy: Always
 
   persistence:
     mountPath: /dockerdata-nfs
 
-  # envsusbt
-  envsubstImage: dibi/envsubst
-
   #This configuration specifies Service and port for SDNC OAM interface
   sdncOamService: sdnc-oam
   sdncOamPort: 8282
@@ -61,8 +51,7 @@ secrets:
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
-image: onap/ccsdk-blueprintsprocessor:0.7.5
+image: onap/ccsdk-blueprintsprocessor:1.0.3
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -82,8 +71,8 @@ config:
     dbServer: cds-db
     dbPort: 3306
     dbName: sdnctl
-    # dbUser: sdnctl
-    # dbPassword: sdnctl
+    dbUser: sdnctl
+    dbPassword: sdnctl
     # dbCredsExternalSecret: <some secret name>
     # dbRootPassword: password
     # dbRootPassExternalSecret
@@ -159,21 +148,30 @@ ingress:
   config:
     ssl: "none"
 
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  #
-  # Example:
-  # Configure resource requests and limits
-  # ref: http://kubernetes.io/docs/user-guide/compute-resources/
-  # Minimum memory for development is 2 CPU cores and 4GB memory
-  # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-#  limits:
-#    cpu: 2
-#    memory: 4Gi
-#  requests:
-#    cpu: 2
-#    memory: 4Gi
+logback:
+  rootLogLevel: INFO
+  logger:
+    springframework: INFO
+    springframeworkWeb: INFO
+    springframeworkSecurityWebauthentication: INFO
+    hibernate: INFO
+    onapCcsdkCds: INFO
+
+flavor: small
+
+resources:
+  small:
+    limits:
+      cpu: 2
+      memory: 4Gi
+    requests:
+      cpu: 1
+      memory: 1Gi
+  large:
+    limits:
+      cpu: 4
+      memory: 8Gi
+    requests:
+      cpu: 2
+      memory: 4Gi
+  unlimited: {}
diff --git a/kubernetes/cds/charts/cds-command-executor/Chart.yaml b/kubernetes/cds/components/cds-command-executor/Chart.yaml
index 62fb5629d7..62fb5629d7 100755
--- a/kubernetes/cds/charts/cds-command-executor/Chart.yaml
+++ b/kubernetes/cds/components/cds-command-executor/Chart.yaml
diff --git a/kubernetes/cds/charts/cds-ui/requirements.yaml b/kubernetes/cds/components/cds-command-executor/requirements.yaml
index b33ac701fe..7a0e74bfaf 100644..100755
--- a/kubernetes/cds/charts/cds-ui/requirements.yaml
+++ b/kubernetes/cds/components/cds-command-executor/requirements.yaml
@@ -15,4 +15,7 @@
 dependencies:
   - name: common
     version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
     repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/cds/charts/cds-command-executor/templates/deployment.yaml b/kubernetes/cds/components/cds-command-executor/templates/deployment.yaml
index 39f37a4fe8..40238c2513 100755
--- a/kubernetes/cds/charts/cds-command-executor/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-command-executor/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright (c) 2019 Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -35,7 +37,7 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - cds-blueprints-processor
@@ -45,12 +47,12 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.grpc.internalPort }}
diff --git a/kubernetes/cds/charts/cds-command-executor/templates/service.yaml b/kubernetes/cds/components/cds-command-executor/templates/service.yaml
index 7533d83a72..2301902f56 100755
--- a/kubernetes/cds/charts/cds-command-executor/templates/service.yaml
+++ b/kubernetes/cds/components/cds-command-executor/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright (c) 2019 Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/cds/charts/cds-command-executor/values.yaml b/kubernetes/cds/components/cds-command-executor/values.yaml
index f194c279c9..c9e4354199 100755
--- a/kubernetes/cds/charts/cds-command-executor/values.yaml
+++ b/kubernetes/cds/components/cds-command-executor/values.yaml
@@ -22,13 +22,6 @@ global:
   # with other instances running within the same k8s cluster
   nodePortPrefix: 302
 
-  # image repositories
-  repository: nexus3.onap.org:10001
-
-  # readiness check
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-
   # image pull policy
   pullPolicy: Always
 
@@ -39,8 +32,7 @@ global:
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
-image: onap/ccsdk-commandexecutor:0.7.5
+image: onap/ccsdk-commandexecutor:1.0.3
 pullPolicy: Always
 
 # application configuration
diff --git a/kubernetes/cds/charts/cds-py-executor/Chart.yaml b/kubernetes/cds/components/cds-py-executor/Chart.yaml
index 41b43c34a3..41b43c34a3 100755
--- a/kubernetes/cds/charts/cds-py-executor/Chart.yaml
+++ b/kubernetes/cds/components/cds-py-executor/Chart.yaml
diff --git a/kubernetes/cds/charts/cds-py-executor/requirements.yaml b/kubernetes/cds/components/cds-py-executor/requirements.yaml
index 676fe8f6b2..722ecad6bf 100755
--- a/kubernetes/cds/charts/cds-py-executor/requirements.yaml
+++ b/kubernetes/cds/components/cds-py-executor/requirements.yaml
@@ -15,4 +15,7 @@
 dependencies:
   - name: common
     version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
     repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml b/kubernetes/cds/components/cds-py-executor/templates/deployment.yaml
index f9c3377dd8..d7b2959fcb 100755
--- a/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-py-executor/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright (c) 2020 Bell Canada, Deutsche Telekom
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -23,7 +25,7 @@ spec:
     spec:
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           command:
             - bash
           args:
@@ -51,9 +53,9 @@ spec:
           - name: AUTH_TYPE
             value: {{ .Values.config.authType }}
           - name: API_USERNAME
-            {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "login") | nindent 12 }}
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-credentials" "key" "login") | nindent 12 }}
           - name: API_PASSWORD
-            {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "password") | nindent 12 }}
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-credentials" "key" "password") | nindent 12 }}
           - name: LOG_FILE
             value: {{ .Values.config.logFile }}
           - name: ARTIFACT_MANAGER_PORT
diff --git a/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml b/kubernetes/cds/components/cds-py-executor/templates/secret.yaml
index c36607b172..7916b3c233 100644
--- a/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml
+++ b/kubernetes/cds/components/cds-py-executor/templates/secret.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright (c) 2020 Deutsche Telekom
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
\ No newline at end of file
diff --git a/kubernetes/cds/charts/cds-py-executor/templates/service.yaml b/kubernetes/cds/components/cds-py-executor/templates/service.yaml
index 1267791b6c..095d70d179 100755
--- a/kubernetes/cds/charts/cds-py-executor/templates/service.yaml
+++ b/kubernetes/cds/components/cds-py-executor/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright (c) 2020 Bell Canada, Deutsche Telekom
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.service" . }}
\ No newline at end of file
diff --git a/kubernetes/cds/charts/cds-py-executor/values.yaml b/kubernetes/cds/components/cds-py-executor/values.yaml
index 9dbc5b7ff3..8941909db4 100755
--- a/kubernetes/cds/charts/cds-py-executor/values.yaml
+++ b/kubernetes/cds/components/cds-py-executor/values.yaml
@@ -20,13 +20,6 @@ global:
   # with other instances running within the same k8s cluster
   nodePortPrefix: 302
 
-  # image repositories
-  repository: nexus3.onap.org:10001
-
-  # readiness check
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-
   # image pull policy
   pullPolicy: Always
 
@@ -37,8 +30,7 @@ global:
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
-image: onap/ccsdk-py-executor:0.7.5
+image: onap/ccsdk-py-executor:1.0.3
 pullPolicy: Always
 
 # default number of instances
diff --git a/kubernetes/cds/charts/cds-sdc-listener/Chart.yaml b/kubernetes/cds/components/cds-sdc-listener/Chart.yaml
index 975923ebbe..975923ebbe 100755
--- a/kubernetes/cds/charts/cds-sdc-listener/Chart.yaml
+++ b/kubernetes/cds/components/cds-sdc-listener/Chart.yaml
diff --git a/kubernetes/cds/charts/cds-sdc-listener/requirements.yaml b/kubernetes/cds/components/cds-sdc-listener/requirements.yaml
index b33ac701fe..7a0e74bfaf 100755
--- a/kubernetes/cds/charts/cds-sdc-listener/requirements.yaml
+++ b/kubernetes/cds/components/cds-sdc-listener/requirements.yaml
@@ -15,4 +15,7 @@
 dependencies:
   - name: common
     version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
     repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/cds/charts/cds-sdc-listener/resources/config/application.yaml b/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml
index b3e95a2a21..b3e95a2a21 100644
--- a/kubernetes/cds/charts/cds-sdc-listener/resources/config/application.yaml
+++ b/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml
diff --git a/kubernetes/cds/charts/cds-sdc-listener/resources/config/logback.xml b/kubernetes/cds/components/cds-sdc-listener/resources/config/logback.xml
index 5715226eb2..b48cad75f1 100644
--- a/kubernetes/cds/charts/cds-sdc-listener/resources/config/logback.xml
+++ b/kubernetes/cds/components/cds-sdc-listener/resources/config/logback.xml
@@ -30,13 +30,13 @@
     </encoder>
   </appender>
 
-  <logger name="org.springframework" level="info"/>
-  <logger name="org.springframework.web" level="info"/>
-  <logger name="org.springframework.security.web.authentication" level="warn"/>
-  <logger name="org.hibernate" level="error"/>
-  <logger name="org.onap.ccsdk.cds" level="info"/>
+  <logger name="org.springframework" level="{{ .Values.logback.logger.springframework }}"/>
+  <logger name="org.springframework.web" level="{{ .Values.logback.logger.springframeworkWeb }}"/>
+  <logger name="org.springframework.security.web.authentication" level="{{ .Values.logback.logger.springframeworkSecurityWebauthentication }}"/>
+  <logger name="org.hibernate" level="{{ .Values.logback.logger.hibernate }}"/>
+  <logger name="org.onap.ccsdk.cds" level="{{ .Values.logback.logger.onapCcsdkCds }}"/>
 
-  <root level="warn">
+  <root level="{{ .Values.logback.rootLogLevel }}">
     <appender-ref ref="STDOUT"/>
   </root>
 
diff --git a/kubernetes/cds/charts/cds-sdc-listener/templates/configmap.yaml b/kubernetes/cds/components/cds-sdc-listener/templates/configmap.yaml
index e82ac6f5dd..01e1b22ad5 100644
--- a/kubernetes/cds/charts/cds-sdc-listener/templates/configmap.yaml
+++ b/kubernetes/cds/components/cds-sdc-listener/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright (c) 2019 Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/cds/charts/cds-sdc-listener/templates/deployment.yaml b/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml
index f0db9faf5e..7dca49c761 100644
--- a/kubernetes/cds/charts/cds-sdc-listener/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright (c) 2019 Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -35,7 +37,7 @@ spec:
     spec:
       initContainers:
         - command:
-          - /root/ready.py
+          - /app/ready.py
           args:
             - --container-name
             - sdc-be
@@ -49,12 +51,12 @@ spec:
               fieldRef:
                 apiVersion: v1
                 fieldPath: metadata.namespace
-          image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+          image: {{ include "repositoryGenerator.image.readiness" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           name: {{ include "common.name" . }}-readiness
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           env:
           - name: APP_CONFIG_HOME
diff --git a/kubernetes/cds/charts/cds-sdc-listener/templates/service.yaml b/kubernetes/cds/components/cds-sdc-listener/templates/service.yaml
index e4e8cf91c2..af837f2b3a 100644
--- a/kubernetes/cds/charts/cds-sdc-listener/templates/service.yaml
+++ b/kubernetes/cds/components/cds-sdc-listener/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright (c) 2019 Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 kind: Service
 metadata:
diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml b/kubernetes/cds/components/cds-sdc-listener/values.yaml
index 61beab34c4..105e634408 100644
--- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml
+++ b/kubernetes/cds/components/cds-sdc-listener/values.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright (c) 2019 Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,31 +11,34 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
 #################################################################
 # Global configuration defaults.
 #################################################################
 global:
+  # Change to an unused port prefix range to prevent port conflicts
+  # with other instances running within the same k8s cluster
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
+
+  # image pull policy
+  pullPolicy: Always
+
+  persistence:
+    mountPath: /dockerdata-nfs
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
-image: onap/dcae-tosca-app:1.3.3
+image: onap/ccsdk-sdclistener:1.0.3
+name: sdc-listener
 pullPolicy: Always
 
 # flag to enable debugging - application support required
 debugEnabled: false
 
+# application configuration
 config:
-  javaOptions: -XX:MaxPermSize=256m -Xmx1024m
-  cassandraSslEnabled: "false"
+  appConfigDir: /opt/app/onap/config
 
 # default number of instances
 replicaCount: 1
@@ -50,7 +53,7 @@ liveness:
   periodSeconds: 10
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
-  enabled: false
+  enabled: true
 
 readiness:
   initialDelaySeconds: 10
@@ -58,33 +61,41 @@ readiness:
 
 service:
   type: ClusterIP
-  name: sdc-dcae-tosca-lab
-  portName: sdc-dcae-tosca-lab-8085
-  externalPort: 8085
-  internalPort: 8085
-  portName2: sdc-dcae-tosca-lab-8445
-  externalPort2: 8445
-  internalPort2: 8445
+  http:
+    portName: cds-sdc-listener-http
+    internalPort: 8080
+    externalPort: 8080
+
+persistence:
+  enabled: true
 
 ingress:
   enabled: false
 
-# Resource Limit flavor -By Default using small
+logback:
+  rootLogLevel: INFO
+  logger:
+    springframework: INFO
+    springframeworkWeb: INFO
+    springframeworkSecurityWebauthentication: INFO
+    hibernate: INFO
+    onapCcsdkCds: INFO
+
 flavor: small
-# Segregation for Different environment (Small and Large)
+
 resources:
   small:
     limits:
-      cpu: 1
+      cpu: 2
       memory: 4Gi
     requests:
-      cpu: 10m
+      cpu: 1
       memory: 1Gi
   large:
     limits:
-      cpu: 2
+      cpu: 4
       memory: 8Gi
     requests:
-      cpu: 20m
-      memory: 2Gi
+      cpu: 2
+      memory: 4Gi
   unlimited: {}
diff --git a/kubernetes/cds/charts/cds-ui/Chart.yaml b/kubernetes/cds/components/cds-ui/Chart.yaml
index 3ed3cf3717..3ed3cf3717 100644
--- a/kubernetes/cds/charts/cds-ui/Chart.yaml
+++ b/kubernetes/cds/components/cds-ui/Chart.yaml
diff --git a/kubernetes/cds/charts/cds-command-executor/requirements.yaml b/kubernetes/cds/components/cds-ui/requirements.yaml
index b33ac701fe..7a0e74bfaf 100755..100644
--- a/kubernetes/cds/charts/cds-command-executor/requirements.yaml
+++ b/kubernetes/cds/components/cds-ui/requirements.yaml
@@ -15,4 +15,7 @@
 dependencies:
   - name: common
     version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
     repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/cds/charts/cds-ui/templates/deployment.yaml b/kubernetes/cds/components/cds-ui/templates/deployment.yaml
index 7832f0f374..1c88f56d99 100644
--- a/kubernetes/cds/charts/cds-ui/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-ui/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Orange
 # Modifications Copyright © 2018  Amdocs, Bell Canada
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -37,7 +39,7 @@ spec:
     spec:
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
             - containerPort: {{ .Values.service.internalPort }}
diff --git a/kubernetes/cds/charts/cds-ui/templates/ingress.yaml b/kubernetes/cds/components/cds-ui/templates/ingress.yaml
index 8f87c68f1e..8f87c68f1e 100644
--- a/kubernetes/cds/charts/cds-ui/templates/ingress.yaml
+++ b/kubernetes/cds/components/cds-ui/templates/ingress.yaml
diff --git a/kubernetes/cds/charts/cds-ui/templates/service.yaml b/kubernetes/cds/components/cds-ui/templates/service.yaml
index dcc7ccbedd..bfc3e30c84 100644
--- a/kubernetes/cds/charts/cds-ui/templates/service.yaml
+++ b/kubernetes/cds/components/cds-ui/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada, Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/cds/charts/cds-ui/values.yaml b/kubernetes/cds/components/cds-ui/values.yaml
index d8a87cc2ea..1c7f628b2c 100644
--- a/kubernetes/cds/charts/cds-ui/values.yaml
+++ b/kubernetes/cds/components/cds-ui/values.yaml
@@ -18,17 +18,12 @@
 #################################################################
 global:
   nodePortPrefixExt: 304
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:1.1.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
 
 subChartsOnly:
   enabled: true
 
 # application image
-repository: nexus3.onap.org:10001
-image: onap/ccsdk-cds-ui-server:0.7.5
+image: onap/ccsdk-cds-ui-server:1.0.3
 pullPolicy: Always
 
 # application configuration
diff --git a/kubernetes/cds/requirements.yaml b/kubernetes/cds/requirements.yaml
index eafe11035e..122e403727 100644
--- a/kubernetes/cds/requirements.yaml
+++ b/kubernetes/cds/requirements.yaml
@@ -19,4 +19,24 @@ dependencies:
     repository: '@local'
   - name: mariadb-galera
     version: ~6.x-0
-    repository: '@local'
\ No newline at end of file
+    repository: '@local'
+  - name: cds-blueprints-processor
+    version: ~6.x-0
+    repository: 'file://components/cds-blueprints-processor'
+    condition: cds-blueprints-processor.enabled
+  - name: cds-blueprints-processor
+    version: ~6.x-0
+    repository: 'file://components/cds-command-executor'
+    condition: cds-command-executor.enabled
+  - name: cds-py-executor
+    version: ~6.x-0
+    repository: 'file://components/cds-py-executor'
+    condition: cds-py-executor.enabled
+  - name: cds-sdc-listener
+    version: ~6.x-0
+    repository: 'file://components/cds-sdc-listener'
+    condition: cds-sdc-listener.enabled
+  - name: cds-ui
+    version: ~6.x-0
+    repository: 'file://components/cds-ui'
+    condition: cds-ui.enabled
\ No newline at end of file
diff --git a/kubernetes/cds/templates/secrets.yaml b/kubernetes/cds/templates/secrets.yaml
index bd7eb8ea40..34932b713d 100644
--- a/kubernetes/cds/templates/secrets.yaml
+++ b/kubernetes/cds/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/cds/values.yaml b/kubernetes/cds/values.yaml
index d04c22beb0..0b7403e8ac 100644
--- a/kubernetes/cds/values.yaml
+++ b/kubernetes/cds/values.yaml
@@ -20,11 +20,6 @@
 global:
   nodePortPrefix: 302
   nodePortPrefixExt: 304
-  repository: nexus3.onap.org:10001
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
   persistence:
     mountPath: /dockerdata-nfs
 
@@ -43,7 +38,6 @@ secrets:
 # Application configuration defaults.
 #################################################################
 # application images
-repository: nexus3.onap.org:10001
 pullPolicy: Always
 
 
@@ -92,6 +86,7 @@ mariadb-galera:
     mountSubPath: cds/data
 
 cds-blueprints-processor:
+  enabled: true
   config:
     cdsDB:
       dbServer: *dbServer
@@ -99,6 +94,19 @@ cds-blueprints-processor:
       dbName: *mysqlDbName
       dbCredsExternalSecret: *dbUserSecretName
 
+cds-command-executor:
+  enabled: true
+
+cds-py-executor:
+  enabled: true
+
+cds-sdc-listener:
+  enabled: true
+
+cds-ui:
+  enabled: true
+
+
 #Resource Limit flavor -By Default using small
 flavor: small
 #segregation for different envionment (Small and Large)
diff --git a/kubernetes/clamp/.helmignore b/kubernetes/clamp/.helmignore
new file mode 100644
index 0000000000..68ffb32406
--- /dev/null
+++ b/kubernetes/clamp/.helmignore
@@ -0,0 +1 @@
+components/
diff --git a/kubernetes/clamp/Makefile b/kubernetes/clamp/Makefile
new file mode 100644
index 0000000000..89b2f465ec
--- /dev/null
+++ b/kubernetes/clamp/Makefile
@@ -0,0 +1,56 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+	@if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/clamp/charts/clamp-backend/values.yaml b/kubernetes/clamp/charts/clamp-backend/values.yaml
deleted file mode 100644
index 3e08bd606c..0000000000
--- a/kubernetes/clamp/charts/clamp-backend/values.yaml
+++ /dev/null
@@ -1,137 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global: # global defaults
-  nodePortPrefix: 302
-  repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  persistence: {}
-
-secrets:
-  - uid: db-secret
-    type: basicAuth
-    externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
-    login: '{{ .Values.db.user }}'
-    password: '{{ .Values.db.password }}'
-    passwordPolicy: required
-
-flavor: small
-
-# application image
-repository: nexus3.onap.org:10001
-image: onap/clamp-backend:5.0.7
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# log configuration
-log:
-  path: /var/log/onap
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-
-db: {}
-
-config:
-  log:
-    logstashServiceName: log-ls
-    logstashPort: 5044
-  mysqlPassword: strong_pitchou
-  dataRootDir: /dockerdata-nfs
-  springApplicationJson: >
-        {
-        "spring.datasource.username": "${MYSQL_USER}",
-        "spring.datasource.password": "${MYSQL_PASSWORD}",
-        "spring.datasource.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3",
-        "spring.profiles.active": "clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements",
-        "clamp.config.files.sdcController": "file:/opt/clamp/sdc-controllers-config.json",
-        "clamp.config.dcae.inventory.url": "https4://inventory.{{ include "common.namespace" . }}:8080",
-        "clamp.config.dcae.dispatcher.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443",
-        "clamp.config.dcae.deployment.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443",
-        "clamp.config.dcae.deployment.userName": "none",
-        "clamp.config.dcae.deployment.password": "none",
-        "clamp.config.policy.api.url": "https4://policy-api.{{ include "common.namespace" . }}:6969",
-        "clamp.config.policy.api.userName": "healthcheck",
-        "clamp.config.policy.api.password": "zb!XztG34",
-        "clamp.config.policy.pap.url": "https4://policy-pap.{{ include "common.namespace" . }}:6969",
-        "clamp.config.policy.pap.userName": "healthcheck",
-        "clamp.config.policy.pap.password": "zb!XztG34",
-        "clamp.config.cadi.aafLocateUrl": "https://aaf-locate.{{ include "common.namespace" . }}:8095"
-        }
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
-  initialDelaySeconds: 120
-  periodSeconds: 10
-  # necessary to disable liveness probe when setting breakpoints
-  # in debugger so K8s doesn't restart unresponsive container
-  enabled: true
-
-readiness:
-  initialDelaySeconds: 10
-  periodSeconds: 10
-
-
-service:
-  type: ClusterIP
-  name: clamp-backend
-  portName: clamp-backend
-  internalPort: 8443
-  externalPort: 443
-
-ingress:
-  enabled: false
-
-#resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  #
-  # Example:
-  # Configure resource requests and limits
-  # ref: http://kubernetes.io/docs/user-guide/compute-resources/
-  # Minimum memory for development is 2 CPU cores and 4GB memory
-  # Minimum memory for production is 4 CPU cores and 8GB memory
-resources:
-  small:
-    limits:
-      cpu: 1
-      memory: 1.2Gi
-    requests:
-      cpu: 10m
-      memory: 800Mi
-  large:
-    limits:
-      cpu: 1
-      memory: 1.2Gi
-    requests:
-      cpu: 10m
-      memory: 800Mi
-  unlimited: {}
diff --git a/kubernetes/clamp/components/Makefile b/kubernetes/clamp/components/Makefile
new file mode 100644
index 0000000000..bf267b7720
--- /dev/null
+++ b/kubernetes/clamp/components/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/clamp/charts/clamp-backend/Chart.yaml b/kubernetes/clamp/components/clamp-backend/Chart.yaml
index 89117ce205..89117ce205 100644
--- a/kubernetes/clamp/charts/clamp-backend/Chart.yaml
+++ b/kubernetes/clamp/components/clamp-backend/Chart.yaml
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/requirements.yaml b/kubernetes/clamp/components/clamp-backend/requirements.yaml
index caff1e5dc4..5b041a56f2 100644
--- a/kubernetes/clamp/charts/clamp-dash-kibana/requirements.yaml
+++ b/kubernetes/clamp/components/clamp-backend/requirements.yaml
@@ -14,6 +14,9 @@
 # limitations under the License.
 
 dependencies:
-  - name: common
+  - name: certInitializer
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/clamp/components/clamp-backend/resources/config/application.properties b/kubernetes/clamp/components/clamp-backend/resources/config/application.properties
new file mode 100644
index 0000000000..8dd0fc796a
--- /dev/null
+++ b/kubernetes/clamp/components/clamp-backend/resources/config/application.properties
@@ -0,0 +1,71 @@
+{{/*
+###
+# ============LICENSE_START=======================================================
+# ONAP CLAMP
+# ================================================================================
+# Copyright (C) 2017-2019 AT&T Intellectual Property. All rights
+#                             reserved.
+# ================================================================================
+# Modifications copyright (c) 2019 Nokia
+# ================================================================================\
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END============================================
+# ===================================================================
+#
+###
+*/}}
+{{- if .Values.global.aafEnabled }}
+server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}
+server.ssl.key-store-password=${cadi_keystore_password_p12}
+server.ssl.key-password=${cadi_key_password}
+server.ssl.key-store-type=PKCS12
+server.ssl.key-alias={{ .Values.certInitializer.fqi }}
+
+# The key file used to decode the key store and trust store password
+# If not defined, the key store and trust store password will not be decrypted
+clamp.config.keyFile=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keyFile }}
+
+## Config part for Client certificates
+server.ssl.client-auth=want
+server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}
+server.ssl.trust-store-password=${cadi_truststore_password}
+{{- end }}
+
+#clds datasource connection details
+spring.datasource.username=${MYSQL_USER}
+spring.datasource.password=${MYSQL_PASSWORD}
+spring.datasource.url=jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3
+spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,default-dictionary-elements
+
+#The log folder that will be used in logback.xml file
+clamp.config.files.sdcController=file:/opt/clamp/sdc-controllers-config.json
+
+#
+# Configuration Settings for Policy Engine Components
+clamp.config.policy.api.url=https4://policy-api.{{ include "common.namespace" . }}:6969
+clamp.config.policy.api.userName=healthcheck
+clamp.config.policy.api.password=zb!XztG34
+clamp.config.policy.pap.url=https4://policy-pap.{{ include "common.namespace" . }}:6969
+clamp.config.policy.pap.userName=healthcheck
+clamp.config.policy.pap.password=zb!XztG34
+
+#DCAE Inventory Url Properties
+clamp.config.dcae.inventory.url=https4://inventory.{{ include "common.namespace" . }}:8080
+clamp.config.dcae.dispatcher.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443
+#DCAE Deployment Url Properties
+clamp.config.dcae.deployment.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443
+clamp.config.dcae.deployment.userName=none
+clamp.config.dcae.deployment.password=none
+
+#AAF related parameters
+clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095
diff --git a/kubernetes/clamp/charts/clamp-backend/resources/config/log/filebeat/filebeat.yml b/kubernetes/clamp/components/clamp-backend/resources/config/log/filebeat/filebeat.yml
index dab2e44f5e..8717e6f33a 100644
--- a/kubernetes/clamp/charts/clamp-backend/resources/config/log/filebeat/filebeat.yml
+++ b/kubernetes/clamp/components/clamp-backend/resources/config/log/filebeat/filebeat.yml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 filebeat.prospectors:
 #it is mandatory, in our case it's log
 - input_type: log
diff --git a/kubernetes/clamp/charts/clamp-backend/resources/config/sdc-controllers-config.json b/kubernetes/clamp/components/clamp-backend/resources/config/sdc-controllers-config.json
index 3adda95c11..3adda95c11 100644
--- a/kubernetes/clamp/charts/clamp-backend/resources/config/sdc-controllers-config.json
+++ b/kubernetes/clamp/components/clamp-backend/resources/config/sdc-controllers-config.json
diff --git a/kubernetes/clamp/charts/clamp-backend/templates/NOTES.txt b/kubernetes/clamp/components/clamp-backend/templates/NOTES.txt
index e36d6a5bfb..e36d6a5bfb 100644
--- a/kubernetes/clamp/charts/clamp-backend/templates/NOTES.txt
+++ b/kubernetes/clamp/components/clamp-backend/templates/NOTES.txt
diff --git a/kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml b/kubernetes/clamp/components/clamp-backend/templates/configmap.yaml
index f66312c741..1a5b0ce06a 100644
--- a/kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml
+++ b/kubernetes/clamp/components/clamp-backend/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
@@ -25,6 +27,5 @@ metadata:
     heritage: {{ .Release.Service }}
 data:
 {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-  spring_application_json: {{ tpl .Values.config.springApplicationJson . | quote }}
 
 {{ include "common.log.configMap" . }}
diff --git a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml b/kubernetes/clamp/components/clamp-backend/templates/deployment.yaml
index 9dfc460d1f..9153f9d0ff 100644
--- a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml
+++ b/kubernetes/clamp/components/clamp-backend/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -36,28 +38,37 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
-        - mariadb
+        - clamp-mariadb
         env:
         - name: NAMESPACE
           valueFrom:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
         # side car containers
         {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }}
         # main container
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          command:
+          - sh
+          workingDir: "/opt/clamp/"
           args:
-            - ""
+          - -c
+          - |
+          {{- if .Values.global.aafEnabled }}
+            export $(grep '^cadi_' {{ .Values.certInitializer.credsPath }}/org.onap.clamp.cred.props | xargs -0)
+          {{- end }}
+            java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./app.jar
           ports:
           - containerPort: {{ .Values.service.internalPort }}
           # disable liveness probe when breakpoints set in debugger
@@ -74,12 +85,15 @@ spec:
               port: {{ .Values.service.internalPort }}
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
-          volumeMounts:
+          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
           - name: logs
             mountPath: {{ .Values.log.path }}
           - mountPath: /opt/clamp/sdc-controllers-config.json
             name: {{ include "common.fullname" . }}-config
             subPath: sdc-controllers-config.json
+          - mountPath: /opt/clamp/application.properties
+            name: {{ include "common.fullname" . }}-config
+            subPath: application.properties
           env:
           - name: MYSQL_USER
             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
@@ -87,28 +101,26 @@ spec:
             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
           - name: MYSQL_DATABASE
             value: {{ tpl .Values.db.databaseName .}}
-          - name: SPRING_APPLICATION_JSON
-            valueFrom:
-              configMapKeyRef:
-                name: {{ template "common.fullname" . }}
-                key: spring_application_json
-          resources:
-{{ include "common.resources" . | indent 12 }}
+          {{-  if ne "unlimited" (include "common.flavor" .) }}
+          - name: JAVA_RAM_CONFIGURATION
+            value: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=75
+          {{-  end }}
+          resources: {{ include "common.resources" . | nindent 12 }}
         {{- if .Values.nodeSelector }}
-        nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+        nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
         {{- end -}}
         {{- if .Values.affinity }}
-        affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+        affinity: {{ toYaml .Values.affinity | nindent 10 }}
         {{- end }}
-      volumes:
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: {{ include "common.fullname" . }}-config
           configMap:
             name: {{ include "common.fullname" . }}
             items:
             - key: sdc-controllers-config.json
               path: sdc-controllers-config.json
+            - key: application.properties
+              path: application.properties
         - name:  logs
           emptyDir: {}
         {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
diff --git a/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml b/kubernetes/clamp/components/clamp-backend/templates/secrets.yaml
index 57f88ce32d..4cf8155f6c 100644
--- a/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml
+++ b/kubernetes/clamp/components/clamp-backend/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/clamp/charts/clamp-backend/templates/service.yaml b/kubernetes/clamp/components/clamp-backend/templates/service.yaml
index b1a5465116..c01d36a53d 100644
--- a/kubernetes/clamp/charts/clamp-backend/templates/service.yaml
+++ b/kubernetes/clamp/components/clamp-backend/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/clamp/components/clamp-backend/values.yaml b/kubernetes/clamp/components/clamp-backend/values.yaml
new file mode 100644
index 0000000000..efd08ba4d0
--- /dev/null
+++ b/kubernetes/clamp/components/clamp-backend/values.yaml
@@ -0,0 +1,151 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018-2019 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global: # global defaults
+  nodePortPrefix: 302
+  persistence: {}
+  centralizedLoggingEnabled: true
+  #AAF service
+  aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+  permission_user: 1000
+  permission_group: 999
+  keystoreFile: 'org.onap.clamp.p12'
+  truststoreFile: 'org.onap.clamp.trust.jks'
+  keyFile: 'org.onap.clamp.keyfile'
+  truststoreFileONAP: 'truststoreONAPall.jks'
+  nameOverride: clamp-backend-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  fqdn: clamp
+  fqi: clamp@clamp.onap.org
+  public_fqdn: clamp.onap.org
+  cadi_longitude: '-72.0'
+  cadi_latitude: '38.0'
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+    grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_truststore_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_truststore_password.pwd;
+    grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_key_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_key_password.pwd;
+    grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_keystore_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_keystore_password.pwd;
+    grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_keystore_password_p12=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_keystore_password_p12.pwd;
+    cd {{ .Values.credsPath }};
+    chmod a+rx *;
+
+secrets:
+  - uid: db-secret
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+    login: '{{ .Values.db.user }}'
+    password: '{{ .Values.db.password }}'
+    passwordPolicy: required
+
+flavor: small
+
+# application image
+image: onap/clamp-backend:5.1.5
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# log configuration
+log:
+  path: /var/log/onap
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+#####dummy values for db user and password to pass lint!!!#######
+
+db:
+  user: dummyclds
+  password: dummysidnnd83K
+  databaseName: dummycldsdb4
+
+config:
+  log:
+    logstashServiceName: log-ls
+    logstashPort: 5044
+  mysqlPassword: strong_pitchou
+  dataRootDir: /dockerdata-nfs
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 120
+  periodSeconds: 10
+  timeoutSeconds: 3
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: true
+
+readiness:
+  initialDelaySeconds: 10
+  periodSeconds: 10
+  timeoutSeconds: 3
+
+service:
+  type: ClusterIP
+  name: clamp-backend
+  portName: clamp-backend
+  internalPort: 8443
+  externalPort: 443
+
+ingress:
+  enabled: false
+
+#resources: {}
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+#
+# Example:
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+# Minimum memory for development is 2 CPU cores and 4GB memory
+# Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+  small:
+    limits:
+      cpu: 1
+      memory: 1Gi
+    requests:
+      cpu: 1m
+      memory: 1Gi
+  large:
+    limits:
+      cpu: 1
+      memory: 3Gi
+    requests:
+      cpu: 10m
+      memory: 3Gi
+  unlimited: {}
diff --git a/kubernetes/clamp/charts/clamp-dash-es/Chart.yaml b/kubernetes/clamp/components/clamp-dash-es/Chart.yaml
index b2f8624a4b..b2f8624a4b 100644
--- a/kubernetes/clamp/charts/clamp-dash-es/Chart.yaml
+++ b/kubernetes/clamp/components/clamp-dash-es/Chart.yaml
diff --git a/kubernetes/clamp/components/clamp-dash-es/requirements.yaml b/kubernetes/clamp/components/clamp-dash-es/requirements.yaml
new file mode 100644
index 0000000000..c388db3113
--- /dev/null
+++ b/kubernetes/clamp/components/clamp-dash-es/requirements.yaml
@@ -0,0 +1,25 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml b/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml
index 1eb20fce89..9e04d5ae01 100644
--- a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml
+++ b/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml
@@ -106,14 +106,24 @@ transport.tcp.port: {{.Values.service.externalPort2}}
 
 ######## Start OpenDistro for Elasticsearch Security Demo Configuration ########
 # WARNING: revise all the lines below before you go into production
+{{- if .Values.global.aafEnabled }}
+opendistro_security.ssl.transport.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }}
+opendistro_security.ssl.transport.pemkey_filepath: {{ .Values.certInitializer.clamp_key }}
+opendistro_security.ssl.transport.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }}
+opendistro_security.ssl.http.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }}
+opendistro_security.ssl.http.pemkey_filepath: {{ .Values.certInitializer.clamp_key }}
+opendistro_security.ssl.http.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }}
+{{- else }}
 opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
 opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
 opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
-opendistro_security.ssl.transport.enforce_hostname_verification: false
-opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}}
 opendistro_security.ssl.http.pemcert_filepath: esnode.pem
 opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
 opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
+{{- end }}
+opendistro_security.ssl.transport.enforce_hostname_verification: false
+opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}}
+
 opendistro_security.allow_unsafe_democertificates: true
 opendistro_security.allow_default_init_securityindex: true
 opendistro_security.authcz.admin_dn:
diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/configmap.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/configmap.yaml
index 20ff6f27c2..fe0349ede9 100644
--- a/kubernetes/clamp/charts/clamp-dash-es/templates/configmap.yaml
+++ b/kubernetes/clamp/components/clamp-dash-es/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml
index 0ec38b08e3..d7aa77cd01 100644
--- a/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml
+++ b/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -51,7 +53,7 @@ spec:
               fieldPath: metadata.namespace
         securityContext:
           privileged: true
-        image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }}
+        image: {{ include "repositoryGenerator.image.busybox" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: init-sysctl
         volumeMounts:
@@ -59,10 +61,22 @@ spec:
           mountPath: /usr/share/elasticsearch/logs/
         - name: {{ include "common.fullname" . }}-data
           mountPath: /usr/share/elasticsearch/data/
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          {{- if .Values.global.aafEnabled }}
+          command:
+          - sh
+          args:
+          - -c
+          - |
+            cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_key }}
+            cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_pem }}
+            cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_ca_certs_pem }}
+            /usr/local/bin/docker-entrypoint.sh
+          {{- end }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
             name: {{ include "common.servicename" . }}
@@ -85,7 +99,7 @@ spec:
             periodSeconds: {{ .Values.readiness.periodSeconds }}
             timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
           env:
-          volumeMounts:
+          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
@@ -104,7 +118,7 @@ spec:
         affinity:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
-      volumes:
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: localtime
           hostPath:
             path: /etc/localtime
diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/pv.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/pv.yaml
index 3669621b24..3669621b24 100644
--- a/kubernetes/clamp/charts/clamp-dash-es/templates/pv.yaml
+++ b/kubernetes/clamp/components/clamp-dash-es/templates/pv.yaml
diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/pvc.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/pvc.yaml
index 6ae4eea0d3..6ae4eea0d3 100644
--- a/kubernetes/clamp/charts/clamp-dash-es/templates/pvc.yaml
+++ b/kubernetes/clamp/components/clamp-dash-es/templates/pvc.yaml
diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/service.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/service.yaml
index 292fc31dc3..9c182edbc0 100644
--- a/kubernetes/clamp/charts/clamp-dash-es/templates/service.yaml
+++ b/kubernetes/clamp/components/clamp-dash-es/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/clamp/charts/clamp-dash-es/values.yaml b/kubernetes/clamp/components/clamp-dash-es/values.yaml
index 27158a6668..1e2ae4778d 100644
--- a/kubernetes/clamp/charts/clamp-dash-es/values.yaml
+++ b/kubernetes/clamp/components/clamp-dash-es/values.yaml
@@ -18,21 +18,52 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
   persistence: {}
-flavor: small
+  centralizedLoggingEnabled: true
+  #AAF service
+  aafEnabled: true
 
 #################################################################
-# Application configuration defaults.
+# AAF part
 #################################################################
+certInitializer:
+  permission_user: 1000
+  permission_group: 999
+  addconfig: true
+  keystoreFile: "org.onap.clamp.p12"
+  truststoreFile: "org.onap.clamp.trust.jks"
+  keyFile: "org.onap.clamp.keyfile"
+  truststoreFileONAP: "truststoreONAPall.jks"
+  clamp_key: "org.onap.clamp.crt.key"
+  clamp_pem: "org.onap.clamp.key.pem"
+  clamp_ca_certs_pem: "clamp-ca-certs.pem"
+  nameOverride: clamp-es-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: clamp
+  fqi: clamp@clamp.onap.org
+  public_fqdn: clamp.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+    cd {{ .Values.credsPath }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+    chmod a+rx *;
 
-# BusyBox image
-busyboxRepository: registry.hub.docker.com
-busyboxImage: library/busybox:latest
+flavor: small
 
+#################################################################
+# Application configuration defaults.
+#################################################################
 # application image
-repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-elasticsearch:5.0.3
+image: onap/clamp-dashboard-elasticsearch:5.0.4
 pullPolicy: Always
 
 # flag to enable debugging - application support required
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/Chart.yaml b/kubernetes/clamp/components/clamp-dash-kibana/Chart.yaml
index 5d897d96eb..5d897d96eb 100644
--- a/kubernetes/clamp/charts/clamp-dash-kibana/Chart.yaml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/Chart.yaml
diff --git a/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml b/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml
new file mode 100644
index 0000000000..c388db3113
--- /dev/null
+++ b/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml
@@ -0,0 +1,25 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml b/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml
index db81e3da00..b7a8fbf348 100644
--- a/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.# Default Kibana configuration from kibana-docker.
+*/}}
 
 server.name: "Clamp CL Dashboard"
 server.host: "0"
@@ -18,9 +20,13 @@ server.host: "0"
 server.port: {{.Values.service.externalPort}}
 
 server.ssl.enabled: {{.Values.config.sslEnabled}}
+{{- if .Values.global.aafEnabled }}
+server.ssl.certificate: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }}
+server.ssl.key: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }}
+{{ else }}
 server.ssl.certificate: {{.Values.config.sslPemCertFilePath}}
 server.ssl.key: {{.Values.config.sslPemkeyFilePath}}
-
+{{- end }}
 # The URL of the Elasticsearch instance to use for all your queries.
 elasticsearch.hosts: ${elasticsearch_base_url}
 
@@ -32,4 +38,4 @@ elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
 
 opendistro_security.multitenancy.enabled: true
 opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"]
-opendistro_security.readonly_mode.roles: ["kibana_read_only"]
\ No newline at end of file
+opendistro_security.readonly_mode.roles: ["kibana_read_only"]
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/configmap.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/configmap.yaml
index 5d1b32258c..48d85478c4 100644
--- a/kubernetes/clamp/charts/clamp-dash-kibana/templates/configmap.yaml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml
index bf78eef2eb..8cb95cdf0b 100644
--- a/kubernetes/clamp/charts/clamp-dash-kibana/templates/deployment.yaml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -36,7 +38,7 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - clamp-dash-es
@@ -46,12 +48,13 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
@@ -73,7 +76,7 @@ spec:
           env:
           - name: elasticsearch_base_url
             value: "{{ternary "https" "http" .Values.security.ssl.enabled}}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}"
-          volumeMounts:
+          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
@@ -90,7 +93,7 @@ spec:
         affinity:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
-      volumes:
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: localtime
           hostPath:
             path: /etc/localtime
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/ingress.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml
index 0cd8cfbd36..e5d7174e85 100644
--- a/kubernetes/clamp/charts/clamp-dash-kibana/templates/ingress.yaml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2020 Samsung, Orange
+{{/* # Copyright © 2020 Samsung, Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,5 +11,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.ingress" . }}
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/service.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/service.yaml
index 07d4a8f8ea..f1b6cf55c6 100644
--- a/kubernetes/clamp/charts/clamp-dash-kibana/templates/service.yaml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml b/kubernetes/clamp/components/clamp-dash-kibana/values.yaml
index 96a30f9e5f..9b5f1fc344 100644
--- a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/values.yaml
@@ -18,23 +18,52 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
   persistence: {}
-flavor: small
+  centralizedLoggingEnabled: true
+  #AAF service
+  aafEnabled: true
 
 #################################################################
-# Application configuration defaults.
+# AAF part
 #################################################################
+certInitializer:
+  permission_user: 1000
+  permission_group: 999
+  addconfig: true
+  keystoreFile: "org.onap.clamp.p12"
+  truststoreFile: "org.onap.clamp.trust.jks"
+  keyFile: "org.onap.clamp.keyfile"
+  truststoreFileONAP: "truststoreONAPall.jks"
+  clamp_key: "org.onap.clamp.crt.key"
+  clamp_pem: "org.onap.clamp.key.pem"
+  clamp_ca_certs_pem: "clamp-ca-certs.pem"
+  nameOverride: clamp-kibana-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: clamp
+  fqi: clamp@clamp.onap.org
+  public_fqdn: clamp.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+    cd {{ .Values.credsPath }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+    chmod a+rx *;
 
-# BusyBox image
-busyboxRepository: registry.hub.docker.com
-busyboxImage: library/busybox:latest
+flavor: small
 
+#################################################################
+# Application configuration defaults.
+#################################################################
 # application image
-repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-kibana:5.0.3
+image: onap/clamp-dashboard-kibana:5.0.4
 pullPolicy: Always
 
 # flag to enable debugging - application support required
diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/Chart.yaml b/kubernetes/clamp/components/clamp-dash-logstash/Chart.yaml
index 9fc0317fd3..9fc0317fd3 100644
--- a/kubernetes/clamp/charts/clamp-dash-logstash/Chart.yaml
+++ b/kubernetes/clamp/components/clamp-dash-logstash/Chart.yaml
diff --git a/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml b/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml
new file mode 100644
index 0000000000..c388db3113
--- /dev/null
+++ b/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml
@@ -0,0 +1,25 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/logstash.yml
index cecd5b18c8..1e06e34cfb 100644
--- a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml
+++ b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/logstash.yml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 http.host: "0.0.0.0"
 ## Path where pipeline configurations reside
 path.config: /usr/share/logstash/pipeline
diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf
index c005fcca3e..b978e766d3 100644
--- a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf
+++ b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf
@@ -1,3 +1,4 @@
+{{/*
 # Copyright (c) 2018 AT&T Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 input {
     http_poller {
         urls => {
@@ -46,7 +48,11 @@ input {
         request_timeout => 30
         schedule => { "every" => "1m" }
         codec => "plain"
+{{- if .Values.global.aafEnabled }}
+        cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
         cacert => "/certs.d/aafca.pem"
+{{- end }}
     }
 }
 
@@ -217,8 +223,13 @@ output {
 
     if "error" in [tags] {
         elasticsearch {
+            ilm_enabled => false
             codec => "json"
+{{- if .Values.global.aafEnabled }}
+            cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
             cacert => "/clamp-cert/ca-certs.pem"
+{{- end }}
             ssl_certificate_verification => false
             hosts => ["${elasticsearch_base_url}"]
             user => ["${logstash_user}"]
@@ -229,9 +240,14 @@ output {
 
     } else if "event-cl-aggs" in [tags] {
         elasticsearch {
+            ilm_enabled => false
             codec => "json"
             hosts => ["${elasticsearch_base_url}"]
+{{- if .Values.global.aafEnabled }}
+            cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
             cacert => "/clamp-cert/ca-certs.pem"
+{{- end }}
             ssl_certificate_verification => false
             user => ["${logstash_user}"]
             password => ["${logstash_pwd}"]
@@ -243,9 +259,14 @@ output {
 
     } else {
         elasticsearch {
+            ilm_enabled => false
             codec => "json"
             hosts => ["${elasticsearch_base_url}"]
+{{- if .Values.global.aafEnabled }}
+            cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
             cacert => "/clamp-cert/ca-certs.pem"
+{{- end }}
             ssl_certificate_verification => false
             user => ["${logstash_user}"]
             password => ["${logstash_pwd}"]
diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/configmap.yaml
index 4278a6e6d3..3e98246df1 100644
--- a/kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml
+++ b/kubernetes/clamp/components/clamp-dash-logstash/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml
index d0c737f047..f098338c7f 100644
--- a/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml
+++ b/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -36,7 +38,7 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - clamp-dash-es
@@ -46,12 +48,13 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           env:
           - name: dmaap_consumer_group
@@ -91,7 +94,7 @@ spec:
             periodSeconds: {{ .Values.liveness.periodSeconds }}
             timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
           {{ end -}}
-          volumeMounts:
+          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
@@ -111,7 +114,7 @@ spec:
         affinity:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
-      volumes:
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: localtime
           hostPath:
             path: /etc/localtime
diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/service.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/service.yaml
index 07d4a8f8ea..f1b6cf55c6 100644
--- a/kubernetes/clamp/charts/clamp-dash-logstash/templates/service.yaml
+++ b/kubernetes/clamp/components/clamp-dash-logstash/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml b/kubernetes/clamp/components/clamp-dash-logstash/values.yaml
index 3ec5684f6b..9aab3af252 100644
--- a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml
+++ b/kubernetes/clamp/components/clamp-dash-logstash/values.yaml
@@ -18,10 +18,45 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
   persistence: {}
+  centralizedLoggingEnabled: true
+  #AAF service
+  aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+  permission_user: 1000
+  permission_group: 999
+  addconfig: true
+  keystoreFile: "org.onap.clamp.p12"
+  truststoreFile: "org.onap.clamp.trust.jks"
+  keyFile: "org.onap.clamp.keyfile"
+  truststoreFileONAP: "truststoreONAPall.jks"
+  clamp_key: "org.onap.clamp.crt.key"
+  clamp_pem: "org.onap.clamp.key.pem"
+  clamp_ca_certs_pem: "clamp-ca-certs.pem"
+  nameOverride: clamp-logstash-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: clamp
+  fqi: clamp@clamp.onap.org
+  public_fqdn: clamp.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+    cd {{ .Values.credsPath }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+    chmod a+rx *;
+
 flavor: small
 
 #################################################################
@@ -29,8 +64,7 @@ flavor: small
 #################################################################
 
 # application image
-repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-logstash:5.0.3
+image: onap/clamp-dashboard-logstash:5.0.4
 pullPolicy: Always
 
 # flag to enable debugging - application support required
diff --git a/kubernetes/clamp/charts/mariadb/Chart.yaml b/kubernetes/clamp/components/clamp-mariadb/Chart.yaml
index eaad8b8440..91984c1014 100644
--- a/kubernetes/clamp/charts/mariadb/Chart.yaml
+++ b/kubernetes/clamp/components/clamp-mariadb/Chart.yaml
@@ -15,5 +15,5 @@
 
 apiVersion: v1
 description: MariaDB Service
-name: mariadb
+name: clamp-mariadb
 version: 6.0.0
diff --git a/kubernetes/clamp/charts/mariadb/NOTES.txt b/kubernetes/clamp/components/clamp-mariadb/NOTES.txt
index 1103affff1..1103affff1 100644
--- a/kubernetes/clamp/charts/mariadb/NOTES.txt
+++ b/kubernetes/clamp/components/clamp-mariadb/NOTES.txt
diff --git a/kubernetes/portal/components/portal-zookeeper/requirements.yaml b/kubernetes/clamp/components/clamp-mariadb/requirements.yaml
index c5d7864b9d..b5d66f3805 100644
--- a/kubernetes/portal/components/portal-zookeeper/requirements.yaml
+++ b/kubernetes/clamp/components/clamp-mariadb/requirements.yaml
@@ -16,3 +16,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh b/kubernetes/clamp/components/clamp-mariadb/resources/config/init/docker-entrypoint.sh
index 6c69694011..71f32e2eff 100755
--- a/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh
+++ b/kubernetes/clamp/components/clamp-mariadb/resources/config/init/docker-entrypoint.sh
@@ -18,6 +18,11 @@ for arg; do
 	esac
 done
 
+prepare_password()
+{
+	echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+}
+
 # usage: file_env VAR [DEFAULT]
 #    ie: file_env 'XYZ_DB_PASSWORD' 'example'
 # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
@@ -36,7 +41,7 @@ file_env() {
 	elif [ "${!fileVar:-}" ]; then
 		val="$(< "${!fileVar}")"
 	fi
-	val=`echo -n $val | sed -e "s/'/''/g"`
+	val=`prepare_password $val`
 	export "$var"="$val"
 	unset "$fileVar"
 }
diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/conf.d/conf1/my.cnf b/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/conf.d/conf1/my.cnf
index 612590cc6b..8b5dc2a021 100644
--- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/conf.d/conf1/my.cnf
+++ b/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/conf.d/conf1/my.cnf
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -20,6 +21,7 @@
 # In this file, you can use all long options that a program supports.
 # If you want to know which options a program supports, run the program
 # with the "--help" option.
+*/}}
 
 # The following options will be passed to all MySQL clients
 ##[client]
diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql b/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql
index 1f153bce04..1f153bce04 100644
--- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql
+++ b/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql
diff --git a/kubernetes/clamp/charts/mariadb/templates/NOTES.txt b/kubernetes/clamp/components/clamp-mariadb/templates/NOTES.txt
index 1103affff1..1103affff1 100644
--- a/kubernetes/clamp/charts/mariadb/templates/NOTES.txt
+++ b/kubernetes/clamp/components/clamp-mariadb/templates/NOTES.txt
diff --git a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/configmap.yaml
index 01420aa97b..b8a774acbe 100644
--- a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml
+++ b/kubernetes/clamp/components/clamp-mariadb/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 #{{ if not .Values.disableClampClampMariadb }}
 apiVersion: v1
diff --git a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/deployment.yaml
index 7d6e162813..8ddf584988 100644
--- a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml
+++ b/kubernetes/clamp/components/clamp-mariadb/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -36,7 +38,7 @@ spec:
     spec:
       containers:
         - name: {{ include "common.name" .  }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
diff --git a/kubernetes/clamp/charts/mariadb/templates/pv.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/pv.yaml
index 424987936d..424987936d 100644
--- a/kubernetes/clamp/charts/mariadb/templates/pv.yaml
+++ b/kubernetes/clamp/components/clamp-mariadb/templates/pv.yaml
diff --git a/kubernetes/clamp/charts/mariadb/templates/pvc.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/pvc.yaml
index 6856c80540..6856c80540 100644
--- a/kubernetes/clamp/charts/mariadb/templates/pvc.yaml
+++ b/kubernetes/clamp/components/clamp-mariadb/templates/pvc.yaml
diff --git a/kubernetes/clamp/charts/mariadb/templates/secrets.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/secrets.yaml
index 57f88ce32d..4cf8155f6c 100644
--- a/kubernetes/clamp/charts/mariadb/templates/secrets.yaml
+++ b/kubernetes/clamp/components/clamp-mariadb/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/clamp/charts/mariadb/templates/service.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/service.yaml
index 2533c26161..20a5065503 100644
--- a/kubernetes/clamp/charts/mariadb/templates/service.yaml
+++ b/kubernetes/clamp/components/clamp-mariadb/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/clamp/charts/mariadb/values.yaml b/kubernetes/clamp/components/clamp-mariadb/values.yaml
index df651dd9ea..60b2cfef4f 100644
--- a/kubernetes/clamp/charts/mariadb/values.yaml
+++ b/kubernetes/clamp/components/clamp-mariadb/values.yaml
@@ -21,8 +21,7 @@ global: # global defaults
 
   persistence: {}
 # application image
-repository: nexus3.onap.org:10001
-image: mariadb:10.3.12
+image: mariadb:10.5.4
 pullPolicy: Always
 flavor: small
 #################################################################
@@ -40,7 +39,11 @@ secrets:
     password: '{{ .Values.db.password }}'
 
 # Application configuration
-db: {}
+# dummy value db user pasword to pass lint!!!
+db:
+  user: dummy-clds
+  password: dummy-sidnnd83K
+  databaseName: dummy-cldsdb4
 
 # default number of instances
 replicaCount: 1
@@ -51,15 +54,17 @@ affinity: {}
 
 # probe configuration parameters
 liveness:
-  initialDelaySeconds: 10
+  initialDelaySeconds: 30
   periodSeconds: 10
+  timeoutSeconds: 3
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
   enabled: true
 
 readiness:
-  initialDelaySeconds: 10
+  initialDelaySeconds: 30
   periodSeconds: 10
+  timeoutSeconds: 3
 
 ## Persist data to a persitent volume
 persistence:
diff --git a/kubernetes/clamp/requirements.yaml b/kubernetes/clamp/requirements.yaml
index d3c442d32e..fd71422f78 100644
--- a/kubernetes/clamp/requirements.yaml
+++ b/kubernetes/clamp/requirements.yaml
@@ -14,9 +14,24 @@
 # limitations under the License.
 
 dependencies:
-  - name: common
+  - name: certInitializer
     version: ~6.x-0
-    # local reference to common chart, as it is
-    # a part of this chart's package and will not
-    # be published independently to a repo (at this point)
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
+  - name: clamp-mariadb
+    version: ~6.x-0
+    repository: 'file://components/clamp-mariadb'
+  - name: clamp-backend
+    version: ~6.x-0
+    repository: 'file://components/clamp-backend'
+  - name: clamp-dash-es
+    version: ~6.x-0
+    repository: 'file://components/clamp-dash-es'
+  - name: clamp-dash-logstash
+    version: ~6.x-0
+    repository: 'file://components/clamp-dash-logstash'
+  - name: clamp-dash-kibana
+    version: ~6.x-0
+    repository: 'file://components/clamp-dash-kibana'
\ No newline at end of file
diff --git a/kubernetes/clamp/resources/config/default.conf b/kubernetes/clamp/resources/config/default.conf
index 84beff8d5a..3e6fde9d0d 100644
--- a/kubernetes/clamp/resources/config/default.conf
+++ b/kubernetes/clamp/resources/config/default.conf
@@ -2,8 +2,14 @@ server {
 
   listen 2443 default ssl;
   ssl_protocols TLSv1.2;
+  {{ if .Values.global.aafEnabled }}
+  ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}};
+  ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}};
+  {{ else }}
   ssl_certificate /etc/ssl/clamp.pem;
   ssl_certificate_key /etc/ssl/clamp.key;
+  {{ end }}
+
   ssl_verify_client optional_no_ca;
     location /restservices/clds/ {
         proxy_pass https://clamp-backend:443;
diff --git a/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml b/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml
index dab2e44f5e..8717e6f33a 100644
--- a/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml
+++ b/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 filebeat.prospectors:
 #it is mandatory, in our case it's log
 - input_type: log
diff --git a/kubernetes/clamp/templates/configmap.yaml b/kubernetes/clamp/templates/configmap.yaml
index 3fce850140..1a5b0ce06a 100644
--- a/kubernetes/clamp/templates/configmap.yaml
+++ b/kubernetes/clamp/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/clamp/templates/deployment.yaml b/kubernetes/clamp/templates/deployment.yaml
index 97637b058d..51b864b986 100644
--- a/kubernetes/clamp/templates/deployment.yaml
+++ b/kubernetes/clamp/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -36,7 +38,7 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - clamp-backend
@@ -46,15 +48,16 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | nindent 6 }}
       containers:
         # side car containers
         {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }}
         # main container
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
@@ -72,7 +75,7 @@ spec:
               port: {{ .Values.service.internalPort }}
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
-          volumeMounts:
+          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
           - name: logs
             mountPath: {{ .Values.log.path }}
           - mountPath: /etc/nginx/conf.d/default.conf
@@ -88,7 +91,7 @@ spec:
         affinity:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
-      volumes:
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: {{ include "common.fullname" . }}-config
           configMap:
             name: {{ include "common.fullname" . }}
diff --git a/kubernetes/clamp/templates/secrets.yaml b/kubernetes/clamp/templates/secrets.yaml
index 57f88ce32d..4cf8155f6c 100644
--- a/kubernetes/clamp/templates/secrets.yaml
+++ b/kubernetes/clamp/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/clamp/templates/service.yaml b/kubernetes/clamp/templates/service.yaml
index 800cc36535..31f4380eb8 100644
--- a/kubernetes/clamp/templates/service.yaml
+++ b/kubernetes/clamp/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml
index 2a27c140eb..b2b37d3755 100644
--- a/kubernetes/clamp/values.yaml
+++ b/kubernetes/clamp/values.yaml
@@ -18,11 +18,43 @@
 #################################################################
 global: # global defaults
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  centralizedLoggingEnabled: false
+  centralizedLoggingEnabled: true
+  #AAF service
+  aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+  permission_user: 1000
+  permission_group: 999
+  addconfig: true
+  keystoreFile: "org.onap.clamp.p12"
+  truststoreFile: "org.onap.clamp.trust.jks"
+  keyFile: "org.onap.clamp.keyfile"
+  truststoreFileONAP: "truststoreONAPall.jks"
+  clamp_key: "clamp.key"
+  clamp_pem: "clamp.pem"
+  clamp_ca_certs_pem: "clamp-ca-certs.pem"
+  nameOverride: clamp-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: clamp
+  fqi: clamp@clamp.onap.org
+  public_fqdn: clamp.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+    cd {{ .Values.credsPath }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+    chmod a+rx *;
 
 secrets:
   - uid: db-root-pass
@@ -45,7 +77,7 @@ clamp-backend:
   db:
     userCredsExternalSecret: *dbUserPass
     databaseName: *dbName
-mariadb:
+clamp-mariadb:
   db:
     rootCredsExternalSecret: *dbRootPass
     userCredsExternalSecret: *dbUserPass
@@ -57,8 +89,7 @@ subChartsOnly:
 flavor: small
 
 # application image
-repository: nexus3.onap.org:10001
-image: onap/clamp-frontend:5.0.7
+image: onap/clamp-frontend:5.1.5
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -88,6 +119,7 @@ affinity: {}
 liveness:
   initialDelaySeconds: 120
   periodSeconds: 10
+  timeoutSeconds: 3
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
   enabled: true
@@ -95,7 +127,7 @@ liveness:
 readiness:
   initialDelaySeconds: 10
   periodSeconds: 10
-
+  timeoutSeconds: 3
 
 service:
   type: NodePort
@@ -139,7 +171,7 @@ resources:
       cpu: 1
       memory: 200Mi
     requests:
-      cpu: 10m
+      cpu: 1m
       memory: 50Mi
   large:
     limits:
diff --git a/kubernetes/cli/templates/deployment.yaml b/kubernetes/cli/templates/deployment.yaml
index 539279f93d..0823daffb6 100644
--- a/kubernetes/cli/templates/deployment.yaml
+++ b/kubernetes/cli/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
diff --git a/kubernetes/cli/templates/secrets.yaml b/kubernetes/cli/templates/secrets.yaml
index ab7fb6673a..213b709026 100644
--- a/kubernetes/cli/templates/secrets.yaml
+++ b/kubernetes/cli/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright 2020 Huawei Technologies Co., Ltd.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Secret
diff --git a/kubernetes/cli/templates/service.yaml b/kubernetes/cli/templates/service.yaml
index 6d89ffe3fb..eaa85086b3 100644
--- a/kubernetes/cli/templates/service.yaml
+++ b/kubernetes/cli/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml
index e5484dff5b..bf3ba5b099 100644
--- a/kubernetes/cli/values.yaml
+++ b/kubernetes/cli/values.yaml
@@ -17,14 +17,13 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
+  readinessImage: onap/oom/readiness:3.0.1
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/cli:5.0.4
+image: onap/cli:6.0.0
 pullPolicy: Always
 flavor: small
 
diff --git a/kubernetes/common/Makefile b/kubernetes/common/Makefile
index 941c2f84df..43d62f1a82 100644
--- a/kubernetes/common/Makefile
+++ b/kubernetes/common/Makefile
@@ -20,9 +20,15 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
 COMMON_CHARTS_DIR := common
 
 EXCLUDES :=
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+PROCESSED_LAST := cert-wrapper repository-wrapper
+PROCESSED_FIRST := repositoryGenerator certInitializer
+TO_FILTER := $(PROCESSED_FIRST) $(EXCLUDES) $(PROCESSED_LAST)
 
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+HELM_BIN := helm
+HELM_CHARTS := $(PROCESSED_FIRST) $(filter-out $(TO_FILTER), $(sort $(patsubst %/.,%,$(wildcard */.)))) $(PROCESSED_LAST)
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(HELM_CHARTS) $(TO_FILTER)
 
 all: $(COMMON_CHARTS_DIR) $(HELM_CHARTS)
 
@@ -34,15 +40,19 @@ make-%:
 	@if [ -f $*/Makefile ]; then make -C $*; fi
 
 dep-%: make-%
-	@if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
 
 lint-%: dep-%
-	@if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
 
 package-%: lint-%
 	@mkdir -p $(PACKAGE_DIR)
-	@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
-	@helm repo index $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+	@if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
 
 clean:
 	@rm -f */requirements.lock
diff --git a/kubernetes/common/cassandra/requirements.yaml b/kubernetes/common/cassandra/requirements.yaml
index 90e6621aa3..62e1158c12 100644
--- a/kubernetes/common/cassandra/requirements.yaml
+++ b/kubernetes/common/cassandra/requirements.yaml
@@ -17,3 +17,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: 'file://../common'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: 'file://../repositoryGenerator'
diff --git a/kubernetes/common/cassandra/resources/exec.py b/kubernetes/common/cassandra/resources/exec.py
index 5b3ae33371..a7f297399e 100644
--- a/kubernetes/common/cassandra/resources/exec.py
+++ b/kubernetes/common/cassandra/resources/exec.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python
 import getopt
 import logging
 import os
@@ -7,7 +7,7 @@ import time
 
 from kubernetes import config
 from kubernetes.client import Configuration
-from kubernetes.client.apis import core_v1_api
+from kubernetes.client.api import core_v1_api
 from kubernetes.client.rest import ApiException
 from kubernetes.stream import stream
 
diff --git a/kubernetes/common/cassandra/resources/restore.sh b/kubernetes/common/cassandra/resources/restore.sh
index b9deb32316..798ab6c53c 100644
--- a/kubernetes/common/cassandra/resources/restore.sh
+++ b/kubernetes/common/cassandra/resources/restore.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 
 # Initialize variables
 ss_dir=""
diff --git a/kubernetes/common/cassandra/templates/backup/cronjob.yaml b/kubernetes/common/cassandra/templates/backup/cronjob.yaml
index e4f2aabfa0..27f3cc690d 100644
--- a/kubernetes/common/cassandra/templates/backup/cronjob.yaml
+++ b/kubernetes/common/cassandra/templates/backup/cronjob.yaml
@@ -35,7 +35,7 @@ spec:
           restartPolicy: Never
           initContainers:
             - command:
-              - /root/ready.py
+              - /app/ready.py
               args:
               - --container-name
               - {{ include "common.name" . }}
@@ -45,11 +45,11 @@ spec:
                   fieldRef:
                     apiVersion: v1
                     fieldPath: metadata.namespace
-              image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+              image: {{ include "repositoryGenerator.image.readiness" . }}
               imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
               name: {{ include "common.name" . }}-readiness
             - name: "cassandra-backup-init"
-              image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+              image: {{ include "repositoryGenerator.image.readiness" . }}
               imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
               command:
               - /bin/bash
@@ -59,7 +59,7 @@ spec:
                   curr_time=$1
                   echo "Clearing snapshots!!!"
                   command="nodetool clearsnapshot -t $curr_time"
-                  /root/exec.py -p "cassandra" -c "$command"
+                  /app/exec.py -p "{{ include "common.name" . }}" -c "$command"
                 }
                 {{ $root := . }}
                 curr_time=`date +%s`
@@ -75,11 +75,11 @@ spec:
 
                 echo "Executing cleanup!!"
                 command="nodetool cleanup"
-                /root/exec.py -p "cassandra" -c "$command"
+                /app/exec.py -p "{{ include "common.name" . }}" -c "$command"
                 echo "Cleaned Node!! Backing up database now!!!"
 
                 command="nodetool snapshot -t $curr_time"
-                /root/exec.py -p "cassandra" -c "$command"
+                /app/exec.py -p "{{ include "common.name" . }}" -c "$command"
                 retCode=$?
                 if [ $retCode -ne 0 ]; then
                   echo "Backup Failed!!!"
@@ -95,7 +95,7 @@ spec:
                     d=$(echo $d | sed 's:/*$::')
                     keyspace_name=$(echo "$d" | awk -F/ '{ print $NF }')
                     if [ 1 ] {{- range $t, $keyspace := $root.Values.backup.keyspacesToSkip }} && [ "{{ $keyspace.name }}" != "$keyspace_name" ] {{- end }}; then
-                      /root/restore.sh -b $backup_dir/cassandra-{{ $i }}/data -s  /onap-data/cassandra-{{ $i }}/data/$keyspace_name -k $keyspace_name -t $curr_time &
+                      /app/restore.sh -b $backup_dir/cassandra-{{ $i }}/data -s  /onap-data/cassandra-{{ $i }}/data/$keyspace_name -k $keyspace_name -t $curr_time &
                       pids="$pids $!"
                     fi
                   done
@@ -142,14 +142,14 @@ spec:
               - mountPath: /backup
                 name: backup-dir
               - name: scripts
-                mountPath: /root/restore.sh
+                mountPath: /app/restore.sh
                 subPath: restore.sh
               - name: scripts
-                mountPath: /root/exec.py
+                mountPath: /app/exec.py
                 subPath: exec.py
           containers:
             - name: cassandra-backup-validate
-              image: "{{ .Values.image }}"
+              image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
               imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
               command:
               - /bin/bash
diff --git a/kubernetes/common/cassandra/templates/pv.yaml b/kubernetes/common/cassandra/templates/pv.yaml
index 76a224ab5f..a0d998cd07 100644
--- a/kubernetes/common/cassandra/templates/pv.yaml
+++ b/kubernetes/common/cassandra/templates/pv.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada, AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.replicaPV" . }}
diff --git a/kubernetes/common/cassandra/templates/service.yaml b/kubernetes/common/cassandra/templates/service.yaml
index 0b91076f82..8934d41c33 100644
--- a/kubernetes/common/cassandra/templates/service.yaml
+++ b/kubernetes/common/cassandra/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, AT&T, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.headlessService" . }}
diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml
index 96139ce988..471f88f735 100644
--- a/kubernetes/common/cassandra/templates/statefulset.yaml
+++ b/kubernetes/common/cassandra/templates/statefulset.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, AT&T, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: StatefulSet
@@ -28,7 +30,7 @@ spec:
       hostNetwork: {{ .Values.hostNetwork }}
       containers:
       - name: {{ include "common.name" . }}
-        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         ports: {{ include "common.containerPorts" . | nindent 8  }}
         volumeMounts:
@@ -48,7 +50,7 @@ spec:
         {{- if eq .Values.liveness.enabled true }}
         livenessProbe:
           exec:
-           command:
+            command:
             - /bin/bash
             - -c
             - nodetool status | grep $POD_IP | awk '$1!="UN" { exit 1; }'
@@ -110,15 +112,12 @@ spec:
         {{- else }}
               command: ["/bin/sh", "-c", "PID=$(pidof java) && kill $PID && while ps -p $PID > /dev/null; do sleep 1; done"]
         {{- end }}
-        resources:
-{{ toYaml .Values.resources | indent 10 }}
+        resources: {{ toYaml .Values.resources | nindent 10 }}
       {{- if .Values.nodeSelector }}
-      nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
+      nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
       {{- end -}}
       {{- if .Values.affinity }}
-      affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+      affinity: {{ toYaml .Values.affinity | nindent 8 }}
       {{- end }}
       volumes:
       - name: localtime
diff --git a/kubernetes/common/cassandra/values.yaml b/kubernetes/common/cassandra/values.yaml
index 090dbcc2a2..fbdf8e3e19 100644
--- a/kubernetes/common/cassandra/values.yaml
+++ b/kubernetes/common/cassandra/values.yaml
@@ -21,13 +21,9 @@ global: # global defaults
     mountPath: /dockerdata-nfs
     backup:
       mountPath: /dockerdata-nfs/backup
-  repository: nexus3.onap.org:10001
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
 
 # application image
-repository: nexus3.onap.org:10001
-image: library/cassandra:3.11.4
+image: cassandra:3.11.4
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -132,7 +128,7 @@ persistence:
 
 configOverrides: {}
 
-resources: {}
+# resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little
   # resources, such as Minikube. If you do want to specify resources, uncomment the following
@@ -143,13 +139,13 @@ resources: {}
   # ref: http://kubernetes.io/docs/user-guide/compute-resources/
   # Minimum memory for development is 2 CPU cores and 4GB memory
   # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-#  limits:
-#    cpu: 2
-#    memory: 4Gi
-#  requests:
-#    cpu: 2
-#    memory: 4Gi
+resources:
+  limits:
+    cpu: 0.8
+    memory: 4Gi
+  requests:
+    cpu: 0.2
+    memory: 2.5Gi
 backup:
   enabled: false
   cron: "00 00 * * *"
diff --git a/kubernetes/common/cert-wrapper/Chart.yaml b/kubernetes/common/cert-wrapper/Chart.yaml
new file mode 100644
index 0000000000..68d5400743
--- /dev/null
+++ b/kubernetes/common/cert-wrapper/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Wrapper chart to allow truststore to be shared among cert-initializer instances
+name: cert-wrapper
+version: 6.0.0
diff --git a/kubernetes/common/cert-wrapper/requirements.yaml b/kubernetes/common/cert-wrapper/requirements.yaml
new file mode 100644
index 0000000000..b6a667e448
--- /dev/null
+++ b/kubernetes/common/cert-wrapper/requirements.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: certInitializer
+    version: ~6.x-0
+    repository: 'file://../certInitializer'
diff --git a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
new file mode 100755
index 0000000000..7e2fa91363
--- /dev/null
+++ b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
@@ -0,0 +1,63 @@
+#!/bin/bash
+{{/*
+
+# Copyright © 2020 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+CERTS_DIR=${CERTS_DIR:-/certs}
+WORK_DIR=${WORK_DIR:-/updatedTruststore}
+ONAP_TRUSTSTORE=${ONAP_TRUSTSTORE:-truststoreONAPall.jks}
+JRE_TRUSTSTORE=${JRE_TRUSTSTORE:-$JAVA_HOME/lib/security/cacerts}
+TRUSTSTORE_OUTPUT_FILENAME=${TRUSTSTORE_OUTPUT_FILENAME:-truststore.jks}
+
+mkdir -p $WORK_DIR
+
+# Decrypt and move relevant files to WORK_DIR
+for f in $CERTS_DIR/*; do
+  if [[ $AAF_ENABLED == false ]] && [[ $f == *$ONAP_TRUSTSTORE* ]]; then
+    # Dont use onap truststore when aaf is disabled
+    continue
+  fi
+  if [[ $f == *.sh ]]; then
+    continue
+  fi
+  if [[ $f == *.b64 ]]
+    then
+      base64 -d $f > $WORK_DIR/`basename $f .b64`
+    else
+      cp $f $WORK_DIR/.
+  fi
+done
+
+# Prepare truststore output file
+if [[ $AAF_ENABLED == true ]]
+  then
+    mv $WORK_DIR/$ONAP_TRUSTSTORE $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME
+  else
+    echo "AAF is disabled, using JRE truststore"
+    cp $JRE_TRUSTSTORE $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME
+fi
+
+# Import Custom Certificates
+for f in $WORK_DIR/*; do
+  if [[ $f == *.pem ]]; then
+    echo "importing certificate: $f"
+    keytool -import -file $f -alias `basename $f` -keystore $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME -storepass $TRUSTSTORE_PASSWORD -noprompt
+    if [[ $? != 0 ]]; then
+      echo "failed importing certificate: $f"
+      exit 1
+    fi
+  fi
+done
diff --git a/kubernetes/common/certInitializer/resources/truststoreONAP.p12.b64 b/kubernetes/common/cert-wrapper/resources/truststoreONAP.p12.b64
index 71b6782c58..71b6782c58 100644
--- a/kubernetes/common/certInitializer/resources/truststoreONAP.p12.b64
+++ b/kubernetes/common/cert-wrapper/resources/truststoreONAP.p12.b64
diff --git a/kubernetes/common/certInitializer/resources/truststoreONAPall.jks.b64 b/kubernetes/common/cert-wrapper/resources/truststoreONAPall.jks.b64
index 17b051268f..17b051268f 100644
--- a/kubernetes/common/certInitializer/resources/truststoreONAPall.jks.b64
+++ b/kubernetes/common/cert-wrapper/resources/truststoreONAPall.jks.b64
diff --git a/kubernetes/common/cert-wrapper/templates/configmap.yaml b/kubernetes/common/cert-wrapper/templates/configmap.yaml
new file mode 100644
index 0000000000..117a4ab718
--- /dev/null
+++ b/kubernetes/common/cert-wrapper/templates/configmap.yaml
@@ -0,0 +1,22 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+{{- $suffix := "certs" }}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . ) | nindent 2 }}
+data:
+{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/common/cert-wrapper/values.yaml b/kubernetes/common/cert-wrapper/values.yaml
new file mode 100644
index 0000000000..fcece0e3f5
--- /dev/null
+++ b/kubernetes/common/cert-wrapper/values.yaml
@@ -0,0 +1,17 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+certInitializer:
+  nameOverride: cert-initializer
+  createCertsCM: true
diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
index 1250c1225e..800364f1a2 100644
--- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml
+++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
@@ -1,5 +1,5 @@
 {{/*
-# Copyright © 2020 Samsung Electronics
+# Copyright © 2020 Bell Canada, Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -96,13 +96,73 @@
       value: "{{ $initRoot.public_fqdn | default "" }}"
 {{- end -}}
 
+{{/*
+  This init container will import custom .pem certificates to truststoreONAPall.jks
+  Custom certificates must be placed in common/certInitializer/resources directory.
+
+  The feature is enabled by setting Values.global.importCustomCertsEnabled = true
+  It can be used independently of aafEnabled, however it requires the same includes
+  as describe above for _initContainer.
+
+  When AAF is enabled the truststoreONAPAll.jks (which contains AAF CA) will be used
+  to import custom certificates, otherwise the default java keystore will be used.
+
+  The updated truststore file will be placed in /updatedTruststore and can be mounted per component
+  to a specific path by defining Values.certInitializer.truststoreMountpath (see _trustStoreVolumeMount)
+  The truststore file will be available to mount even if no custom certificates were imported.
+*/}}
+{{- define "common.certInitializer._initImportCustomCertsContainer" -}}
+{{-   $dot := default . .dot -}}
+{{-   $initRoot := default $dot.Values.certInitializer .initRoot -}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+- name: {{ include "common.name" $dot }}-import-custom-certs
+  image: {{ $subchartDot.Values.global.jreImage }}
+  imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
+  securityContext:
+    runAsUser: 0
+  command:
+    - /bin/bash
+    - -c
+    - /root/import-custom-certs.sh
+  env:
+    - name: AAF_ENABLED
+      value: "{{  $subchartDot.Values.global.aafEnabled }}"
+    - name: TRUSTSTORE_OUTPUT_FILENAME
+      value: "{{ $initRoot.truststoreOutputFileName }}"
+    - name: TRUSTSTORE_PASSWORD
+    {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "truststore-creds" "key" "password") | indent 6 }}
+  volumeMounts:
+    - mountPath: /certs
+      name: aaf-agent-certs
+    - mountPath: /root/import-custom-certs.sh
+      name: aaf-agent-certs
+      subPath: import-custom-certs.sh
+    - mountPath: /updatedTruststore
+      name: updated-truststore
+{{- end -}}
+
 {{- define "common.certInitializer._volumeMount" -}}
 {{-   $dot := default . .dot -}}
 {{-   $initRoot := default $dot.Values.certInitializer .initRoot -}}
-- mountPath: {{ $initRoot.mountPath }}
+- mountPath: {{ $initRoot.appMountPath }}
   name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
 {{- end -}}
 
+{{/*
+  This is used together with _initImportCustomCertsContainer
+  It mounts the updated truststore (with imported custom certificates) to the
+  truststoreMountpath defined in the values file for the component.
+*/}}
+{{- define "common.certInitializer._trustStoreVolumeMount" -}}
+{{-   $dot := default . .dot -}}
+{{-   $initRoot := default $dot.Values.certInitializer .initRoot -}}
+{{- if gt (len $initRoot.truststoreMountpath) 0 }}
+- mountPath: {{ $initRoot.truststoreMountpath }}/{{ $initRoot.truststoreOutputFileName }}
+  name: updated-truststore
+  subPath: {{ $initRoot.truststoreOutputFileName }}
+{{- end -}}
+{{- end -}}
+
 {{- define "common.certInitializer._volumes" -}}
 {{-   $dot := default . .dot -}}
 {{-   $initRoot := default $dot.Values.certInitializer .initRoot -}}
@@ -112,7 +172,7 @@
     medium: Memory
 - name: aaf-agent-certs
   configMap:
-    name: {{ include "common.fullname" $subchartDot }}-certs
+    name: {{ tpl $subchartDot.Values.certsCMName $subchartDot }}
     defaultMode: 0700
 
 {{-     if $initRoot.aaf_add_config }}
@@ -121,10 +181,17 @@
     name: {{ include "common.fullname" $subchartDot }}-add-config
     defaultMode: 0700
 {{-     end -}}
+{{-     if $dot.Values.global.importCustomCertsEnabled }}
+- name: updated-truststore
+  emptyDir: {}
+{{-     end -}}
 {{- end -}}
 
 {{- define "common.certInitializer.initContainer" -}}
 {{-   $dot := default . .dot -}}
+  {{- if $dot.Values.global.importCustomCertsEnabled }}
+    {{ include "common.certInitializer._initImportCustomCertsContainer" . }}
+  {{- end -}}
   {{- if $dot.Values.global.aafEnabled }}
     {{ include "common.certInitializer._initContainer" . }}
   {{- end -}}
@@ -135,11 +202,14 @@
   {{- if $dot.Values.global.aafEnabled }}
     {{- include "common.certInitializer._volumeMount" . }}
   {{- end -}}
+  {{- if $dot.Values.global.importCustomCertsEnabled }}
+    {{- include "common.certInitializer._trustStoreVolumeMount" . }}
+  {{- end -}}
 {{- end -}}
 
 {{- define "common.certInitializer.volumes" -}}
 {{-   $dot := default . .dot -}}
-  {{- if $dot.Values.global.aafEnabled }}
+  {{- if or ($dot.Values.global.aafEnabled ) ($dot.Values.global.importCustomCertsEnabled) }}
     {{- include "common.certInitializer._volumes" . }}
   {{- end -}}
 {{- end -}}
diff --git a/kubernetes/common/certInitializer/templates/configmap.yaml b/kubernetes/common/certInitializer/templates/configmap.yaml
index a89a33152b..7eae899cc1 100644
--- a/kubernetes/common/certInitializer/templates/configmap.yaml
+++ b/kubernetes/common/certInitializer/templates/configmap.yaml
@@ -21,12 +21,5 @@ kind: ConfigMap
 metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
 data:
   aaf-add-config.sh: |
-    {{ tpl .Values.aaf_add_config . | indent 4 }}
+    {{ tpl .Values.aaf_add_config . | indent 4 | trim }}
 {{- end }}
----
-apiVersion: v1
-kind: ConfigMap
-{{- $suffix := "certs" }}
-metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . ) | nindent 2 }}
-data:
-{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml
index 416282f72a..66251fa29a 100644
--- a/kubernetes/common/certInitializer/values.yaml
+++ b/kubernetes/common/certInitializer/values.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2020 Samsung Electronics
+# Copyright © 2020 Bell Canada, Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@ global:
   repository: nexus3.onap.org:10001
   aafAgentImage: onap/aaf/aaf_agent:2.1.20
   aafEnabled: true
+  jreImage: registry.gitlab.com/onap-integration/docker/onap-java
 
 pullPolicy: Always
 
@@ -26,6 +27,11 @@ secrets:
     login: '{{ .Values.aafDeployFqi }}'
     password: '{{ .Values.aafDeployPass }}'
     passwordPolicy: required
+  - uid: truststore-creds
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.truststoreCredsExternalSecret) . }}'
+    password: '{{ .Values.truststorePassword }}'
+    passwordPolicy: required
 
 readinessCheck:
   wait_for:
@@ -45,3 +51,14 @@ cadi_latitude: "38.0"
 cadi_longitude: "-72.0"
 aaf_add_config: ""
 mountPath: "/opt/app/osaaf"
+appMountPath: "/opt/app/osaaf"
+importCustomCertsEnabled: false
+truststoreMountpath: ""
+truststoreOutputFileName: truststore.jks
+truststorePassword: changeit
+
+# This introduces implicit dependency on cert-wrapper
+# if you are using cert initializer cert-wrapper has to be also deployed.
+# We had to move this CM to a separate chart to reduce the total size of our charts
+# as it exceeds the default helm limits.
+certsCMName: '{{ include "common.release" . }}-cert-wrapper-certs'
diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml
index cf866571c7..f6feee6e06 100644
--- a/kubernetes/common/cmpv2Config/values.yaml
+++ b/kubernetes/common/cmpv2Config/values.yaml
@@ -12,9 +12,10 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 global:
-  aaf:
+  platform:
     certServiceClient:
-      image: onap/org.onap.aaf.certservice.aaf-certservice-client:1.2.0
+      image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
+      secretName: oom-cert-service-client-tls-secret
       envVariables:
         # Certificate related
         cmpv2Organization: "Linux-Foundation"
@@ -23,7 +24,10 @@ global:
         cmpv2State: "California"
         cmpv2Country: "US"
         # Client configuration related
-        requestURL: "https://aaf-cert-service:8443/v1/certificate/"
+        requestURL: "https://oom-cert-service:8443/v1/certificate/"
         requestTimeout: "30000"
         keystorePassword: "secret"
         truststorePassword: "secret"
+    certPostProcessor:
+      image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.1.0
+
diff --git a/kubernetes/common/common/documentation.rst b/kubernetes/common/common/documentation.rst
index d982ab09c6..fd416c0cc8 100644
--- a/kubernetes/common/common/documentation.rst
+++ b/kubernetes/common/common/documentation.rst
@@ -77,8 +77,6 @@ only give an overview.
   +----------------------------------------------------+-----------------------+
   | `common.repository`                                | `_repository.tpl`     |
   +----------------------------------------------------+-----------------------+
-  | `common.repository.secret`                         | `_repository.tpl`     |
-  +----------------------------------------------------+-----------------------+
   | `common.flavor`                                    | `_resources.tpl`      |
   +----------------------------------------------------+-----------------------+
   | `common.resources`                                 | `_resources.tpl`      |
@@ -289,7 +287,7 @@ taken on mariadb-galera):
         ...
         containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         ...
 
 Namespace
diff --git a/kubernetes/common/common/templates/_aafconfig.tpl b/kubernetes/common/common/templates/_aafconfig.tpl
index e90f8aea5d..b1021ab9d7 100644
--- a/kubernetes/common/common/templates/_aafconfig.tpl
+++ b/kubernetes/common/common/templates/_aafconfig.tpl
@@ -59,10 +59,10 @@
 {{-   $aafRoot := default $dot.Values.aafConfig .aafRoot -}}
 {{-   if $dot.Values.global.aafEnabled -}}
 - name: {{ include "common.name" $dot }}-aaf-readiness
-  image: "{{ $dot.Values.global.readinessRepository }}/{{ $dot.Values.global.readinessImage }}"
+  image: "{{ include "common.repository" $dot }}/{{ $dot.Values.global.readinessImage }}"
   imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
   command:
-  - /root/ready.py
+  - /app/ready.py
   args:
   - --container-name
   - aaf-locate
@@ -117,9 +117,9 @@
     - name: aaf_locator_app_ns
       value: "{{ $aafRoot.app_ns }}"
     - name: DEPLOY_FQI
-    {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "login") | indent 6 }}
+    {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "login") | indent 6 }}
     - name: DEPLOY_PASSWORD
-    {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "password") | indent 6 }}
+    {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "password") | indent 6 }}
   #Note: want to put this on Nodes, eventually
     - name: cadi_longitude
       value: "{{ default "52.3" $aafRoot.cadi_longitude }}"
diff --git a/kubernetes/common/common/templates/_createPassword.tpl b/kubernetes/common/common/templates/_createPassword.tpl
index 8b2f1e274d..bfd0999e16 100644
--- a/kubernetes/common/common/templates/_createPassword.tpl
+++ b/kubernetes/common/common/templates/_createPassword.tpl
@@ -32,11 +32,26 @@
   {{ else if eq "testRelease" (include "common.release" .) }}
     {{/* Special case for chart liniting. DON"T NAME YOUR PRODUCTION RELEASE testRelease */}}
     {{- printf "testRelease" -}}
+  {{ else if eq "test-release" .Release.Name }}
+    {{/* Special case for chart linting in helm3. DON"T NAME YOUR PRODUCTION RELEASE test-release */}}
+    {{- printf "testRelease" -}}
   {{ else }}
     {{ fail "masterPassword not provided" }}
   {{ end }}
 {{- end -}}
 
+{{- define "common._defaultPasswordStrength" -}}
+  {{ if .Values.passwordStrengthOverride }}
+    {{- printf "%s" .Values.passwordStrengthOverride -}}
+  {{ else if .Values.global.passwordStrength }}
+    {{- printf "%s" .Values.global.passwordStrength -}}
+  {{ else if .Values.passwordStrength }}
+    {{- printf "%s" .Values.passwordStrength -}}
+  {{ else }}
+    {{- printf "long" }}
+  {{ end }}
+{{- end -}}
+
 {{/*
   Generate a new password based on masterPassword. The new password is not
   random, it is derived from masterPassword, fully qualified chart name and
@@ -59,7 +74,8 @@
 {{- define "common.createPassword" -}}
   {{- $dot := default . .dot -}}
   {{- $uid := default "onap" .uid -}}
-  {{- $strength := default "long" .strength -}}
+  {{- $defaultStrength := include "common._defaultPasswordStrength" $dot | trim -}}
+  {{- $strength := default $defaultStrength .strength -}}
   {{- $mp := include "common.masterPassword" $dot -}}
   {{- derivePassword 1 $strength $mp (include "common.fullname" $dot) $uid -}}
 {{- end -}}
diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl
index 6b4f0ed36e..e57d4bedaa 100644
--- a/kubernetes/common/common/templates/_ingress.tpl
+++ b/kubernetes/common/common/templates/_ingress.tpl
@@ -1,19 +1,28 @@
+{{- define "ingress.config.host" -}}
+{{-   $dot := default . .dot -}}
+{{-   $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{-   $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}}
+{{ printf "%s.%s" $baseaddr $burl }}
+{{- end -}}
+
 {{- define "ingress.config.port" -}}
+{{-   $dot := default . .dot -}}
 {{- if .Values.ingress -}}
 {{- if .Values.global.ingress -}}
 {{- if or (not .Values.global.ingress.virtualhost) (not .Values.global.ingress.virtualhost.enabled) -}}
   - http:
       paths:
 {{- range .Values.ingress.service }}
-        - path: {{  printf "/%s" (required "baseaddr" .baseaddr) }}
+{{ $baseaddr := required "baseaddr" .baseaddr }}
+        - path: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
           backend:
             serviceName: {{ .name }}
             servicePort: {{ .port }}
 {{- end -}}
 {{- else if .Values.ingress.service -}}
-{{- $burl := (required "baseurl" .Values.global.ingress.virtualhost.baseurl) -}}
 {{ range .Values.ingress.service }}
-  - host: {{ printf "%s.%s" (required "baseaddr" .baseaddr) $burl }}
+{{ $baseaddr := required "baseaddr" .baseaddr }}
+  - host: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
     http:
       paths:
       - backend:
@@ -95,7 +104,18 @@ spec:
 {{- if .Values.ingress.tls }}
   tls:
 {{ toYaml .Values.ingress.tls | indent 4 }}
-  {{- end -}}
+{{- end -}}
+{{- if .Values.ingress.config -}}
+{{- if .Values.ingress.config.tls -}}
+{{-   $dot := default . .dot -}}
+  tls:
+    - hosts:
+    {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
+        - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+    {{- end }}
+    secretName: {{ required "secret" (tpl (default "" .Values.ingress.config.tls.secret) $dot) }}
+{{- end -}}
+{{- end -}}
 {{- end -}}
 {{- end -}}
 {{- end -}}
diff --git a/kubernetes/common/common/templates/_name.tpl b/kubernetes/common/common/templates/_name.tpl
index e918cc1dd8..793fb3e07b 100644
--- a/kubernetes/common/common/templates/_name.tpl
+++ b/kubernetes/common/common/templates/_name.tpl
@@ -51,6 +51,11 @@
 {{- $dot := default . .dot -}}
 {{- $suffix := default "" .suffix -}}
   {{- $name := default $dot.Chart.Name $dot.Values.nameOverride -}}
+  {{/* when linted, the name must be lower cased. When used from a component,
+       name should be overriden in order to avoid collision so no need to do it */}}
+  {{- if eq (printf "%s/templates" $name) $dot.Template.BasePath -}}
+  {{- $name = lower $name -}}
+  {{- end -}}
   {{- include "common.fullnameExplicit" (dict "dot" $dot "chartName" $name "suffix" $suffix) }}
 {{- end -}}
 
diff --git a/kubernetes/common/common/templates/_repository.tpl b/kubernetes/common/common/templates/_repository.tpl
index 272db42125..0316ae7050 100644
--- a/kubernetes/common/common/templates/_repository.tpl
+++ b/kubernetes/common/common/templates/_repository.tpl
@@ -15,6 +15,8 @@
 */}}
 
 {{/*
+  /!\ DEPRECATED /!\
+  Will be removed when transition to "repositoryGenerator" is finished.
   Resolve the name of the common image repository.
   The value for .Values.repository is used by default,
   unless either override mechanism is used.
@@ -29,21 +31,3 @@
     {{- default .Values.repository .Values.global.repository -}}
   {{end}}
 {{- end -}}
-
-
-{{/*
-  Resolve the image repository secret token.
-  The value for .Values.global.repositoryCred is used:
-  repositoryCred:
-    user: user
-    password: password
-    mail: email (optional)
-*/}}
-{{- define "common.repository.secret" -}}
-  {{- $repo := include "common.repository" . }}
-  {{- $repo := default "nexus3.onap.org:10001" $repo }}
-  {{- $cred := .Values.global.repositoryCred }}
-  {{- $mail := default "@" $cred.mail }}
-  {{- $auth := printf "%s:%s" $cred.user $cred.password | b64enc }}
-  {{- printf "{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}" $repo $cred.user $cred.password $mail $auth | b64enc -}}
-{{- end -}}
diff --git a/kubernetes/common/common/templates/_secret.tpl b/kubernetes/common/common/templates/_secret.tpl
index 990c476f29..2490debffb 100644
--- a/kubernetes/common/common/templates/_secret.tpl
+++ b/kubernetes/common/common/templates/_secret.tpl
@@ -137,6 +137,10 @@ type: Opaque
   {{- $uid := (default "" .uid) }}
   {{- $name := (default "" .name) }}
   {{- $fullname := ne (default "" .chartName) "" | ternary (include "common.fullnameExplicit" (dict "dot" $global "chartName" .chartName)) (include "common.fullname" $global) }}
+  {{- if eq "test-release" $global.Release.Name -}}
+  {{/* Special case for chart liniting in helm3. DON"T NAME YOUR PRODUCTION RELEASE test-release */}}
+  {{- $uid = lower $uid -}}
+  {{- end -}}
   {{- default (printf "%s-%s" $fullname $uid) $name }}
 {{- end -}}
 
diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl
index 3d745ed819..dddd63491d 100644
--- a/kubernetes/common/common/templates/_service.tpl
+++ b/kubernetes/common/common/templates/_service.tpl
@@ -94,6 +94,7 @@ annotations:
         "version": "{{ default "v1" $msb_information.version }}",
         "url": "{{ default "/" $msb_information.url }}",
         "protocol": "{{ default "REST" $msb_information.protocol }}",
+        "enable_ssl": {{ default false $msb_information.enable_ssl }},
         "port": "{{ $msb_information.port }}",
         "visualRange":"{{ default "1" $msb_information.visualRange }}"
       }
diff --git a/kubernetes/common/dgbuilder/requirements.yaml b/kubernetes/common/dgbuilder/requirements.yaml
index 4735901dfa..8b7390802f 100644
--- a/kubernetes/common/dgbuilder/requirements.yaml
+++ b/kubernetes/common/dgbuilder/requirements.yaml
@@ -16,3 +16,9 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: 'file://../common'
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: 'file://../repositoryGenerator'
\ No newline at end of file
diff --git a/kubernetes/common/dgbuilder/resources/config/customSettings.js b/kubernetes/common/dgbuilder/resources/config/customSettings.js
index 42c2e5728b..b6a1a8636a 100644
--- a/kubernetes/common/dgbuilder/resources/config/customSettings.js
+++ b/kubernetes/common/dgbuilder/resources/config/customSettings.js
@@ -54,6 +54,8 @@ module.exports={
     },
     "uiHost": "0.0.0.0",
     "version": "0.9.1",
-    "performGitPull": "N",
-    "enableHttps" : true
+    {{ if .Values.global.aafEnabled }}
+    "enableHttps" : true,
+    {{ end }}
+    "performGitPull": "N"
 }
diff --git a/kubernetes/common/dgbuilder/resources/config/svclogic.properties b/kubernetes/common/dgbuilder/resources/config/svclogic.properties
index 28612a270b..01edb4d411 100644
--- a/kubernetes/common/dgbuilder/resources/config/svclogic.properties
+++ b/kubernetes/common/dgbuilder/resources/config/svclogic.properties
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T, Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 org.onap.ccsdk.sli.dbtype=jdbc
 org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/{{.Values.config.db.dbName}}
diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml
index d0e298b7b6..ad3e4cf128 100644
--- a/kubernetes/common/dgbuilder/templates/deployment.yaml
+++ b/kubernetes/common/dgbuilder/templates/deployment.yaml
@@ -67,11 +67,12 @@ spec:
           name: config-input
         - mountPath: /config
           name: config
-        image: "{{ .Values.global.envsubstImage }}"
+        image: {{ include "repositoryGenerator.image.envsubst" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - {{ .Values.config.dbPodName }}
@@ -81,15 +82,15 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command: ["/bin/bash"]
-          args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && ./start.sh sdnc1.0 && wait"]
+          args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && {{ if .Values.global.aafEnabled}} cp /opt/app/osaaf/local/node-*.pem certs && {{end}}./start.sh sdnc1.0 && wait"]
           ports:
           - containerPort: {{ .Values.service.internalPort }}
           readinessProbe:
@@ -101,6 +102,7 @@ spec:
           - name: SDNC_CONFIG_DIR
             value: /opt/onap/sdnc/data/properties
           volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
@@ -127,6 +129,7 @@ spec:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
       volumes:
+{{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: localtime
           hostPath:
             path: /etc/localtime
diff --git a/kubernetes/common/dgbuilder/templates/ingress.yaml b/kubernetes/common/dgbuilder/templates/ingress.yaml
index 0cd8cfbd36..4392308e38 100644
--- a/kubernetes/common/dgbuilder/templates/ingress.yaml
+++ b/kubernetes/common/dgbuilder/templates/ingress.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Samsung, Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,5 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+*/}}
 {{ include "common.ingress" . }}
diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml
index a1f637b199..28880646fb 100644
--- a/kubernetes/common/dgbuilder/values.yaml
+++ b/kubernetes/common/dgbuilder/values.yaml
@@ -20,20 +20,6 @@ global:
   # with other instances running within the same k8s cluster
   nodePortPrefix: 302
 
-  # image repositories
-  repository: nexus3.onap.org:10001
-
-  # readiness check
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-
-  # logging agent
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-
-  # envsusbt
-  envsubstImage: dibi/envsubst
-
   # image pull policy
   pullPolicy: Always
 
@@ -83,8 +69,7 @@ secrets:
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
-image: onap/ccsdk-dgbuilder-image:0.7.4
+image: onap/ccsdk-dgbuilder-image:1.0.2
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -159,21 +144,45 @@ ingress:
   config:
     ssl: "redirect"
 
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  #
-  # Example:
-  # Configure resource requests and limits
-  # ref: http://kubernetes.io/docs/user-guide/compute-resources/
-  # Minimum memory for development is 2 CPU cores and 4GB memory
-  # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-#  limits:
-#    cpu: 2
-#    memory: 4Gi
-#  requests:
-#    cpu: 2
-#    memory: 4Gi
+ # dependency / sub-chart configuration
+certInitializer:
+  nameOverride: dgbuilder-cert-initializer
+  truststoreMountpath: /opt/onap/ccsdk/dgbuilder/certs
+  fqdn: "sdnc"
+  app_ns: "org.osaaf.aaf"
+  fqi: "sdnc@sdnc.onap.org"
+  fqi_namespace: org.onap.sdnc
+  public_fqdn: "dgbuilder.onap.org"
+  aafDeployFqi: "deployer@people.osaaf.org"
+  aafDeployPass: demo123456!
+  cadi_latitude: "38.0"
+  cadi_longitude: "-72.0"
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: >
+    cd /opt/app/osaaf/local;
+    /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1 ;
+    cp {{ .Values.fqi_namespace }}.crt node-cert.pem;
+    cp {{ .Values.fqi_namespace }}.key node-key.pem;
+    chmod go+r node-*.pem
+
+#Resource Limit flavor -By Default using small
+flavor: small
+#segregation for different envionment (Small and Large)
+
+resources:
+  small:
+    limits:
+      cpu: 2
+      memory: 4Gi
+    requests:
+      cpu: 1
+      memory: 2Gi
+  large:
+    limits:
+      cpu: 4
+      memory: 8Gi
+    requests:
+      cpu: 2
+      memory: 4Gi
+  unlimited: {}
+
diff --git a/kubernetes/common/elasticsearch/.helmignore b/kubernetes/common/elasticsearch/.helmignore
new file mode 100644
index 0000000000..68ffb32406
--- /dev/null
+++ b/kubernetes/common/elasticsearch/.helmignore
@@ -0,0 +1 @@
+components/
diff --git a/kubernetes/common/elasticsearch/Makefile b/kubernetes/common/elasticsearch/Makefile
new file mode 100644
index 0000000000..4c79718d02
--- /dev/null
+++ b/kubernetes/common/elasticsearch/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/common/elasticsearch/components/Makefile b/kubernetes/common/elasticsearch/components/Makefile
new file mode 100644
index 0000000000..f2e7a1fb82
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := soHelpers
+HELM_BIN := helm
+HELM_CHARTS := soHelpers $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml
index 7e73420e13..e1d6cbabbb 100644
--- a/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml
+++ b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 {{- if .Values.enabled }}
 {{- range $kind, $enabled := .Values.hooks }}
 {{- if $enabled }}
@@ -45,7 +47,7 @@ spec:
 {{- end }}
       containers:
         - name: {{ template "common.fullname" . }}-curator
-          image: {{printf "%s/%s:%s" (include "common.repository" .)  .Values.image.imageName  .Values.image.tag }}
+          image: {{printf "%s/%s" (include "repositoryGenerator.repository" .)  .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
             - name: config-volume
diff --git a/kubernetes/common/elasticsearch/components/curator/requirements.yaml b/kubernetes/common/elasticsearch/components/curator/requirements.yaml
index e9a5a5f61a..fbdf7b8489 100644
--- a/kubernetes/common/elasticsearch/components/curator/requirements.yaml
+++ b/kubernetes/common/elasticsearch/components/curator/requirements.yaml
@@ -16,3 +16,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: 'file://../../../common'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: 'file://../../../repositoryGenerator'
diff --git a/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml b/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml
index dc2a430922..2af57aae77 100644
--- a/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml
+++ b/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 {{- if .Values.enabled }}
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml
index 901c0a5c06..ff63cf00b1 100644
--- a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml
+++ b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 {{- if .Values.enabled }}
 {{ $role := "curator" -}}
 {{ $suffix := $role -}}
@@ -74,7 +76,7 @@ spec:
           {{- end }}
           containers:
             - name: {{ template "common.fullname" . }}-curator
-              image: {{printf "%s/%s:%s" (include "common.repository" .)  .Values.image.imageName  .Values.image.tag }}
+              image: {{printf "%s/%s" (include "repositoryGenerator.repository" .)  .Values.image }}
               imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
               volumeMounts:
                 - name: config-volume
diff --git a/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml b/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml
index 6fe032d818..628cdd1d73 100644
--- a/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml
+++ b/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 {{- if and .Values.enabled .Values.psp.create }}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
diff --git a/kubernetes/common/elasticsearch/components/curator/templates/role.yaml b/kubernetes/common/elasticsearch/components/curator/templates/role.yaml
index 0d189f448b..f124a44c85 100644
--- a/kubernetes/common/elasticsearch/components/curator/templates/role.yaml
+++ b/kubernetes/common/elasticsearch/components/curator/templates/role.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 {{- if and .Values.enabled .Values.rbac.enabled }}
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
diff --git a/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml b/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml
index b112468dc3..f10b14231f 100644
--- a/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml
+++ b/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 {{- if and .Values.enabled .Values.rbac.enabled }}
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
diff --git a/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml
index 0bd4ae0999..a1732cfedc 100644
--- a/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml
+++ b/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 {{- if and .Values.enabled .Values.serviceAccount.create .Values.rbac.enabled }}
 apiVersion: v1
 kind: ServiceAccount
diff --git a/kubernetes/common/elasticsearch/components/curator/values.yaml b/kubernetes/common/elasticsearch/components/curator/values.yaml
index 5e0d9668d3..62964ff973 100644
--- a/kubernetes/common/elasticsearch/components/curator/values.yaml
+++ b/kubernetes/common/elasticsearch/components/curator/values.yaml
@@ -22,7 +22,7 @@ global:
       mountPath: /dockerdata-nfs/backup
     storageClass:
   clusterName: cluster.local
-repositoryOverride: docker.io
+
 #################################################################
 # Application configuration defaults.
 #################################################################
@@ -31,16 +31,14 @@ repositoryOverride: docker.io
 ##
 enabled: false
 name: curator
-image:
-  imageName: bitnami/elasticsearch-curator
-  tag: 5.8.1-debian-9-r74
-  pullPolicy: IfNotPresent
-  ## Optionally specify an array of imagePullSecrets.
-  ## Secrets must be manually created in the namespace.
-  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-  ##
-  # pullSecrets:
-  #   - myRegistryKeySecretName
+image: bitnami/elasticsearch-curator:5.8.1-debian-9-r74
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+#   - myRegistryKeySecretName
 service:
   port: 9200
 cronjob:
diff --git a/kubernetes/common/elasticsearch/components/data/requirements.yaml b/kubernetes/common/elasticsearch/components/data/requirements.yaml
index a1f72ffc60..ba64f9630e 100644
--- a/kubernetes/common/elasticsearch/components/data/requirements.yaml
+++ b/kubernetes/common/elasticsearch/components/data/requirements.yaml
@@ -16,3 +16,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: 'file://../../../common'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: 'file://../../../repositoryGenerator'
diff --git a/kubernetes/common/elasticsearch/components/data/templates/pv.yaml b/kubernetes/common/elasticsearch/components/data/templates/pv.yaml
index c713ec81ac..133984c800 100644
--- a/kubernetes/common/elasticsearch/components/data/templates/pv.yaml
+++ b/kubernetes/common/elasticsearch/components/data/templates/pv.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}}
diff --git a/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml
index 2ac3880886..4a8ef08946 100644
--- a/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml
+++ b/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 {{- if .Values.serviceAccount.create }}
 apiVersion: v1
 kind: ServiceAccount
diff --git a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml
index 994b458e33..ea805c1813 100644
--- a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml
+++ b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,11 +12,12 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: apps/v1
 kind: StatefulSet
 {{ $role := "data" -}}
 {{ $suffix := $role -}}
-{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}}
+{{ $labels := (dict "role" $role "discovery" .Values.cluster_name) -}}
 metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
 spec:
   updateStrategy:
@@ -32,7 +34,8 @@ spec:
   template:
     metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }}
     spec:
-{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
       {{- if .Values.affinity }}
       affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
       {{- end }}
@@ -42,7 +45,6 @@ spec:
       {{- if .Values.tolerations }}
       tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
       {{- end }}
-      serviceAccountName: {{ template "elasticsearch.data.serviceAccountName" . }}
       {{- if .Values.securityContext.enabled }}
       securityContext:
         fsGroup: {{ .Values.securityContext.fsGroup }}
@@ -52,7 +54,7 @@ spec:
         {{- if .Values.sysctlImage.enabled }}
         ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors)
         - name: sysctl
-          image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+          image: {{ include "repositoryGenerator.image.busybox" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
             - /bin/sh
@@ -67,7 +69,7 @@ spec:
         {{- end }}
         {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
         - name: volume-permissions
-          image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+          image: {{ include "repositoryGenerator.image.busybox" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
             - /bin/sh
@@ -85,8 +87,8 @@ spec:
         {{- end }}
       {{- end }}
       containers:
-        - name: {{ include "common.name" . }}-elasticsearch
-          image: {{ printf "%s/%s:%s" (include "common.repository" .)  .Values.image.imageName  .Values.image.tag }}
+        - name: {{ include "common.name" . }}-data
+          image: {{ printf "%s/%s" (include "repositoryGenerator.dockerHubRepository" .)  .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           {{- if .Values.securityContext.enabled }}
           securityContext:
@@ -94,9 +96,9 @@ spec:
           {{- end }}
           env:
             - name: BITNAMI_DEBUG
-              value: {{ ternary "true" "false" .Values.image.debug | quote }}
+              value: {{ ternary "true" "false" .Values.debug | quote }}
             - name: ELASTICSEARCH_CLUSTER_NAME
-              value: {{include "elasticsearch.clustername" .}}
+              value: {{ .Values.cluster_name }}
             - name: ELASTICSEARCH_CLUSTER_HOSTS
               value: {{ include "common.name" . }}-discovery
             {{- if .Values.plugins }}
diff --git a/kubernetes/common/elasticsearch/components/data/values.yaml b/kubernetes/common/elasticsearch/components/data/values.yaml
index cfb7f51da3..1328a20439 100644
--- a/kubernetes/common/elasticsearch/components/data/values.yaml
+++ b/kubernetes/common/elasticsearch/components/data/values.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+# Copyright (c) 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+# Modification Copyright (c) 2020 Nokia
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -21,10 +22,13 @@ global:
     backup:
       mountPath: /dockerdata-nfs/backup
     storageClass:
-repositoryOverride: docker.io
+
 #################################################################
 # Application configuration defaults.
 #################################################################
+
+cluster_name: onap
+
 ## Init containers parameters:
 sysctlImage:
   enabled: true
@@ -46,24 +50,22 @@ service:
   - name: http-transport
     port: 9300
 
-image:
-  imageName: bitnami/elasticsearch
-  tag: 6.8.6-debian-9-r23
-  ## Specify a imagePullPolicy
-  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
-  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
-  ##
-  pullPolicy: IfNotPresent
-  ## Optionally specify an array of imagePullSecrets.
-  ## Secrets must be manually created in the namespace.
-  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-  ##
-  # pullSecrets:
-  #   - myRegistryKeySecretName
-  ## Set to true if you would like to see extra information on logs
-  ## ref:  https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
-  ##
-  debug: false
+image: bitnami/elasticsearch:7.9.3
+## Specify a imagePullPolicy
+## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+##
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+#   - myRegistryKeySecretName
+## Set to true if you would like to see extra information on logs
+## ref:  https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+##
+debug: false
 
 
 ## updateStrategy for ElasticSearch Data statefulset
diff --git a/kubernetes/common/elasticsearch/components/master/requirements.yaml b/kubernetes/common/elasticsearch/components/master/requirements.yaml
index a1f72ffc60..ba64f9630e 100644
--- a/kubernetes/common/elasticsearch/components/master/requirements.yaml
+++ b/kubernetes/common/elasticsearch/components/master/requirements.yaml
@@ -16,3 +16,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: 'file://../../../common'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: 'file://../../../repositoryGenerator'
diff --git a/kubernetes/common/elasticsearch/components/master/templates/pv.yaml b/kubernetes/common/elasticsearch/components/master/templates/pv.yaml
index c713ec81ac..133984c800 100644
--- a/kubernetes/common/elasticsearch/components/master/templates/pv.yaml
+++ b/kubernetes/common/elasticsearch/components/master/templates/pv.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}}
diff --git a/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml
index 05a3af37f2..323b9fc318 100644
--- a/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml
+++ b/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 
 {{- if .Values.serviceAccount.create }}
diff --git a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml
index dfa3ccbacc..a35b4bf741 100644
--- a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml
+++ b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,12 +12,13 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: StatefulSet
 {{ $role := "master" -}}
 {{ $suffix := $role -}}
-{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}}
+{{ $labels := (dict "role" $role "discovery" .Values.cluster_name) -}}
 metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
 spec:
   updateStrategy:
@@ -30,7 +32,8 @@ spec:
   template:
     metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }}
     spec:
-{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
       {{- if .Values.affinity }}
       affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
       {{- end }}
@@ -40,7 +43,6 @@ spec:
       {{- if .Values.tolerations }}
       tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
       {{- end }}
-      serviceAccountName: {{ template "elasticsearch.serviceAccountName" . }}
       {{- if .Values.securityContext.enabled }}
       securityContext:
         fsGroup: {{ .Values.securityContext.fsGroup }}
@@ -50,7 +52,7 @@ spec:
         {{- if .Values.sysctlImage.enabled }}
         ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors)
         - name: sysctl
-          image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+          image: {{ include "repositoryGenerator.image.busybox" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
             - /bin/sh
@@ -65,7 +67,7 @@ spec:
         {{- end }}
         {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
         - name: volume-permissions
-          image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+          image: {{ include "repositoryGenerator.image.busybox" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
             - /bin/sh
@@ -83,8 +85,8 @@ spec:
         {{- end }}
       {{- end }}
       containers:
-        - name: {{ include "common.name" . }}-elasticsearch
-          image: {{ printf "%s/%s:%s" (include "common.repository" .)  .Values.image.imageName  .Values.image.tag }}
+        - name: {{ include "common.name" . }}-master
+          image: {{ printf "%s/%s" (include "repositoryGenerator.dockerHubRepository" .)  .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           {{- if .Values.securityContext.enabled }}
           securityContext:
@@ -92,9 +94,9 @@ spec:
           {{- end }}
           env:
             - name: BITNAMI_DEBUG
-              value: {{ ternary "true" "false" .Values.image.debug | quote }}
+              value: {{ ternary "true" "false" .Values.debug | quote }}
             - name: ELASTICSEARCH_CLUSTER_NAME
-              value: {{ include "elasticsearch.clustername" . }}
+              value: {{ .Values.cluster_name }}
             - name: ELASTICSEARCH_CLUSTER_HOSTS
               value: {{ include "common.name" . }}-discovery
             - name: ELASTICSEARCH_CLUSTER_MASTER_HOSTS
diff --git a/kubernetes/common/elasticsearch/components/master/templates/svc.yaml b/kubernetes/common/elasticsearch/components/master/templates/svc.yaml
index 8d66ef082e..ca94e242a4 100644
--- a/kubernetes/common/elasticsearch/components/master/templates/svc.yaml
+++ b/kubernetes/common/elasticsearch/components/master/templates/svc.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,9 +12,10 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 
 {{ $role := "master" -}}
 {{ $labels := (dict "role" $role) -}}
 {{ $matchLabels := (dict "role" $role) }}
-{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }}
\ No newline at end of file
+{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }}
diff --git a/kubernetes/common/elasticsearch/components/master/values.yaml b/kubernetes/common/elasticsearch/components/master/values.yaml
index 2862692eef..33804494e9 100644
--- a/kubernetes/common/elasticsearch/components/master/values.yaml
+++ b/kubernetes/common/elasticsearch/components/master/values.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+# Copyright (c) 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+# Modification Copyright (c) 2020 Nokia
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,7 +13,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-
 #################################################################
 # Global configuration defaults.
 #################################################################
@@ -22,10 +22,13 @@ global:
     backup:
       mountPath: /dockerdata-nfs/backup
     storageClass:
-repositoryOverride: docker.io
+
 #################################################################
 # Application configuration defaults.
 #################################################################
+
+cluster_name: onap
+
 ## Init containers parameters:
 sysctlImage:
   enabled: true
@@ -41,26 +44,24 @@ name: master
 ##
 replicaCount: 3
 ## master acts as master only node, choose 'no' if no further data nodes are deployed)
-dedicatednode: "yes"
+dedicatednode: 'yes'
 ## dedicatednode: "no"
-image:
-  imageName: bitnami/elasticsearch
-  tag: 6.8.6-debian-9-r23
-  ## Specify a imagePullPolicy
-  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
-  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
-  ##
-  pullPolicy: IfNotPresent
-  ## Optionally specify an array of imagePullSecrets.
-  ## Secrets must be manually created in the namespace.
-  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-  ##
-  # pullSecrets:
-  #   - myRegistryKeySecretName
-  ## Set to true if you would like to see extra information on logs
-  ## ref:  https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
-  ##
-  debug: false
+image: bitnami/elasticsearch:7.9.3
+## Specify a imagePullPolicy
+## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+##
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+#   - myRegistryKeySecretName
+## Set to true if you would like to see extra information on logs
+## ref:  https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+##
+debug: false
 
 ## String to partially override common.fullname template (will maintain the release name)
 ##
@@ -104,12 +105,14 @@ resources:
   ## We usually recommend not to specify default resources and to leave this as a conscious
   ## choice for the user. This also increases chances charts run on environments with little
   ## resources, such as Minikube.
-  limits: {}
+  limits:
+    cpu: 250m
+    memory: 1536Mi
   #   cpu: 100m
   #   memory: 128Mi
   requests:
-    cpu: 25m
-    memory: 256Mi
+    cpu: 5m
+    memory: 310Mi
 ## Elasticsearch master-eligible container's liveness and readiness probes
 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
 ##
@@ -162,13 +165,13 @@ persistence:
 ## Service parameters for master-eligible node(s)
 ##
 service:
-  suffix: "service"
-  name: ""
+  suffix: 'service'
+  name: ''
   ## list of ports for "common.containerPorts"
   ## Elasticsearch transport port
   ports:
-  - name: http-transport
-    port: 9300
+    - name: http-transport
+      port: 9300
   ## master-eligible service type
   ##
   type: ClusterIP
@@ -194,10 +197,6 @@ serviceAccount:
   ## If not set and create is true, a name is generated using the fullname template
   # name:
 
-
 ## Elasticsearch cluster name
 ##
 clusterName: elastic-cluster
-
-
-
diff --git a/kubernetes/common/elasticsearch/requirements.yaml b/kubernetes/common/elasticsearch/requirements.yaml
index 5900f412a1..4b7e88f51e 100644
--- a/kubernetes/common/elasticsearch/requirements.yaml
+++ b/kubernetes/common/elasticsearch/requirements.yaml
@@ -30,3 +30,6 @@ dependencies:
   - name: certInitializer
     version: ~6.x-0
     repository: 'file://../certInitializer'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: 'file://../repositoryGenerator'
diff --git a/kubernetes/common/elasticsearch/templates/_helpers.tpl b/kubernetes/common/elasticsearch/templates/_helpers.tpl
index fdbe82f855..1de2599af9 100644
--- a/kubernetes/common/elasticsearch/templates/_helpers.tpl
+++ b/kubernetes/common/elasticsearch/templates/_helpers.tpl
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Expand the name of the chart.
@@ -69,35 +71,3 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 {{- end -}}
 
 
-{{/*
-Return the proper Docker Image Registry Secret Names
-*/}}
-{{- define "elasticsearch.imagePullSecrets" -}}
-{{- if .Values.global }}
-{{- if .Values.global.imagePullSecrets }}
-imagePullSecrets:
-{{- range .Values.global.imagePullSecrets }}
-  - name: {{ . }}
-{{- end }}
-{{- end }}
-{{- else }}
-{{- $imagePullSecrets := coalesce .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.curator.image.pullSecrets .Values.sysctlImage.pullSecrets .Values.volumePermissions.image.pullSecrets -}}
-{{- if $imagePullSecrets }}
-imagePullSecrets:
-{{- range $imagePullSecrets }}
-  - name: {{ . }}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "elasticsearch.curator.serviceAccountName" -}}
-{{- if .Values.curator.serviceAccount.create -}}
-    {{ default (include "common.fullname" (dict "suffix" "currator" "dot" .)) .Values.curator.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.curator.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/common/elasticsearch/templates/configmap-es.yaml b/kubernetes/common/elasticsearch/templates/configmap-es.yaml
index 38234da0cf..7138e4e094 100644
--- a/kubernetes/common/elasticsearch/templates/configmap-es.yaml
+++ b/kubernetes/common/elasticsearch/templates/configmap-es.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 {{- if .Values.config }}
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
index 1ab5b59855..22de4dbf37 100644
--- a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
+++ b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: apps/v1
 kind: Deployment
 {{ $role := "coordinating-only" -}}
@@ -28,7 +30,8 @@ spec:
   template:
     metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }}
     spec:
-{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
       {{- if .Values.affinity }}
       affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
       {{- end }}
@@ -48,7 +51,7 @@ spec:
       initContainers:
       {{- if .Values.sysctlImage.enabled }}
         - name: sysctl
-          image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+          image: {{ include "repositoryGenerator.image.busybox" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
             - /bin/sh
@@ -65,7 +68,7 @@ spec:
 
       containers:
         - name: {{ include "common.name" . }}-nginx
-          image: {{printf "%s/%s:%s" (include "common.repository" .)  .Values.nginx.imageName  .Values.nginx.tag }}
+          image: {{ include "repositoryGenerator.image.nginx" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.nginx.pullPolicy | quote }}
           ports: {{- include "common.containerPorts" . | indent 12 -}}
           {{- if .Values.nginx.livenessProbe }}
@@ -85,7 +88,7 @@ spec:
           {{- include "common.certInitializer.volumeMount" . | nindent 10 }}
 
         - name: {{ include "common.name" . }}-elasticsearch
-          image: {{ printf "%s/%s:%s" (include "common.repository" .)  .Values.image.imageName  .Values.image.tag }}
+          image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
           {{- if .Values.securityContext.enabled }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           securityContext:
@@ -93,7 +96,7 @@ spec:
           {{- end }}
           env:
             - name: BITNAMI_DEBUG
-              value: {{ ternary "true" "false" .Values.image.debug | quote }}
+              value: {{ ternary "true" "false" .Values.debug | quote }}
             - name: ELASTICSEARCH_CLUSTER_NAME
               value: {{ include "elasticsearch.clustername" .}}
             - name: ELASTICSEARCH_CLUSTER_HOSTS
diff --git a/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml
index 610c7d68c1..d7fd447846 100644
--- a/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml
+++ b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ $role := "coordinating-only" -}}
 {{ $labels := (dict "role" $role) -}}
diff --git a/kubernetes/common/elasticsearch/templates/discovery-svc.yaml b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml
index fa79c29eca..9750be7b80 100644
--- a/kubernetes/common/elasticsearch/templates/discovery-svc.yaml
+++ b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 {{- $matchLabels := (dict "discovery" (include "elasticsearch.clustername" .) "nameNoMatch" "useDiscoveryService") }}
 {{ include "common.headlessService" (dict "matchLabels" $matchLabels "dot" .) }}
diff --git a/kubernetes/common/elasticsearch/templates/secrets.yaml b/kubernetes/common/elasticsearch/templates/secrets.yaml
index 359e8975e1..b8cd0686c4 100644
--- a/kubernetes/common/elasticsearch/templates/secrets.yaml
+++ b/kubernetes/common/elasticsearch/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada
 # Copyright © 2019 Samsung Electronics
 #
@@ -12,4 +13,5 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/common/elasticsearch/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml
index 49ad504da6..a9b54882f1 100644
--- a/kubernetes/common/elasticsearch/templates/serviceaccount.yaml
+++ b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 {{- if .Values.serviceAccount.create }}
 apiVersion: v1
 kind: ServiceAccount
diff --git a/kubernetes/common/elasticsearch/values.yaml b/kubernetes/common/elasticsearch/values.yaml
index b1289431a5..b91ac76056 100644
--- a/kubernetes/common/elasticsearch/values.yaml
+++ b/kubernetes/common/elasticsearch/values.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+# Copyright (c) 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+# Modification Copyright (c) 2020 Nokia
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -18,12 +19,6 @@
 global:
   aafEnabled: true
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  busyboxRepository: registry.hub.docker.com
-  busyboxImage: library/busybox:latest
   clusterName: cluster.local
 
 persistence:
@@ -31,7 +26,6 @@ persistence:
   backup:
     mountPath: /dockerdata-nfs/backup
   storageClass:
-repositoryOverride: docker.io
 
 #################################################################
 # Application configuration defaults.
@@ -41,24 +35,22 @@ sysctlImage:
   enabled: true
 
 # application image
-image:
-  imageName: bitnami/elasticsearch
-  tag: 6.8.6-debian-9-r23
-  ## Specify a imagePullPolicy
-  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
-  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
-  ##
-  pullPolicy: IfNotPresent
-  ## Optionally specify an array of imagePullSecrets.
-  ## Secrets must be manually created in the namespace.
-  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-  ##
-  # pullSecrets:
-  #   - myRegistryKeySecretName
-  ## Set to true if you would like to see extra information on logs
-  ## ref:  https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
-  ##
-  debug: false
+image: bitnami/elasticsearch:7.9.3
+## Specify a imagePullPolicy
+## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+##
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+#   - myRegistryKeySecretName
+## Set to true if you would like to see extra information on logs
+## ref:  https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+##
+debug: false
 
 ## String to partially override common.fullname template (will maintain the release name)
 ##
@@ -136,13 +128,8 @@ serviceAccount:
   ##
   # name:
 
-## Bitnami Minideb image version
-## ref: https://hub.docker.com/r/bitnami/minideb/tags/
-##
 sysctlImage:
   enabled: true
-  imageName: bitnami/minideb
-  tag: stretch
   ## Specify a imagePullPolicy
   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
   ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -157,8 +144,6 @@ sysctlImage:
 
 # nginx image
 nginx:
-  imageName: bitnami/nginx
-  tag: 1.16-debian-9
   pullPolicy: IfNotPresent
   service:
     name: nginx
@@ -320,7 +305,9 @@ master:
   # dedicatednode: "no"
   # handles master and data node functionality
   dedicatednode: "no"
+  cluster_name: elasticsearch
 data:
   enabled: false
+  cluster_name: elasticsearch
 curator:
   enabled: false
diff --git a/kubernetes/common/etcd/requirements.yaml b/kubernetes/common/etcd/requirements.yaml
index e90e615d73..733bc449cb 100644
--- a/kubernetes/common/etcd/requirements.yaml
+++ b/kubernetes/common/etcd/requirements.yaml
@@ -16,3 +16,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: 'file://../common'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: 'file://../repositoryGenerator'
diff --git a/kubernetes/common/etcd/templates/pv.yaml b/kubernetes/common/etcd/templates/pv.yaml
index ed1344d4c1..ac5b7b975d 100644
--- a/kubernetes/common/etcd/templates/pv.yaml
+++ b/kubernetes/common/etcd/templates/pv.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada, AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{- $global := . }}
 {{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
diff --git a/kubernetes/common/etcd/templates/service.yaml b/kubernetes/common/etcd/templates/service.yaml
index 4268dd6d2c..04fc93af00 100644
--- a/kubernetes/common/etcd/templates/service.yaml
+++ b/kubernetes/common/etcd/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright 2019 Intel Corporation Inc
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml
index fcab51cb59..f5592bd252 100644
--- a/kubernetes/common/etcd/templates/statefulset.yaml
+++ b/kubernetes/common/etcd/templates/statefulset.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2019 Intel Corporation Inc
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
@@ -48,7 +50,7 @@ spec:
 {{- end }}
       containers:
       - name: {{ include "common.fullname" .  }}
-        image: "{{ .Values.repository }}/{{ .Values.image }}"
+        image: {{ include "repositoryGenerator.googleK8sRepository" . }}/{{ .Values.image }}
         imagePullPolicy: "{{ .Values.pullPolicy }}"
         ports:
         - containerPort: {{ .Values.service.peerInternalPort }}
diff --git a/kubernetes/common/etcd/values.yaml b/kubernetes/common/etcd/values.yaml
index d994f87ea4..3cfd4535f1 100644
--- a/kubernetes/common/etcd/values.yaml
+++ b/kubernetes/common/etcd/values.yaml
@@ -24,8 +24,7 @@ global:
 #################################################################
 
 #repository: etcd
-repository: "k8s.gcr.io"
-image: "etcd-amd64:3.2.24"
+image: etcd-amd64:3.2.24
 pullPolicy: Always
 
 # default number of instances in the StatefulSet
diff --git a/kubernetes/policy/charts/brmsgw/Chart.yaml b/kubernetes/common/logConfiguration/Chart.yaml
index b09939d64c..1d13dcbd56 100644
--- a/kubernetes/policy/charts/brmsgw/Chart.yaml
+++ b/kubernetes/common/logConfiguration/Chart.yaml
@@ -1,5 +1,4 @@
 # Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,6 +13,6 @@
 # limitations under the License.
 
 apiVersion: v1
-description: ONAP Policy BRMS GW
-name: brmsgw
+description: Template used to create same STDOUT log configuration
+name: logConfiguration
 version: 6.0.0
diff --git a/kubernetes/cds/charts/cds-blueprints-processor/requirements.yaml b/kubernetes/common/logConfiguration/requirements.yaml
index 72e8b3cd4a..237f1d1354 100755..100644
--- a/kubernetes/cds/charts/cds-blueprints-processor/requirements.yaml
+++ b/kubernetes/common/logConfiguration/requirements.yaml
@@ -1,4 +1,4 @@
-# Copyright (c) 2019 IBM, Bell Canada
+# Copyright © 2018 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,4 +15,4 @@
 dependencies:
   - name: common
     version: ~6.x-0
-    repository: '@local'
\ No newline at end of file
+    repository: 'file://../common'
diff --git a/kubernetes/common/logConfiguration/templates/_log.tpl b/kubernetes/common/logConfiguration/templates/_log.tpl
new file mode 100644
index 0000000000..bf19f210e4
--- /dev/null
+++ b/kubernetes/common/logConfiguration/templates/_log.tpl
@@ -0,0 +1,41 @@
+{{/*
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/*
+  Resolve the level of the logs.
+  The value for .Values.logLevel is used by default,
+  unless either override mechanism is used.
+
+  - .Values.global.logLevel  : override default log level for all components
+  - .Values.logLevelOverride : override global and default log level on a per
+                               component basis
+
+  The function can takes below arguments (inside a dictionary):
+     - .dot : environment (.)
+     - .initRoot : the root dictionary of logConfiguration submodule
+                   (default to .Values.logConfiguration)
+*/}}
+{{- define "common.log.level" -}}
+{{-   $dot := default . .dot -}}
+{{-   $initRoot := default $dot.Values.logConfiguration .initRoot -}}
+{{/*  Our version of helm doesn't support deepCopy so we need this nasty trick */}}
+{{-   $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+  {{- if $subchartDot.Values.logLevelOverride }}
+    {{- printf "%s" $subchartDot.Values.logLevelOverride -}}
+  {{- else }}
+    {{- default $subchartDot.Values.logLevel $subchartDot.Values.global.logLevel -}}
+  {{- end }}
+{{- end -}}
diff --git a/kubernetes/common/logConfiguration/values.yaml b/kubernetes/common/logConfiguration/values.yaml
new file mode 100644
index 0000000000..7ebb0ff84e
--- /dev/null
+++ b/kubernetes/common/logConfiguration/values.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+logLevel: INFO
diff --git a/kubernetes/common/mariadb-galera/requirements.yaml b/kubernetes/common/mariadb-galera/requirements.yaml
index 4fbecbfab2..2509f7fcff 100644
--- a/kubernetes/common/mariadb-galera/requirements.yaml
+++ b/kubernetes/common/mariadb-galera/requirements.yaml
@@ -15,4 +15,7 @@
 dependencies:
   - name: common
     version: ~6.x-0
-    repository: 'file://../common'
\ No newline at end of file
+    repository: 'file://../common'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: 'file://../repositoryGenerator'
\ No newline at end of file
diff --git a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh
index 42c5c89726..b354efe86c 100755
--- a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh
+++ b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh
@@ -1,8 +1,10 @@
 #!/bin/bash
+{{/*
 #
 # Adfinis SyGroup AG
 # openshift-mariadb-galera: mysql setup script
 #
+*/}}
 
 set -eox pipefail
 
@@ -32,8 +34,9 @@ if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
 	mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql
 fi
 
-function prepare_password {
-	echo -n $1 | sed -e "s/'/''/g"
+prepare_password()
+{
+	echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
 }
 
 mysql_root_password=`prepare_password $MYSQL_ROOT_PASSWORD`
diff --git a/kubernetes/common/mariadb-galera/resources/create-deployment.yml b/kubernetes/common/mariadb-galera/resources/create-deployment.yml
index d81d640b0d..0f6bb5929e 100644
--- a/kubernetes/common/mariadb-galera/resources/create-deployment.yml
+++ b/kubernetes/common/mariadb-galera/resources/create-deployment.yml
@@ -13,7 +13,7 @@ spec:
     spec:
       containers:
       - name: {{ include "common.name" . }}
-        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
         ports:
         - containerPort: {{ .Values.service.internalPort }}
           name: {{ .Values.service.portName }}
diff --git a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml
index 29d96748a3..1c780179be 100644
--- a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml
+++ b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml
@@ -35,7 +35,7 @@ spec:
           restartPolicy: Never
           initContainers:
           - command:
-            - /root/ready.py
+            - /app/ready.py
             args:
             - --container-name
             - {{ include "common.name" . }}
@@ -45,11 +45,11 @@ spec:
                 fieldRef:
                   apiVersion: v1
                   fieldPath: metadata.namespace
-            image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+            image: {{ include "repositoryGenerator.image.readiness" . }}
             imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
             name: {{ include "common.name" . }}-readiness
           - name: mariadb-galera-backup-init
-            image: "{{ include "common.repository" . }}/{{ .Values.backupImage }}"
+            image: {{ include "repositoryGenerator.image.mariadb" . }}
             imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
             command:
             - /bin/bash
@@ -90,9 +90,11 @@ spec:
             volumeMounts:
             - name: backup-dir
               mountPath: /backup
+            - name: db-data
+              mountPath: /var/lib/mysql
           containers:
           - name: mariadb-backup-validate
-            image: "{{ include "common.repository" . }}/{{ .Values.backupImage }}"
+            image: {{ include "repositoryGenerator.image.mariadb" . }}
             imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
             env:
             - name: MYSQL_ROOT_PASSWORD
@@ -164,4 +166,7 @@ spec:
           - name: backup-dir
             persistentVolumeClaim:
               claimName: {{ include "common.fullname" . }}-backup-data
+          - name: db-data
+            persistentVolumeClaim:
+              claimName: {{ include "common.fullname" . }}-data-{{ include "common.fullname" . }}-{{ sub .Values.replicaCount 1 }}
 {{- end }}
diff --git a/kubernetes/common/mariadb-galera/templates/job.yaml b/kubernetes/common/mariadb-galera/templates/job.yaml
index db56f3e046..250279ace2 100644
--- a/kubernetes/common/mariadb-galera/templates/job.yaml
+++ b/kubernetes/common/mariadb-galera/templates/job.yaml
@@ -14,7 +14,7 @@ spec:
         runAsUser: 1001
       containers:
       - name: mariadb-job-pre-upgrade
-        image: {{ .Values.global.kubectlImage}}
+        image: {{ include "repositoryGenerator.image.kubectl" . }}
         imagePullPolicy: IfNotPresent
         env:
           - name: NAMESPACE_ENV
@@ -49,7 +49,7 @@ spec:
         fsGroup: 1001
         runAsUser: 0
       initContainers:
-      - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+      - image: {{ include "repositoryGenerator.image.readiness" . }}
         name: mariadb-galera-upgrade-readiness
         env:
         - name: NAMESPACE
@@ -58,13 +58,13 @@ spec:
               apiVersion: v1
               fieldPath: metadata.namespace
         command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - mariadb-galera
       containers:
       - name: mariadb-job-post-upgrade
-        image: {{ .Values.global.kubectlImage}}
+        image: {{ include "repositoryGenerator.image.kubectl" . }}
         imagePullPolicy: IfNotPresent
         env:
         - name: NAMESPACE_ENV
@@ -99,7 +99,7 @@ spec:
     spec:
       containers:
       - name: mariadb-job-post-delete
-        image: {{ .Values.global.kubectlImage}}
+        image: {{ include "repositoryGenerator.image.kubectl" . }}
         imagePullPolicy: IfNotPresent
         command: ["/bin/bash", "-c", "--"]
         args:
diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml
index 47d1e0ef3d..eb21fe3182 100644
--- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml
+++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml
@@ -61,7 +61,7 @@ spec:
       - name: {{ include "common.namespace" . }}-docker-registry-key
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy | quote}}
           env:
             - name: POD_NAMESPACE
@@ -119,7 +119,7 @@ spec:
             name: {{ include "common.fullname" . }}-data
       initContainers:
         - name: {{ include "common.name" . }}-prepare
-          image: "{{ include "common.repository" . }}/{{ .Values.imageInit }}"
+          image: {{ include "repositoryGenerator.image.busybox" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy | quote}}
           command: ["sh", "-c", "chown -R 27:27 /var/lib/mysql"]
           volumeMounts:
diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml
index 4ccb0e5c6e..6b1676fba7 100644
--- a/kubernetes/common/mariadb-galera/values.yaml
+++ b/kubernetes/common/mariadb-galera/values.yaml
@@ -38,24 +38,12 @@ global:
     backup:
       mountPath: /dockerdata-nfs/backup
 
-  repository: nexus3.onap.org:10001
-
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  busyboxImage: busybox:1.30
-  busyboxRepository: docker.io
-  # kubeclt image
-  kubectlImage: "bitnami/kubectl:1.15"
-
 #################################################################
 # Application configuration defaults.
 #################################################################
 
 #repository: mysql
-repository: nexus3.onap.org:10001
 image: adfinissygroup/k8s-mariadb-galera-centos:v002
-backupImage: library/mariadb:10.1.38
-imageInit: busybox
 pullPolicy: IfNotPresent
 
 # application configuration
@@ -132,10 +120,10 @@ ingress:
 ## Configure MariaDB-Galera with a custom my.cnf file
 ## ref: https://mariadb.com/kb/en/mariadb/configuring-mariadb-with-mycnf/#example-of-configuration-file
 ##
-externalConfig: ""
-# externalConfig: |-
-  # [mysqld]
-  # innodb_buffer_pool_size=2G
+#externalConfig: ""
+externalConfig: |-
+   [mysqld]
+   lower_case_table_names = 1
 
 #resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
@@ -151,11 +139,11 @@ externalConfig: ""
 resources:
   small:
     limits:
-      cpu: 2
-      memory: 4Gi
+      cpu: 500m
+      memory: 1.5Gi
     requests:
-      cpu: 1
-      memory: 2Gi
+      cpu: 100m
+      memory: 750Mi
   large:
     limits:
       cpu: 2
diff --git a/kubernetes/common/mariadb-init/requirements.yaml b/kubernetes/common/mariadb-init/requirements.yaml
index 4fbecbfab2..2509f7fcff 100644
--- a/kubernetes/common/mariadb-init/requirements.yaml
+++ b/kubernetes/common/mariadb-init/requirements.yaml
@@ -15,4 +15,7 @@
 dependencies:
   - name: common
     version: ~6.x-0
-    repository: 'file://../common'
\ No newline at end of file
+    repository: 'file://../common'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: 'file://../repositoryGenerator'
\ No newline at end of file
diff --git a/kubernetes/common/mariadb-init/resources/config/db_init.sh b/kubernetes/common/mariadb-init/resources/config/db_init.sh
index 40254d469b..fa4b007a5a 100755
--- a/kubernetes/common/mariadb-init/resources/config/db_init.sh
+++ b/kubernetes/common/mariadb-init/resources/config/db_init.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
+{{/*
 # Copyright © 2019 Orange
 # Copyright © 2020 Samsung Electronics
 #
@@ -13,6 +14,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 # make sure the script fails if any of commands failed
 set -e
diff --git a/kubernetes/common/mariadb-init/templates/_mariadb.tpl b/kubernetes/common/mariadb-init/templates/_mariadb.tpl
index af9a4f5f02..5563fe714d 100644
--- a/kubernetes/common/mariadb-init/templates/_mariadb.tpl
+++ b/kubernetes/common/mariadb-init/templates/_mariadb.tpl
@@ -1,5 +1,6 @@
 {{/*
 # Copyright © 2019 Orange
+# Copyright © 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -20,3 +21,15 @@
 {{- define "mariadbInit.mariadbClusterSecret" -}}
   {{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride)) -}}
 {{- end -}}
+
+{{- define "mariadbInit._updateSecrets" -}}
+  {{- if not .Values.secretsUpdated }}
+    {{- $global := . }}
+    {{- range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }}
+      {{- $item := dict "uid" $db "type" "basicAuth" "externalSecret" (default "" $dbInfos.externalSecret) "login" (default "" $dbInfos.user) "password" (default "" $dbInfos.password) "passwordPolicy" "required" }}
+      {{- $newList := append $global.Values.secrets $item }}
+      {{- $_ := set $global.Values "secrets" $newList }}
+    {{- end -}}
+    {{ $_ := set $global.Values "secretsUpdated" true }}
+  {{- end -}}
+{{- end -}}
diff --git a/kubernetes/common/mariadb-init/templates/configmap.yaml b/kubernetes/common/mariadb-init/templates/configmap.yaml
index 0144ec1907..6708efdb60 100644
--- a/kubernetes/common/mariadb-init/templates/configmap.yaml
+++ b/kubernetes/common/mariadb-init/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2019 Orange
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
@@ -25,3 +27,19 @@ metadata:
     heritage: {{ .Release.Service }}
 data:
 {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+---
+{{ if .Values.dbScript }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-dbscript
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+  db_cmd.sh: |
+    {{ tpl .Values.dbScript . | indent 4 }}
+{{- end }}
diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml
index 5202d572a2..ad97cd4ed6 100644
--- a/kubernetes/common/mariadb-init/templates/job.yaml
+++ b/kubernetes/common/mariadb-init/templates/job.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2019 Orange
 # Copyright © 2020 Samsung Electronics
 #
@@ -12,6 +13,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
+
+{{ include "mariadbInit._updateSecrets" . -}}
 
 apiVersion: batch/v1
 kind: Job
@@ -35,42 +39,45 @@ spec:
       initContainers:
       - name: {{ include "common.name" . }}-readiness
         command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
-        - {{ .Values.global.mariadbGalera.nameOverride }}
+        - {{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.containerName }}
         env:
         - name: NAMESPACE
           valueFrom:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
       containers:
       - name: {{ include "common.name" . }}
-        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        image: {{ include "repositoryGenerator.image.mariadb" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
-        - bash
-        - /db_init/db_init.sh
+          - /bin/sh
+          - -c
+          - |
+            /db_init/db_init.sh {{ if or .Values.dbScriptConfigMap .Values.dbScript }} &&
+            /db_config/db_cmd.sh{{ end }}
         env:
         - name: DB_HOST
-          value: "{{ .Values.global.mariadbGalera.nameOverride }}"
+          value: "{{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.serviceName }}"
         - name: DB_PORT
-          value: "{{ .Values.global.mariadbGalera.servicePort }}"
+          value: "{{ default .Values.global.mariadbGalera.servicePort .Values.mariadbGalera.servicePort }}"
         - name: MYSQL_ROOT_PASSWORD
-          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }}
         - name: {{ printf "MYSQL_USER_%s" .Values.config.mysqlDatabase | upper }}
-          {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }}
         - name: {{ printf "MYSQL_PASSWORD_%s" .Values.config.mysqlDatabase | upper }}
-          {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }}
 {{- $root := . }}
 {{ range $db, $_values := .Values.config.mysqlAdditionalDatabases }}
         - name: {{ printf "MYSQL_USER_%s" $db | upper }}
-          {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "login") | indent 10 }}
+          {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "login") | indent 10 }}
         - name: {{ printf "MYSQL_PASSWORD_%s" $db | upper }}
-          {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "password") | indent 10 }}
+          {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "password") | indent 10 }}
 {{ end }}
         volumeMounts:
         - mountPath: /etc/localtime
@@ -78,7 +85,10 @@ spec:
           readOnly: true
         - name: mariadb-conf
           mountPath: /db_init/
-          readOnly: true
+{{- if or .Values.dbScriptConfigMap .Values.dbScript }}
+        - name: mariadb-init
+          mountPath: /db_config/
+{{- end }}
         resources:
 {{ include "common.resources" . | indent 12 }}
       {{- if .Values.nodeSelector }}
@@ -90,12 +100,23 @@ spec:
 {{ toYaml .Values.affinity | indent 10 }}
       {{- end }}
       volumes:
-      - name: mariadb-conf
-        configMap:
-          name: {{ include "mariadbInit.configMap" . }}
       - name: localtime
         hostPath:
           path: /etc/localtime
+{{- if  or .Values.dbScriptConfigMap .Values.dbScript }}
+      - name: mariadb-init
+        configMap:
+{{-   if  .Values.dbScriptConfigMap }}
+          name: {{ tpl .Values.dbScriptConfigMap . }}
+{{-   else -}}
+          name: {{ include "common.fullname" . }}-dbscript
+{{-   end }}
+          defaultMode: 0755
+{{- end }}
+      - name: mariadb-conf
+        configMap:
+          name: {{ include "mariadbInit.configMap" . }}
+          defaultMode: 0755
       restartPolicy: Never
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/common/mariadb-init/templates/secret.yaml b/kubernetes/common/mariadb-init/templates/secret.yaml
index 71a89d019b..a9d9e0b704 100644
--- a/kubernetes/common/mariadb-init/templates/secret.yaml
+++ b/kubernetes/common/mariadb-init/templates/secret.yaml
@@ -1,4 +1,6 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada, Orange
+# Copyright © 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,27 +13,8 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
-{{- define "mariadb-init._update-secrets" -}}
-  {{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }}
-{{ printf "- uid: %s" $db }}
-{{ printf "  type: basicAuth" }}
-    {{- if $dbInfos.externalSecret }}
-{{ printf "  externalSecret: %s" $dbInfos.externalSecret }}
-    {{- end }}
-{{ printf "  login: %s" $dbInfos.user }}
-{{ printf "  password: %s" $dbInfos.password }}
-{{ printf "  passwordPolicy: required" }}
-  {{- end -}}
-{{- end -}}
+{{ include "mariadbInit._updateSecrets" . -}}
 
-{{ $global := . }}
-{{ $secretsString := .Values.secrets | toYaml | indent 2 }}
-{{ $additionalSecretsString := (include "mariadb-init._update-secrets" .) | indent 2 }}
-{{ $finalSecretsString := (cat "\nsecrets:\n" $secretsString $additionalSecretsString) | replace "   -" "  -" }}
-{{ $finalSecrets := ($finalSecretsString | fromYaml).secrets }}
-
-{{ $newValues := set $global.Values "secrets" $finalSecrets }}
-{{ $tmpGlobal := set $global "Values" $newValues }}
-
-{{ include "common.secret" $tmpGlobal }}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/common/mariadb-init/tests/job_test.yaml b/kubernetes/common/mariadb-init/tests/job_test.yaml
index 7523ee1c6e..170eaf3c96 100644
--- a/kubernetes/common/mariadb-init/tests/job_test.yaml
+++ b/kubernetes/common/mariadb-init/tests/job_test.yaml
@@ -36,7 +36,7 @@ tests:
           content: mariadb-galera
       - equal:
           path: spec.template.spec.initContainers[0].image
-          value: oomk8s/readiness-check:2.0.2
+          value: nexus3.onap.org:10001/onap/oom/readiness:3.0.1
       - equal:
           path: spec.template.spec.initContainers[0].imagePullPolicy
           value: IfNotPresent
diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml
index f6ce95a65f..b2c0a05e46 100644
--- a/kubernetes/common/mariadb-init/values.yaml
+++ b/kubernetes/common/mariadb-init/values.yaml
@@ -16,9 +16,6 @@
 # Global configuration defaults.
 #################################################################
 global:
-  repository: nexus3.onap.org:10001
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
   mariadbGalera:
     nameOverride: mariadb-galera
     servicePort: 3306
@@ -33,8 +30,8 @@ global:
 secrets:
   - uid: root-password
     type: password
-    externalSecret: '{{ tpl (default (include "mariadbInit.mariadbClusterSecret" .) .Values.global.mariadbGalera.userRootSecret) . }}'
-    password: '{{ tpl (default "" .global.mariadbGalera.userRootPassword) . }}'
+    externalSecret: '{{ tpl (ternary (default "" .Values.mariadbGalera.userRootSecret) (default (include "mariadbInit.mariadbClusterSecret" .) .Values.global.mariadbGalera.userRootSecret) (not (empty (default "" .Values.mariadbGalera.serviceName)))) . }}'
+    password: '{{ tpl (ternary (default "" .Values.mariadbGalera.userRootPassword) (default "" .Values.global.mariadbGalera.userRootPassword) (not (empty (default "" .Values.mariadbGalera.serviceName)))) . }}'
   - uid: '{{ .Values.config.mysqlDatabase }}'
     type: basicAuth
     externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}'
@@ -46,12 +43,27 @@ secrets:
 # Application configuration defaults.
 #################################################################
 
-image: mariadb:10.1.38
 pullPolicy: IfNotPresent
 
+# These two values are used to supply commands that are run after the DB is created.
+# Components using the shared DB can either pass a string which has a set of commands
+# or a config map that contains a shell script. If both are specified only the config
+# map will be executed. For reference, please see the VID components for config map
+dbScript: ""
+dbScriptConfigMap: ""
+
 # Set it if you want to change the name of the different components
 # nameOverride:
 
+mariadbGalera: {}
+#  serviceName: some-name
+#  containerName: some-name
+#  servicePort: 3306
+#  userRootPassword: some-password
+#  userRootSecret: some-secret-name
+#  userRootSecretKey: password
+
+
 config:
   userPassword: Ci@shsOd3pky1Vji
   userName: u5WZ1GMSIS1wHZF
diff --git a/kubernetes/common/mongo/requirements.yaml b/kubernetes/common/mongo/requirements.yaml
index 6ba617e990..09c09d698b 100644
--- a/kubernetes/common/mongo/requirements.yaml
+++ b/kubernetes/common/mongo/requirements.yaml
@@ -16,3 +16,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: 'file://../common'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: 'file://../repositoryGenerator'
diff --git a/kubernetes/common/mongo/templates/statefulset.yaml b/kubernetes/common/mongo/templates/statefulset.yaml
index 111bc80586..73186b392d 100644
--- a/kubernetes/common/mongo/templates/statefulset.yaml
+++ b/kubernetes/common/mongo/templates/statefulset.yaml
@@ -36,10 +36,15 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
+{{ include "common.podSecurityContext" . | indent 6 }}
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ .Values.dockerHubRepository }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          command:
+          - docker-entrypoint.sh
+          args:
+          - --nounixsocket
           env:
             - name: MONGO_INITDB_DATABASE
               value: "{{ .Values.config.dbName }}"
@@ -66,8 +71,8 @@ spec:
           volumeMounts:
           - name: {{ include "common.fullname" . }}-data
             mountPath: /var/lib/mongo
-          resources:
-{{ include "common.resources" . | indent 12 }}
+          resources: {{ include "common.resources" . | nindent 12 }}
+{{ include "common.containerSecurityContext" . | indent 10 }}
         {{- if .Values.nodeSelector }}
         nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 10 }}
diff --git a/kubernetes/common/mongo/values.yaml b/kubernetes/common/mongo/values.yaml
index 3c04b429cd..ee1d8c72fa 100644
--- a/kubernetes/common/mongo/values.yaml
+++ b/kubernetes/common/mongo/values.yaml
@@ -18,15 +18,12 @@
 global:
   nodePortPrefix: 302
   persistence: {}
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
 
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 
-dockerHubRepository: registry.hub.docker.com
 image: library/mongo:4.0.8
 pullPolicy: Always
 
@@ -84,10 +81,13 @@ service:
   rpcbindPort: 111
   rpcbindUdpPort: 111
 
+securityContext:
+  user_id: 999
+  group_id: 999
+
 ingress:
   enabled: false
 
-resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little
   # resources, such as Minikube. If you do want to specify resources, uncomment the following
@@ -98,13 +98,22 @@ resources: {}
   # ref: http://kubernetes.io/docs/user-guide/compute-resources/
   # Minimum memory for development is 2 CPU cores and 4GB memory
   # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-#  limits:
-#    cpu: 2
-#    memory: 4Gi
-#  requests:
-#    cpu: 2
-#    memory: 4Gi
+resources:
+  small:
+    limits:
+      cpu: 100m
+      memory: 200Mi
+    requests:
+      cpu: 10m
+      memory: 50Mi
+  large:
+    limits:
+      cpu: 2
+      memory: 4Gi
+    requests:
+      cpu: 1
+      memory: 2Gi
+  unlimited: {}
 
 sdnctlPrefix: mongo
 
diff --git a/kubernetes/common/music/charts/music-cassandra-job/templates/job.yaml b/kubernetes/common/music/charts/music-cassandra-job/templates/job.yaml
index 46310fb0fb..2c6c3379c2 100644
--- a/kubernetes/common/music/charts/music-cassandra-job/templates/job.yaml
+++ b/kubernetes/common/music/charts/music-cassandra-job/templates/job.yaml
@@ -34,10 +34,10 @@ spec:
       restartPolicy: Never
       initContainers:
       - name: {{ include "common.name" . }}-readiness
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --timeout
         - "{{ .Values.global.readinessTimeout }}"
diff --git a/kubernetes/common/music/charts/music-cassandra-job/values.yaml b/kubernetes/common/music/charts/music-cassandra-job/values.yaml
index ac18195939..eee1a3a522 100644
--- a/kubernetes/common/music/charts/music-cassandra-job/values.yaml
+++ b/kubernetes/common/music/charts/music-cassandra-job/values.yaml
@@ -20,9 +20,8 @@ global:
   repository: nexus3.onap.org:10001
 
   # readiness check
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  # Set default to 4 hrs. 
+  readinessImage: onap/oom/readiness:3.0.1
+  # Set default to 4 hrs.
   # On slow environments dealys this long have been seen.
   readinessTimeout: 240
   # logging agent
@@ -34,9 +33,9 @@ global:
 job:
   host: music-cassandra
   port: 9042
-  busybox: 
+  busybox:
     image: library/busybox:latest
-  cassandra: 
+  cassandra:
     image: onap/music/cassandra_job:3.0.24
   timeout: 30
   delay: 120
@@ -45,10 +44,10 @@ cql:
     replicationClass: "SimpleStrategy"
     replicationFactor: 3
   adminUser:
-    username: nelson24 
-    password: nelson24 
+    username: nelson24
+    password: nelson24
     passwordReplace: A2C4E6G8I0J2L4O6Q8S0U2W4Y6
-    
+
 podManagementPolicy: OrderedReady
 updateStrategy:
   type: OnDelete
diff --git a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml b/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml
index fbdac61a9e..5ae944a568 100644
--- a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml
+++ b/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml
@@ -26,17 +26,6 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 spec:
-  podAntiAffinity:
-    preferredDuringSchedulingIgnoredDuringExecution:
-    - weight: 1
-      podAffinityTerm:
-        labelSelector:
-          matchExpressions:
-            - key: app
-              operator: In
-              values:
-              - {{ .Chart.Name }}
-        topologyKey: kubernetes.io/hostname
   serviceName: {{ include "common.servicename" . }}
   replicas: {{ .Values.replicaCount }}
   selector:
@@ -133,5 +122,3 @@ spec:
         requests:
           storage: {{ .Values.persistence.size | quote }}
 {{- end }}
-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/common/music/charts/music-cassandra/values.yaml b/kubernetes/common/music/charts/music-cassandra/values.yaml
index 460671d839..0402a3207c 100644
--- a/kubernetes/common/music/charts/music-cassandra/values.yaml
+++ b/kubernetes/common/music/charts/music-cassandra/values.yaml
@@ -21,8 +21,7 @@ global:
   repository: nexus3.onap.org:10001
 
   # readiness check
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
+  readinessImage: onap/oom/readiness:3.0.1
 
   # logging agent
   loggingRepository: docker.elastic.co
diff --git a/kubernetes/common/music/charts/music/resources/config/startup.sh b/kubernetes/common/music/charts/music/resources/config/startup.sh
index 7ab32558b4..37bb84de8b 100755
--- a/kubernetes/common/music/charts/music/resources/config/startup.sh
+++ b/kubernetes/common/music/charts/music/resources/config/startup.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
+{{/*
 #
 # ============LICENSE_START==========================================
 # org.onap.music
@@ -19,6 +20,7 @@
 #
 # ============LICENSE_END=============================================
 # ====================================================================
+*/}}
 
 echo "Running startup script to get password from certman"
 PWFILE=/opt/app/aafcertman/.password
diff --git a/kubernetes/common/music/charts/music/templates/configmap.yaml b/kubernetes/common/music/charts/music/templates/configmap.yaml
index 4023f343df..d42cf2e7e0 100644
--- a/kubernetes/common/music/charts/music/templates/configmap.yaml
+++ b/kubernetes/common/music/charts/music/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017-2020 AT&T, Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/common/music/charts/music/templates/deployment.yaml b/kubernetes/common/music/charts/music/templates/deployment.yaml
index c3b30b22b7..63b5ab0974 100644
--- a/kubernetes/common/music/charts/music/templates/deployment.yaml
+++ b/kubernetes/common/music/charts/music/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017-2020 AT&T, Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -23,10 +25,10 @@ spec:
     spec:
       initContainers:
         - name: {{ include "common.name" . }}-cassandra-readiness
-          image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+          image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
-          - /root/job_complete.py
+          - /app/ready.py
           args:
           - -j
           - "{{ include "common.release" . }}-music-cassandra-job-config"
@@ -77,7 +79,7 @@ spec:
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           resources:
-{{ toYaml .Values.resources | indent 12 }}
+{{ include "common.resources" . | indent 12 }}
           env:
           - name: SPRING_OPTS
             value: "{{ .Values.springOpts }}"
diff --git a/kubernetes/common/music/charts/music/templates/secrets.yaml b/kubernetes/common/music/charts/music/templates/secrets.yaml
index 5d5f5bb397..15791a85d7 100644
--- a/kubernetes/common/music/charts/music/templates/secrets.yaml
+++ b/kubernetes/common/music/charts/music/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 AT&T, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/common/music/charts/music/templates/service.yaml b/kubernetes/common/music/charts/music/templates/service.yaml
index ca774c9b5b..3bd32a9419 100644
--- a/kubernetes/common/music/charts/music/templates/service.yaml
+++ b/kubernetes/common/music/charts/music/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017-2020 AT&T, Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.service" . }}
diff --git a/kubernetes/common/music/charts/music/values.yaml b/kubernetes/common/music/charts/music/values.yaml
index faa5a6223d..bf3ad2279c 100644
--- a/kubernetes/common/music/charts/music/values.yaml
+++ b/kubernetes/common/music/charts/music/values.yaml
@@ -23,8 +23,7 @@ global:
   envsubstImage: dibi/envsubst
 
   # readiness check
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
+  readinessImage: onap/oom/readiness:3.0.1
 
   # logging agent
   loggingRepository: docker.elastic.co
diff --git a/kubernetes/common/music/values.yaml b/kubernetes/common/music/values.yaml
index fe4cbaee9c..7e89b02e02 100644
--- a/kubernetes/common/music/values.yaml
+++ b/kubernetes/common/music/values.yaml
@@ -19,8 +19,7 @@ global:
   nodePortPrefix: 302
   repository: nexus3.onap.org:10001
 
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
+  readinessImage: onap/oom/readiness:3.0.1
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
 
diff --git a/kubernetes/common/network-name-gen/templates/deployment.yaml b/kubernetes/common/network-name-gen/templates/deployment.yaml
index 87dd622c35..c97c0488ac 100644
--- a/kubernetes/common/network-name-gen/templates/deployment.yaml
+++ b/kubernetes/common/network-name-gen/templates/deployment.yaml
@@ -36,16 +36,14 @@ spec:
         release: {{ include "common.release" . }}
     spec:
       initContainers:
-{{- if .Values.global.mariadbGalera.localCluster }}
-      - command:
-        - /root/ready.py
+      - name: {{ include "common.name" . }}-readiness
+        command:
+        - /app/ready.py
         args:
+{{- if .Values.global.mariadbGalera.localCluster }}
         - --container-name
         - {{ index .Values "mariadb-galera" "nameOverride" }}
 {{- else }}
-      - command:
-        - /root/job_complete.py
-        args:
         - --job-name
         - {{ include "common.release" . }}-{{ index .Values "mariadb-init" "nameOverride" }}-config-job
 {{- end }}
@@ -55,9 +53,8 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-readiness
       containers:
       - name: {{ include "common.name" . }}
         command:
diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml
index 81c596c6c9..ade8a20df6 100644
--- a/kubernetes/common/network-name-gen/values.yaml
+++ b/kubernetes/common/network-name-gen/values.yaml
@@ -26,8 +26,7 @@ global:
 
 
   # readiness check
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
+  readinessImage: onap/oom/readiness:3.0.1
 
   # image pull policy
   pullPolicy: IfNotPresent
@@ -79,7 +78,7 @@ mariadb-init:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/ccsdk-apps-ms-neng:0.7.1
+image: onap/ccsdk-apps-ms-neng:1.0.2
 pullPolicy: IfNotPresent
 
 # application configuration
diff --git a/kubernetes/common/postgres/requirements.yaml b/kubernetes/common/postgres/requirements.yaml
index 6f898b6171..19a4513f52 100644
--- a/kubernetes/common/postgres/requirements.yaml
+++ b/kubernetes/common/postgres/requirements.yaml
@@ -16,3 +16,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: 'file://../common'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: 'file://../repositoryGenerator'
diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl
index 456aa32bc0..6142baa63f 100644
--- a/kubernetes/common/postgres/templates/_deployment.tpl
+++ b/kubernetes/common/postgres/templates/_deployment.tpl
@@ -30,7 +30,6 @@ metadata:
     heritage: {{ $dot.Release.Service }}
     name: "{{ index $dot.Values "container" "name" $pgMode }}"
 spec:
-  serviceName: {{ $dot.Values.service.name }}
   replicas: 1
   selector:
     matchLabels:
@@ -74,7 +73,7 @@ spec:
           subPath: setup.sql
         - mountPath: /config
           name: pgconf
-        image: "{{ $dot.Values.global.envsubstImage }}"
+        image: {{ include "repositoryGenerator.image.envsubst" $dot }}
         imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
         name: {{ include "common.name" $dot }}-update-config
 
@@ -85,14 +84,14 @@ spec:
         - |
           chown 26:26 /podroot/;
           chmod 700 /podroot/;
-        image: {{ $dot.Values.global.busyboxRepository | default $dot.Values.busyboxRepository }}/{{ $dot.Values.busyboxImage }}
+        image: {{ include "repositoryGenerator.image.busybox" $dot }}
         imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
         volumeMounts:
         - name: {{ include "common.fullname" $dot }}-data
           mountPath: /podroot/
       containers:
       - name: {{ include "common.name" $dot }}
-        image: "{{ $dot.Values.postgresRepository }}/{{ $dot.Values.image }}"
+        image: {{ include "repositoryGenerator.image.postgres" $dot }}
         imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
         ports:
         - containerPort: {{ $dot.Values.service.internalPort }}
@@ -147,8 +146,7 @@ spec:
         - mountPath: /backup
           name: {{ include "common.fullname" $dot }}-backup
           readOnly: true
-        resources:
-{{ include "common.resources" $dot | indent 12 }}
+        resources: {{ include "common.resources" $dot | nindent 12 }}
         {{- if $dot.Values.nodeSelector }}
         nodeSelector:
 {{ toYaml $dot.Values.nodeSelector | indent 10 }}
diff --git a/kubernetes/common/postgres/templates/configmap.yaml b/kubernetes/common/postgres/templates/configmap.yaml
index 26ba390040..e8bfd1194a 100644
--- a/kubernetes/common/postgres/templates/configmap.yaml
+++ b/kubernetes/common/postgres/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2019 Amdocs, Bell Canada, Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml
index a5a416329b..f815847f06 100644
--- a/kubernetes/common/postgres/values.yaml
+++ b/kubernetes/common/postgres/values.yaml
@@ -18,11 +18,6 @@
 global:
   nodePortPrefix: 302
   persistence: {}
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-
-  # envsusbt
-  envsubstImage: dibi/envsubst
 
 #################################################################
 # Secrets metaconfig
@@ -46,12 +41,6 @@ secrets:
 # Application configuration defaults.
 #################################################################
 
-# BusyBox image
-busyboxRepository: registry.hub.docker.com
-busyboxImage: library/busybox:latest
-
-postgresRepository: crunchydata
-image: crunchy-postgres:centos7-10.11-4.2.1
 pullPolicy: Always
 
 # application configuration
@@ -126,21 +115,32 @@ service:
 ingress:
   enabled: false
 
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  #
-  # Example:
-  # Configure resource requests and limits
-  # ref: http://kubernetes.io/docs/user-guide/compute-resources/
-  # Minimum memory for development is 2 CPU cores and 4GB memory
-  # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-#  limits:
-#    cpu: 2
-#    memory: 4Gi
-#  requests:
-#    cpu: 2
-#    memory: 4Gi
+flavor: small
+
+#resources: {}
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+#
+# Example:
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+# Minimum memory for development is 2 CPU cores and 4GB memory
+# Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+  small:
+    limits:
+      cpu: 100m
+      memory: 300Mi
+    requests:
+      cpu: 10m
+      memory: 90Mi
+  large:
+    limits:
+      cpu: 2
+      memory: 4Gi
+    requests:
+      cpu: 1
+      memory: 2Gi
+  unlimited: {}
diff --git a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
index 3cdf13a362..6a1a1eb82a 100644
--- a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
+++ b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
@@ -56,10 +56,10 @@
 {{-   $containers := index (ternary (dict "containers" $wait_for) $wait_for (kindIs "slice" $wait_for)) "containers" -}}
 {{-   $namePart := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "name" -}}
 - name: {{ include "common.name" $dot }}{{ ternary "" (printf "-%s" $namePart) (empty $namePart) }}-readiness
-  image: "{{ $subchartDot.Values.global.readinessRepository }}/{{ $subchartDot.Values.global.readinessImage }}"
+  image: "{{ include "common.repository" $subchartDot }}/{{ $subchartDot.Values.global.readinessImage }}"
   imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
   command:
-  - /root/ready.py
+  - /app/ready.py
   args:
   {{- range $container := $containers }}
   - --container-name
diff --git a/kubernetes/common/readinessCheck/values.yaml b/kubernetes/common/readinessCheck/values.yaml
index 8417407a99..7bd0c3d679 100644
--- a/kubernetes/common/readinessCheck/values.yaml
+++ b/kubernetes/common/readinessCheck/values.yaml
@@ -13,8 +13,7 @@
 # limitations under the License.
 
 global:
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.2.1
+  readinessImage: onap/oom/readiness:3.0.1
   pullPolicy: Always
 
 limits:
diff --git a/kubernetes/policy/charts/drools/Chart.yaml b/kubernetes/common/repository-wrapper/Chart.yaml
index 3cc791d36b..7f48d16877 100644
--- a/kubernetes/policy/charts/drools/Chart.yaml
+++ b/kubernetes/common/repository-wrapper/Chart.yaml
@@ -1,5 +1,4 @@
 # Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,6 +13,6 @@
 # limitations under the License.
 
 apiVersion: v1
-description: ONAP Drools Policy Engine 
-name: drools
+description: Wrapper chart to allow docker secret to be shared all instances
+name: repository-wrapper
 version: 6.0.0
diff --git a/kubernetes/esr/charts/esr-server/requirements.yaml b/kubernetes/common/repository-wrapper/requirements.yaml
index a999e38749..02d40a57d9 100644
--- a/kubernetes/esr/charts/esr-server/requirements.yaml
+++ b/kubernetes/common/repository-wrapper/requirements.yaml
@@ -15,7 +15,7 @@
 dependencies:
   - name: common
     version: ~6.x-0
-    # local reference to common chart, as it is
-    # a part of this chart's package and will not
-    # be published independently to a repo (at this point)
-    repository: '@local'
\ No newline at end of file
+    repository: 'file://../common'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: 'file://../repositoryGenerator'
diff --git a/kubernetes/onap/templates/secrets.yaml b/kubernetes/common/repository-wrapper/templates/secrets.yaml
index 42a263db97..21b56fadcd 100644
--- a/kubernetes/onap/templates/secrets.yaml
+++ b/kubernetes/common/repository-wrapper/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Secret
@@ -23,5 +25,5 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 data:
-  .dockercfg: {{ include "common.repository.secret" . }}
+  .dockercfg: {{ include "repositoryGenerator.secret" . }}
 type: kubernetes.io/dockercfg
diff --git a/kubernetes/policy/resources/config/pe/pap-tweaks.sh b/kubernetes/common/repository-wrapper/values.yaml
index 1930b98f77..66f679c830 100644
--- a/kubernetes/policy/resources/config/pe/pap-tweaks.sh
+++ b/kubernetes/common/repository-wrapper/values.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
+# Copyright © 2020 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,4 +12,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-#! /bin/bash
+global: {}
\ No newline at end of file
diff --git a/kubernetes/policy/charts/pdp/Chart.yaml b/kubernetes/common/repositoryGenerator/Chart.yaml
index 25301ee483..5ff53fa3d4 100644
--- a/kubernetes/policy/charts/pdp/Chart.yaml
+++ b/kubernetes/common/repositoryGenerator/Chart.yaml
@@ -1,5 +1,4 @@
 # Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,6 +13,6 @@
 # limitations under the License.
 
 apiVersion: v1
-description: ONAP Policy PDP
-name: pdp
+description: Template used to generate the right repository link
+name: repositoryGenerator
 version: 6.0.0
diff --git a/kubernetes/common/repositoryGenerator/requirements.yaml b/kubernetes/common/repositoryGenerator/requirements.yaml
new file mode 100644
index 0000000000..70ab2ecce6
--- /dev/null
+++ b/kubernetes/common/repositoryGenerator/requirements.yaml
@@ -0,0 +1,14 @@
+# Copyright © 2018 Amdocs, Bell Canada
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
diff --git a/kubernetes/common/repositoryGenerator/templates/_repository.tpl b/kubernetes/common/repositoryGenerator/templates/_repository.tpl
new file mode 100644
index 0000000000..c351db1ba0
--- /dev/null
+++ b/kubernetes/common/repositoryGenerator/templates/_repository.tpl
@@ -0,0 +1,177 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- define "repositoryGenerator._repositoryHelper" -}}
+  {{- $dot := default . .dot -}}
+  {{- $initRoot := default $dot.Values.repositoryGenerator .initRoot -}}
+  {{- $repoName := .repoName }}
+  {{- $overrideName := printf "%s%s" $repoName "Override" }}
+  {{- if (hasKey $dot.Values $overrideName) -}}
+    {{- printf "%s" (first (pluck $overrideName $dot.Values)) -}}
+  {{- else -}}
+    {{- first (pluck $repoName $dot.Values.global $initRoot.global) -}}
+  {{- end }}
+{{- end -}}
+
+{{/*
+  Resolve the name of the common image repository.
+
+  - .Values.global.repository  : default image repository for all ONAP images
+  - .Values.repositoryOverride : override global repository on a per chart basis
+*/}}
+{{- define "repositoryGenerator.repository" -}}
+  {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "repository") .) }}
+{{- end -}}
+
+{{/*
+  Resolve the name of the dockerHub image repository.
+
+  - .Values.global.dockerHubRepository  : default image dockerHubRepository for all dockerHub images
+  - .Values.dockerHubRepositoryOverride : override global dockerHub repository on a per chart basis
+*/}}
+{{- define "repositoryGenerator.dockerHubRepository" -}}
+  {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "dockerHubRepository") .) }}
+{{- end -}}
+
+{{/*
+  Resolve the name of the elasticRepository image repository.
+
+  - .Values.global.elasticRepository  : default image elasticRepository for all images using elastic repository
+  - .Values.elasticRepositoryOverride : override global elasticRepository repository on a per chart basis
+*/}}
+{{- define "repositoryGenerator.elasticRepository" -}}
+  {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "elasticRepository") .) }}
+{{- end -}}
+
+{{/*
+  Resolve the name of the googleK8sRepository image repository.
+
+  - .Values.global.googleK8sRepository  : default image dockerHubRepository for all dockerHub images
+  - .Values.googleK8sRepositoryOverride : override global dockerHub repository on a per chart basis
+*/}}
+{{- define "repositoryGenerator.googleK8sRepository" -}}
+  {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "googleK8sRepository") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image._helper" -}}
+  {{- $dot := default . .dot -}}
+  {{- $initRoot := default $dot.Values.repositoryGenerator .initRoot -}}
+  {{- $image := .image }}
+  {{- $repoName := first (pluck $image $initRoot.imageRepoMapping) }}
+  {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" $repoName ) .) }}/{{- first (pluck $image $dot.Values.global $initRoot.global) -}}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.busybox" -}}
+  {{- include "repositoryGenerator.image._helper" (merge (dict "image" "busyboxImage") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.curl" -}}
+  {{- include "repositoryGenerator.image._helper" (merge (dict "image" "curlImage") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.envsubst" -}}
+  {{- include "repositoryGenerator.image._helper" (merge (dict "image" "envsubstImage") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.htpasswd" -}}
+  {{- include "repositoryGenerator.image._helper" (merge (dict "image" "htpasswdImage") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.kubectl" -}}
+  {{- include "repositoryGenerator.image._helper" (merge (dict "image" "kubectlImage") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.logging" -}}
+  {{- include "repositoryGenerator.image._helper" (merge (dict "image" "loggingImage") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.mariadb" -}}
+  {{- include "repositoryGenerator.image._helper" (merge (dict "image" "mariadbImage") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.nginx" -}}
+  {{- include "repositoryGenerator.image._helper" (merge (dict "image" "nginxImage") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.postgres" -}}
+  {{- include "repositoryGenerator.image._helper" (merge (dict "image" "postgresImage") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.readiness" -}}
+  {{- include "repositoryGenerator.image._helper" (merge (dict "image" "readinessImage") .) }}
+{{- end -}}
+
+{{/*
+  Resolve the image repository secret token.
+  The value for .Values.global.repositoryCred is used if provided:
+  repositoryCred:
+    user: user
+    password: password
+    mail: email (optional)
+  You can also set the same things for dockerHub, elastic and googleK8s if
+  needed.
+*/}}
+{{- define "repositoryGenerator.secret" -}}
+  {{- $dot := default . .dot -}}
+  {{- $initRoot := default $dot.Values.repositoryGenerator .initRoot -}}
+  {{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}}
+  {{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+  {{- $repoCreds := "" }}
+  {{- if $subchartDot.Values.global.dockerHubRepositoryCred }}
+  {{-   $repo := $subchartDot.Values.global.repository }}
+  {{-   $cred := $subchartDot.Values.global.repositoryCred }}
+  {{-   $mail := default "@" $cred.mail }}
+  {{-   $auth := printf "%s:%s" $cred.user $cred.password | b64enc }}
+  {{-   $repoCreds = printf "\"%s\": {\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $repo $cred.user $cred.password $mail $auth }}
+  {{- end }}
+  {{- if $subchartDot.Values.global.dockerHubRepositoryCred }}
+  {{-   $dhRepo := $subchartDot.Values.global.dockerHubRepository }}
+  {{-   $dhCred := $subchartDot.Values.global.dockerHubRepositoryCred }}
+  {{-   $dhMail := default "@" $dhCred.mail }}
+  {{-   $dhAuth := printf "%s:%s" $dhCred.user $dhCred.password | b64enc }}
+  {{-   $dhRepoCreds := printf "\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $dhRepo $dhCred.user $dhCred.password $dhMail $dhAuth }}
+  {{-   if eq "" $repoCreds }}
+  {{-     $repoCreds = $dhRepoCreds }}
+  {{-   else }}
+  {{-     $repoCreds = printf "%s, %s" $repoCreds $dhRepoCreds }}
+  {{-   end }}
+  {{- end }}
+  {{- if $subchartDot.Values.global.elasticRepositoryCred }}
+  {{-   $eRepo := $subchartDot.Values.global.elasticRepository }}
+  {{-   $eCred := $subchartDot.Values.global.elasticRepositoryCred }}
+  {{-   $eMail := default "@" $eCred.mail }}
+  {{-   $eAuth := printf "%s:%s" $eCred.user $eCred.password | b64enc }}
+  {{-   $eRepoCreds := printf "\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $eRepo $eCred.user $eCred.password $eMail $eAuth }}
+  {{-   if eq "" $repoCreds }}
+  {{-     $repoCreds = $eRepoCreds }}
+  {{-   else }}
+  {{-     $repoCreds = printf "%s, %s" $repoCreds $eRepoCreds }}
+  {{-   end }}
+  {{- end }}
+  {{- if $subchartDot.Values.global.googleK8sRepositoryCred }}
+  {{-   $gcrRepo := $subchartDot.Values.global.googleK8sRepository }}
+  {{-   $gcrCred := $subchartDot.Values.global.googleK8sRepositoryCred }}
+  {{-   $gcrMail := default "@" $gcrCred.mail }}
+  {{-   $gcrAuth := printf "%s:%s" $gcrCred.user $gcrCred.password | b64enc }}
+  {{-   $gcrRepoCreds := printf "\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $gcrRepo $gcrCred.user $gcrCred.password $gcrMail $gcrAuth }}
+  {{-   if eq "" $repoCreds }}
+  {{-     $repoCreds = $gcrRepoCreds }}
+  {{-   else }}
+  {{-     $repoCreds = printf "%s, %s" $repoCreds $gcrRepoCreds }}
+  {{-   end }}
+  {{- end }}
+  {{- printf "{%s}" $repoCreds | b64enc -}}
+{{- end -}}
diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml
new file mode 100644
index 0000000000..1ec3a35bd9
--- /dev/null
+++ b/kubernetes/common/repositoryGenerator/values.yaml
@@ -0,0 +1,62 @@
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global:
+  # Repositories used
+  repository: nexus3.onap.org:10001
+  dockerHubRepository: docker.io
+  elasticRepository: docker.elastic.co
+  googleK8sRepository: k8s.gcr.io
+
+  # common global images
+  busyboxImage: busybox:1.32
+  curlImage: curlimages/curl:7.69.1
+  envsubstImage: dibi/envsubst:1
+  # there's only latest image for htpasswd
+  htpasswdImage: xmartlabs/htpasswd:latest
+  kubectlImage: bitnami/kubectl:1.19
+  loggingImage: beats/filebeat:5.5.0
+  mariadbImage: mariadb:10.1.48
+  nginxImage: bitnami/nginx:1.18-debian-10
+  postgresImage: crunchydata/crunchy-postgres:centos7-10.11-4.2.1
+  readinessImage: onap/oom/readiness:3.0.1
+
+  # Default credentials
+  # they're optional. If the target repository doesn't need them, comment them
+  repositoryCred:
+    user: docker
+    password: docker
+  # If you want / need authentication on the repositories, please set
+  # Don't set them if the target repo is the same than others
+  # dockerHubCred:
+  #   user: myuser
+  #   password: mypassord
+  # elasticCred:
+  #   user: myuser
+  #   password: mypassord
+  # googleK8sCred:
+  #   user: myuser
+  #   password: mypassord
+
+imageRepoMapping:
+  busyboxImage: dockerHubRepository
+  curlImage: dockerHubRepository
+  envsubstImage: dockerHubRepository
+  htpasswdImage: dockerHubRepository
+  kubectlImage: dockerHubRepository
+  loggingImage: elasticRepository
+  mariadbImage: dockerHubRepository
+  nginxImage: dockerHubRepository
+  postgresImage: dockerHubRepository
+  readinessImage: repository
diff --git a/kubernetes/consul/charts/consul-server/templates/service.yaml b/kubernetes/consul/charts/consul-server/templates/service.yaml
index f7c217d880..c24ddfb7e4 100644
--- a/kubernetes/consul/charts/consul-server/templates/service.yaml
+++ b/kubernetes/consul/charts/consul-server/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/consul/charts/consul-server/templates/statefulset.yaml b/kubernetes/consul/charts/consul-server/templates/statefulset.yaml
index 5bdbe0f232..16fda3a510 100644
--- a/kubernetes/consul/charts/consul-server/templates/statefulset.yaml
+++ b/kubernetes/consul/charts/consul-server/templates/statefulset.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: StatefulSet
@@ -39,7 +41,10 @@ spec:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
       containers:
       - name: {{ include "common.name" . }}
-        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+        securityContext:
+          runAsUser: {{ .Values.securityContext.runAsUser }}
+          runAsGroup: {{ .Values.securityContext.runAsGroup }}
         command: ["/usr/local/bin/docker-entrypoint.sh"]
         args:
         - "agent"
@@ -68,3 +73,4 @@ spec:
             port: {{ .Values.service.internalPort }}
           initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
           periodSeconds: {{ .Values.readiness.periodSeconds }}
+        resources: {{ include "common.resources" . | nindent 10 }}
diff --git a/kubernetes/consul/charts/consul-server/values.yaml b/kubernetes/consul/charts/consul-server/values.yaml
index e9c96d1bc6..48a26effd7 100644
--- a/kubernetes/consul/charts/consul-server/values.yaml
+++ b/kubernetes/consul/charts/consul-server/values.yaml
@@ -17,17 +17,13 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
+  repository: nexus3.onap.org:10001
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-repository: docker.io
-image: consul:1.0.6
+image: onap/oom/consul:2.1.0
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -64,4 +60,35 @@ service:
 ingress:
   enabled: false
 
-resources: {}
+#resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  #
+  # Example:
+  # Configure resource requests and limits
+  # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+  # Minimum memory for development is 2 CPU cores and 4GB memory
+  # Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+  small:
+    limits:
+      cpu: 100m
+      memory: 100Mi
+    requests:
+      cpu: 30m
+      memory: 25Mi
+  large:
+    limits:
+      cpu: 2
+      memory: 4Gi
+    requests:
+      cpu: 1
+      memory: 2Gi
+  unlimited: {}
+
+securityContext:
+  fsGroup: 1000
+  runAsUser: 100
+  runAsGroup: 1000
diff --git a/kubernetes/consul/requirements.yaml b/kubernetes/consul/requirements.yaml
index d3c442d32e..0b77abe706 100644
--- a/kubernetes/consul/requirements.yaml
+++ b/kubernetes/consul/requirements.yaml
@@ -20,3 +20,6 @@ dependencies:
     # a part of this chart's package and will not
     # be published independently to a repo (at this point)
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/consul/resources/config/consul-agent-config/model-loader.properties b/kubernetes/consul/resources/config/consul-agent-config/model-loader.properties
index 4c7fe41118..aae18b1e98 100644
--- a/kubernetes/consul/resources/config/consul-agent-config/model-loader.properties
+++ b/kubernetes/consul/resources/config/consul-agent-config/model-loader.properties
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.

 #

 # Licensed under the Apache License, Version 2.0 (the "License");

@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 # See the License for the specific language governing permissions and

 # limitations under the License.

+*/}}
 

 # Model Loader Distribution Client Configuration

 ml.distribution.ACTIVE_SERVER_TLS_AUTH=false

diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/aai-search-storage-write-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/aai-search-storage-write-script.sh
index 8d57163e67..20e53b65ae 100755
--- a/kubernetes/consul/resources/config/consul-agent-config/scripts/aai-search-storage-write-script.sh
+++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/aai-search-storage-write-script.sh
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 if curl -s -X PUT http://aai-elasticsearch:9200/searchhealth/stats/testwrite -d @/consul/scripts/aai-search-storage-write-doc.txt | grep '\"created\":true'; then
    if curl -s -X DELETE http://aai-elasticsearch:9200/searchhealth/stats/testwrite | grep '\"failed\":0'; then
diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/appc-dbhost-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/appc-dbhost-script.sh
index b756936201..1dccb3e16c 100755
--- a/kubernetes/consul/resources/config/consul-agent-config/scripts/appc-dbhost-script.sh
+++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/appc-dbhost-script.sh
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 APPC_DBHOST_POD=$(/consul/bin/kubectl -n {{ include "common.namespace" . }}  get pod | grep -o "appc-dbhost-[^[:space:]]*")
 if [ -n "$APPC_DBHOST_POD" ]; then
diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/clamp-mariadb-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/clamp-mariadb-script.sh
index 6f85c8a5a8..9ca6cf135c 100644
--- a/kubernetes/consul/resources/config/consul-agent-config/scripts/clamp-mariadb-script.sh
+++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/clamp-mariadb-script.sh
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "[^[:space:]]*-clampdb[^[:space:]]*")
 
diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/data-router-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/data-router-script.sh
index 8fb35f4b82..cd154dabbd 100755
--- a/kubernetes/consul/resources/config/consul-agent-config/scripts/data-router-script.sh
+++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/data-router-script.sh
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "aai-data-router[^[:space:]]*")
 
diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/model-loader-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/model-loader-script.sh
index 80fca0d52f..99feaa2f2f 100755
--- a/kubernetes/consul/resources/config/consul-agent-config/scripts/model-loader-script.sh
+++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/model-loader-script.sh
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "aai-model-loader[^[:space:]]*")
 
diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/mr-kafka-health.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/mr-kafka-health.sh
index 7cf52833b9..818503e9b6 100755
--- a/kubernetes/consul/resources/config/consul-agent-config/scripts/mr-kafka-health.sh
+++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/mr-kafka-health.sh
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 kafkapod=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "[^[:space:]]*-message-router-kafka-[^[:space:]]*")
 if [ -n "$kafkapod" ]; then
diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/mr-zookeeper-health.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/mr-zookeeper-health.sh
index 8809d9223a..185300cb8a 100755
--- a/kubernetes/consul/resources/config/consul-agent-config/scripts/mr-zookeeper-health.sh
+++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/mr-zookeeper-health.sh
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 zkpod=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "[^[:space:]]*-message-router-zookeeper-[^[:space:]]*")
 if [ -n "$zkpod" ]; then
diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/policy-mariadb-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/policy-mariadb-script.sh
index fd4cbc9365..12157b5dee 100644
--- a/kubernetes/consul/resources/config/consul-agent-config/scripts/policy-mariadb-script.sh
+++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/policy-mariadb-script.sh
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "[^[:space:]]*-policydb[^[:space:]]*")
 
diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-be-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-be-script.sh
index 33cd496bb9..8c5b8b99e9 100755
--- a/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-be-script.sh
+++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-be-script.sh
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 ## Query the health check API.
 HEALTH_CHECK_ENDPOINT="http://sdc-fe:8181/sdc1/rest/healthCheck"
diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-cs-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-cs-script.sh
index a3886f21e9..c17b8fb4bb 100755
--- a/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-cs-script.sh
+++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-cs-script.sh
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 ## Query the health check API.
 HEALTH_CHECK_ENDPOINT="http://sdc-fe:8181/sdc1/rest/healthCheck"
diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-fe-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-fe-script.sh
index 2ee6fcf3c3..57035b837f 100755
--- a/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-fe-script.sh
+++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-fe-script.sh
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 ## Query the health check API.
 HEALTH_CHECK_ENDPOINT="http://sdc-fe:8181/sdc1/rest/healthCheck"
diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-titan-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-titan-script.sh
index f782ba1dc5..f6e1eee98d 100755
--- a/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-titan-script.sh
+++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-titan-script.sh
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 ## Query the health check API.
 HEALTH_CHECK_ENDPOINT="http://sdc-fe:8181/sdc1/rest/healthCheck"
diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/sdnc-cluster-health.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/sdnc-cluster-health.sh
index eb8127fe11..ed7aefc0cf 100755
--- a/kubernetes/consul/resources/config/consul-agent-config/scripts/sdnc-cluster-health.sh
+++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/sdnc-cluster-health.sh
@@ -1,4 +1,5 @@
 #!/bin/sh
+{{/*
 
 # Copyright © 2018 Amdocs
 # Modifications Copyright © 2018 AT&T
@@ -14,6 +15,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 # query ODL cluster state
 USERNAME="{{.Values.odl.jolokia.username}}"
diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/sdnc-dbhost-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/sdnc-dbhost-script.sh
index 79f22bf015..3ec7b5b64e 100755
--- a/kubernetes/consul/resources/config/consul-agent-config/scripts/sdnc-dbhost-script.sh
+++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/sdnc-dbhost-script.sh
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 SDNC_DBHOST_POD=$(/consul/bin/kubectl -n {{ include "common.namespace" . }}  get pod | grep -o "sdnc-dbhost-[^[:space:]]*")
 if [ -n "$SDNC_DBHOST_POD" ]; then
diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/search-data-service-availability.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/search-data-service-availability.sh
index 4416fb907c..68ab27dbc9 100644
--- a/kubernetes/consul/resources/config/consul-agent-config/scripts/search-data-service-availability.sh
+++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/search-data-service-availability.sh
@@ -1,4 +1,5 @@
 #!/bin/sh
+{{/*
 
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
@@ -13,6 +14,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 SEARCH_SERVICE_NAME="search-data-service.{{ include "common.namespace" . }}"
 SEARCH_SERVICE_PORT=9509
diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/so-api-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/so-api-script.sh
index 09d2c81b32..04c240bd6a 100755
--- a/kubernetes/consul/resources/config/consul-agent-config/scripts/so-api-script.sh
+++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/so-api-script.sh
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 ## Query the health check API.
 HEALTH_CHECK_ENDPOINT="http://so:8080/ecomp/mso/infra/healthcheck"
diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/so-camunda-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/so-camunda-script.sh
index e1d0ff5b83..545291b4fe 100755
--- a/kubernetes/consul/resources/config/consul-agent-config/scripts/so-camunda-script.sh
+++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/so-camunda-script.sh
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 ## Query the health check API.
 HEALTH_CHECK_ENDPOINT="http://so:8080/mso/healthcheck"
diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/so-jra-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/so-jra-script.sh
index 71a662ef31..765bdc9e49 100755
--- a/kubernetes/consul/resources/config/consul-agent-config/scripts/so-jra-script.sh
+++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/so-jra-script.sh
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 ## Query the health check API.
 HEALTH_CHECK_ENDPOINT="http://so:8080/networks/rest/healthcheck"
diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/so-mariadb-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/so-mariadb-script.sh
index a167f4c6b8..25e9a891ca 100755
--- a/kubernetes/consul/resources/config/consul-agent-config/scripts/so-mariadb-script.sh
+++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/so-mariadb-script.sh
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "[^[:space:]]*-so-db[^[:space:]]*")
 
diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/sparky-be-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/sparky-be-script.sh
index d663b908ad..8f9349e275 100755
--- a/kubernetes/consul/resources/config/consul-agent-config/scripts/sparky-be-script.sh
+++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/sparky-be-script.sh
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "aai-sparky-be[^[:space:]]*")
 
diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/vid-mariadb-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/vid-mariadb-script.sh
index 7e81420acb..6afbfee641 100755
--- a/kubernetes/consul/resources/config/consul-agent-config/scripts/vid-mariadb-script.sh
+++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/vid-mariadb-script.sh
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "[^[:space:]]*-vid-mariadb[^[:space:]]*")
 
diff --git a/kubernetes/consul/resources/config/consul-agent-config/sdnc-portal-health.json b/kubernetes/consul/resources/config/consul-agent-config/sdnc-portal-health.json
deleted file mode 100644
index d03ce90820..0000000000
--- a/kubernetes/consul/resources/config/consul-agent-config/sdnc-portal-health.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "service": {
-    "name": "Health Check: SDNC Portal",
-    "checks": [
-      {
-        "id": "sdnc-portal",
-        "name": "SDNC Portal Health Check",
-        "http": "http://sdnc-portal:8843/login",
-        "method": "HEAD",
-        "header": {
-          "Cache-Control": ["no-cache"],
-          "Content-Type": ["application/json"],
-          "Accept": ["application/json"]
-        },
-        "tls_skip_verify": true,
-        "interval": "15s",
-        "timeout": "1s"
-      }
-    ]
-  }
-}
diff --git a/kubernetes/consul/templates/configmap.yaml b/kubernetes/consul/templates/configmap.yaml
index 0445ad0401..42c8cba6b4 100644
--- a/kubernetes/consul/templates/configmap.yaml
+++ b/kubernetes/consul/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/consul/templates/deployment.yaml b/kubernetes/consul/templates/deployment.yaml
index a7774e9878..31546abd49 100644
--- a/kubernetes/consul/templates/deployment.yaml
+++ b/kubernetes/consul/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -37,15 +39,36 @@ spec:
     spec:
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
-      containers:
-      - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+      initContainers:
+      - name: {{ include "common.name" . }}-chown
+        image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
         command:
-        - /bin/sh
-        - "-c"
+        - sh
+        args:
+        - -c
         - |
-          apk update && apk add jq
-          cp /tmp/consul/config/* /consul/config
-          /usr/local/bin/docker-entrypoint.sh agent -client 0.0.0.0 -enable-script-checks -retry-join {{ .Values.consulServer.nameOverride }}
+          cp -r -L /tmp/consul/config/* /consul/config/
+          chown -R {{ .Values.consulUID }}:{{ .Values.consulGID }} /consul/config
+          ls -la /consul/config
+        volumeMounts:
+        - mountPath: /tmp/consul/config
+          name: consul-agent-config
+        - mountPath: /consul/config
+          name: consul-agent-config-dir
+      containers:
+      - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+        securityContext:
+          runAsUser: {{ .Values.securityContext.runAsUser }}
+          runAsGroup: {{ .Values.securityContext.runAsGroup }}
+        command:
+        - docker-entrypoint.sh
+        args:
+        - agent
+        - -client
+        - 0.0.0.0
+        - -enable-script-checks
+        - -retry-join
+        - {{ .Values.consulServer.nameOverride }}
         name: {{ include "common.name" . }}
         env:
           - name: SDNC_ODL_COUNT
@@ -53,13 +76,16 @@ spec:
           - name: SDNC_IS_PRIMARY_CLUSTER
             value: "{{ .Values.sdnc.config.isPrimaryCluster }}"
         volumeMounts:
-        - mountPath: /tmp/consul/config
-          name: consul-agent-config
+        - mountPath: /consul/config
+          name: consul-agent-config-dir
         - mountPath: /consul/scripts
           name: consul-agent-scripts-config
         - mountPath: /consul/certs
           name: consul-agent-certs-config
+        resources: {{ include "common.resources" . | nindent 10 }}
       volumes:
+      - name: consul-agent-config-dir
+        emptyDir: {}
       - configMap:
           name: {{ include "common.fullname" . }}-configmap
         name: consul-agent-config
diff --git a/kubernetes/consul/templates/secrets.yaml b/kubernetes/consul/templates/secrets.yaml
index ffcc05f565..27cfbf00d0 100644
--- a/kubernetes/consul/templates/secrets.yaml
+++ b/kubernetes/consul/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Secret
diff --git a/kubernetes/consul/values.yaml b/kubernetes/consul/values.yaml
index 34272c6b96..639e4eb7af 100644
--- a/kubernetes/consul/values.yaml
+++ b/kubernetes/consul/values.yaml
@@ -17,23 +17,23 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
+  busyboxRepository: registry.hub.docker.com
+  busyboxImage: library/busybox:latest
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-repository: docker.io
-image: oomk8s/consul:1.0.0
+image: onap/oom/consul:2.1.0
 pullPolicy: Always
 
 #subchart name
 consulServer:
   nameOverride: consul-server
 
+consulUID: 100
+consulGID: 1000
+
 # flag to enable debugging - application support required
 debugEnabled: false
 
@@ -66,8 +66,34 @@ ingress:
       port: 8800
   config:
     ssl: "none"
-    
-resources: {}
+
+#resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  #
+  # Example:
+  # Configure resource requests and limits
+  # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+  # Minimum memory for development is 2 CPU cores and 4GB memory
+  # Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+  small:
+    limits:
+      cpu: 1
+      memory: 1500Mi
+    requests:
+      cpu: 650m
+      memory: 530Mi
+  large:
+    limits:
+      cpu: 2
+      memory: 4Gi
+    requests:
+      cpu: 1
+      memory: 2Gi
+  unlimited: {}
 
 odl:
   jolokia:
@@ -78,3 +104,8 @@ sdnc:
   config:
     isPrimaryCluster: true
   replicaCount: 1
+
+securityContext:
+  fsGroup: 1000
+  runAsUser: 100
+  runAsGroup: 1000
diff --git a/kubernetes/contrib/.helmignore b/kubernetes/contrib/.helmignore
new file mode 100644
index 0000000000..68ffb32406
--- /dev/null
+++ b/kubernetes/contrib/.helmignore
@@ -0,0 +1 @@
+components/
diff --git a/kubernetes/contrib/Makefile b/kubernetes/contrib/Makefile
index eb9f025fc8..32386fc89a 100644
--- a/kubernetes/contrib/Makefile
+++ b/kubernetes/contrib/Makefile
@@ -11,20 +11,21 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+HELM_BIN := helm
 
 make-contrib: make-contrib-awx make-contrib-netbox make-contrib-ejbca make-contrib-core
 
 make-contrib-awx:
-	cd components && helm dep up awx && helm lint awx
+	cd components && $(HELM_BIN) dep up awx && $(HELM_BIN) lint awx
 
 make-contrib-ejbca:
-	cd components && helm dep up ejbca && helm lint ejbca
+	cd components && $(HELM_BIN) dep up ejbca && $(HELM_BIN) lint ejbca
 
 make-contrib-netbox:
-	cd components && helm dep up netbox && helm lint netbox
+	cd components && $(HELM_BIN) dep up netbox && $(HELM_BIN) lint netbox
 
 make-contrib-core:
-	helm dep up . && helm lint .
+	$(HELM_BIN) dep up . && $(HELM_BIN) lint .
 
 clean:
 	@find . -type f -name '*.tgz' -delete
diff --git a/kubernetes/contrib/components/awx/Makefile b/kubernetes/contrib/components/awx/Makefile
index d8a50339d6..cb88b57fc9 100644
--- a/kubernetes/contrib/components/awx/Makefile
+++ b/kubernetes/contrib/components/awx/Makefile
@@ -11,6 +11,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+HELM_BIN := helm
 
 make-awx:
-	cd charts && helm dep up awx-postgres
+	cd charts && $(HELM_BIN) dep up awx-postgres
diff --git a/kubernetes/contrib/components/awx/charts/awx/resources/config/credentials.py b/kubernetes/contrib/components/awx/charts/awx/resources/config/credentials.py
index 39350e05d0..85808d10d4 100644
--- a/kubernetes/contrib/components/awx/charts/awx/resources/config/credentials.py
+++ b/kubernetes/contrib/components/awx/charts/awx/resources/config/credentials.py
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2019 Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 DATABASES = {
     'default': {
diff --git a/kubernetes/contrib/components/awx/charts/awx/resources/config/environment.sh b/kubernetes/contrib/components/awx/charts/awx/resources/config/environment.sh
index 7c58c6bb48..b9d01d079c 100644
--- a/kubernetes/contrib/components/awx/charts/awx/resources/config/environment.sh
+++ b/kubernetes/contrib/components/awx/charts/awx/resources/config/environment.sh
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2019 Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 DATABASE_USER={{ .Values.config.postgresUser }}
 DATABASE_NAME={{ .Values.config.postgresDB }}
diff --git a/kubernetes/contrib/components/awx/charts/awx/templates/job.yaml b/kubernetes/contrib/components/awx/charts/awx/templates/job.yaml
index 4be13fbf88..74c02bcd5f 100644
--- a/kubernetes/contrib/components/awx/charts/awx/templates/job.yaml
+++ b/kubernetes/contrib/components/awx/charts/awx/templates/job.yaml
@@ -40,7 +40,7 @@ spec:
         image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - awx-postgres
@@ -122,4 +122,4 @@ spec:
           name: {{ include "common.fullname" . }}-rabbitmq
         name: rabbitmq-config
       imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/contrib/components/awx/charts/awx/templates/statefulset.yaml b/kubernetes/contrib/components/awx/charts/awx/templates/statefulset.yaml
index 988ac174ae..6023bb4fdb 100644
--- a/kubernetes/contrib/components/awx/charts/awx/templates/statefulset.yaml
+++ b/kubernetes/contrib/components/awx/charts/awx/templates/statefulset.yaml
@@ -47,7 +47,7 @@ spec:
         image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - {{ include "common.name" . }}-mgnt
@@ -210,4 +210,4 @@ spec:
           name: {{ include "common.fullname" . }}-rabbitmq
         name: rabbitmq-config
       imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/contrib/components/awx/values.yaml b/kubernetes/contrib/components/awx/values.yaml
index 6c6a90e0de..1ed35c2c23 100755
--- a/kubernetes/contrib/components/awx/values.yaml
+++ b/kubernetes/contrib/components/awx/values.yaml
@@ -16,10 +16,10 @@
 # Global configuration defaults.
 #################################################################
 global:
+  readinessRepository: nexus3.onap.org:10001
   nodePortPrefixExt: 304
   commonConfigPrefix: awx
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
+  readinessImage: onap/oom/readiness:3.0.1
 
 #################################################################
 # Application configuration defaults.
diff --git a/kubernetes/contrib/components/ejbca/resources/certprofile_CUSTOM_ENDUSER-1834889499.xml b/kubernetes/contrib/components/ejbca/resources/certprofile_CUSTOM_ENDUSER-1834889499.xml
new file mode 100644
index 0000000000..e163aed82a
--- /dev/null
+++ b/kubernetes/contrib/components/ejbca/resources/certprofile_CUSTOM_ENDUSER-1834889499.xml
@@ -0,0 +1,595 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<java version="1.8.0_242" class="java.beans.XMLDecoder">
+ <object class="java.util.LinkedHashMap">
+  <void method="put">
+   <string>version</string>
+   <float>46.0</float>
+  </void>
+  <void method="put">
+   <string>type</string>
+   <int>1</int>
+  </void>
+  <void method="put">
+   <string>certversion</string>
+   <string>X509v3</string>
+  </void>
+  <void method="put">
+   <string>encodedvalidity</string>
+   <string>2y</string>
+  </void>
+  <void method="put">
+   <string>usecertificatevalidityoffset</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>certificatevalidityoffset</string>
+   <string>-10m</string>
+  </void>
+  <void method="put">
+   <string>useexpirationrestrictionforweekdays</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>expirationrestrictionforweekdaysbefore</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>expirationrestrictionweekdays</string>
+   <object class="java.util.ArrayList">
+    <void method="add">
+     <boolean>true</boolean>
+    </void>
+    <void method="add">
+     <boolean>true</boolean>
+    </void>
+    <void method="add">
+     <boolean>false</boolean>
+    </void>
+    <void method="add">
+     <boolean>false</boolean>
+    </void>
+    <void method="add">
+     <boolean>false</boolean>
+    </void>
+    <void method="add">
+     <boolean>true</boolean>
+    </void>
+    <void method="add">
+     <boolean>true</boolean>
+    </void>
+   </object>
+  </void>
+  <void method="put">
+   <string>allowvalidityoverride</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>allowextensionoverride</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>allowdnoverride</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>allowdnoverridebyeei</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>allowbackdatedrevokation</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usecertificatestorage</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>storecertificatedata</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>storesubjectaltname</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>usebasicconstrants</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>basicconstraintscritical</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>usesubjectkeyidentifier</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>subjectkeyidentifiercritical</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>useauthoritykeyidentifier</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>authoritykeyidentifiercritical</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usesubjectalternativename</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>subjectalternativenamecritical</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>useissueralternativename</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>issueralternativenamecritical</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usecrldistributionpoint</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usedefaultcrldistributionpoint</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>crldistributionpointcritical</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>crldistributionpointuri</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <string>usefreshestcrl</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usecadefinedfreshestcrl</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>freshestcrluri</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <string>crlissuer</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <string>usecertificatepolicies</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>certificatepoliciescritical</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>certificatepolicies</string>
+   <object class="java.util.ArrayList"/>
+  </void>
+  <void method="put">
+   <string>availablekeyalgorithms</string>
+   <object class="java.util.ArrayList">
+    <void method="add">
+     <string>DSA</string>
+    </void>
+    <void method="add">
+     <string>ECDSA</string>
+    </void>
+    <void method="add">
+     <string>RSA</string>
+    </void>
+   </object>
+  </void>
+  <void method="put">
+   <string>availableeccurves</string>
+   <object class="java.util.ArrayList">
+    <void method="add">
+     <string>ANY_EC_CURVE</string>
+    </void>
+   </object>
+  </void>
+  <void method="put">
+   <string>availablebitlengths</string>
+   <object class="java.util.ArrayList">
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>192</int>
+    </void>
+    <void method="add">
+     <int>224</int>
+    </void>
+    <void method="add">
+     <int>239</int>
+    </void>
+    <void method="add">
+     <int>256</int>
+    </void>
+    <void method="add">
+     <int>384</int>
+    </void>
+    <void method="add">
+     <int>512</int>
+    </void>
+    <void method="add">
+     <int>521</int>
+    </void>
+    <void method="add">
+     <int>1024</int>
+    </void>
+    <void method="add">
+     <int>1536</int>
+    </void>
+    <void method="add">
+     <int>2048</int>
+    </void>
+    <void method="add">
+     <int>3072</int>
+    </void>
+    <void method="add">
+     <int>4096</int>
+    </void>
+    <void method="add">
+     <int>6144</int>
+    </void>
+    <void method="add">
+     <int>8192</int>
+    </void>
+   </object>
+  </void>
+  <void method="put">
+   <string>minimumavailablebitlength</string>
+   <int>0</int>
+  </void>
+  <void method="put">
+   <string>maximumavailablebitlength</string>
+   <int>8192</int>
+  </void>
+  <void method="put">
+   <string>signaturealgorithm</string>
+   <null/>
+  </void>
+  <void method="put">
+   <string>usekeyusage</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>keyusage</string>
+   <object class="java.util.ArrayList">
+    <void method="add">
+     <boolean>true</boolean>
+    </void>
+    <void method="add">
+     <boolean>true</boolean>
+    </void>
+    <void method="add">
+     <boolean>true</boolean>
+    </void>
+    <void method="add">
+     <boolean>false</boolean>
+    </void>
+    <void method="add">
+     <boolean>false</boolean>
+    </void>
+    <void method="add">
+     <boolean>false</boolean>
+    </void>
+    <void method="add">
+     <boolean>false</boolean>
+    </void>
+    <void method="add">
+     <boolean>false</boolean>
+    </void>
+    <void method="add">
+     <boolean>false</boolean>
+    </void>
+   </object>
+  </void>
+  <void method="put">
+   <string>allowkeyusageoverride</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>keyusagecritical</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>useextendedkeyusage</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>extendedkeyusage</string>
+   <object class="java.util.ArrayList">
+    <void method="add">
+     <string>1.3.6.1.5.5.7.3.2</string>
+    </void>
+    <void method="add">
+     <string>1.3.6.1.5.5.7.3.4</string>
+    </void>
+    <void method="add">
+     <string>1.3.6.1.5.5.7.3.1</string>
+    </void>
+   </object>
+  </void>
+  <void method="put">
+   <string>extendedkeyusagecritical</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usedocumenttypelist</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>documenttypelistcritical</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>documenttypelist</string>
+   <object class="java.util.ArrayList"/>
+  </void>
+  <void method="put">
+   <string>availablecas</string>
+   <object class="java.util.ArrayList">
+    <void method="add">
+     <int>-1</int>
+    </void>
+   </object>
+  </void>
+  <void method="put">
+   <string>usedpublishers</string>
+   <object class="java.util.ArrayList"/>
+  </void>
+  <void method="put">
+   <string>useocspnocheck</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>useldapdnorder</string>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>usecustomdnorder</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usemicrosofttemplate</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>microsofttemplate</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <string>usecardnumber</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usecnpostfix</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>cnpostfix</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <string>usesubjectdnsubset</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>subjectdnsubset</string>
+   <object class="java.util.ArrayList"/>
+  </void>
+  <void method="put">
+   <string>usesubjectaltnamesubset</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>subjectaltnamesubset</string>
+   <object class="java.util.ArrayList"/>
+  </void>
+  <void method="put">
+   <string>usepathlengthconstraint</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>pathlengthconstraint</string>
+   <int>0</int>
+  </void>
+  <void method="put">
+   <string>useqcstatement</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usepkixqcsyntaxv2</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>useqcstatementcritical</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>useqcstatementraname</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <string>useqcsematicsid</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <string>useqcetsiqccompliance</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>useqcetsisignaturedevice</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>useqcetsivaluelimit</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>qcetsivaluelimit</string>
+   <int>0</int>
+  </void>
+  <void method="put">
+   <string>qcetsivaluelimitexp</string>
+   <int>0</int>
+  </void>
+  <void method="put">
+   <string>qcetsivaluelimitcurrency</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <string>useqcetsiretentionperiod</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>qcetsiretentionperiod</string>
+   <int>0</int>
+  </void>
+  <void method="put">
+   <string>useqccustomstring</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>qccustomstringoid</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <string>qccustomstringtext</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <string>qcetsipds</string>
+   <null/>
+  </void>
+  <void method="put">
+   <string>qcetsitype</string>
+   <null/>
+  </void>
+  <void method="put">
+   <string>usecertificatetransparencyincerts</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usecertificatetransparencyinocsp</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usecertificatetransparencyinpublisher</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usesubjectdirattributes</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usenameconstraints</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>useauthorityinformationaccess</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>caissuers</string>
+   <object class="java.util.ArrayList"/>
+  </void>
+  <void method="put">
+   <string>usedefaultcaissuer</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usedefaultocspservicelocator</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>ocspservicelocatoruri</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <string>cvcaccessrights</string>
+   <int>3</int>
+  </void>
+  <void method="put">
+   <string>usedcertificateextensions</string>
+   <object class="java.util.ArrayList"/>
+  </void>
+  <void method="put">
+   <string>approvals</string>
+   <object class="java.util.LinkedHashMap">
+    <void method="put">
+     <object class="java.lang.Enum" method="valueOf">
+      <class>org.cesecore.certificates.ca.ApprovalRequestType</class>
+      <string>REVOCATION</string>
+     </object>
+     <int>-1</int>
+    </void>
+    <void method="put">
+     <object class="java.lang.Enum" method="valueOf">
+      <class>org.cesecore.certificates.ca.ApprovalRequestType</class>
+      <string>KEYRECOVER</string>
+     </object>
+     <int>-1</int>
+    </void>
+    <void method="put">
+     <object class="java.lang.Enum" method="valueOf">
+      <class>org.cesecore.certificates.ca.ApprovalRequestType</class>
+      <string>ADDEDITENDENTITY</string>
+     </object>
+     <int>-1</int>
+    </void>
+   </object>
+  </void>
+  <void method="put">
+   <string>useprivkeyusageperiodnotbefore</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>useprivkeyusageperiod</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>useprivkeyusageperiodnotafter</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>privkeyusageperiodstartoffset</string>
+   <long>0</long>
+  </void>
+  <void method="put">
+   <string>privkeyusageperiodlength</string>
+   <long>63072000</long>
+  </void>
+  <void method="put">
+   <string>usesingleactivecertificateconstraint</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>overridableextensionoids</string>
+   <object class="java.util.LinkedHashSet"/>
+  </void>
+  <void method="put">
+   <string>nonoverridableextensionoids</string>
+   <object class="java.util.LinkedHashSet"/>
+  </void>
+  <void method="put">
+   <string>allowcertsnoverride</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>usecustomdnorderldap</string>
+   <boolean>false</boolean>
+  </void>
+ </object>
+</java>
diff --git a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh
index f1bd07e158..ad10240b94 100755
--- a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh
+++ b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh
@@ -12,6 +12,12 @@ configureEjbca() {
     ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra
     ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value ${RA_IAK}
     ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe
+    #Custom EJBCA cert profile and endentity are imported to allow issuing certificates with correct extended usage (containing serverAuth)
+    ejbca.sh ca importprofiles -d /opt/primekey/custom_profiles
+    #Profile name taken from certprofile filename (certprofile_<profile-name>-<id>.xml)
+    ejbca.sh config cmp updatealias --alias cmpRA --key ra.certificateprofile --value CUSTOM_ENDUSER
+    #ID taken from entityprofile filename (entityprofile_<profile-name>-<id>.xml)
+    ejbca.sh config cmp updatealias --alias cmpRA --key ra.endentityprofileid --value 1356531849
     ejbca.sh config cmp dumpalias --alias cmpRA
     ejbca.sh config cmp addalias --alias cmp
     ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true
diff --git a/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml b/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml
new file mode 100644
index 0000000000..19d872fe12
--- /dev/null
+++ b/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml
@@ -0,0 +1,936 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<java version="1.8.0_242" class="java.beans.XMLDecoder">
+ <object class="java.util.LinkedHashMap">
+  <void method="put">
+   <string>version</string>
+   <float>14.0</float>
+  </void>
+  <void method="put">
+   <string>NUMBERARRAY</string>
+   <object class="java.util.ArrayList">
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>3</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>1</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+    <void method="add">
+     <int>0</int>
+    </void>
+   </object>
+  </void>
+  <void method="put">
+   <string>SUBJECTDNFIELDORDER</string>
+   <object class="java.util.ArrayList">
+    <void method="add">
+     <int>500</int>
+    </void>
+    <void method="add">
+     <int>1100</int>
+    </void>
+    <void method="add">
+     <int>1200</int>
+    </void>
+    <void method="add">
+     <int>1300</int>
+    </void>
+    <void method="add">
+     <int>1400</int>
+    </void>
+    <void method="add">
+     <int>1600</int>
+    </void>
+   </object>
+  </void>
+  <void method="put">
+   <string>SUBJECTALTNAMEFIELDORDER</string>
+   <object class="java.util.ArrayList">
+    <void method="add">
+     <int>1800</int>
+    </void>
+    <void method="add">
+     <int>1801</int>
+    </void>
+    <void method="add">
+     <int>1802</int>
+    </void>
+   </object>
+  </void>
+  <void method="put">
+   <string>SUBJECTDIRATTRFIELDORDER</string>
+   <object class="java.util.ArrayList"/>
+  </void>
+  <void method="put">
+   <int>0</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20000</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10000</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30000</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>1</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20001</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10001</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30001</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>95</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20095</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10095</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30095</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>96</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20096</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10096</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30096</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>5</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20005</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10005</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30005</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>26</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20026</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10026</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30026</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>29</int>
+   <string>1834889499</string>
+  </void>
+  <void method="put">
+   <int>20029</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10029</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30029</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30</int>
+   <string>1834889499</string>
+  </void>
+  <void method="put">
+   <int>20030</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10030</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30030</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>31</int>
+   <string>1</string>
+  </void>
+  <void method="put">
+   <int>20031</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10031</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30031</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>32</int>
+   <string>1;2;3;4</string>
+  </void>
+  <void method="put">
+   <int>20032</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10032</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30032</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>33</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20033</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10033</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30033</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>34</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20034</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10034</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>30034</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>38</int>
+   <string>1</string>
+  </void>
+  <void method="put">
+   <int>20038</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10038</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30038</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>37</int>
+   <string>-1501801709</string>
+  </void>
+  <void method="put">
+   <int>20037</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10037</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30037</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>98</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20098</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10098</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>30098</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>99</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20099</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10099</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>30099</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>97</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20097</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10097</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>30097</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>91</int>
+   <string>false</string>
+  </void>
+  <void method="put">
+   <int>20091</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10091</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>30091</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>94</int>
+   <string>-1</string>
+  </void>
+  <void method="put">
+   <int>20094</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10094</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>30094</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>93</int>
+   <string>-1</string>
+  </void>
+  <void method="put">
+   <int>20093</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10093</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>30093</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>89</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20089</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10089</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>30089</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>88</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20088</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10088</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>30088</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <string>ALLOW_MERGEDN_WEBSERVICES</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>2</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20002</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10002</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10090</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>90</int>
+   <string>0</string>
+  </void>
+  <void method="put">
+   <string>REVERSEFFIELDCHECKS</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>28</int>
+   <string>false</string>
+  </void>
+  <void method="put">
+   <int>20028</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10028</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>REUSECERTIFICATE</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>35</int>
+   <string>false</string>
+  </void>
+  <void method="put">
+   <int>20035</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10035</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10092</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>USEEXTENSIONDATA</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>PRINTINGUSE</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>PRINTINGDEFAULT</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>PRINTINGREQUIRED</string>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <string>PRINTINGCOPIES</string>
+   <int>1</int>
+  </void>
+  <void method="put">
+   <string>PRINTINGPRINTERNAME</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <string>PRINTINGSVGDATA</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <string>PRINTINGSVGFILENAME</string>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>11</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20011</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10011</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30011</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>12</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20012</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10012</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30012</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>13</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20013</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10013</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30013</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>14</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20014</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10014</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30014</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>16</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20016</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>10016</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30016</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>18</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20018</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10018</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30018</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>118</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20118</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10118</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30118</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>218</int>
+   <string></string>
+  </void>
+  <void method="put">
+   <int>20218</int>
+   <boolean>false</boolean>
+  </void>
+  <void method="put">
+   <int>10218</int>
+   <boolean>true</boolean>
+  </void>
+  <void method="put">
+   <int>30218</int>
+   <boolean>true</boolean>
+  </void>
+ </object>
+</java>
diff --git a/kubernetes/contrib/components/ejbca/templates/configmap.yaml b/kubernetes/contrib/components/ejbca/templates/configmap.yaml
index d336bc9a94..093657dfe0 100644
--- a/kubernetes/contrib/components/ejbca/templates/configmap.yaml
+++ b/kubernetes/contrib/components/ejbca/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020, Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
@@ -18,3 +20,11 @@ metadata:
   name: "{{ include "common.fullname" . }}-config-script"
 data:
 {{ tpl (.Files.Glob "resources/ejbca-config.sh").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "{{ include "common.fullname" . }}-profiles"
+data:
+{{ tpl (.Files.Glob "resources/certprofile_CUSTOM_ENDUSER-1834889499.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/entityprofile_Custom_EndEntity-1356531849.xml").AsConfig . | indent 2 }}
diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
index c6981e5fc4..55de54febf 100644
--- a/kubernetes/contrib/components/ejbca/templates/deployment.yaml
+++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020, Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -24,7 +26,7 @@ spec:
       initContainers:
       - name: {{ include "common.name" . }}-db-readiness
         command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         {{- if .Values.global.mariadbGalera.localCluster }}
@@ -38,7 +40,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
       containers:
       - name: {{ include "common.name" . }}-ejbca
@@ -51,6 +53,8 @@ spec:
         volumeMounts:
           - name: "{{ include "common.fullname" . }}-volume"
             mountPath: /opt/primekey/scripts/
+          - name: "{{ include "common.fullname" . }}-profiles-volume"
+            mountPath: /opt/primekey/custom_profiles/
         ports: {{ include "common.containerPorts" . | nindent 10 }}
         env:
         - name: INITIAL_ADMIN
@@ -85,8 +89,13 @@ spec:
         {{- if .Values.affinity }}
         affinity: {{ toYaml .Values.affinity | nindent 10 }}
         {{- end }}
+        resources: {{ include "common.resources" . | nindent 10 }}
       volumes:
       - configMap:
           name: "{{ include "common.fullname" . }}-config-script"
           defaultMode: 0755
         name: "{{ include "common.fullname" . }}-volume"
+      - configMap:
+          name: "{{ include "common.fullname" . }}-profiles"
+          defaultMode: 0755
+        name: "{{ include "common.fullname" . }}-profiles-volume"
diff --git a/kubernetes/contrib/components/ejbca/templates/secret.yaml b/kubernetes/contrib/components/ejbca/templates/secret.yaml
index ecb51ae4d3..837da0959b 100644
--- a/kubernetes/contrib/components/ejbca/templates/secret.yaml
+++ b/kubernetes/contrib/components/ejbca/templates/secret.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020, Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/contrib/components/ejbca/templates/service.yaml b/kubernetes/contrib/components/ejbca/templates/service.yaml
index 01680ee78e..46eed4264c 100644
--- a/kubernetes/contrib/components/ejbca/templates/service.yaml
+++ b/kubernetes/contrib/components/ejbca/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020, Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.service" . }}
diff --git a/kubernetes/contrib/components/ejbca/values.yaml b/kubernetes/contrib/components/ejbca/values.yaml
index 82bc03c597..35160e4b13 100644
--- a/kubernetes/contrib/components/ejbca/values.yaml
+++ b/kubernetes/contrib/components/ejbca/values.yaml
@@ -12,9 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 global:
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.1
-  mariadbGalera: &mariadbGalera
+  readinessImage: onap/oom/readiness:3.0.1
+  mariadbGalera: &mariadbGalera 
     #This flag allows EJBCA to instantiate its own mariadb-galera cluster
     localCluster: false
     service: mariadb-galera
@@ -38,6 +37,7 @@ secrets:
     password: '{{ .Values.config.ejbca.clientIak }}'
 
 # application configuration
+repository: nexus3.onap.org:10001
 config:
   db:
     userName: ejbca
@@ -104,3 +104,23 @@ service:
       port: 8443
       plain_port: 8080
       port_protocol: http
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+  small:
+    limits:
+      cpu: 1500m
+      memory: 1536Mi
+    requests:
+      cpu: 10m
+      memory: 750Mi
+  large:
+    limits:
+      cpu: 2
+      memory: 2Gi
+    requests:
+      cpu: 20m
+      memory: 1Gi
+  unlimited: {}
diff --git a/kubernetes/contrib/components/netbox/Makefile b/kubernetes/contrib/components/netbox/Makefile
index 3194d40020..da18203981 100644
--- a/kubernetes/contrib/components/netbox/Makefile
+++ b/kubernetes/contrib/components/netbox/Makefile
@@ -11,6 +11,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+HELM_BIN := helm
 
 make-netbox:
-	cd charts && helm dep up netbox-postgres && helm dep up netbox-nginx && helm dep up netbox-app
+	cd charts && $(HELM_BIN) dep up netbox-postgres && $(HELM_BIN) dep up netbox-nginx && $(HELM_BIN) dep up netbox-app
diff --git a/kubernetes/contrib/components/netbox/charts/netbox-app/templates/job.yaml b/kubernetes/contrib/components/netbox/charts/netbox-app/templates/job.yaml
index 7586a6c95e..ed6518ed1a 100644
--- a/kubernetes/contrib/components/netbox/charts/netbox-app/templates/job.yaml
+++ b/kubernetes/contrib/components/netbox/charts/netbox-app/templates/job.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: batch/v1
 kind: Job
@@ -36,7 +38,7 @@ spec:
         image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - netbox-app
diff --git a/kubernetes/contrib/components/netbox/charts/netbox-nginx/templates/service.yaml b/kubernetes/contrib/components/netbox/charts/netbox-nginx/templates/service.yaml
index ed761374fa..c01612e0f4 100755
--- a/kubernetes/contrib/components/netbox/charts/netbox-nginx/templates/service.yaml
+++ b/kubernetes/contrib/components/netbox/charts/netbox-nginx/templates/service.yaml
@@ -31,7 +31,7 @@ spec:
     - port: {{ .Values.service.internalPort }}
       nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }}
     {{- else -}}
-    - port: {{ .Values.service.externalPort }}
+    - port: {{ .Values.service.internalPort }}
       targetPort: {{ .Values.service.internalPort }}
     {{- end}}
   selector:
diff --git a/kubernetes/contrib/components/netbox/charts/netbox-nginx/values.yaml b/kubernetes/contrib/components/netbox/charts/netbox-nginx/values.yaml
index f67ff06410..e94e50bc4f 100755
--- a/kubernetes/contrib/components/netbox/charts/netbox-nginx/values.yaml
+++ b/kubernetes/contrib/components/netbox/charts/netbox-nginx/values.yaml
@@ -75,7 +75,7 @@ persistence:
   staticPvName: netbox-static
 
 service:
-  type: NodePort
+  type: ClusterIP
   name: netbox-nginx
   portName: netbox-nginx
   internalPort: 8080
diff --git a/kubernetes/contrib/components/netbox/values.yaml b/kubernetes/contrib/components/netbox/values.yaml
index 2dfb36b1e5..5dc4535ca3 100755
--- a/kubernetes/contrib/components/netbox/values.yaml
+++ b/kubernetes/contrib/components/netbox/values.yaml
@@ -16,10 +16,10 @@
 # Global configuration defaults.
 #################################################################
 global:
+  readinessRepository: nexus3.onap.org:10001
   nodePortPrefixExt: 304
   commonConfigPrefix: netbox
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
+  readinessImage: onap/oom/readiness:3.0.1
 
 #################################################################
 # Application configuration defaults.
diff --git a/kubernetes/contrib/tools/check-for-staging-images.sh b/kubernetes/contrib/tools/check-for-staging-images.sh
new file mode 100755
index 0000000000..ce51b30b58
--- /dev/null
+++ b/kubernetes/contrib/tools/check-for-staging-images.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+BASE_URL="https://nexus3.onap.org/repository/docker.release"
+
+if [ "$GERRIT_BRANCH" == "staging" ]; then
+    exit 0
+fi
+
+USED_IMAGES=$(grep -r -E -o -h ':\s*onap/.*:.*' | sed -e 's/^: //' -e 's/^ //' | sort | uniq)
+REPO_IMAGES=$(curl -s $BASE_URL/v2/_catalog | jq -r '.repositories[]')
+NOT_AVAILABLE_IMAGES=$(echo "$USED_IMAGES" | grep -vE  "$(echo "$REPO_IMAGES" | tr "\n" "|" | sed 's/|$//')")
+USED_IMAGES=$(echo "$USED_IMAGES" | grep -E "$(echo "$REPO_IMAGES" | tr "\n" "|" | sed 's/|$//')")
+for i in $USED_IMAGES; do
+    TMP_IMG=$(echo "$i" | cut -d ":" -f1)
+    TMP_TAG=$(echo "$i" | cut -d ":" -f2)
+    if [ "$LAST_IMG" != "$TMP_IMG" ]; then
+        AVAILABLE_TAGS=$(curl -s $BASE_URL/v2/$TMP_IMG/tags/list | jq -r '.tags[]')
+    fi
+    if ! echo "$AVAILABLE_TAGS" | grep "$TMP_TAG" > /dev/null; then
+        NOT_AVAILABLE_IMAGES="$NOT_AVAILABLE_IMAGES\n$i"
+    fi
+    LAST_IMG="$TMP_IMG"
+    printf "."
+done
+printf "\n"
+if [ -n "$NOT_AVAILABLE_IMAGES" ]; then
+    echo "[ERROR] Only release images are allowed in helm charts."
+    echo "[ERROR] Images not found in release repo:"
+    echo -e "$NOT_AVAILABLE_IMAGES"
+    exit 1
+fi
+exit 0
\ No newline at end of file
diff --git a/kubernetes/dcaegen2/.helmignore b/kubernetes/dcaegen2/.helmignore
index f0c1319444..7ddbad7ef4 100644
--- a/kubernetes/dcaegen2/.helmignore
+++ b/kubernetes/dcaegen2/.helmignore
@@ -19,3 +19,4 @@
 .project
 .idea/
 *.tmproj
+components/
diff --git a/kubernetes/dcaegen2/Makefile b/kubernetes/dcaegen2/Makefile
index f10f2fc682..bf20455a5f 100644
--- a/kubernetes/dcaegen2/Makefile
+++ b/kubernetes/dcaegen2/Makefile
@@ -11,37 +11,36 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-make-dcaegen2: make-dcae-bootstrap make-dcae-cloudify-manager make-dcae-config-binding-service make-dcae-healthcheck make-dcae-redis make-dcae-servicechange-handler make-dcae-inventory-api make-dcae-deployment-handler make-dcae-policy-handler make-dcae-dashboard
+HELM_BIN := helm
+
+make-dcaegen2: make-dcae-bootstrap make-dcae-cloudify-manager make-dcae-config-binding-service make-dcae-healthcheck make-dcae-servicechange-handler make-dcae-inventory-api make-dcae-deployment-handler make-dcae-policy-handler make-dcae-dashboard
 
 make-dcae-bootstrap:
-	cd components && helm dep up dcae-bootstrap && helm lint dcae-bootstrap
+	cd components && $(HELM_BIN) dep up dcae-bootstrap && $(HELM_BIN) lint dcae-bootstrap
 
 make-dcae-cloudify-manager:
-	cd components && helm dep up dcae-cloudify-manager && helm lint dcae-cloudify-manager
+	cd components && $(HELM_BIN) dep up dcae-cloudify-manager && $(HELM_BIN) lint dcae-cloudify-manager
 
 make-dcae-config-binding-service:
-	cd components && helm dep up dcae-config-binding-service && helm lint dcae-config-binding-service
+	cd components && $(HELM_BIN) dep up dcae-config-binding-service && $(HELM_BIN) lint dcae-config-binding-service
 
 make-dcae-healthcheck:
-	cd components && helm dep up dcae-healthcheck && helm lint dcae-healthcheck
-
-make-dcae-redis:
-	cd components && helm dep up dcae-redis && helm lint dcae-redis
+	cd components && $(HELM_BIN) dep up dcae-healthcheck && $(HELM_BIN) lint dcae-healthcheck
 
 make-dcae-servicechange-handler:
-	cd components && helm dep up dcae-servicechange-handler && helm lint dcae-servicechange-handler
+	cd components && $(HELM_BIN) dep up dcae-servicechange-handler && $(HELM_BIN) lint dcae-servicechange-handler
 
 make-dcae-inventory-api:
-	cd components && helm dep up dcae-inventory-api && helm lint dcae-inventory-api
+	cd components && $(HELM_BIN) dep up dcae-inventory-api && $(HELM_BIN) lint dcae-inventory-api
 
 make-dcae-deployment-handler:
-	cd components && helm dep up dcae-deployment-handler && helm lint dcae-deployment-handler
+	cd components && $(HELM_BIN) dep up dcae-deployment-handler && $(HELM_BIN) lint dcae-deployment-handler
 
 make-dcae-policy-handler:
-	cd components && helm dep up dcae-policy-handler && helm lint dcae-policy-handler
+	cd components && $(HELM_BIN) dep up dcae-policy-handler && $(HELM_BIN) lint dcae-policy-handler
 
 make-dcae-dashboard:
-	cd components && helm dep up dcae-dashboard && helm lint dcae-dashboard
+	cd components && $(HELM_BIN) dep up dcae-dashboard && $(HELM_BIN) lint dcae-dashboard
 
 clean:
 	@find . -type f -name '*.tgz' -delete
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml
index e917e900c7..a31aaf1106 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml
@@ -31,3 +31,6 @@ dependencies:
   - name: cmpv2Config
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/dmaap-plugin.json b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/dmaap-plugin.json
index c52a0a8606..44a345455a 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/dmaap-plugin.json
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/dmaap-plugin.json
@@ -3,5 +3,5 @@
         "username": "notused",
         "password": "doesnotmatter",
         "owner": "dcaecm"
-     }
+    }
 }
\ No newline at end of file
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json
index 6de75c96d7..568d6f77c9 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 #=================================================================================
 # Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
@@ -16,40 +17,44 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 {
-  "namespace" : "{{ if .Values.dcae_ns }}{{ .Values.dcae_ns}}{{ else }}{{include "common.namespace" . }}{{ end}}",
-  "consul_dns_name" : "{{ .Values.config.address.consul.host }}.{{ include "common.namespace" . }}",
-  "default_k8s_location" : "{{ .Values.default_k8s_location }}",
-  "image_pull_secrets" : ["{{ include "common.namespace" . }}-docker-registry-key"],
-  "filebeat":
-    {
-      "log_path": "/var/log/onap",
-      "data_path": "/usr/share/filebeat/data",
-      "config_path": "/usr/share/filebeat/filebeat.yml",
-      "config_subpath": "filebeat.yml",
-      "image" : "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}",
-      "config_map" : "{{ include "common.release" . }}-dcae-filebeat-configmap"
-    },
-  "tls":
-    {
-      "cert_path": "/opt/app/osaaf",
-      "image": "{{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}",
-      "component_cert_dir": "/opt/dcae/cacert",
-      "component_ca_cert_path": "/opt/dcae/cacert/cacert.pem",
-      "ca_cert_configmap": "{{ include "common.fullname" . }}-dcae-cacert"
-    },
-  "external_cert":
-    {
-      "image_tag": "{{ .Values.global.tlsRepository }}/{{ .Values.cmpv2Config.global.aaf.certServiceClient.image }}",
-      "request_url": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.requestURL }}",
-      "timeout":  "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.requestTimeout }}",
-      "country": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2Country }}",
-      "organization": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2Organization }}",
-      "state": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2State }}",
-      "organizational_unit": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2OrganizationalUnit }}",
-      "location": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2Location }}",
-      "keystore_password": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.keystorePassword }}",
-      "truststore_password": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.truststorePassword }}"
-    }
-}
+  "namespace": "{{ if .Values.dcae_ns }}{{ .Values.dcae_ns}}{{ else }}{{include "common.namespace" . }}{{ end}}",
+  "consul_dns_name": "{{ .Values.config.address.consul.host }}.{{ include "common.namespace" . }}",
+  "default_k8s_location": "{{ .Values.default_k8s_location }}",
+  "image_pull_secrets": [
+    "{{ include "common.namespace" . }}-docker-registry-key"
+  ],
+  "filebeat": {
+    "log_path": "/var/log/onap",
+    "data_path": "/usr/share/filebeat/data",
+    "config_path": "/usr/share/filebeat/filebeat.yml",
+    "config_subpath": "filebeat.yml",
+    "image": "{{  include "repositoryGenerator.image.logging" . }}",
+    "config_map": "{{ include "common.release" . }}-dcae-filebeat-configmap"
+  },
+  "tls": {
+    "cert_path": "/opt/app/osaaf",
+    "image": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tlsImage }}",
+    "component_cert_dir": "/opt/dcae/cacert",
+    "component_ca_cert_path": "/opt/dcae/cacert/cacert.pem",
+    "ca_cert_configmap": "{{ include "common.fullname" . }}-dcae-cacert"
+  },
+  "external_cert": {
+    "image_tag": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.cmpv2Config.global.platform.certServiceClient.image }}",
+    "request_url": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.requestURL }}",
+    "timeout": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.requestTimeout }}",
+    "country": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Country }}",
+    "organization": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Organization }}",
+    "state": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2State }}",
+    "organizational_unit": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2OrganizationalUnit }}",
+    "location": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Location }}",
+    "cert_secret_name": "{{ .Values.cmpv2Config.global.platform.certServiceClient.secretName }}",
+    "keystore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.keystorePassword }}",
+    "truststore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.truststorePassword }}"
+  },
+  "truststore_merger": {
+    "image_tag": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.cmpv2Config.global.platform.certPostProcessor.image }}"
+  }
+}
\ No newline at end of file
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml
index f330e647b4..8c2c0a217b 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 #=================================================================================
 # Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
@@ -15,9 +16,10 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 {{ if .Values.componentImages.datafile_collector }}
-tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.datafile_collector }}
+tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.datafile_collector }}
 {{ end }}
 host_port: {{ .Values.config.address.datafile_collector.port }}
 host_port_secure: {{ .Values.config.address.datafile_collector.portSecure }}
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-holmes_engine-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-holmes_engine-inputs.yaml
index f6a4c7cf85..7aa1b8d03a 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-holmes_engine-inputs.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-holmes_engine-inputs.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 #=================================================================================
 # Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
@@ -15,10 +16,11 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 {
 {{ if .Values.componentImages.holmes_engine }}
-  "he_image" : '{{ include "common.repository" . }}/{{ .Values.componentImages.holmes_engine }}',
+  "he_image" : '{{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.holmes_engine }}',
 {{ end }}
   "msb_hostname": "{{ .Values.config.address.msb_iag }}.{{include "common.namespace" . }}",
   "dcae_CL_publish_url": "http://{{ .Values.config.address.message_router }}.{{include "common.namespace" . }}:3904/events/unauthenticated.DCAE_CL_OUTPUT",
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-holmes_rules-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-holmes_rules-inputs.yaml
index 7ede89e521..6c311ec47e 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-holmes_rules-inputs.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-holmes_rules-inputs.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 #=================================================================================
 # Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
@@ -15,10 +16,11 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 {
 {{ if .Values.componentImages.holmes_rules }}
-  "hr_image" : '{{ include "common.repository" . }}/{{ .Values.componentImages.holmes_rules }}',
+  "hr_image" : '{{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.holmes_rules }}',
 {{ end }}
 
   "msb_hostname": "{{ .Values.config.address.msb_iag }}.{{include "common.namespace" . }}",
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml
index a0cbbbdba2..08a3c357ba 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml
@@ -1,6 +1,8 @@
+{{/*
 #============LICENSE_START========================================================
 #=================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2020 Nokia. All rights reserved.
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,9 +16,15 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 {{ if .Values.componentImages.hv_ves }}
-tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.hv_ves }}
+tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.hv_ves }}
 {{ end }}
 use_tls: true
-security_ssl_disable: false
\ No newline at end of file
+security_ssl_disable: false
+external_cert_ca_name: "RA"
+external_cert_common_name: "dcae-hv-ves-collector"
+external_cert_sans: "dcae-hv-ves-collector:hv-ves-collector:hv-ves"
+external_cert_cert_type: "JKS"
+external_cert_use_external_tls: false
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-pgaas-initdb-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-pgaas-initdb-inputs.yaml
index eb4cf252d4..71c91b4f77 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-pgaas-initdb-inputs.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-pgaas-initdb-inputs.yaml
@@ -1,3 +1,4 @@
+{{/*
 #=================================================================================
 # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
 # Modifications Copyright © 2018 Amdocs, Bell Canada
@@ -14,6 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 k8s_pgaas_instance_fqdn: {{ .Values.postgres.service.name2 }}.{{include "common.namespace" . }}
 k8s_initial_password: $PG_ROOT_PASSWORD
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-prh-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-prh-inputs.yaml
index 1491e731d8..efc8c77366 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-prh-inputs.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-prh-inputs.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 #=================================================================================
 # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
@@ -14,7 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 {{ if .Values.componentImages.prh }}
-tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.prh }}
+tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.prh }}
 {{ end }}
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-snmptrap-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-snmptrap-inputs.yaml
index aa2b9a3f18..7c234243b0 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-snmptrap-inputs.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-snmptrap-inputs.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 #=================================================================================
 # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
@@ -15,8 +16,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 {{ if .Values.componentImages.snmptrap }}
-tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.snmptrap }}
+tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.snmptrap }}
 {{ end }}
 external_port: {{ .Values.config.address.snmptrap.port }}
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tca-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tca-inputs.yaml
deleted file mode 100644
index 9240094fa9..0000000000
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tca-inputs.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-{{ if .Values.componentImages.tca }}
-tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.tca }}
-{{ end }}
-dmaap_host: {{ .Values.config.address.message_router }}.{{include "common.namespace" . }}
-consul_host: {{ .Values.config.address.consul.host }}.{{include "common.namespace" . }}
-cbs_host: config-binding-service
-enableRedisCaching:  {{ .Values.config.redisCaching }}
-{{ if .Values.config.redisHosts }}
-redisHosts: {{ .Values.config.redisHosts }}
-{{ end }}
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml
index 5074cb8a7f..eb7caf1eee 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 #=================================================================================
 # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
@@ -14,9 +15,10 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 {{ if .Values.componentImages.tcagen2 }}
-tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.tcagen2 }}
+tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.tcagen2 }}
 {{ end }}
 tca_handle_in_subscribe_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/"
-tca_handle_out_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.TCAGEN2_OUTPUT/"
+tca_handle_out_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.DCAE_CL_OUTPUT/"
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml
index 5a2a595ca6..e09e37dd31 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 #=================================================================================
 # Copyright (c) 2020 Nokia. All rights reserved.
@@ -14,15 +15,17 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 {{ if .Values.componentImages.ves }}
-tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.ves }}
+tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.ves }}
 {{ end }}
 external_port: 0
 external_port_tls: {{ .Values.config.address.ves.portSecure }}
 auth_method: "certBasicAuth"
-component_name: "dcae-ves-collector"
-dns_component_name: "dcae-ves-collector"
+service_component_type: "dcae-ves-collector"
+service_id: "dcae-ves-collector"
+service_component_name_override: "dcae-ves-collector"
 enable_tls: true
 ves_other_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_OTHER_OUTPUT/"
 ves_heartbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_HEARTBEAT_OUTPUT/"
@@ -30,4 +33,13 @@ ves_fault_publish_url: "http://{{ .Values.config.address.message_router }}:3904/
 ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/"
 ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/"
 ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/"
+ves_3gpp_fault_supervision_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT/"
+ves_3gpp_provisioning_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT/"
+ves_3gpp_hearbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT/"
+ves_3gpp_performance_assurance_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT/"
 user_list: "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6|demouser,$2a$10$1cc.COcqV/d3iT2N7BjPG.S6ZKv2jpb9a5MV.o7lMih/GpjJRX.Ce"
+external_cert_ca_name: "RA"
+external_cert_common_name: "dcae-ves-collector"
+external_cert_sans: "dcae-ves-collector:ves-collector:ves"
+external_cert_cert_type: "JKS"
+external_cert_use_external_tls: false
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml
index dda75dd874..349645bb7b 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 #=================================================================================
 # Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved.
@@ -16,18 +17,24 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 {{ if .Values.componentImages.ves }}
-tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.ves }}
+tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.ves }}
 {{ end }}
 external_port_tls: 0
 external_port: {{ .Values.config.address.ves.port }}
 auth_method: "noAuth"
-component_name: "dcae-ves-collector-http"
-dns_component_name: "dcae-ves-collector-http"
+service_component_type: "dcae-http-ves-collector"
+service_id: "dcae-http-ves-collector-http"
+service_component_name_override: "dcae-http-ves-collector"
 ves_other_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_OTHER_OUTPUT/"
 ves_heartbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_HEARTBEAT_OUTPUT/"
 ves_fault_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_FAULT_OUTPUT/"
 ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/"
 ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/"
 ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/"
+ves_3gpp_fault_supervision_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT/"
+ves_3gpp_provisioning_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT/"
+ves_3gpp_hearbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT/"
+ves_3gpp_performance_assurance_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT/"
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/configmap.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/configmap.yaml
index 21134ada9f..47db1753e0 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/configmap.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
@@ -15,6 +16,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
index 5c96138b03..15a2ad1212 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
@@ -1,6 +1,7 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
-# Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved.
 # Modifications Copyright © 2018 Amdocs, Bell Canada
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -15,6 +16,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -51,15 +53,15 @@ spec:
           name: {{ include "common.fullname" . }}-dcae-inputs-input
         - mountPath: /config
           name: {{ include "common.fullname" . }}-dcae-inputs
-        image: "{{ .Values.global.envsubstImage }}"
+        image: {{ include "repositoryGenerator.image.envsubst" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-update-config
 
       - name: {{ include "common.name" . }}-readiness
-        image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
-          - /root/ready.py
+          - /app/ready.py
         args:
           - --container-name
           - dcae-cloudify-manager
@@ -92,14 +94,14 @@ spec:
               fieldPath: status.podIP
         - name: aaf_locator_fqdn
           value: dcae
-        image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tlsImage }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         resources: {}
         volumeMounts:
         - mountPath: /opt/app/osaaf
           name: tls-info
       - name: init-consul
-        image: {{ .Values.global.consulLoaderRepository }}/{{ .Values.global.consulLoaderImage }}
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.consulLoaderImage }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         args:
         - --service
@@ -109,7 +111,7 @@ spec:
         resources: {}
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           resources:
 {{ include "common.resources" . | indent 12 }}
@@ -128,10 +130,7 @@ spec:
             - name: CMADDR
               value: {{ .Values.config.address.cm.host }}
             - name: CMPASS
-              valueFrom:
-                secretKeyRef:
-                  name: {{ include "common.name" . }}-cmpass
-                  key: password
+              {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14}}
             - name: CMPROTO
               value: {{ .Values.config.address.cm.proto }}
             - name: CMPORT
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml
index 44395e48e8..c8fbd04150 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml
@@ -1,6 +1,7 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
-# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved.
 # Modifications Copyright © 2018 Amdocs, Bell Canada
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -15,19 +16,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.name" . }}-cmpass
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-type: Opaque
-data:
-  password: YWRtaW4=
----
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
index 33682e7dbe..668dcc7e18 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
@@ -1,6 +1,6 @@
 #============LICENSE_START========================================================
 #=================================================================================
-# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
 # Modifications Copyright © 2018 Amdocs, Bell Canada
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -22,13 +22,8 @@
 global:
   nodePortPrefix: 302
   nodePortPrefixExt: 304
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  tlsRepository: nexus3.onap.org:10001
   tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-  envsubstImage: dibi/envsubst
+  consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
 
 secrets:
   - uid: pg-root-pass
@@ -37,6 +32,10 @@ secrets:
     externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "dcae-bootstrap-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
     password: '{{ .Values.postgres.config.pgRootpassword }}'
     policy: generate
+  - uid: 'cm-pass'
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+    password: '{{ .Values.config.cloudifyManagerPassword }}'
 
 config:
   logstashServiceName: log-ls
@@ -70,8 +69,6 @@ config:
     ves:
       port: 30235
       portSecure: 30417
-  # redisCaching is a string not a boolean!
-  redisCaching: "false"
 
 # postgres values--overriding defaults in the postgres subchart
 postgres:
@@ -106,21 +103,19 @@ mongo:
   disableNfsProvisioner: true
 
 # application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.0.2
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.1.8
 default_k8s_location: central
 
 # DCAE component images to be deployed via Cloudify Manager
 # Use to override default setting in blueprints
 componentImages:
-  holmes_rules: onap/holmes/rule-management:1.2.7
-  holmes_engine: onap/holmes/engine-management:1.2.6
-  tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.2.2
-  tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.1
-  ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.1
+  holmes_rules: onap/holmes/rule-management:1.2.9
+  holmes_engine: onap/holmes/engine-management:1.2.9
+  tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.1
+  ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.9
   snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
-  prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.2
-  hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.4.0
+  prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.4
+  hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.5.0
 
 # Resource Limit flavor -By Default using small
 flavor: small
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml
index caff1e5dc4..c2681fb217 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml
@@ -17,3 +17,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/config.txt b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/config.txt
index 7606ba55ae..e079ec81c0 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/config.txt
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/config.txt
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
@@ -15,5 +16,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 [consul]
 address={{ .Values.config.address.consul.host }}:{{ .Values.config.address.consul.port }}
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/log/filebeat.yml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/log/filebeat.yml
index 1a3f693a12..06e553d9d4 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/log/filebeat.yml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/log/filebeat.yml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
@@ -15,6 +16,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 filebeat.prospectors:
 #it is mandatory, in our case it's log
 - input_type: log
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/configmap.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/configmap.yaml
index f1add2dac1..6ec98b56c4 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/configmap.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
@@ -15,6 +16,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml
index b5bb66b8c0..6c7fa4d85c 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml
@@ -1,7 +1,9 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
 # Modifications Copyright © 2018 Amdocs, Bell Canada
+# Copyright (c) 2020 J. F. Lucas.  All rights reserved.
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,6 +17,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -45,10 +48,10 @@ spec:
         - "dcae-cloudify-manager"
       initContainers:
       - name: {{ include "common.name" . }}-readiness
-        image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
-          - /root/ready.py
+          - /app/ready.py
         args:
           - --container-name
           - aaf-cm
@@ -61,14 +64,13 @@ spec:
                 apiVersion: v1
                 fieldPath: metadata.namespace
       - name: {{ include "common.name" . }}-multisite-init
-        image: {{ include "common.repository" . }}/{{ .Values.multisiteInitImage }}
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.multisiteInitImage }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         args:
           - --namespace
           - {{ include "common.namespace" . }}
           - --configmap
           - {{ .Values.multisiteConfigMapName }}
-        restartPolicy: Never
       - name: init-tls
         env:
           - name: POD_IP
@@ -78,7 +80,7 @@ spec:
                 fieldPath: status.podIP
           - name: aaf_locator_fqdn
             value: dcae
-        image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tlsImage }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         resources: {}
         volumeMounts:
@@ -86,7 +88,7 @@ spec:
               name: tls-info
       {{- if .Values.persistence.enabled }}
       - name: remove-lost-found
-        image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+        image: {{ include "repositoryGenerator.image.busybox" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - mountPath: /cfy-persist
@@ -99,7 +101,7 @@ spec:
       {{- end }}
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           env:
             - name: REQUESTS_CA_BUNDLE
@@ -116,6 +118,7 @@ spec:
               port: {{ .Values.service.internalPort }}
             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
             periodSeconds: {{ .Values.liveness.periodSeconds }}
+            timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
           {{ end }}
           readinessProbe:
             exec:
@@ -123,6 +126,7 @@ spec:
               - /scripts/readiness-check.sh
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
+            timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
           volumeMounts:
           - mountPath: /opt/onap/config.txt
             subPath: config.txt
@@ -144,6 +148,9 @@ spec:
             name: cm-persistent
           - mountPath: /opt/onap/certs
             name: tls-info
+          - mountPath: /opt/onap/cm-secrets
+            name: cm-secrets
+            readOnly: true
           securityContext:
             privileged: True
       volumes:
@@ -171,5 +178,8 @@ spec:
         {{- end }}
         - emptyDir: {}
           name: tls-info
+        - name: cm-secrets
+          secret:
+            secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "cm-pass") }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/job.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/job.yaml
index 96d305a7a7..2e8b4cd4e8 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/job.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/job.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
@@ -14,6 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -38,5 +40,5 @@ spec:
       restartPolicy: Never
       containers:
       - name: dcae-cleanup
-        image: {{ include "common.repository" . }}/{{ .Values.cleanupImage }}
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.cleanupImage }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
\ No newline at end of file
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml
index 57cbe89cc1..960ec786b2 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
@@ -15,7 +16,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
-
+*/}}
 {{ if .Values.dcae_ns}}
 # Create the namespace
 apiVersion: v1
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/pv.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/pv.yaml
index 0dd128fd4d..95c841a9fd 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/pv.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/pv.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
@@ -15,6 +16,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
 {{- if eq "True" (include "common.needPV" .) }}
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/pvc.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/pvc.yaml
index c4de971f39..3fbdc91d66 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/pvc.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/pvc.yaml
@@ -1,3 +1,4 @@
+{{/*
 # ================================================================================
 # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
 # ================================================================================
@@ -13,6 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
 kind: PersistentVolumeClaim
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml
index dee9200eff..91666c1422 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
@@ -15,6 +16,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 {{ if .Values.dcae_ns}}
 apiVersion: v1
@@ -28,7 +30,7 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 data:
-  .dockercfg: {{ include "common.repository.secret" . }}
+  .dockercfg: {{ include "repositoryGenerator.secret" . }}
 type: kubernetes.io/dockercfg
 ---
 {{ end }}
@@ -41,3 +43,5 @@ metadata:
   annotations:
     kubernetes.io/service-account.name: default
 type: kubernetes.io/service-account-token
+---
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/service.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/service.yaml
index 525931e109..3a28616687 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/service.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
@@ -15,6 +16,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
index b7ea4c9e6f..fd4e1217c4 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
@@ -1,7 +1,8 @@
 #============LICENSE_START========================================================
 # ================================================================================
-# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
 # Modifications Copyright © 2018 Amdocs, Bell Canada
+# Copyright (c) 2020 J. F. Lucas.  All rights reserved.
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -22,17 +23,20 @@
 global:
   nodePortPrefix: 302
   persistence: {}
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  tlsRepository: nexus3.onap.org:10001
   tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
   repositoryCred:
     user: docker
     password: docker
 
+secrets:
+  - uid: 'cm-pass'
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+    password: '{{ .Values.config.cloudifyManagerPassword }}'
+    policy: required
+
 config:
+  cloudifyManagerPassword: "override me"
   logstashServiceName: log-ls
   logstashPort: 5044
   # Addresses of other ONAP entities
@@ -45,8 +49,7 @@ config:
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.cm-container:3.0.0
+image: onap/org.onap.dcaegen2.deployments.cm-container:3.3.4
 pullPolicy: Always
 
 # name of shared ConfigMap with kubeconfig for multiple clusters
@@ -62,6 +65,7 @@ cleanupImage: onap/org.onap.dcaegen2.deployments.dcae-k8s-cleanup-container:1.0.
 liveness:
   initialDelaySeconds: 10
   periodSeconds: 10
+  timeoutSeconds: 5
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
   # liveness not desirable for Cloudify Manager container
@@ -69,7 +73,13 @@ liveness:
 
 readiness:
   initialDelaySeconds: 60
-  periodSeconds: 10
+  # In some environments we see CM coming up
+  # properly but readiness probe timing out.
+  # Increasing the timeout and adjusting the
+  # period so it's longer than the timeout.
+  # (DCAEGEN2-2465)
+  periodSeconds: 30
+  timeoutSeconds: 10
 
 service:
   type: ClusterIP
@@ -80,21 +90,23 @@ service:
 # Resource Limit flavor -By Default using small
 flavor: small
 # Segregation for Different environment (Small and Large)
+# Due to memory issues in ONAP integration environment,
+# we've increased the memory amounts for both flavors.
 resources:
   small:
     limits:
       cpu: 2
-      memory: 2Gi
+      memory: 4Gi
     requests:
       cpu: 1
-      memory: 1Gi
+      memory: 2Gi
   large:
     limits:
       cpu: 4
-      memory: 4Gi
+      memory: 8Gi
     requests:
       cpu: 2
-      memory: 2Gi
+      memory: 4Gi
   unlimited: {}
 # Kubernetes namespace for components deployed via Cloudify manager
 # If empty, use the common namespace
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml
index caff1e5dc4..c2681fb217 100644
--- a/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml
@@ -17,3 +17,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/resources/config/log/filebeat/filebeat.yml b/kubernetes/dcaegen2/components/dcae-config-binding-service/resources/config/log/filebeat/filebeat.yml
index 1a3f693a12..06e553d9d4 100644
--- a/kubernetes/dcaegen2/components/dcae-config-binding-service/resources/config/log/filebeat/filebeat.yml
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/resources/config/log/filebeat/filebeat.yml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
@@ -15,6 +16,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 filebeat.prospectors:
 #it is mandatory, in our case it's log
 - input_type: log
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/configmap.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/configmap.yaml
index af4948d925..67fcce4d53 100644
--- a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/configmap.yaml
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2019 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml
index 959c7f4826..65d0b36927 100644
--- a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
@@ -14,6 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -38,10 +40,10 @@ spec:
     spec:
       initContainers:
         - name: {{ include "common.name" . }}-readiness
-          image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+          image: {{ include "repositoryGenerator.image.readiness" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
-            - /root/ready.py
+            - /app/ready.py
           args:
             - --container-name
             - consul-server
@@ -65,7 +67,7 @@ spec:
               fieldRef:
                 apiVersion: v1
                 fieldPath: status.podIP
-          image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tlsImage }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           resources: {}
           volumeMounts:
@@ -75,7 +77,7 @@ spec:
       containers:
         {{- if .Values.service.secure.enabled }}
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           resources:
 {{ include "common.resources" . | indent 12 }}
@@ -89,7 +91,7 @@ spec:
               port: {{ .Values.service.secure.internalPort }}
             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
             periodSeconds: {{ .Values.liveness.periodSeconds }}
-          {{ end -}}
+          {{ end }}
           readinessProbe:
             httpGet:
               scheme: "HTTPS"
@@ -112,7 +114,7 @@ spec:
             - name: HTTPS_KEY_PATH
               value: "/opt/tls/key.pem"
         - name: {{ include "common.name" . }}-fb-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-fb-conf
@@ -125,7 +127,7 @@ spec:
         {{ end }}
         {{- if .Values.service.insecure.enabled }}
         - name: {{ include "common.name" . }}-insecure
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           resources:
 {{ include "common.resources" . | indent 12 }}
@@ -139,7 +141,7 @@ spec:
               port: {{ .Values.service.insecure.internalPort }}
             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
             periodSeconds: {{ .Values.liveness.periodSeconds }}
-          {{ end -}}
+          {{ end }}
           readinessProbe:
             httpGet:
               scheme: "HTTP"
@@ -154,7 +156,7 @@ spec:
             - name: CONSUL_HOST
               value: consul.{{ include "common.namespace" . }}
         - name: {{ include "common.name" . }}-fb-onap-i
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-fb-conf
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/service.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/service.yaml
index 5ca5035f87..c4cc0a9902 100644
--- a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/service.yaml
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
@@ -14,6 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml
index a27fba52ae..63f96044fa 100644
--- a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml
@@ -21,15 +21,7 @@
 global:
   nodePortPrefix: 302
   nodePortPrefixExt: 304
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  tlsRepository: nexus3.onap.org:10001
   tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-  repositoryCred:
-    user: docker
-    password: docker
 
 config:
   logstashServiceName: log-ls
@@ -44,8 +36,7 @@ config:
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.configbinding:2.5.2
+image: onap/org.onap.dcaegen2.platform.configbinding:2.5.3
 pullPolicy: Always
 
 # probe configuration parameters
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml
index 07787a8206..cbc9a739c5 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
   - name: postgres
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/resources/log/filebeat.yml b/kubernetes/dcaegen2/components/dcae-dashboard/resources/log/filebeat.yml
index 0e5ee9bffa..1e33eb3684 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/resources/log/filebeat.yml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/resources/log/filebeat.yml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
@@ -15,6 +16,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 filebeat.prospectors:
 #it is mandatory, in our case it's log
 - input_type: log
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/configmap.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/configmap.yaml
index 41d5826e13..958e810178 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/configmap.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2019 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
index 9765b62ae2..e93f8d8fb9 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
@@ -1,6 +1,7 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,6 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -38,10 +40,10 @@ spec:
     spec:
       initContainers:
         - name: {{ include "common.name" . }}-readiness
-          image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+          image: {{ include "repositoryGenerator.image.readiness" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
-            - /root/ready.py
+            - /app/ready.py
           args:
           - --container-name
           - dcae-cloudify-manager
@@ -70,7 +72,7 @@ spec:
                 fieldPath: status.podIP
           - name: aaf_locator_fqdn
             value: dcae
-          image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tlsImage }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           resources: {}
           volumeMounts:
@@ -78,7 +80,7 @@ spec:
               name: tls-info
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           resources:
 {{ include "common.resources" . | indent 12 }}
@@ -105,7 +107,7 @@ spec:
             successThreshold: 1
             timeoutSeconds: 1
           volumeMounts:
-            - mountPath: /usr/local/share/ca-certificates/
+            - mountPath: /opt/app/osaaf/
               name: tls-info
             - mountPath: /opt/logs/dcae/dashboard
               name: component-log
@@ -119,7 +121,7 @@ spec:
             - name: postgres_port
               value: "{{ .Values.postgres.config.pgPort }}"
             - name: cloudify_password
-              value: admin
+              {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }}
             - name: dhandler_url
               value: {{ .Values.config.dhandler_url }}
             - name: cfy_url
@@ -148,7 +150,7 @@ spec:
                 fieldRef:
                   apiVersion: v1
                   fieldPath: status.podIP
-          image: {{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: IfNotPresent
           resources: {}
           volumeMounts:
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml
index b143034d8f..34932b713d 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml
@@ -1,16 +1,17 @@
 {{/*
 # Copyright © 2020 Samsung Electronics
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# #       http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 */}}
+
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/service.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/service.yaml
index ce13081f2f..9cd3197f3b 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/service.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
@@ -14,6 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
index 8e3f94dc64..e92e415414 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
@@ -20,11 +20,6 @@
 #################################################################
 global:
   nodePortPrefixExt: 304
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  tlsRepository: nexus3.onap.org:10001
   tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
 
 secrets:
@@ -35,8 +30,14 @@ secrets:
     login: '{{ .Values.postgres.config.pgUserName }}'
     password: '{{ .Values.postgres.config.pgUserPassword }}'
     passwordPolicy: generate
+  - uid: 'cm-pass'
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+    password: '{{ .Values.config.cloudifyManagerPassword }}'
+    policy: required
 
 config:
+  cloudifyManagerPassword: "override me"
   logstashServiceName: log-ls
   logstashPort: 5044
   dhandler_url: https://deployment-handler:8443
@@ -52,8 +53,7 @@ config:
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.3.2
+image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.4.0
 pullPolicy: Always
 
 # probe configuration parameters
diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml
index c8d76a0823..8ba2ea88d3 100644
--- a/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml
@@ -17,3 +17,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/resources/log/filebeat.yml b/kubernetes/dcaegen2/components/dcae-deployment-handler/resources/log/filebeat.yml
index 0e5ee9bffa..1e33eb3684 100644
--- a/kubernetes/dcaegen2/components/dcae-deployment-handler/resources/log/filebeat.yml
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/resources/log/filebeat.yml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
@@ -15,6 +16,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 filebeat.prospectors:
 #it is mandatory, in our case it's log
 - input_type: log
diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/resources/log4js/log4js.json b/kubernetes/dcaegen2/components/dcae-deployment-handler/resources/log4js/log4js.json
new file mode 100644
index 0000000000..a93c8c5bbe
--- /dev/null
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/resources/log4js/log4js.json
@@ -0,0 +1,32 @@
+{
+	"appenders": {
+		"out": {"type": "stdout"},
+		"audit": {
+			"type": "file",
+			"filename": "log/audit.log",
+			"maxLogSize": 10240000,
+			"backups": 10,
+			"layout": {
+				"type": "messagePassThrough"
+			}
+		},
+		"metrics": {
+			"type": "file",
+			"filename": "log/metrics.log",
+			"maxLogSize": 10240000,
+			"backups": 10,
+			"layout": {
+				"type": "messagePassThrough"
+			}
+		},
+		"error": {"type": "stdout"},
+		"debug": {"type": "stdout"}
+	},
+	"categories": {
+		"default": {"appenders": ["out"], "level": "debug"},
+		"audit": {"appenders": ["audit"], "level": "info"},
+		"metrics": {"appenders": ["metrics"], "level": "info"},
+		"error": {"appenders": ["error"], "level": "error"},
+		"debug": {"appenders": ["debug"], "level": "debug"}
+	}
+}
\ No newline at end of file
diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/configmap.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/configmap.yaml
index 789c634956..cda7029319 100644..100755
--- a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/configmap.yaml
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/configmap.yaml
@@ -1,5 +1,7 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2019 AT&T
+# Modifications Copyright © 2020 Nokia
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,6 +14,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -31,4 +34,12 @@ metadata:
   name: {{include "common.fullname" . }}-filebeat-configmap
   namespace: {{include "common.namespace" . }}
 data:
-{{ tpl (.Files.Glob "resources/log/*").AsConfig . | indent 2 }}
\ No newline at end of file
+{{ tpl (.Files.Glob "resources/log/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{include "common.fullname" . }}-log4js-configmap
+  namespace: {{include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/log4js/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml
index ec3c72d042..1b39dc6e2f 100644..100755
--- a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml
@@ -1,6 +1,8 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2020 Nokia
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,6 +16,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -38,10 +41,10 @@ spec:
     spec:
       initContainers:
         - name: {{ include "common.name" . }}-readiness
-          image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+          image: {{ include "repositoryGenerator.image.readiness" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
-            - /root/ready.py
+            - /app/ready.py
           args:
           - --container-name
           - dcae-cloudify-manager
@@ -66,14 +69,14 @@ spec:
                 fieldPath: status.podIP
           - name: aaf_locator_fqdn
             value: dcae
-          image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tlsImage }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           resources: {}
           volumeMounts:
             - mountPath: /opt/app/osaaf
               name: tls-info
         - name: init-consul
-          image: {{ .Values.global.consulLoaderRepository }}/{{ .Values.global.consulLoaderImage }}
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.consulLoaderImage }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           args:
           - --service
@@ -88,7 +91,7 @@ spec:
               name: dh-config
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           resources:
 {{ include "common.resources" . | indent 12 }}
@@ -115,13 +118,15 @@ spec:
               name: component-log
             - mountPath: /opt/app/dh/etc/cert/
               name: tls-info
+            - mountPath: /opt/app/dh/etc/
+              name: log4js-conf
           env:
             - name: CONSUL_HOST
               value: consul-server.{{ include "common.namespace" . }}
             - name: CLOUDIFY_USER
               value: admin
             - name: CLOUDIFY_PASSWORD
-              value: admin
+              {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }}
             - name: CONFIG_BINDING_SERVICE
               value: config-binding-service
             - name: NODE_EXTRA_CA_CERTS
@@ -138,7 +143,7 @@ spec:
                 fieldRef:
                   apiVersion: v1
                   fieldPath: status.podIP
-          image: {{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: IfNotPresent
           resources: {}
           volumeMounts:
@@ -164,5 +169,9 @@ spec:
             defaultMode: 422
             name: {{ include "common.fullname" . }}-configmap
           name: dh-config
+        - configMap:
+            defaultMode: 420
+            name: {{include "common.fullname" . }}-log4js-configmap
+          name: log4js-conf
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdnc/charts/dmaap-listener/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/secrets.yaml
index 34932b713d..34932b713d 100644
--- a/kubernetes/sdnc/charts/dmaap-listener/templates/secret.yaml
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/secrets.yaml
diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/service.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/service.yaml
index 420c0ee96f..cca0b640bb 100644
--- a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/service.yaml
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
@@ -14,6 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml
index 8a3440dae5..a32214faf3 100644
--- a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml
@@ -20,19 +20,18 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  tlsRepository: nexus3.onap.org:10001
   tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-  consulLoaderRepository: nexus3.onap.org:10001
   consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
-  repositoryCred:
-    user: docker
-    password: docker
+
+secrets:
+  - uid: 'cm-pass'
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+    password: '{{ .Values.config.cloudifyManagerPassword }}'
+    policy: required
 
 config:
+  cloudifyManagerPassword: "override me"
   logstashServiceName: log-ls
   logstashPort: 5044
   # Addresses of other ONAP entities
@@ -45,8 +44,7 @@ config:
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.deployment-handler:4.3.0
+image: onap/org.onap.dcaegen2.platform.deployment-handler:4.4.1
 pullPolicy: Always
 
 # probe configuration parameters
diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml
index 6f858bda03..45dddcfbd1 100644
--- a/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml
@@ -20,3 +20,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml
index d277c7a71e..9514f41b86 100644
--- a/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
@@ -15,6 +16,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -39,7 +41,7 @@ spec:
     spec:
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           resources:
 {{ include "common.resources" . | indent 12 }}
diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/templates/service.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/templates/service.yaml
index a71e084535..f0d1bbb3c7 100644
--- a/kubernetes/dcaegen2/components/dcae-healthcheck/templates/service.yaml
+++ b/kubernetes/dcaegen2/components/dcae-healthcheck/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
@@ -15,6 +16,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml
index ca9486f715..a083694767 100644
--- a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml
@@ -2,6 +2,7 @@
 #=================================================================================
 # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
 # Modifications Copyright © 2018 Amdocs, Bell Canada
+# Modifications Copyright © 2020 Nokia
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -21,10 +22,6 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
 
 service:
   name: dcae-healthcheck
@@ -44,8 +41,7 @@ readiness:
   initialDelaySeconds: 10
   periodSeconds: 10
 # application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.0.0
+image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.1.0
 
 # Resource Limit flavor -By Default using small
 flavor: small
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml
index 653d523472..f841401e7f 100644
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml
@@ -20,4 +20,6 @@ dependencies:
   - name: postgres
     version: ~6.x-0
     repository: '@local'
-    alias: postgres
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/resources/log/filebeat.yml b/kubernetes/dcaegen2/components/dcae-inventory-api/resources/log/filebeat.yml
index 0e5ee9bffa..1e33eb3684 100644
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/resources/log/filebeat.yml
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/resources/log/filebeat.yml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
@@ -15,6 +16,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 filebeat.prospectors:
 #it is mandatory, in our case it's log
 - input_type: log
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/configmap.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/configmap.yaml
index 5b7a244835..81bac5465e 100644
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/configmap.yaml
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2019 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml
index 29d6207c9b..d25d63c361 100644
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
@@ -14,6 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -52,15 +54,15 @@ spec:
             name: {{ include "common.fullname" . }}-inv-config-input
           - mountPath: /config
             name: {{ include "common.fullname" . }}-inv-config
-          image: "{{ .Values.global.envsubstImage }}"
+          image: {{ include "repositoryGenerator.image.envsubst" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           name: {{ include "common.name" . }}-update-config
 
         - name: {{ include "common.name" . }}-readiness
-          image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+          image: {{ include "repositoryGenerator.image.readiness" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
-            - /root/ready.py
+            - /app/ready.py
           args:
             - --container-name
             - {{ .Values.postgres.nameOverride }}
@@ -83,7 +85,7 @@ spec:
               fieldRef:
                 apiVersion: v1
                 fieldPath: status.podIP
-          image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tlsImage }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           resources: {}
           volumeMounts:
@@ -91,7 +93,7 @@ spec:
               name: tls-info
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           # Assumes that the Docker image is built with ENTRYPOINT set to
           # ["java", "-jar", "/opt/inventory-api-x.y.z.jar", "server"]
@@ -139,7 +141,7 @@ spec:
                 fieldRef:
                   apiVersion: v1
                   fieldPath: status.podIP
-          image: {{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: IfNotPresent
           resources: {}
           volumeMounts:
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/service.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/service.yaml
index 420c0ee96f..cca0b640bb 100644
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/service.yaml
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
@@ -14,6 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
index a26ae5d196..7abf0ca745 100644
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
@@ -20,16 +20,7 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  tlsRepository: nexus3.onap.org:10001
   tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-  envsubstImage: dibi/envsubst
-  repositoryCred:
-    user: docker
-    password: docker
 
 secrets:
   - uid: pg-user-creds
@@ -53,8 +44,7 @@ config:
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.inventory-api:3.4.1
+image: onap/org.onap.dcaegen2.platform.inventory-api:3.5.1
 
 pullPolicy: Always
 
diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml
index c8d76a0823..8ba2ea88d3 100644
--- a/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml
@@ -17,3 +17,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/resources/log/filebeat.yml b/kubernetes/dcaegen2/components/dcae-policy-handler/resources/log/filebeat.yml
index 1a3f693a12..06e553d9d4 100644
--- a/kubernetes/dcaegen2/components/dcae-policy-handler/resources/log/filebeat.yml
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/resources/log/filebeat.yml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
@@ -15,6 +16,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 filebeat.prospectors:
 #it is mandatory, in our case it's log
 - input_type: log
diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/configmap.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/configmap.yaml
index 789c634956..1a3a7fd302 100644
--- a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/configmap.yaml
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2019 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml
index c39b12cd6c..a4becb5e4f 100644
--- a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml
@@ -1,6 +1,7 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,6 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -38,17 +40,17 @@ spec:
     spec:
       initContainers:
         - name: {{ include "common.name" . }}-readiness
-          image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+          image: {{ include "repositoryGenerator.image.readiness" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
-            - /root/ready.py
+            - /app/ready.py
           args:
           - --container-name
           - dcae-deployment-handler
           - --container-name
           - consul-server
           - --container-name
-          - pdp
+          - policy-xacml-pdp
           - "-t"
           - "45"
           env:
@@ -66,14 +68,14 @@ spec:
                 fieldPath: status.podIP
           - name: aaf_locator_fqdn
             value: dcae
-          image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tlsImage }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           resources: {}
           volumeMounts:
             - mountPath: /opt/app/osaaf
               name: tls-info
         - name: init-consul
-          image: {{ .Values.global.consulLoaderRepository }}/{{ .Values.global.consulLoaderImage }}
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.consulLoaderImage }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           args:
           - --key
@@ -84,7 +86,7 @@ spec:
               name: ph-config
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           resources:
 {{ include "common.resources" . | indent 12 }}
@@ -117,7 +119,7 @@ spec:
             - name: CLOUDIFY_USER
               value: admin
             - name: CLOUDIFY_PASSWORD
-              value: admin
+              {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }}
             - name: CONFIG_BINDING_SERVICE
               value: config-binding-service
             - name: POD_IP
@@ -132,7 +134,7 @@ spec:
                 fieldRef:
                   apiVersion: v1
                   fieldPath: status.podIP
-          image: {{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: IfNotPresent
           resources: {}
           volumeMounts:
diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/secrets.yaml
index 34932b713d..34932b713d 100644
--- a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/secret.yaml
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/secrets.yaml
diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/service.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/service.yaml
index 420c0ee96f..cca0b640bb 100644
--- a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/service.yaml
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
@@ -14,6 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
index 717497f4d4..95bbe1e5ff 100644
--- a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
@@ -20,19 +20,18 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  tlsRepository: nexus3.onap.org:10001
   tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-  consulLoaderRepository: nexus3.onap.org:10001
   consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
-  repositoryCred:
-    user: docker
-    password: docker
+
+secrets:
+  - uid: 'cm-pass'
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+    password: '{{ .Values.config.cloudifyManagerPassword }}'
+    policy: required
 
 config:
+  cloudifyManagerPassword: "override me"
   logstashServiceName: log-ls
   logstashPort: 5044
   # Addresses of other ONAP entities
@@ -46,7 +45,6 @@ config:
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
 image: onap/org.onap.dcaegen2.platform.policy-handler:5.1.0
 pullPolicy: Always
 
diff --git a/kubernetes/dcaegen2/components/dcae-redis/requirements.yaml b/kubernetes/dcaegen2/components/dcae-redis/requirements.yaml
deleted file mode 100644
index c593f60ae4..0000000000
--- a/kubernetes/dcaegen2/components/dcae-redis/requirements.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
-  - name: common
-    version: ~6.x-0
-    repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-redis/resources/redis/scripts/redis-cluster-config.sh b/kubernetes/dcaegen2/components/dcae-redis/resources/redis/scripts/redis-cluster-config.sh
deleted file mode 100755
index 49872863a9..0000000000
--- a/kubernetes/dcaegen2/components/dcae-redis/resources/redis/scripts/redis-cluster-config.sh
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/bin/bash
-# ================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-(if [[ "$HOSTNAME" == *{{.Chart.Name}}-0 ]]; then
-  echo "delay by 10 seconds for redis server starting"
-  sleep 10
-
-  NODES=""
-  echo "====> wait for all {{.Values.replicaCount}} redis pods up"
-  while [ "$(echo $NODES | wc -w)" -lt {{.Values.replicaCount}} ]
-  do
-    echo "======> $(echo $NODES |wc -w) / {{.Values.replicaCount}} pods up"
-    sleep 5
-    RESP=$(wget -vO- --ca-certificate /var/run/secrets/kubernetes.io/serviceaccount/ca.crt  --header "Authorization: Bearer $(</var/run/secrets/kubernetes.io/serviceaccount/token)" https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/api/v1/namespaces/{{.Release.Namespace}}/pods?labelSelector=app={{.Chart.Name}})
-
-    IPS=$(echo $RESP | jq -r '.items[].status.podIP')
-    IPS2=$(echo $IPS | sed -e 's/[a-zA-Z]*//g')
-    echo "======> IPs: ["$IPS2"]"
-    NODES=""
-    for I in $IPS2; do NODES="$NODES $I:{{.Values.service.externalPort}}"; done
-    echo "======> nodes: ["$NODES"]"
-  done
-  echo "====> all {{.Values.replicaCount}} redis cluster pods are up. wait 10 seconds before the next step"; echo
-  sleep 10
-
-  echo "====> Configure the cluster"
-
-  # $NODES w/o quotes
-  echo "======> nodes: [$(echo $NODES |paste -s)]"
-  redis-trib create --replicas 1 $(echo $NODES |paste -s)
-fi ) &
-
-redis-server /conf/redis.conf
-
diff --git a/kubernetes/dcaegen2/components/dcae-redis/templates/NOTES.txt b/kubernetes/dcaegen2/components/dcae-redis/templates/NOTES.txt
deleted file mode 100644
index 0a386aa131..0000000000
--- a/kubernetes/dcaegen2/components/dcae-redis/templates/NOTES.txt
+++ /dev/null
@@ -1,34 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# #       http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/dcaegen2/components/dcae-redis/templates/configmap.yaml b/kubernetes/dcaegen2/components/dcae-redis/templates/configmap.yaml
deleted file mode 100644
index 85ebee672b..0000000000
--- a/kubernetes/dcaegen2/components/dcae-redis/templates/configmap.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-data:
-  redis.conf: |+
-    cluster-enabled yes
-    cluster-require-full-coverage no
-    cluster-node-timeout 15000
-    cluster-config-file /data/nodes.conf
-    cluster-migration-barrier 1
-    appendonly yes
-    protected-mode no
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-scripts
-  namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/redis/scripts/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/dcaegen2/components/dcae-redis/templates/pv.yaml b/kubernetes/dcaegen2/components/dcae-redis/templates/pv.yaml
deleted file mode 100644
index 72bad411db..0000000000
--- a/kubernetes/dcaegen2/components/dcae-redis/templates/pv.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# #       http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-{{- $global := . }}
-{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) }}
-{{- range $i := until (int $global.Values.replicaCount)}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  name: {{ include "common.fullname" $global }}-data-{{$i}}
-  namespace: {{ include "common.namespace" $global }}
-  labels:
-    app: {{ include "common.fullname" $global }}
-    chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
-    release: "{{ include "common.release" $global }}"
-    heritage: "{{ $global.Release.Service }}"
-    name: {{ include "common.fullname" $global }}
-spec:
-  capacity:
-    storage: {{ $global.Values.persistence.size}}
-  accessModes:
-    - {{ $global.Values.persistence.accessMode }}
-  persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
-  storageClassName: "{{ include "common.fullname" $global }}-data"
-  hostPath:
-    path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}}
-{{if ne $i (int $global.Values.replicaCount) }}
----
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/dcaegen2/components/dcae-redis/templates/service.yaml b/kubernetes/dcaegen2/components/dcae-redis/templates/service.yaml
deleted file mode 100644
index 31c1c22b17..0000000000
--- a/kubernetes/dcaegen2/components/dcae-redis/templates/service.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "common.servicename" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-  annotations:
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    {{if eq .Values.service.type "NodePort" -}}
-    - port: {{ .Values.service.externalPort }}
-      #Example internal target port if required
-      #targetPort: {{ .Values.service.internalPort }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
-      name: {{ .Values.service.portName }}
-    - port: {{ .Values.service.externalPort2 }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
-      name: {{ .Values.service.portName2 }}
-    {{- else -}}
-    - port: {{ .Values.service.externalPort }}
-      targetPort: {{ .Values.service.internalPort }}
-      name: {{ .Values.service.portName }}
-    - port: {{ .Values.service.externalPort2 }}
-      targetPort: {{ .Values.service.internalPort2 }}
-      name: {{ .Values.service.portName2 }}
-    {{- end}}
-  selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
diff --git a/kubernetes/dcaegen2/components/dcae-redis/templates/statefulset.yaml b/kubernetes/dcaegen2/components/dcae-redis/templates/statefulset.yaml
deleted file mode 100644
index d4ac832e09..0000000000
--- a/kubernetes/dcaegen2/components/dcae-redis/templates/statefulset.yaml
+++ /dev/null
@@ -1,125 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# #       http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-spec:
-  serviceName: {{ .Values.service.name }}
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      app: {{ include "common.name" . }}
-  template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
-    spec:
-      initContainers:
-      containers:
-        - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          command:
-          - /bin/sh
-          - -c
-          - |
-            /opt/scripts/redis-cluster-config.sh
-          ports:
-          - containerPort: {{ .Values.service.internalPort }}
-            name: {{ .Values.service.name }}
-          - containerPort: {{ .Values.service.internalPort2 }}
-            name: {{ .Values.service.name2 }}
-          # disable liveness probe when breakpoints set in debugger
-          # so K8s doesn't restart unresponsive container
-          {{- if eq .Values.liveness.enabled true }}
-          livenessProbe:
-            exec:
-              command:
-              - sh
-              - -c
-              - "redis-cli -h $(hostname) ping"
-            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
-            periodSeconds: {{ .Values.liveness.periodSeconds }}
-            timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
-          {{end -}}
-          readinessProbe:
-            tcpSocket:
-              port: {{ .Values.service.internalPort }}
-            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
-            periodSeconds: {{ .Values.readiness.periodSeconds }}
-          env:
-          volumeMounts:
-          - mountPath: /etc/localtime
-            name: localtime
-            readOnly: true
-          - mountPath: /conf
-            name: {{ include "common.fullname" . }}-config
-          - mountPath: /data
-            name: {{ include "common.fullname" . }}-data
-          - mountPath: /opt/scripts
-            name: {{ include "common.fullname" . }}-scripts
-          resources:
-{{ include "common.resources" . | indent 12 }}
-        {{- if .Values.nodeSelector }}
-        nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
-        {{- end -}}
-        {{- if .Values.affinity }}
-        affinity:
-{{ toYaml .Values.affinity | indent 10 }}
-        {{- end }}
-      volumes:
-      - name: {{ include "common.fullname" . }}-config
-        configMap:
-          name: {{ include "common.fullname" . }}
-          items:
-          - key: redis.conf
-            path: redis.conf
-      - name: {{ include "common.fullname" . }}-scripts
-        configMap:
-          name: {{ include "common.fullname" . }}-scripts
-          defaultMode: 0755
-      - name: localtime
-        hostPath:
-          path: /etc/localtime
-      {{- if not .Values.persistence.enabled }}
-      - name: {{ include "common.fullname" . }}-data
-        emptyDir: {}
-      {{- end }}
-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
-  {{- if .Values.persistence.enabled }}
-  volumeClaimTemplates:
-  - metadata:
-      name: {{ include "common.fullname" . }}-data
-      labels:
-        name: {{ include "common.fullname" . }}
-    spec:
-      accessModes:
-      - {{ .Values.persistence.accessMode | quote }}
-      storageClassName: {{ include "common.storageClass" . }}
-      resources:
-        requests:
-          storage: {{ .Values.persistence.size | quote}}
-  {{- end }}
diff --git a/kubernetes/dcaegen2/components/dcae-redis/values.yaml b/kubernetes/dcaegen2/components/dcae-redis/values.yaml
deleted file mode 100644
index 3daa740312..0000000000
--- a/kubernetes/dcaegen2/components/dcae-redis/values.yaml
+++ /dev/null
@@ -1,121 +0,0 @@
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
-  nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  persistence: {}
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.redis-cluster-container:1.0.0
-pullPolicy: Always
-
-# application configuration
-# Example:
-config: {}
-
-# default number of instances
-replicaCount: 3
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
-  initialDelaySeconds: 60
-  periodSeconds: 10
-  timeoutSeconds: 10
-  # necessary to disable liveness probe when setting breakpoints
-  # in debugger so K8s doesn't restart unresponsive container
-  enabled: true
-
-readiness:
-  initialDelaySeconds: 15
-  periodSeconds: 10
-
-service:
-  #Example service definition with external, internal and node ports.
-  #Services may use any combination of ports depending on the 'type' of
-  #service being defined.
-  type: ClusterIP
-  name: dcae-redis
-  portName: client
-  externalPort: 6379
-  internalPort: 6379
-  portName2: gossip
-  externalPort2: 16379
-  internalPort2: 16379
-
-## Persist data to a persitent volume
-persistence:
-  enabled: true
-
-  ## A manually managed Persistent Volume and Claim
-  ## Requires persistence.enabled: true
-  ## If defined, PVC must be created manually before volume will be bound
-  # existingClaim:
-  volumeReclaimPolicy: Retain
-
-  ## database data Persistent Volume Storage Class
-  ## If defined, storageClassName: <storageClass>
-  ## If set to "-", storageClassName: "", which disables dynamic provisioning
-  ## If undefined (the default) or set to null, no storageClassName spec is
-  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
-  ##   GKE, AWS & OpenStack)
-  accessMode: ReadWriteOnce
-  size: 10Mi
-  mountPath: /dockerdata-nfs
-  mountSubPath: redis/data
-
-ingress:
-  enabled: false
-  service:
-    - baseaddr: "dcaeredis"
-      name: "dcae-redis"
-      port: 6379
-    - baseaddr: "dcaeredisgossip"
-      name: "dcae-redis"
-      port: 16379
-  config:
-    ssl: "none"
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
-  small:
-    limits:
-      cpu: 2
-      memory: 2Gi
-    requests:
-      cpu: 1
-      memory: 1Gi
-  large:
-    limits:
-      cpu: 4
-      memory: 4Gi
-    requests:
-      cpu: 2
-      memory: 2Gi
-  unlimited: {}
diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml
index caff1e5dc4..bdc19209e7 100644
--- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml
@@ -17,3 +17,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/configmap.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/configmap.yaml
index 96ba64f945..a2da32d051 100644
--- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/configmap.yaml
+++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2019 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml
index d880433ef3..7c55628f25 100644
--- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
@@ -14,6 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -38,17 +40,17 @@ spec:
     spec:
       initContainers:
         - name: {{ include "common.name" . }}-readiness
-          image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+          image: {{ include "repositoryGenerator.image.readiness" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
-            - /root/ready.py
+            - /app/ready.py
           args:
             - --container-name
             - "dcae-inventory-api"
             - --container-name
             - "message-router"
             - --container-name
-            - "sdc-dcae-be"
+            - "sdc-be"
             - "-t"
             - "45"
           env:
@@ -64,7 +66,7 @@ spec:
               fieldRef:
                 apiVersion: v1
                 fieldPath: status.podIP
-          image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tlsImage }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           resources: {}
           volumeMounts:
@@ -72,7 +74,7 @@ spec:
               name: tls-info
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           resources:
 {{ include "common.resources" . | indent 12 }}
diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml
index 63ce3db3fc..c363626666 100644
--- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml
@@ -1,6 +1,6 @@
 #============LICENSE_START========================================================
 # ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -20,15 +20,7 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  tlsRepository: nexus3.onap.org:10001
   tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-  repositoryCred:
-    user: docker
-    password: docker
 
 config:
   logstashServiceName: log-ls
@@ -41,8 +33,7 @@ config:
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.servicechange-handler:1.3.2
+image: onap/org.onap.dcaegen2.platform.servicechange-handler:1.4.0
 
 pullPolicy: Always
 
@@ -94,4 +85,4 @@ resources:
   unlimited: {}
 # Kubernetes namespace for components deployed via Cloudify manager
 # If empty, use the common namespace
-# dcae_ns: "dcae"
+# dcae_ns: "dcae"
\ No newline at end of file
diff --git a/kubernetes/dcaegen2/requirements.yaml b/kubernetes/dcaegen2/requirements.yaml
index 55931dc331..82629f7e21 100644
--- a/kubernetes/dcaegen2/requirements.yaml
+++ b/kubernetes/dcaegen2/requirements.yaml
@@ -32,10 +32,6 @@ dependencies:
     version: ~6.x-0
     repository: 'file://components/dcae-healthcheck'
     condition: dcae-healthcheck.enabled
-  - name: dcae-redis
-    version: ~6.x-0
-    repository: 'file://components/dcae-redis'
-    condition: dcae-redis.enabled
   - name: dcae-servicechange-handler
     version: ~6.x-0
     repository: 'file://components/dcae-servicechange-handler'
diff --git a/kubernetes/dcaegen2/resources/expected-components.json b/kubernetes/dcaegen2/resources/expected-components.json
index fd3d04fcb8..d89203b070 100644
--- a/kubernetes/dcaegen2/resources/expected-components.json
+++ b/kubernetes/dcaegen2/resources/expected-components.json
@@ -1,10 +1,10 @@
 [
 {{- $ctx := . }}
-{{- $components := tuple "dcae-cloudify-manager" "dcae-config-binding-service" "dcae-dashboard" "dcae-deployment-handler" "dcae-inventory-api" "dcae-policy-handler" "dcae-redis" "dcae-servicechange-handler" }}
+{{- $components := tuple "dcae-cloudify-manager" "dcae-config-binding-service" "dcae-dashboard" "dcae-deployment-handler" "dcae-inventory-api" "dcae-policy-handler" "dcae-servicechange-handler" }}
 {{- range $i, $v := $components }}
 {{- if index $ctx.Values . "enabled" }}
 {{- if $i }},{{ end }}
 {{ $v | quote | indent 2 }}
 {{- end -}}
 {{- end }}
-]
\ No newline at end of file
+]
diff --git a/kubernetes/dcaegen2/templates/configmap.yaml b/kubernetes/dcaegen2/templates/configmap.yaml
index b315443c70..4a1877f02e 100644
--- a/kubernetes/dcaegen2/templates/configmap.yaml
+++ b/kubernetes/dcaegen2/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
@@ -14,6 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/sdnc/charts/ueb-listener/templates/secret.yaml b/kubernetes/dcaegen2/templates/secrets.yaml
index 34932b713d..34932b713d 100644
--- a/kubernetes/sdnc/charts/ueb-listener/templates/secret.yaml
+++ b/kubernetes/dcaegen2/templates/secrets.yaml
diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml
index c66a786537..d4007ad0f6 100644
--- a/kubernetes/dcaegen2/values.yaml
+++ b/kubernetes/dcaegen2/values.yaml
@@ -1,5 +1,6 @@
 # Copyright © 2018 Amdocs, Bell Canada
 # Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -18,33 +19,50 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  tlsRepository: nexus3.onap.org:10001
   tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-  consulLoaderRepository: nexus3.onap.org:10001
   consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
-  busyboxRepository: docker.io
-  busyboxImage: library/busybox:1.30
-redis:
-  replicaCount: 6
 
-# Enable all DCAE components except redis by default
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+- name: &cmPassSecretName '{{ include "common.release" . }}-dcaegen2-cm-pass'
+  type: password
+  externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+  password: '{{ .Values.config.cloudifyManagerPassword }}'
+
+config: {}
+
+# To work around DCAEGEN2-2450, set password strength to "basic"
+# to ensure password contains only alphanumerics
+passwordStrengthOverride: basic
+
+# Enable all DCAE components by default
 dcae-bootstrap:
   enabled: true
+  config:
+    cloudifyManagerPasswordExternalSecret: *cmPassSecretName
 dcae-cloudify-manager:
   enabled: true
+  config:
+    cloudifyManagerPasswordExternalSecret: *cmPassSecretName
 dcae-config-binding-service:
   enabled: true
 dcae-dashboard:
   enabled: true
+  config:
+    cloudifyManagerPasswordExternalSecret: *cmPassSecretName
 dcae-deployment-handler:
   enabled: true
+  config:
+    cloudifyManagerPasswordExternalSecret: *cmPassSecretName
 dcae-healthcheck:
   enabled: true
 dcae-inventory-api:
   enabled: true
 dcae-policy-handler:
   enabled: true
-dcae-redis:
-  enabled: false
+  config:
+    cloudifyManagerPasswordExternalSecret: *cmPassSecretName
 dcae-servicechange-handler:
-  enabled: true
\ No newline at end of file
+  enabled: true
diff --git a/kubernetes/dcaemod/.helmignore b/kubernetes/dcaemod/.helmignore
index f0c1319444..7ddbad7ef4 100644
--- a/kubernetes/dcaemod/.helmignore
+++ b/kubernetes/dcaemod/.helmignore
@@ -19,3 +19,4 @@
 .project
 .idea/
 *.tmproj
+components/
diff --git a/kubernetes/dcaemod/Makefile b/kubernetes/dcaemod/Makefile
index b7cf1a6963..044e0cdd7d 100644
--- a/kubernetes/dcaemod/Makefile
+++ b/kubernetes/dcaemod/Makefile
@@ -11,28 +11,30 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+HELM_BIN := helm
+
 make-dcaemod: make-dcaemod-distributor-api make-dcaemod-genprocessor make-dcaemod-designtool make-dcaemod-onboarding-api make-dcaemod-runtime-api make-dcaemod-nifi-registry make-dcaemod-healthcheck
 
 make-dcaemod-distributor-api:
-	cd components && helm dep up dcaemod-genprocessor && helm lint dcaemod-genprocessor
+	cd components && $(HELM_BIN) dep up dcaemod-genprocessor && $(HELM_BIN) lint dcaemod-genprocessor
 
 make-dcaemod-genprocessor:
-	cd components && helm dep up dcaemod-distributor-api && helm lint dcaemod-distributor-api
+	cd components && $(HELM_BIN) dep up dcaemod-distributor-api && $(HELM_BIN) lint dcaemod-distributor-api
 
 make-dcaemod-designtool:
-	cd components && helm dep up dcaemod-designtool && helm lint dcaemod-designtool
+	cd components && $(HELM_BIN) dep up dcaemod-designtool && $(HELM_BIN) lint dcaemod-designtool
 
 make-dcaemod-onboarding-api:
-	cd components && helm dep up dcaemod-onboarding-api && helm lint dcaemod-onboarding-api
+	cd components && $(HELM_BIN) dep up dcaemod-onboarding-api && $(HELM_BIN) lint dcaemod-onboarding-api
 
 make-dcaemod-runtime-api:
-	cd components && helm dep up dcaemod-runtime-api && helm lint dcaemod-runtime-api
+	cd components && $(HELM_BIN) dep up dcaemod-runtime-api && $(HELM_BIN) lint dcaemod-runtime-api
 
 make-dcaemod-nifi-registry:
-	cd components && helm dep up dcaemod-nifi-registry && helm lint dcaemod-nifi-registry
+	cd components && $(HELM_BIN) dep up dcaemod-nifi-registry && $(HELM_BIN) lint dcaemod-nifi-registry
 
 make-dcaemod-healthcheck:
-	cd components && helm dep up dcaemod-healthcheck && helm lint dcaemod-healthcheck
+	cd components && $(HELM_BIN) dep up dcaemod-healthcheck && $(HELM_BIN) lint dcaemod-healthcheck
 
 clean:
 	@find . -type f -name '*.tgz' -delete
diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml
index c84ca79fd9..627dc59e81 100644
--- a/kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml
index 2144418fbb..bd2766f6db 100644
--- a/kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
@@ -14,6 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -26,10 +28,10 @@ spec:
     spec:
       initContainers:
         - name: {{ include "common.name" . }}-readiness
-          image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+          image: {{ include "repositoryGenerator.image.readiness" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
-            - /root/ready.py
+            - /app/ready.py
           args:
             - --container-name
             - dcaemod-genprocessor-http
@@ -46,7 +48,7 @@ spec:
                   apiVersion: v1
                   fieldPath: metadata.namespace
         - name: {{ include "common.name" . }}-create-bucket
-          image: {{ .Values.config.curlImage }}
+          image: {{ include "repositoryGenerator.image.curl" . }}
           args:
             - -kv
             - -X
@@ -59,7 +61,7 @@ spec:
 
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports: {{ include "common.containerPorts" . | nindent 12  }}
           {{- if eq .Values.liveness.enabled true }}
diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/templates/ingress.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/templates/ingress.yaml
index 6bc21e341d..e7f8e2da8f 100644
--- a/kubernetes/dcaemod/components/dcaemod-designtool/templates/ingress.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-designtool/templates/ingress.yaml
@@ -1,3 +1,4 @@
+{{/*
 # ================================================================================
 # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
 # ================================================================================
@@ -13,4 +14,5 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 {{ include "common.ingress" . }}
\ No newline at end of file
diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/templates/service.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/templates/service.yaml
index 85d137b4b3..7fc4e896d2 100644
--- a/kubernetes/dcaemod/components/dcaemod-designtool/templates/service.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-designtool/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
@@ -14,5 +15,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 {{ include "common.service" . }}
diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml
index f2320a1387..3daca28476 100644
--- a/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml
@@ -22,8 +22,6 @@ global:
   persistence: {}
   nodePortPrefix: 302
   nodePortPrefixExt: 304
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
 
   ingress:
     enabled: true
@@ -33,10 +31,8 @@ global:
 config:
   nifiJarsIndexURL: http://dcaemod-genprocessor:8080/nifi-jars
   distributorAPIURL: /distributor
-  curlImage: curlimages/curl:7.68.0
 
 # application image
-repository: nexus3.onap.org:10001
 image: onap/org.onap.dcaegen2.platform.mod.designtool-web:1.0.2
 
 service:
diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml
index df3df964cb..51543cf310 100644
--- a/kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml
index a70cc4af5a..696b43a536 100644
--- a/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
@@ -14,6 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -26,10 +28,10 @@ spec:
     spec:
       initContainers:
         - name: {{ include "common.name" . }}-readiness
-          image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+          image: {{ include "repositoryGenerator.image.readiness" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
-            - /root/ready.py
+            - /app/ready.py
           args:
             - --container-name
             - dcaemod-runtime-api
@@ -47,7 +49,7 @@ spec:
                   fieldPath: metadata.namespace
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports: {{ include "common.containerPorts" . | nindent 12  }}
           {{- if eq .Values.liveness.enabled true }}
diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/ingress.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/ingress.yaml
index a996d3c1ad..4a4ee7c876 100644
--- a/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/ingress.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/ingress.yaml
@@ -1,3 +1,4 @@
+{{/*
 # ================================================================================
 # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
 # ================================================================================
@@ -13,4 +14,5 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 {{ include "common.ingress" . }}
diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/service.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/service.yaml
index 2314610a04..100c3d5670 100644
--- a/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/service.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
@@ -14,5 +15,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
-{{ include "common.service" . }}
\ No newline at end of file
+{{ include "common.service" . }}
diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml
index 16bb8a9ff3..274edcd4a3 100644
--- a/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml
@@ -22,8 +22,6 @@ global:
   persistence: {}
   nodePortPrefix: 302
   nodePortPrefixExt: 304
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
 
   ingress:
     enabled: true
@@ -35,8 +33,7 @@ config:
   onboardingAPIURL: http://dcaemod-onboarding-api:8080/onboarding
 
 # application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.0.1
+image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.1.0
 
 service:
   type: ClusterIP
diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml
index df3df964cb..51543cf310 100644
--- a/kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml
index a4afe05c95..40b0f3edc4 100644
--- a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
@@ -14,6 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -30,7 +32,7 @@ spec:
         # this initContainer changes ownership to uid 1000 gid 1000
         # (tried using a securityContext in the pod spec, but it didn't seem to work)
           - name: set-permissions
-            image: busybox:latest
+            image: {{ include "repositoryGenerator.image.busybox" . }}
             imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
             command:
               - sh
@@ -41,7 +43,7 @@ spec:
               name: genprocessor-data
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports: {{ include "common.containerPorts" . | nindent 12  }}
           {{- if eq .Values.liveness.enabled true }}
@@ -64,7 +66,7 @@ spec:
               name: genprocessor-data
           resources: {{ include "common.resources" . | nindent 12 }}
         - name: {{ include "common.name" . }}-http
-          image: "{{ include "common.repository" . }}/{{ .Values.httpImage }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.httpImage }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
             - mountPath: /www/data
diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/ingress.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/ingress.yaml
index 6bc21e341d..4a4ee7c876 100644
--- a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/ingress.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/ingress.yaml
@@ -1,3 +1,4 @@
+{{/*
 # ================================================================================
 # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
 # ================================================================================
@@ -13,4 +14,5 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
-{{ include "common.ingress" . }}
\ No newline at end of file
+*/}}
+{{ include "common.ingress" . }}
diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/pv.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/pv.yaml
index c97ef736bb..2831c151d2 100644
--- a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/pv.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/pv.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
@@ -14,5 +15,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 {{ include "common.PV" . }}
diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/pvc.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/pvc.yaml
index cdf2728359..1e6c62a653 100644
--- a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/pvc.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/pvc.yaml
@@ -1,3 +1,4 @@
+{{/*
 # ================================================================================
 # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
 # ================================================================================
@@ -13,5 +14,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 {{ include "common.PVC" . }}
diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/service.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/service.yaml
index b20e564065..100c3d5670 100644
--- a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/service.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
@@ -14,5 +15,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 {{ include "common.service" . }}
diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml
index 37bb861235..45ae96f2d2 100644
--- a/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml
@@ -22,8 +22,6 @@ global:
   persistence: {}
   nodePortPrefix: 302
   nodePortPrefixExt: 304
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
   ingress:
     enabled: true
     virtualhost:
@@ -33,9 +31,8 @@ config:
   onboardingAPIURL: http://dcaemod-onboarding-api:8080/onboarding
 
 # application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.genprocessor-job:1.0.1
-httpImage: onap/org.onap.dcaegen2.platform.mod.genprocessor-http:1.0.1
+image: onap/org.onap.dcaegen2.platform.mod.genprocessor-job:1.0.2
+httpImage: onap/org.onap.dcaegen2.platform.mod.genprocessor-http:1.0.2
 
 service:
   type: ClusterIP
@@ -97,3 +94,4 @@ resources:
       cpu: 2
       memory: 2Gi
   unlimited: {}
+
diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml
index 6f858bda03..45dddcfbd1 100644
--- a/kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml
@@ -20,3 +20,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml
index 64268abb33..0eaa2296bb 100644
--- a/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
@@ -14,6 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -26,7 +28,7 @@ spec:
     spec:
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           resources:
 {{ include "common.resources" . | indent 12 }}
@@ -36,13 +38,13 @@ spec:
           {{- if eq .Values.liveness.enabled true }}
           livenessProbe:
             tcpSocket:
-              port: {{ ( index .Values.service.ports 0).port }}
+              port: {{ include "common.getPort" (dict "global" . "name" "http") }}
             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
             periodSeconds: {{ .Values.liveness.periodSeconds }}
           {{ end -}}
           readinessProbe:
             tcpSocket:
-              port: {{ ( index .Values.service.ports 0).port }}
+              port: {{ include "common.getPort" (dict "global" . "name" "http") }}
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           volumeMounts:
diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/service.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/service.yaml
index 30eda2cfe8..7fc4e896d2 100644
--- a/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/service.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
@@ -14,5 +15,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
-{{ include "common.service" . }}
\ No newline at end of file
+{{ include "common.service" . }}
diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml
index fae177ca38..356149c0dd 100644
--- a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml
@@ -21,8 +21,6 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
 
 service:
   name: dcaemod-healthcheck
@@ -43,7 +41,6 @@ readiness:
   initialDelaySeconds: 10
   periodSeconds: 10
 # application image
-repository: nexus3.onap.org:10001
 image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.0.0
 
 # Resource Limit flavor -By Default using small
diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml
index df3df964cb..51543cf310 100644
--- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml
index 7ba2a1202d..90561ac231 100644
--- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
@@ -14,6 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -30,7 +32,7 @@ spec:
       # this initContainer changes ownership to uid 1000 gid 1000
       # (tried using a securityContext in the pod spec, but it didn't seem to work)
         - name: set-permissions
-          image: busybox:latest
+          image: {{ include "repositoryGenerator.image.busybox" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
             - sh
@@ -41,7 +43,7 @@ spec:
             name: flow-storage
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports: {{ include "common.containerPorts" . | nindent 12  }}
           {{- if eq .Values.liveness.enabled true }}
diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/pv.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/pv.yaml
index 13c5357e45..b351573f83 100644
--- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/pv.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/pv.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
@@ -14,6 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 
 {{ include "common.PV" . }}
diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/pvc.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/pvc.yaml
index cdf2728359..1e6c62a653 100644
--- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/pvc.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/pvc.yaml
@@ -1,3 +1,4 @@
+{{/*
 # ================================================================================
 # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
 # ================================================================================
@@ -13,5 +14,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 {{ include "common.PVC" . }}
diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/secrets.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/secrets.yaml
index 45ac464cbe..869e3d3912 100644
--- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/secrets.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
@@ -14,4 +15,5 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/service.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/service.yaml
index b20e564065..100c3d5670 100644
--- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/service.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
@@ -14,5 +15,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 {{ include "common.service" . }}
diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml
index 058768ea08..25b3b9e318 100644
--- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml
@@ -22,8 +22,6 @@ global:
   persistence: {}
   nodePortPrefix: 302
   nodePortPrefixExt: 304
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
 
 config:
   dbURL: jdbc:h2:./database/nifi-registry-primary
@@ -38,7 +36,6 @@ secrets:
     passwordPolicy: generate
 
 # application image
-repository: docker.io
 image: apache/nifi-registry:0.5.0
 
 service:
diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml
index 038e976319..7e71a401ab 100644
--- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml
@@ -22,3 +22,6 @@ dependencies:
   - name: postgres
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml
index df531162bc..b795f6b736 100644
--- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
@@ -14,6 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -26,10 +28,10 @@ spec:
     spec:
       initContainers:
        - name: {{ include "common.name" . }}-readiness
-         image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+         image: {{ include "repositoryGenerator.image.readiness" . }}
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          command:
-          - /root/ready.py
+          - /app/ready.py
          args:
            - --container-name
            - {{ .Values.postgres.nameOverride }}
@@ -48,7 +50,7 @@ spec:
           args:
             - -c
             - 'PG_CONN=postgresql://${PG_USER}:${PG_PASSWORD}@${PG_ADDR}:${PG_PORT}/${PG_DB_NAME} ./start.sh'
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports: {{ include "common.containerPorts" . | nindent 12  }}
           {{- if eq .Values.liveness.enabled true }}
diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/ingress.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/ingress.yaml
index 6bc21e341d..4a4ee7c876 100644
--- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/ingress.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/ingress.yaml
@@ -1,3 +1,4 @@
+{{/*
 # ================================================================================
 # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
 # ================================================================================
@@ -13,4 +14,5 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
-{{ include "common.ingress" . }}
\ No newline at end of file
+*/}}
+{{ include "common.ingress" . }}
diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/secret.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/secret.yaml
index bd7eb8ea40..34932b713d 100644
--- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/secret.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/secret.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/service.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/service.yaml
index b20e564065..100c3d5670 100644
--- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/service.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
@@ -14,5 +15,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 {{ include "common.service" . }}
diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml
index 28e79a1593..42fe9d8f56 100644
--- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml
@@ -21,8 +21,6 @@
 global:
   nodePortPrefix: 302
   nodePortPrefixExt: 304
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
   ingress:
     enabled: true
     virtualhost:
@@ -92,8 +90,7 @@ postgres:
       mountInitPath: dcaemod
 
 # application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.1
+image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.3
 
 # Resource Limit flavor -By Default using small
 flavor: small
@@ -114,3 +111,4 @@ resources:
       cpu: 2
       memory: 2Gi
   unlimited: {}
+
diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml
index 444eb8ac2a..f3a02ca58a 100644
--- a/kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml
@@ -19,4 +19,7 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
 
diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml
index 5a52e10d6e..735b0281be 100644
--- a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
@@ -14,6 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -26,7 +28,7 @@ spec:
     spec:
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports: {{ include "common.containerPorts" . | nindent 12  }}
           {{- if eq .Values.liveness.enabled true }}
@@ -57,11 +59,14 @@ spec:
               value: {{ .Values.config.importK8S }}
             - name: ONAP_IMPORT_POLICYPLUGIN
               value: {{ .Values.config.importPolicy }}
-            - name: ONAP_INPORT_POSTGRESPLUGIN
+            - name: ONAP_IMPORT_POSTGRESPLUGIN
               value: {{ .Values.config.importPostgres }}
             - name: ONAP_IMPORT_CLAMPPLUGIN
               value: {{ .Values.config.importClamp }}
             - name: ONAP_IMPORT_DMAAPPLUGIN
               value: {{ .Values.config.importDMaaP }}
+            - name: ONAP_USEDMAAPPLUGIN
+              value: {{ .Values.config.useDmaapPlugin | quote }}
       imagePullSecrets:
         - name: "{{ include "common.namespace" . }}-docker-registry-key"
+
diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/secrets.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/secrets.yaml
index 0a0475c889..3c527f8cd3 100644
--- a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/secrets.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
@@ -14,5 +15,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/service.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/service.yaml
index b20e564065..100c3d5670 100644
--- a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/service.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
@@ -14,5 +15,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 {{ include "common.service" . }}
diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
index 37f79a4a73..32d651f749 100644
--- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
@@ -21,8 +21,6 @@
 global:
   nodePortPrefix: 302
   nodePortPrefixExt: 304
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
 
 config:
   dashboardURL: https://inventory:8080/dcae-service-types
@@ -35,11 +33,11 @@ config:
   #dashboardPassword: doesntmatter
   mrTopicURL: http://message-router:3904/events
   importCloudify: https://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml
-  importK8S: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/k8splugin/1.7.2/k8splugin_types.yaml
-  importPolicy: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/dcaepolicyplugin/2.4.0/dcaepolicyplugin_types.yaml
-  importPostgres: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.ccsdk.platform.plugins/type_files/pgaas/1.1.0/pgaas_types.yaml
-  importClamp: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/clamppolicyplugin/1.1.0/clamppolicyplugin_types.yaml
-  importDMaaP: https://nexus.onap.org/content/repositories/raw/org.onap.ccsdk.platform.plugins/type_files/dmaap/dmaap.yaml
+  importK8S: plugin:k8splugin?version=3.4.2
+  importPostgres: plugin:pgaas?version=1.3.0
+  importClamp: plugin:clamppolicyplugin?version=1.1.0
+  importDMaaP: plugin:dmaap?version=1.5.0
+  useDmaapPlugin: false
 
 secrets:
   - uid: "dashsecret"
@@ -71,8 +69,7 @@ readiness:
   # Should have a proper readiness endpoint or script
 
 # application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.3
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.1.1
 
 # Resource Limit flavor -By Default using small
 flavor: small
@@ -93,3 +90,4 @@ resources:
       cpu: 2
       memory: 2Gi
   unlimited: {}
+
diff --git a/kubernetes/dcaemod/templates/configmap.yaml b/kubernetes/dcaemod/templates/configmap.yaml
index 9748319c9a..13b374cb04 100644
--- a/kubernetes/dcaemod/templates/configmap.yaml
+++ b/kubernetes/dcaemod/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
@@ -14,6 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
@@ -21,4 +23,4 @@ metadata:
   name: {{ include "common.release" . }}-dcaemod-expected-components
   namespace: {{ include "common.namespace" . }}
 data:
-{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }}
\ No newline at end of file
+{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/dcaemod/values.yaml b/kubernetes/dcaemod/values.yaml
index 6c1dff5b3d..57e6d32693 100644
--- a/kubernetes/dcaemod/values.yaml
+++ b/kubernetes/dcaemod/values.yaml
@@ -17,10 +17,6 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  tlsRepository: nexus3.onap.org:10001
-  tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-  busyboxRepository: docker.io
-  busyboxImage: library/busybox:1.30
 
 # Enable all DCAE MOD components by default
 dcaemod-designtool:
diff --git a/kubernetes/dmaap/.helmignore b/kubernetes/dmaap/.helmignore
index f0c1319444..7ddbad7ef4 100644
--- a/kubernetes/dmaap/.helmignore
+++ b/kubernetes/dmaap/.helmignore
@@ -19,3 +19,4 @@
 .project
 .idea/
 *.tmproj
+components/
diff --git a/kubernetes/dmaap/Makefile b/kubernetes/dmaap/Makefile
index 3a1931121a..4c79718d02 100644
--- a/kubernetes/dmaap/Makefile
+++ b/kubernetes/dmaap/Makefile
@@ -1,4 +1,4 @@
-# Copyright © 2018  AT&T Intellectual Property.  All rights reserved.
+# Copyright © 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,20 +12,40 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-make-dmaap: make-dmaap-bc make-message-router make-dmaap-dr-node make-dmaap-dr-prov
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
 
-make-dmaap-bc:
-	cd components && helm dep up dmaap-bc && helm lint dmaap-bc
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
 
-make-message-router:
-	cd components && helm dep up message-router && helm lint message-router
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
 
-make-dmaap-dr-node:
-	cd components && helm dep up dmaap-dr-node && helm lint dmaap-dr-node
+all: $(HELM_CHARTS)
 
-make-dmaap-dr-prov:
-	cd components && helm dep up dmaap-dr-prov && helm lint dmaap-dr-prov
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
 
 clean:
-	@find . -type f -name '*.tgz' -delete
-	@find . -type f -name '*.lock' -delete
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/dmaap/components/Makefile b/kubernetes/dmaap/components/Makefile
new file mode 100644
index 0000000000..bf267b7720
--- /dev/null
+++ b/kubernetes/dmaap/components/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/dmaap/components/dmaap-bc/requirements.yaml b/kubernetes/dmaap/components/dmaap-bc/requirements.yaml
index 656fee77f8..b8c7f9ac3e 100644
--- a/kubernetes/dmaap/components/dmaap-bc/requirements.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/requirements.yaml
@@ -23,3 +23,6 @@ dependencies:
     version: ~6.x-0
     repository: '@local'
     condition: PG.enabled
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env b/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env
index 84a42d6436..2b2ea4183a 100644
--- a/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env
+++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 # Environment settings for starting a container
 DMAAPBC_WAIT_TO_EXIT=Y
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties
index 3f5b1b4336..d464428893 100644
--- a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties
+++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 
 #####################################################
diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml
index bb68eb783e..b7c52df169 100644
--- a/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T Intellectual Property.  All rights reserved.
 # Modifications Copyright © 2018 Amdocs,Bell Canada
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
@@ -102,4 +104,4 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 data:
-{{ tpl (.Files.Glob "resources/topics/*.json").AsConfig . | indent 2 }}
\ No newline at end of file
+{{ tpl (.Files.Glob "resources/topics/*.json").AsConfig . | indent 2 }}
diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml
index 3c6a23a470..eaad403dc8 100644
--- a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Modifications Copyright © 2018 Amdocs,Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -38,12 +40,12 @@ spec:
           name: {{ include "common.name" . }}-config-input
         - mountPath: /config
           name: {{ include "common.name" . }}-config
-        image: "{{ .Values.global.envsubstImage }}"
+        image: {{ include "repositoryGenerator.image.envsubst" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-update-config
 {{ include "common.certInitializer.initContainer" . | nindent 6 }}
       - name: {{ include "common.name" . }}-permission-fixer
-        image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+        image: {{ include "repositoryGenerator.image.busybox" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
         command: ["chown","-Rf","1000:1001", "/opt/app/"]
@@ -52,14 +54,14 @@ spec:
 #       the cadi library is not using the jks password on the jks keystore.
 #       So, this attempts to "fix" the credential property file until this is fixed properly.
       - name: {{ include "common.name" . }}-cred-fixer
-        image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+        image: {{ include "repositoryGenerator.image.busybox" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
         command: ["/bin/sh"]
         args: [ "-c", "sed -i -e '/cadi_keystore_password=/d' -e '/cadi_keystore_password_jks/p' -e 's/cadi_keystore_password_jks/cadi_keystore_password/' -e 's/dmaap-bc.p12/dmaap-bc.jks/' /opt/app/osaaf/local/org.onap.dmaap-bc.cred.props" ]
       - name: {{ include "common.name" . }}-postgres-readiness
         command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - {{ .Values.postgres.nameOverride }}
@@ -73,12 +75,12 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 {{- end }}
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ .Values.repository }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports: {{ include "common.containerPorts" . | nindent 10  }}
           {{ if eq .Values.liveness.enabled true -}}
diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml
index cde35af14c..039abaaf1f 100644
--- a/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml
@@ -5,17 +5,17 @@ metadata:
   namespace: {{ include "common.namespace" . }}
   labels: {{- include "common.labels" . | nindent 4 }}
 spec:
-  backoffLimit: 5
+  backoffLimit: 20
   template:
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
       restartPolicy: Never
       initContainers:
       - name: {{ include "common.name" . }}-init-readiness
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - dmaap-bc
@@ -27,7 +27,7 @@ spec:
               fieldPath: metadata.namespace
       containers:
       - name: dmaap-provisioning-job
-        image: "{{ include "common.repository" . }}/{{ .Values.global.clientImage }}"
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.clientImage }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         env:
         - name: DELAY
diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/service.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/service.yaml
index 9c9414f48d..e658a712a0 100644
--- a/kubernetes/dmaap/components/dmaap-bc/templates/service.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T Intellectual Property.  All rights reserved.
 # Modifications Copyright © 2018 Amdocs, Bell Canada
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.service" . }}
diff --git a/kubernetes/dmaap/components/dmaap-bc/values.yaml b/kubernetes/dmaap/components/dmaap-bc/values.yaml
index d9936d79f4..07a6c067a4 100644
--- a/kubernetes/dmaap/components/dmaap-bc/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/values.yaml
@@ -18,11 +18,6 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  envsubstImage: dibi/envsubst
 
 secrets:
   - uid: pg-root-pass
@@ -45,8 +40,6 @@ secrets:
 pullPolicy: Always
 
 # application images
-repository: nexus3.onap.org:10001
-#repository:  10.12.7.57:5000
 image: onap/dmaap/dmaap-bc:2.0.4
 
 
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml b/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml
index 2900c41bde..f8139e0f97 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml
@@ -22,3 +22,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml
index d2bba1124e..6292be2d9d 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml
@@ -1,3 +1,4 @@
+{{/*
 # ============LICENSE_START=======================================================
 #  Copyright (C) 2019 The Nordix Foundation. All rights reserved.
 # ================================================================================
@@ -15,6 +16,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 # ============LICENSE_END=========================================================
+*/}}
 
 # dmaap-dr-node filebeat.yml
 filebeat.prospectors:
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml
index 8756d57516..8b8c16c287 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml
@@ -217,6 +217,7 @@
     <appender-ref ref="asyncDebug" />
     <appender-ref ref="asyncError" />
     <appender-ref ref="asyncJettyLog" />
+    <appender-ref ref="STDOUT" />
   </root>
 
 </configuration>
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
index 784a35e25b..1d0015ed7f 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
+++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
@@ -1,3 +1,4 @@
+{{/*
 #-------------------------------------------------------------------------------
 # ============LICENSE_START==================================================
 # * org.onap.dmaap
@@ -26,6 +27,7 @@
 #    URL to retrieve dynamic configuration
 #
 #ProvisioningURL:    ${DRTR_PROV_INTURL}
+*/}}
 ProvisioningURL=https://{{ .Values.global.dmaapDrProvName }}:{{ .Values.global.dmaapDrProvExtPort2 }}/internal/prov
 
 #
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml
index 453f002212..e1a0b1c660 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml
index f8c32e0670..9a3f011e80 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml
index 4ad43acf2a..306b0f17eb 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.service" . }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
index 6d797156d8..f653a02cff 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: apps/v1
 kind: StatefulSet
 metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
@@ -23,10 +25,10 @@ spec:
     spec:
       initContainers:
         - name: {{ include "common.name" . }}-readiness
-          image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+          image: {{ include "repositoryGenerator.image.readiness" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
-          - /root/ready.py
+          - /app/ready.py
           args:
           - --container-name
           - dmaap-dr-prov
@@ -38,7 +40,7 @@ spec:
                 fieldPath: metadata.namespace
         {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config" . | nindent 8 }}{{ end }}
         - name: {{ include "common.name" . }}-permission-fixer
-          image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+          image: {{ include "repositoryGenerator.image.busybox" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts: {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config-volume-mountpath" . | nindent 10 }}{{ end }}
           - mountPath: {{ .Values.persistence.spool.path }}
@@ -48,7 +50,7 @@ spec:
           command: ["chown","-Rf","1000:1001", "/opt/app/"]
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports: {{ include "common.containerPorts" . | nindent 12  }}
           {{- if eq .Values.liveness.enabled true }}
@@ -88,7 +90,7 @@ spec:
         {{- end -}}
         # Filebeat sidecar container
         - name: {{ include "common.name" . }}-filebeat-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-filebeat-conf
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
index 2b4b722bfb..1e08954b66 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
@@ -24,7 +24,7 @@ global:
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/dmaap/datarouter-node:2.1.6
+image: onap/dmaap/datarouter-node:2.1.7
 pullPolicy: Always
 
 # flag to enable debugging - application support required
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml
index a873762295..24ca0c9227 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml
@@ -29,3 +29,6 @@ dependencies:
   - name: certInitializer
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/log/filebeat/filebeat.yml b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/log/filebeat/filebeat.yml
index db02b2115d..c8a173c531 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/log/filebeat/filebeat.yml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/log/filebeat/filebeat.yml
@@ -1,3 +1,4 @@
+{{/*
 # ============LICENSE_START=======================================================
 #  Copyright (C) 2019 The Nordix Foundation. All rights reserved.
 # ================================================================================
@@ -15,6 +16,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 # ============LICENSE_END=========================================================
+*/}}
 
 # dmaap-dr-prov filebeat.yml
 filebeat.prospectors:
@@ -58,4 +60,4 @@ output.logstash:
   #ssl.key: $ssl.key
 
   #The passphrase used to decrypt an encrypted key stored in the configured key file
-  #ssl.key_passphrase: $ssl.key_passphrase
\ No newline at end of file
+  #ssl.key_passphrase: $ssl.key_passphrase
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml
index dba613c33c..73446ee3ec 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml
@@ -402,6 +402,7 @@
         <appender-ref ref="asyncEELFError" />
         <appender-ref ref="asyncEELFjettylog" />
         <appender-ref ref="asyncEELFDebug" />
+        <appender-ref ref="STDOUT" />
     </root>
 
 </configuration>
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
index b6723117a3..d0c3afb9a9 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
@@ -1,3 +1,4 @@
+{{/*
 #-------------------------------------------------------------------------------
 # ============LICENSE_START==================================================
 # * org.onap.dmaap
@@ -20,6 +21,7 @@
 # * ECOMP is a trademark and service mark of AT&T Intellectual Property.
 # *
 #-------------------------------------------------------------------------------
+*/}}
 
 
 #Jetty Server properties
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml
index a45ceac035..1a0ca9f759 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
index cbdde02528..a43073e8e2 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -35,10 +37,10 @@ spec:
       hostname: {{ .Values.global.dmaapDrProvName }}
       initContainers:
         - name: {{ include "common.name" . }}-readiness
-          image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+          image: {{ include "repositoryGenerator.image.readiness" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
-          - /root/ready.py
+          - /app/ready.py
           args:
           - --container-name
           - {{ .Values.config.dmaapDrDb.mariadbContName }}
@@ -53,7 +55,7 @@ spec:
         {{ include "common.certInitializer.initContainer" . | nindent 8 }}
 
         - name: {{ include "common.name" . }}-permission-fixer
-          image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+          image: {{ include "repositoryGenerator.image.busybox" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
           command: ["chown","-Rf","1000:1001", "/opt/app/"]
@@ -61,7 +63,7 @@ spec:
         {{ end }}
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.config.dmaapDrProv.internalPort }}
@@ -106,7 +108,7 @@ spec:
         {{- end -}}
       # Filebeat sidecar container
         - name: {{ include "common.name" . }}-filebeat-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-filebeat-conf
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml
index bd7eb8ea40..34932b713d 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml
index c4ca4edc8b..1a0143f9ae 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,11 +12,12 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ .Values.global.dmaapDrProvName }}
+  name: {{ default "dmaap-dr-prov" .Values.global.dmaapDrProvName }}
   namespace: {{ include "common.namespace" . }}
   labels:
     app: {{ include "common.name" . }}
@@ -59,4 +61,4 @@ spec:
     {{- end}}
   selector:
     app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
\ No newline at end of file
+    release: {{ include "common.release" . }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
index 1cf2e583d1..3d4febcde1 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
@@ -35,7 +35,7 @@ secrets:
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/dmaap/datarouter-prov:2.1.6
+image: onap/dmaap/datarouter-prov:2.1.7
 pullPolicy: Always
 
 # flag to enable debugging - application support required
diff --git a/kubernetes/dmaap/components/message-router/Makefile b/kubernetes/dmaap/components/message-router/Makefile
new file mode 100644
index 0000000000..4c79718d02
--- /dev/null
+++ b/kubernetes/dmaap/components/message-router/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/dmaap/components/message-router/components/Makefile b/kubernetes/dmaap/components/message-router/components/Makefile
new file mode 100644
index 0000000000..bf267b7720
--- /dev/null
+++ b/kubernetes/dmaap/components/message-router/components/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/dcaegen2/components/dcae-redis/.helmignore b/kubernetes/dmaap/components/message-router/components/message-router-kafka/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/dcaegen2/components/dcae-redis/.helmignore
+++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/.helmignore
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/Chart.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/Chart.yaml
index f3258bc886..f3258bc886 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/Chart.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/Chart.yaml
diff --git a/kubernetes/policy/charts/brmsgw/requirements.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/requirements.yaml
index d3c442d32e..99d60642cc 100644
--- a/kubernetes/policy/charts/brmsgw/requirements.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/requirements.yaml
@@ -20,3 +20,7 @@ dependencies:
     # a part of this chart's package and will not
     # be published independently to a repo (at this point)
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
+
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties b/kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/config/cadi.properties
index 2bee404c0b..2bee404c0b 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties
+++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/config/cadi.properties
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/jmx-kafka-prometheus.yml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/config/jmx-kafka-prometheus.yml
index 2ab713e789..2ab713e789 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/jmx-kafka-prometheus.yml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/config/jmx-kafka-prometheus.yml
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/jaas/kafka_server_jaas.conf b/kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/jaas/kafka_server_jaas.conf
index ff43fbb141..ff43fbb141 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/jaas/kafka_server_jaas.conf
+++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/jaas/kafka_server_jaas.conf
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/jaas/zk_client_jaas.conf b/kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/jaas/zk_client_jaas.conf
index 0755c1e2b7..0755c1e2b7 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/jaas/zk_client_jaas.conf
+++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/jaas/zk_client_jaas.conf
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/NOTES.txt b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/NOTES.txt
index a44d0f76ee..a44d0f76ee 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/NOTES.txt
+++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/NOTES.txt
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/configmap.yaml
index 1a86f18e77..b5eed38e5d 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2019 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{- if  .Values.global.aafEnabled }}
 apiVersion: v1
@@ -70,4 +72,4 @@ metadata:
 data:
 {{ tpl (.Files.Glob "resources/config/jmx-kafka-prometheus.yml").AsConfig . | indent 2 }}
 ---
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/poddisruptionbudget.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/poddisruptionbudget.yaml
index 8e7c05bba1..d12ec126f9 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/poddisruptionbudget.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/poddisruptionbudget.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: policy/v1beta1
 kind: PodDisruptionBudget
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/pv.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/pv.yaml
index 421dce8903..263caf1059 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/pv.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/pv.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada, AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{- $global := . -}}
 {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/secrets.yaml
index 428eebcc3e..033d8d5441 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/service-hs.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/service-hs.yaml
index 8879e95132..60e4df90f5 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/service-hs.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/service-hs.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/service.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/service.yaml
index 03289fbd29..b9472444a3 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/service.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2019 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{- $root := . -}}
 {{ range $i, $e := until (atoi (quote $root.Values.replicaCount) | default 3) }}
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/statefulset.yaml
index 8e916dc980..1eabe3aad6 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/statefulset.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Modifications Copyright © 2018 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: StatefulSet
@@ -40,35 +42,15 @@ spec:
         prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }}
       {{- end }}
     spec:
-      podAntiAffinity:
-         {{if eq .Values.podAntiAffinityType "hard" -}}
-         requiredDuringSchedulingIgnoredDuringExecution:
-         {{- else -}}
-         preferredDuringSchedulingIgnoredDuringExecution:
-         {{- end}}
-         - weight: 1
-           podAffinityTerm:
-             labelSelector:
-                matchExpressions:
-                  - key: "app"
-                    operator: In
-                    values:
-                    - {{ include "common.name" . }}
-                  - key: "release"
-                    operator: In
-                    values:
-                    - {{ include "common.release" . }}
-             topologyKey: "kubernetes.io/hostname"
       {{- if .Values.nodeAffinity }}
       nodeAffinity:
       {{ toYaml .Values.nodeAffinity | indent 10 }}
       {{- end }}
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
       initContainers:
-      - name: {{ include "common.name" . }}-initcontainer
-        image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.ubuntuInitImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - {{ .Values.zookeeper.name }}
@@ -78,7 +60,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       - command:
@@ -87,7 +69,7 @@ spec:
         - |
           rm -rf '/var/lib/kafka/data/lost+found';
           chown -R 1000:0 /var/lib/kafka/data;
-        image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}"
+        image: {{ include "repositoryGenerator.image.busybox" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - mountPath: /var/lib/kafka/data
@@ -112,13 +94,13 @@ spec:
           name: jaas-config
         - mountPath: /config-input
           name: jaas
-        image: "{{ .Values.global.envsubstImage }}"
+        image: {{ include "repositoryGenerator.image.envsubst" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-update-config
       containers:
       {{- if .Values.prometheus.jmx.enabled }}
       - name: prometheus-jmx-exporter
-        image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}"
+        image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
         - java
@@ -139,7 +121,7 @@ spec:
           mountPath: /etc/jmx-kafka
       {{- end }}
       - name: {{ include "common.name" .  }}
-        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy:  {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
         - sh
@@ -286,5 +268,3 @@ spec:
           requests:
             storage: {{ .Values.persistence.size | quote }}
 {{ end }}
-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml
index 45dc30e4ee..03f8afa182 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml
@@ -18,24 +18,14 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
   persistence: {}
-  ubuntuInitRepository: registry.hub.docker.com
-  envsubstImage: dibi/envsubst
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
 image: onap/dmaap/kafka111:1.0.4
 pullPolicy: Always
-ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
-busyBoxImage: busybox:1.30
-busyBoxRepository: docker.io
 
 
 zookeeper:
@@ -80,7 +70,6 @@ prometheus:
     enabled: false
     image: solsson/kafka-prometheus-jmx-exporter@sha256
     imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143
-    imageRepository: docker.io
     port: 5556
 
 jaas:
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/.helmignore b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/.helmignore
+++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/.helmignore
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/Chart.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/Chart.yaml
index b3d6247226..b3d6247226 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/Chart.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/Chart.yaml
diff --git a/kubernetes/policy/charts/drools/charts/nexus/requirements.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/requirements.yaml
index d3c442d32e..99d60642cc 100644
--- a/kubernetes/policy/charts/drools/charts/nexus/requirements.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/requirements.yaml
@@ -20,3 +20,7 @@ dependencies:
     # a part of this chart's package and will not
     # be published independently to a repo (at this point)
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
+
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/resources/config/jmx-zookeeper-prometheus.yml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/resources/config/jmx-zookeeper-prometheus.yml
index a75b644c5f..a75b644c5f 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/resources/config/jmx-zookeeper-prometheus.yml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/resources/config/jmx-zookeeper-prometheus.yml
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/resources/config/zk_server_jaas.conf b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/resources/config/zk_server_jaas.conf
index 8266f6b2c6..8266f6b2c6 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/resources/config/zk_server_jaas.conf
+++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/resources/config/zk_server_jaas.conf
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/NOTES.txt b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/NOTES.txt
index a44d0f76ee..a44d0f76ee 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/NOTES.txt
+++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/NOTES.txt
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/_zkquorum.tpl b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/_zkquorum.tpl
index 9af910eb89..9af910eb89 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/_zkquorum.tpl
+++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/_zkquorum.tpl
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/configmap.yaml
index 50091bd387..7a26053d11 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/configmap.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{- if  .Values.prometheus.jmx.enabled }}
 apiVersion: v1
@@ -39,4 +41,4 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 data:
-{{  (.Files.Glob "resources/config/zk_server_jaas.conf").AsConfig  | indent 2 }}
\ No newline at end of file
+{{  (.Files.Glob "resources/config/zk_server_jaas.conf").AsConfig  | indent 2 }}
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/poddisruptionbudget.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/poddisruptionbudget.yaml
index 1d05794c64..db81b890ef 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/poddisruptionbudget.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/poddisruptionbudget.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: policy/v1beta1
 kind: PodDisruptionBudget
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/pv.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/pv.yaml
index 421dce8903..263caf1059 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/pv.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/pv.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada, AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{- $global := . -}}
 {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/secrets.yaml
index 428eebcc3e..033d8d5441 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/secrets.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/service.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/service.yaml
index c9c8c18f57..6bd13f0594 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/service.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, AT&T, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
@@ -35,4 +37,4 @@ spec:
   clusterIP: None
   selector:
     app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
\ No newline at end of file
+    release: {{ include "common.release" . }}
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/statefulset.yaml
index 7c6334c76d..52eff32242 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/statefulset.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: StatefulSet
@@ -45,25 +47,12 @@ spec:
         prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }}
       {{- end }}
     spec:
-      podAntiAffinity:
-         preferredDuringSchedulingIgnoredDuringExecution:
-         - weight: 1
-           podAffinityTerm:
-             labelSelector:
-                matchExpressions:
-                  - key: "app"
-                    operator: In
-                    values:
-                    - {{ include "common.name" . }}
-                  - key: "release"
-                    operator: In
-                    values:
-                    - {{ include "common.release" . }}
-             topologyKey: "kubernetes.io/hostname"
       {{- if .Values.nodeAffinity }}
       nodeAffinity:
         {{ toYaml .Values.nodeAffinity | indent 10 }}
       {{- end }}
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
       initContainers:
       - name: {{ include "common.name" . }}-permission-fixer
         command:
@@ -71,7 +60,7 @@ spec:
         - -exec
         - >
           chown -R 1000:0 /tmp/zookeeper/apikeys;
-        image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}"
+        image: {{ include "repositoryGenerator.image.busybox" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - mountPath: /tmp/zookeeper/apikeys
@@ -91,13 +80,13 @@ spec:
           name: jaas-config
         - mountPath: /config-input
           name: jaas
-        image: "{{ .Values.global.envsubstImage }}"
+        image: {{ include "repositoryGenerator.image.envsubst" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-update-config
       containers:
       {{- if .Values.prometheus.jmx.enabled }}
       - name: prometheus-jmx-exporter
-        image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}"
+        image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
         - java
@@ -118,7 +107,7 @@ spec:
           mountPath: /etc/jmx-zookeeper
       {{- end }}
       - name: {{ include "common.name" . }}
-        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy:  {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         resources:
 {{ include "common.resources" . | indent 12 }}
@@ -148,7 +137,7 @@ spec:
           periodSeconds: {{ .Values.readiness.periodSeconds }}
           timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
         resources:
-{{ toYaml .Values.resources | indent 10 }}
+{{ include "common.resources" . | indent 10 }}
         env:
         - name : KAFKA_HEAP_OPTS
           value: "{{ .Values.zkConfig.heapOptions }}"
@@ -234,5 +223,3 @@ spec:
           requests:
             storage: {{ .Values.persistence.size | quote }}
 {{ end }}
-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml
index 4f861f8789..2da42a4604 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml
@@ -18,24 +18,14 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  ubuntuInitRepository: registry.hub.docker.com
   persistence: {}
-  envsubstImage: dibi/envsubst
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
 image: onap/dmaap/zookeeper:6.0.3
 pullPolicy: Always
-ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
-busyBoxImage: busybox:1.30
-busyBoxRepository: docker.io
 
 # flag to enable debugging - application support required
 debugEnabled: false
@@ -86,7 +76,6 @@ prometheus:
     enabled: false
     image: solsson/kafka-prometheus-jmx-exporter@sha256
     imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143
-    imageRepository: docker.io
     port: 5556
 
 jaas:
diff --git a/kubernetes/dmaap/components/message-router/requirements.yaml b/kubernetes/dmaap/components/message-router/requirements.yaml
index 36ee6e4be2..1f1d45aaba 100644
--- a/kubernetes/dmaap/components/message-router/requirements.yaml
+++ b/kubernetes/dmaap/components/message-router/requirements.yaml
@@ -20,4 +20,12 @@ dependencies:
     # a part of this chart's package and will not
     # be published independently to a repo (at this point)
     repository: '@local'
-
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
+  - name: message-router-kafka
+    version: ~6.x-0
+    repository: 'file://components/message-router-kafka'
+  - name: message-router-zookeeper
+    version: ~6.x-0
+    repository: 'file://components/message-router-zookeeper'
diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties b/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties
index 25b29a583b..8d79ccfc7e 100755
--- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties
+++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties
@@ -1,3 +1,4 @@
+{{/*
 # LICENSE_START=======================================================
 #  org.onap.dmaap
 #  ================================================================================
@@ -36,6 +37,7 @@
 ##
 #config.zk.servers=172.18.1.1
 #config.zk.servers={{.Values.zookeeper.name}}:{{.Values.zookeeper.port}}
+*/}}
 config.zk.servers={{include "common.release" .}}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{include "common.release" .}}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{include "common.release" .}}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}}
 
 #config.zk.root=/fe3c/cambria/config
diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml
index f02a2db764..ad2ce2b92a 100644
--- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml
+++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml
@@ -20,11 +20,6 @@
   <jmxConfigurator />
   <property name="logDirectory" value="${AJSC_HOME}/log" />
   <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
-    <filter class="ch.qos.logback.classic.filter.LevelFilter">
-      <level>ERROR</level>
-      <onMatch>ACCEPT</onMatch>
-      <onMismatch>DENY</onMismatch>
-    </filter>
     <encoder>
       <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
       </pattern>
diff --git a/kubernetes/dmaap/components/message-router/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/templates/configmap.yaml
index f981d6f7a6..a253c512eb 100644
--- a/kubernetes/dmaap/components/message-router/templates/configmap.yaml
+++ b/kubernetes/dmaap/components/message-router/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
diff --git a/kubernetes/dmaap/components/message-router/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/templates/secrets.yaml
index a6764d3f67..9456c15994 100644
--- a/kubernetes/dmaap/components/message-router/templates/secrets.yaml
+++ b/kubernetes/dmaap/components/message-router/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Secret
diff --git a/kubernetes/dmaap/components/message-router/templates/service.yaml b/kubernetes/dmaap/components/message-router/templates/service.yaml
index 2b0b44e246..8d13879023 100644
--- a/kubernetes/dmaap/components/message-router/templates/service.yaml
+++ b/kubernetes/dmaap/components/message-router/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.service" . }}
diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
index 695a816693..e936ed2fb6 100644
--- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: StatefulSet
@@ -25,7 +27,7 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - {{ .Values.kafka.name }}
@@ -37,13 +39,13 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       containers:
       {{- if .Values.prometheus.jmx.enabled }}
         - name: prometheus-jmx-exporter
-          image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}"
+          image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
           - java
@@ -63,7 +65,7 @@ spec:
             mountPath: /etc/jmx-kafka
       {{- end }}
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports: {{ include "common.containerPorts" . | nindent 10  }}
           {{- if eq .Values.liveness.enabled true }}
diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml
index f742419b46..c4bab2350a 100644
--- a/kubernetes/dmaap/components/message-router/values.yaml
+++ b/kubernetes/dmaap/components/message-router/values.yaml
@@ -18,16 +18,11 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
 image: onap/dmaap/dmaap-mr:1.1.18
 pullPolicy: Always
 
@@ -89,7 +84,6 @@ prometheus:
     enabled: false
     image: solsson/kafka-prometheus-jmx-exporter@sha256
     imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143
-    imageRepository: docker.io
     port: 5556
     targetPort: 5555
 
diff --git a/kubernetes/dmaap/resources/config/log/filebeat/filebeat.yml b/kubernetes/dmaap/resources/config/log/filebeat/filebeat.yml
index 40d2476b8e..8540903193 100644
--- a/kubernetes/dmaap/resources/config/log/filebeat/filebeat.yml
+++ b/kubernetes/dmaap/resources/config/log/filebeat/filebeat.yml
@@ -1,3 +1,4 @@
+{{/*
 # ============LICENSE_START=======================================================
 #  Copyright (C) 2019 The Nordix Foundation. All rights reserved.
 # ================================================================================
@@ -15,6 +16,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 # ============LICENSE_END=========================================================
+*/}}
 
 filebeat.prospectors:
 #it is mandatory, in our case it's log
diff --git a/kubernetes/dmaap/templates/configmap.yaml b/kubernetes/dmaap/templates/configmap.yaml
index 66628ff42d..2a8e2860fa 100644
--- a/kubernetes/dmaap/templates/configmap.yaml
+++ b/kubernetes/dmaap/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 #
 # ============LICENSE_START=======================================================
 #  Copyright (C) 2019 Nordix Foundation.
@@ -17,6 +18,7 @@
 # SPDX-License-Identifier: Apache-2.0
 # ============LICENSE_END=========================================================
 #
+*/}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
diff --git a/kubernetes/dmaap/values.yaml b/kubernetes/dmaap/values.yaml
index c6b4566e64..c1ba7547db 100644
--- a/kubernetes/dmaap/values.yaml
+++ b/kubernetes/dmaap/values.yaml
@@ -19,8 +19,7 @@
 global:
   nodePortPrefix: 302
   nodePortPrefixExt: 304
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
+  readinessImage: onap/oom/readiness:3.0.1
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
   clientImage: onap/dmaap/dbc-client:1.0.9
diff --git a/kubernetes/esr/Makefile b/kubernetes/esr/Makefile
new file mode 100644
index 0000000000..4c79718d02
--- /dev/null
+++ b/kubernetes/esr/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/esr/components/Makefile b/kubernetes/esr/components/Makefile
new file mode 100644
index 0000000000..bf267b7720
--- /dev/null
+++ b/kubernetes/esr/components/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/.helmignore b/kubernetes/esr/components/esr-gui/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/.helmignore
+++ b/kubernetes/esr/components/esr-gui/.helmignore
diff --git a/kubernetes/esr/charts/esr-gui/Chart.yaml b/kubernetes/esr/components/esr-gui/Chart.yaml
index c8d97bd67f..c8d97bd67f 100644
--- a/kubernetes/esr/charts/esr-gui/Chart.yaml
+++ b/kubernetes/esr/components/esr-gui/Chart.yaml
diff --git a/kubernetes/policy/charts/drools/requirements.yaml b/kubernetes/esr/components/esr-gui/requirements.yaml
index d3c442d32e..0b77abe706 100644
--- a/kubernetes/policy/charts/drools/requirements.yaml
+++ b/kubernetes/esr/components/esr-gui/requirements.yaml
@@ -20,3 +20,6 @@ dependencies:
     # a part of this chart's package and will not
     # be published independently to a repo (at this point)
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/esr/charts/esr-gui/templates/NOTES.txt b/kubernetes/esr/components/esr-gui/templates/NOTES.txt
index e2b067fde4..e2b067fde4 100644
--- a/kubernetes/esr/charts/esr-gui/templates/NOTES.txt
+++ b/kubernetes/esr/components/esr-gui/templates/NOTES.txt
diff --git a/kubernetes/esr/charts/esr-gui/templates/deployment.yaml b/kubernetes/esr/components/esr-gui/templates/deployment.yaml
index 4dee376dee..74f933572f 100644
--- a/kubernetes/esr/charts/esr-gui/templates/deployment.yaml
+++ b/kubernetes/esr/components/esr-gui/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -48,7 +50,7 @@ spec:
         - /opt/tomcat
         securityContext:
           privileged: true
-        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: create-tomcat-dir
         volumeMounts:
@@ -57,7 +59,7 @@ spec:
 
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
diff --git a/kubernetes/esr/charts/esr-gui/templates/service.yaml b/kubernetes/esr/components/esr-gui/templates/service.yaml
index 7dbbaa21b8..b020257873 100644
--- a/kubernetes/esr/charts/esr-gui/templates/service.yaml
+++ b/kubernetes/esr/components/esr-gui/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/esr/charts/esr-gui/values.yaml b/kubernetes/esr/components/esr-gui/values.yaml
index a191739948..417ace5ab4 100644
--- a/kubernetes/esr/charts/esr-gui/values.yaml
+++ b/kubernetes/esr/components/esr-gui/values.yaml
@@ -23,7 +23,6 @@ global:
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
 image: onap/aai/esr-gui:1.4.0
 pullPolicy: Always
 msbaddr: msb-iag.{{ include "common.namespace" . }}:443
diff --git a/kubernetes/esr/charts/esr-server/Chart.yaml b/kubernetes/esr/components/esr-server/Chart.yaml
index 79c7b9d53e..79c7b9d53e 100644
--- a/kubernetes/esr/charts/esr-server/Chart.yaml
+++ b/kubernetes/esr/components/esr-server/Chart.yaml
diff --git a/kubernetes/policy/charts/pdp/requirements.yaml b/kubernetes/esr/components/esr-server/requirements.yaml
index d3c442d32e..0b77abe706 100644
--- a/kubernetes/policy/charts/pdp/requirements.yaml
+++ b/kubernetes/esr/components/esr-server/requirements.yaml
@@ -20,3 +20,6 @@ dependencies:
     # a part of this chart's package and will not
     # be published independently to a repo (at this point)
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/esr/charts/esr-server/resources/config/log/filebeat/filebeat.yml b/kubernetes/esr/components/esr-server/resources/config/log/filebeat/filebeat.yml
index 1e6b5cd860..a60fb95795 100644
--- a/kubernetes/esr/charts/esr-server/resources/config/log/filebeat/filebeat.yml
+++ b/kubernetes/esr/components/esr-server/resources/config/log/filebeat/filebeat.yml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 filebeat.prospectors:
 #it is mandatory, in our case it's log
 - input_type: log
diff --git a/kubernetes/esr/charts/esr-server/resources/config/logback.xml b/kubernetes/esr/components/esr-server/resources/config/logback.xml
index c647f3d1e1..fcc9f250d9 100644
--- a/kubernetes/esr/charts/esr-server/resources/config/logback.xml
+++ b/kubernetes/esr/components/esr-server/resources/config/logback.xml
@@ -15,35 +15,38 @@
 # limitations under the License.
 -->
 
-<configuration scan="false" debug="true">
-    <property name="p_tim" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}"/>
-    <property name="p_lvl" value="%level"/>
-    <property name="p_log" value="%logger"/>
-    <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
-    <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
-    <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
-    <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
-    <property name="p_thr" value="%thread"/>
-    <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
-
-  <property name="logDir" value="/var/log/onap" />
-  <property name="debugDir" value="/var/log/onap" />
-
-  <property name="componentName" value="esr"></property>
-  <property name="subComponentName" value="esr-server"></property>
+<configuration scan="{{ .Values.log.scan.enabled }}" debug="{{ .Values.log.debug }}">
+
+  <property name="componentName" value='{{default "UNSET_COMPONENT" .Values.log.componentName}}'/>
+  <property name="subcomponentName" value='{{default "UNSET_SUBCOMPONENT" .Values.log.subcomponentName}}'/>
+
+  <property name="logDir" value="{{ .Values.log.logDir }}" />
+  <property name="queueSize" value="{{ .Values.log.queueSize }}"/>
+
+  <property name="p_tim" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}"/>
+  <property name="p_lvl" value="%level"/>
+  <property name="p_log" value="%logger"/>
+  <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
+  <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+  <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+  <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+  <property name="p_thr" value="%thread"/>
+  <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
 
   <property name="errorLogName" value="error" />
   <property name="metricsLogName" value="metrics" />
   <property name="auditLogName" value="audit" />
   <property name="debugLogName" value="debug" />
 
-  <property name="errorPattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
-  <property name="debugPattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}|%X{RequestId}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
-
+  <property name="errorPattern" value="${p_tim}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
+  <property name="debugPattern" value="${p_tim}|%X{RequestId}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
   <property name="auditPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||||||%msg%n" />
   <property name="metricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|||||%msg%n" />
+
   <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
-  <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
+
+  <!-- Console (human-readable) logging -->
+  <property name="consolePattern" value="%nopexception${p_log}\t${p_tim}\t${p_lvl}\t%message\t${p_mdc}\t%rootException\t${p_mak}\t${p_thr}%n"/>
 
   <appender name="EELFAudit"
             class="ch.qos.logback.core.rolling.RollingFileAppender">
@@ -57,7 +60,7 @@
   </appender>
 
   <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
-    <queueSize>256</queueSize>
+    <queueSize>${queueSize}</queueSize>
     <appender-ref ref="EELFAudit" />
   </appender>
 
@@ -73,7 +76,7 @@
   </appender>
 
   <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
-    <queueSize>256</queueSize>
+    <queueSize>${queueSize}</queueSize>
     <appender-ref ref="EELFMetrics"/>
   </appender>
 
@@ -93,16 +96,16 @@
   </appender>
 
   <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
-    <queueSize>256</queueSize>
+    <queueSize>${queueSize}</queueSize>
     <appender-ref ref="EELFError"/>
   </appender>
 
   <appender name="EELFDebug"
             class="ch.qos.logback.core.rolling.RollingFileAppender">
-    <file>${debugLogDirectory}/${debugLogName}.log</file>
+    <file>${logDirectory}/${debugLogName}.log</file>
     <rollingPolicy
             class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-      <fileNamePattern>${debugLogDirectory}/${debugLogName}.log.%d</fileNamePattern>
+      <fileNamePattern>${logDirectory}/${debugLogName}.log.%d</fileNamePattern>
     </rollingPolicy>
     <encoder>
       <pattern>${debugPattern}</pattern>
@@ -110,11 +113,17 @@
   </appender>
 
   <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
-    <queueSize>256</queueSize>
+    <queueSize>${queueSize}</queueSize>
     <appender-ref ref="EELFDebug" />
     <includeCallerData>true</includeCallerData>
   </appender>
 
+  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>${consolePattern}</pattern>
+    </encoder>
+  </appender>
+
   <logger name="com.att.eelf.audit" level="info" additivity="false">
     <appender-ref ref="asyncEELFAudit" />
   </logger>
@@ -127,9 +136,9 @@
     <appender-ref ref="asyncEELFError" />
   </logger>
 
-  <root level="INFO">
+  <root level="{{ .Values.log.root.level }}">
     <appender-ref ref="asyncEELFDebug" />
+    <appender-ref ref="STDOUT" />
   </root>
 
-</configuration>
-
+</configuration>
\ No newline at end of file
diff --git a/kubernetes/esr/charts/esr-server/templates/NOTES.txt b/kubernetes/esr/components/esr-server/templates/NOTES.txt
index 5da4ade3a5..5da4ade3a5 100644
--- a/kubernetes/esr/charts/esr-server/templates/NOTES.txt
+++ b/kubernetes/esr/components/esr-server/templates/NOTES.txt
diff --git a/kubernetes/esr/charts/esr-server/templates/configmap.yaml b/kubernetes/esr/components/esr-server/templates/configmap.yaml
index ddba37e8b3..6861a8bdf0 100644
--- a/kubernetes/esr/charts/esr-server/templates/configmap.yaml
+++ b/kubernetes/esr/components/esr-server/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/esr/charts/esr-server/templates/deployment.yaml b/kubernetes/esr/components/esr-server/templates/deployment.yaml
index 6a98fe6059..03bcaa09d4 100644
--- a/kubernetes/esr/charts/esr-server/templates/deployment.yaml
+++ b/kubernetes/esr/components/esr-server/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -48,7 +50,7 @@ spec:
         - /opt/conf
         securityContext:
           privileged: true
-        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: create-conf-dir
         volumeMounts:
@@ -57,7 +59,7 @@ spec:
 
       containers:
         - name: {{ .Chart.Name }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
@@ -101,7 +103,7 @@ spec:
           securityContext:
             runAsUser: 1000
             runAsGroup: 1000
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-filebeat-conf
diff --git a/kubernetes/esr/charts/esr-server/templates/service.yaml b/kubernetes/esr/components/esr-server/templates/service.yaml
index f7413734a5..9fb6e93a7b 100644
--- a/kubernetes/esr/charts/esr-server/templates/service.yaml
+++ b/kubernetes/esr/components/esr-server/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
@@ -50,4 +52,4 @@ spec:
     {{- end}}
   selector:
     app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
\ No newline at end of file
+    release: {{ include "common.release" . }}
diff --git a/kubernetes/esr/charts/esr-server/values.yaml b/kubernetes/esr/components/esr-server/values.yaml
index f3f4f88ebf..a3fb6862a6 100644
--- a/kubernetes/esr/charts/esr-server/values.yaml
+++ b/kubernetes/esr/components/esr-server/values.yaml
@@ -17,16 +17,11 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
 
 subChartsOnly:
   enabled: true
 
 # application image
-repository: nexus3.onap.org:10001
 image: onap/aai/esr-server:1.5.2
 pullPolicy: Always
 msbaddr: msb-iag.{{ include "common.namespace" . }}:443
@@ -65,6 +60,17 @@ service:
 ingress:
   enabled: false
 
+log:
+  componentName: esr
+  subcomponentName: esr-server
+  debug: true
+  scan:
+    enabled: false
+  logDir: /var/log/onap
+  queueSize: 256
+  root:
+    level: INFO
+
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little
diff --git a/kubernetes/esr/requirements.yaml b/kubernetes/esr/requirements.yaml
index d3c442d32e..8c2a82dedc 100644
--- a/kubernetes/esr/requirements.yaml
+++ b/kubernetes/esr/requirements.yaml
@@ -14,9 +14,10 @@
 # limitations under the License.
 
 dependencies:
-  - name: common
+  - name: esr-gui
     version: ~6.x-0
-    # local reference to common chart, as it is
-    # a part of this chart's package and will not
-    # be published independently to a repo (at this point)
-    repository: '@local'
+    repository: 'file://components/esr-gui'
+    condition: esr-gui.enabled
+  - name: esr-server
+    version: ~6.x-0
+    repository: 'file://components/esr-server'
diff --git a/kubernetes/esr/resources/config/log/esrserver/logback.xml b/kubernetes/esr/resources/config/log/esrserver/logback.xml
deleted file mode 100644
index b9a51f1d0a..0000000000
--- a/kubernetes/esr/resources/config/log/esrserver/logback.xml
+++ /dev/null
@@ -1,44 +0,0 @@
-<?xml version = "1.0" encoding = "UTF-8" ?>
-<!--
-# Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
--->
-
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration debug="true" scan="true" scanPeriod="3 seconds">
-   <!--<jmxConfigurator /> -->
-   <!--  specify the base path of the log directory -->
-   <property name="logDir" value="/var/log/onap" />
-   <!--  specify the component name -->
-   <property name="componentName" value="esr" />
-   <!-- specify the sub component name -->
-   <property name="subComponentName" value="xacml-pap-rest" />
-   <!-- The directories where logs are written -->
-   <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
-   <property name="pattern" value="%d{&amp;quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&amp;quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
-   <!--  log file names -->
-   <property name="errorLogName" value="error" />
-   <property name="metricsLogName" value="metrics" />
-   <property name="auditLogName" value="audit" />
-   <property name="debugLogName" value="debug" />
-   <property name="queueSize" value="256" />
-   <property name="maxFileSize" value="50MB" />
-   <property name="maxHistory" value="30" />
-   <property name="totalSizeCap" value="10GB" />
-   <!-- Example evaluator filter applied against console appender -->
-   <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT">
-      <encoder>
-         <pattern>${pattern}</pattern>
-      </encoder>
-   </appender>
diff --git a/kubernetes/esr/values.yaml b/kubernetes/esr/values.yaml
index bd123583c6..5b2f776dfe 100644
--- a/kubernetes/esr/values.yaml
+++ b/kubernetes/esr/values.yaml
@@ -16,11 +16,11 @@
 #################################################################
 # Global configuration defaults.
 #################################################################
-global:
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
 
 # application configuration
 config:
   logstashServiceName: log-ls
-  logstashPort: 5044
\ No newline at end of file
+  logstashPort: 5044
+
+esr-gui:
+  enabled: true
\ No newline at end of file
diff --git a/kubernetes/helm/plugins/deploy/deploy.sh b/kubernetes/helm/plugins/deploy/deploy.sh
index bb98a3b95e..40338b9485 100755
--- a/kubernetes/helm/plugins/deploy/deploy.sh
+++ b/kubernetes/helm/plugins/deploy/deploy.sh
@@ -98,7 +98,12 @@ deploy() {
   FLAGS=${@:3}
   CHART_REPO="$(cut -d'/' -f1 <<<"$CHART_URL")"
   CHART_NAME="$(cut -d'/' -f2 <<<"$CHART_URL")"
-  CACHE_DIR=~/.helm/plugins/deploy/cache
+  if [[ $HELM_VER == "v3."* ]]; then
+    CACHE_DIR=~/.local/share/helm/plugins/deploy/cache
+  else
+    CACHE_DIR=~/.helm/plugins/deploy/cache
+  fi
+  echo "Use cache dir: $CACHE_DIR"
   CHART_DIR=$CACHE_DIR/$CHART_NAME
   CACHE_SUBCHART_DIR=$CHART_DIR-subcharts
   LOG_DIR=$CHART_DIR/logs
@@ -114,7 +119,7 @@ deploy() {
   if [[ $FLAGS = *"--delay"* ]]; then
     FLAGS="$(echo $FLAGS| sed -n 's/--delay//p')"
     DELAY="true"
-  fi	
+  fi
   # determine if set-last-applied flag is enabled
   SET_LAST_APPLIED="false"
   if [[ $FLAGS = *"--set-last-applied"* ]]; then
@@ -246,12 +251,16 @@ deploy() {
 	  if [[ $DELAY == "true" ]]; then
 		echo sleep 3m
 		sleep 3m
-	  fi						  
+	  fi
     else
       array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}"))
       n=${#array[*]}
       for (( i = n-1; i >= 0; i-- )); do
-        helm del "${array[i]}" --purge
+        if [[ $HELM_VER == "v3."* ]]; then
+          helm del "${array[i]}" 
+        else
+          helm del "${array[i]}" --purge
+        fi
       done
     fi
   done
@@ -259,6 +268,8 @@ deploy() {
   # report on success/failures of installs/upgrades
   helm ls | grep FAILED | grep $RELEASE
 }
+HELM_VER=$(helm version --template "{{.Version}}")
+echo $HELM_VER
 
 case "${1:-"help"}" in
   "help")
diff --git a/kubernetes/helm/starters/onap-app/requirements.yaml b/kubernetes/helm/starters/onap-app/requirements.yaml
index 6a61926e9e..b8e59b0910 100644
--- a/kubernetes/helm/starters/onap-app/requirements.yaml
+++ b/kubernetes/helm/starters/onap-app/requirements.yaml
@@ -15,4 +15,7 @@
 dependencies:
   - name: common
     version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
     repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/helm/starters/onap-app/templates/deployment.yaml b/kubernetes/helm/starters/onap-app/templates/deployment.yaml
index c3979dc272..fc76c1ff6d 100644
--- a/kubernetes/helm/starters/onap-app/templates/deployment.yaml
+++ b/kubernetes/helm/starters/onap-app/templates/deployment.yaml
@@ -33,7 +33,7 @@ spec:
       initContainers:
 #Example init container for dependency checking
 #      - command:
-#        - /root/ready.py
+#        - /app/ready.py
 #        args:
 #        - --container-name
 #        - mariadb
@@ -43,12 +43,12 @@ spec:
 #            fieldRef:
 #              apiVersion: v1
 #              fieldPath: metadata.namespace
-#        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+#        image: {{ include "repositoryGenerator.image.readiness" . }}
 #        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 #        name: {{ include "common.name" . }}-readiness
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
diff --git a/kubernetes/helm/starters/onap-app/values.yaml b/kubernetes/helm/starters/onap-app/values.yaml
index 6c119b9bcd..702bfb2a73 100644
--- a/kubernetes/helm/starters/onap-app/values.yaml
+++ b/kubernetes/helm/starters/onap-app/values.yaml
@@ -17,17 +17,11 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  repository: nexus3.onap.org:10001
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
 image: <onap-app>:<1.2-STAGING-latest>
 pullPolicy: Always
 
diff --git a/kubernetes/log/Makefile b/kubernetes/log/Makefile
new file mode 100644
index 0000000000..89b2f465ec
--- /dev/null
+++ b/kubernetes/log/Makefile
@@ -0,0 +1,56 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+	@if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/log/charts/log-kibana/requirements.yaml b/kubernetes/log/charts/log-kibana/requirements.yaml
deleted file mode 100644
index caff1e5dc4..0000000000
--- a/kubernetes/log/charts/log-kibana/requirements.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
-  - name: common
-    version: ~6.x-0
-    repository: '@local'
diff --git a/kubernetes/log/charts/log-logstash/requirements.yaml b/kubernetes/log/charts/log-logstash/requirements.yaml
deleted file mode 100644
index caff1e5dc4..0000000000
--- a/kubernetes/log/charts/log-logstash/requirements.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
-  - name: common
-    version: ~6.x-0
-    repository: '@local'
diff --git a/kubernetes/log/components/Makefile b/kubernetes/log/components/Makefile
new file mode 100644
index 0000000000..d62cb0b700
--- /dev/null
+++ b/kubernetes/log/components/Makefile
@@ -0,0 +1,56 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+	@if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/log/charts/log-elasticsearch/Chart.yaml b/kubernetes/log/components/log-elasticsearch/Chart.yaml
index 66b0257e35..66b0257e35 100644
--- a/kubernetes/log/charts/log-elasticsearch/Chart.yaml
+++ b/kubernetes/log/components/log-elasticsearch/Chart.yaml
diff --git a/kubernetes/clamp/charts/clamp-dash-es/requirements.yaml b/kubernetes/log/components/log-elasticsearch/requirements.yaml
index caff1e5dc4..bdc19209e7 100644
--- a/kubernetes/clamp/charts/clamp-dash-es/requirements.yaml
+++ b/kubernetes/log/components/log-elasticsearch/requirements.yaml
@@ -17,3 +17,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/log/charts/log-elasticsearch/resources/config/elasticsearch.yml b/kubernetes/log/components/log-elasticsearch/resources/config/elasticsearch.yml
index d39fc97e0d..d39fc97e0d 100644
--- a/kubernetes/log/charts/log-elasticsearch/resources/config/elasticsearch.yml
+++ b/kubernetes/log/components/log-elasticsearch/resources/config/elasticsearch.yml
diff --git a/kubernetes/log/charts/log-elasticsearch/templates/NOTES.txt b/kubernetes/log/components/log-elasticsearch/templates/NOTES.txt
index ab908cd309..ab908cd309 100644
--- a/kubernetes/log/charts/log-elasticsearch/templates/NOTES.txt
+++ b/kubernetes/log/components/log-elasticsearch/templates/NOTES.txt
diff --git a/kubernetes/log/charts/log-elasticsearch/templates/configmap.yaml b/kubernetes/log/components/log-elasticsearch/templates/configmap.yaml
index 20ff6f27c2..fe0349ede9 100644
--- a/kubernetes/log/charts/log-elasticsearch/templates/configmap.yaml
+++ b/kubernetes/log/components/log-elasticsearch/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/log/charts/log-elasticsearch/templates/deployment.yaml b/kubernetes/log/components/log-elasticsearch/templates/deployment.yaml
index 2f9854fa34..6a0e6d2e3d 100644
--- a/kubernetes/log/charts/log-elasticsearch/templates/deployment.yaml
+++ b/kubernetes/log/components/log-elasticsearch/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,8 +13,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "common.fullname" . }}
@@ -49,7 +51,7 @@ spec:
               fieldPath: metadata.namespace
         securityContext:
           privileged: true
-        image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }}
+        image: {{ include "repositoryGenerator.image.busybox" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: init-sysctl
         volumeMounts:
@@ -57,7 +59,7 @@ spec:
           mountPath: /logroot/
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.elasticRepository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           resources:
 {{ include "common.resources" . | indent 12 }}
diff --git a/kubernetes/dcaegen2/components/dcae-redis/templates/ingress.yaml b/kubernetes/log/components/log-elasticsearch/templates/ingress.yaml
index 8f87c68f1e..8f87c68f1e 100644
--- a/kubernetes/dcaegen2/components/dcae-redis/templates/ingress.yaml
+++ b/kubernetes/log/components/log-elasticsearch/templates/ingress.yaml
diff --git a/kubernetes/log/charts/log-elasticsearch/templates/pv.yaml b/kubernetes/log/components/log-elasticsearch/templates/pv.yaml
index 9d4093db11..9d4093db11 100644
--- a/kubernetes/log/charts/log-elasticsearch/templates/pv.yaml
+++ b/kubernetes/log/components/log-elasticsearch/templates/pv.yaml
diff --git a/kubernetes/log/charts/log-elasticsearch/templates/pvc.yaml b/kubernetes/log/components/log-elasticsearch/templates/pvc.yaml
index 6ae4eea0d3..6ae4eea0d3 100644
--- a/kubernetes/log/charts/log-elasticsearch/templates/pvc.yaml
+++ b/kubernetes/log/components/log-elasticsearch/templates/pvc.yaml
diff --git a/kubernetes/log/charts/log-elasticsearch/templates/service.yaml b/kubernetes/log/components/log-elasticsearch/templates/service.yaml
index d02f535958..7736f0c9d7 100644
--- a/kubernetes/log/charts/log-elasticsearch/templates/service.yaml
+++ b/kubernetes/log/components/log-elasticsearch/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/log/charts/log-elasticsearch/values.yaml b/kubernetes/log/components/log-elasticsearch/values.yaml
index d43a66afe1..7919a0948e 100644
--- a/kubernetes/log/charts/log-elasticsearch/values.yaml
+++ b/kubernetes/log/components/log-elasticsearch/values.yaml
@@ -24,12 +24,7 @@ global:
 # Application configuration defaults.
 #################################################################
 
-# BusyBox image
-busyboxRepository: registry.hub.docker.com
-busyboxImage: library/busybox:latest
-
 # application image
-loggingRepository: docker.elastic.co
 image: elasticsearch/elasticsearch:5.5.0
 pullPolicy: Always
 
diff --git a/kubernetes/log/charts/log-kibana/Chart.yaml b/kubernetes/log/components/log-kibana/Chart.yaml
index 8f5d973177..8f5d973177 100644
--- a/kubernetes/log/charts/log-kibana/Chart.yaml
+++ b/kubernetes/log/components/log-kibana/Chart.yaml
diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/requirements.yaml b/kubernetes/log/components/log-kibana/requirements.yaml
index caff1e5dc4..bdc19209e7 100644
--- a/kubernetes/clamp/charts/clamp-dash-logstash/requirements.yaml
+++ b/kubernetes/log/components/log-kibana/requirements.yaml
@@ -17,3 +17,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/log/charts/log-kibana/resources/config/README.txt b/kubernetes/log/components/log-kibana/resources/config/README.txt
index 2863c1d5e5..2863c1d5e5 100644
--- a/kubernetes/log/charts/log-kibana/resources/config/README.txt
+++ b/kubernetes/log/components/log-kibana/resources/config/README.txt
diff --git a/kubernetes/log/charts/log-kibana/resources/config/kibana-onboarding.json b/kubernetes/log/components/log-kibana/resources/config/kibana-onboarding.json
index e69de29bb2..e69de29bb2 100644
--- a/kubernetes/log/charts/log-kibana/resources/config/kibana-onboarding.json
+++ b/kubernetes/log/components/log-kibana/resources/config/kibana-onboarding.json
diff --git a/kubernetes/log/charts/log-kibana/resources/config/kibana.yml b/kubernetes/log/components/log-kibana/resources/config/kibana.yml
index c086cf8452..377f3c7b65 100644
--- a/kubernetes/log/charts/log-kibana/resources/config/kibana.yml
+++ b/kubernetes/log/components/log-kibana/resources/config/kibana.yml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 xpack.graph.enabled: false
 #Set to false to disable X-Pack graph features.
 xpack.ml.enabled: false
diff --git a/kubernetes/log/charts/log-kibana/templates/NOTES.txt b/kubernetes/log/components/log-kibana/templates/NOTES.txt
index f115eb6f23..f115eb6f23 100644
--- a/kubernetes/log/charts/log-kibana/templates/NOTES.txt
+++ b/kubernetes/log/components/log-kibana/templates/NOTES.txt
diff --git a/kubernetes/log/charts/log-logstash/templates/configmap.yaml b/kubernetes/log/components/log-kibana/templates/configmap.yaml
index 4278a6e6d3..3e98246df1 100644
--- a/kubernetes/log/charts/log-logstash/templates/configmap.yaml
+++ b/kubernetes/log/components/log-kibana/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/log/charts/log-kibana/templates/deployment.yaml b/kubernetes/log/components/log-kibana/templates/deployment.yaml
index 89fc5ce881..a1824d2509 100644
--- a/kubernetes/log/charts/log-kibana/templates/deployment.yaml
+++ b/kubernetes/log/components/log-kibana/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,8 +13,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "common.fullname" . }}
@@ -33,7 +35,7 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - log-elasticsearch
@@ -43,7 +45,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       - args:
@@ -55,7 +57,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.elasticdumpRepository }}/{{ .Values.elasticdumpImage }}"
+        image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.elasticdumpImage }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-elasticdump
         volumeMounts:
@@ -64,7 +66,7 @@ spec:
             subPath: kibana-onboarding.json
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.elasticRepository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           resources:
 {{ include "common.resources" . | indent 12 }}
diff --git a/kubernetes/log/charts/log-elasticsearch/templates/ingress.yaml b/kubernetes/log/components/log-kibana/templates/ingress.yaml
index 8f87c68f1e..8f87c68f1e 100644
--- a/kubernetes/log/charts/log-elasticsearch/templates/ingress.yaml
+++ b/kubernetes/log/components/log-kibana/templates/ingress.yaml
diff --git a/kubernetes/log/charts/log-kibana/templates/service.yaml b/kubernetes/log/components/log-kibana/templates/service.yaml
index 397ecdb2af..c53dc03368 100644
--- a/kubernetes/log/charts/log-kibana/templates/service.yaml
+++ b/kubernetes/log/components/log-kibana/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/log/charts/log-kibana/values.yaml b/kubernetes/log/components/log-kibana/values.yaml
index 8d4b49e20f..767ea6ae99 100644
--- a/kubernetes/log/charts/log-kibana/values.yaml
+++ b/kubernetes/log/components/log-kibana/values.yaml
@@ -18,8 +18,6 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
   persistence: {}
 
 #################################################################
@@ -27,15 +25,9 @@ global:
 #################################################################
 
 # Elasticdump image
-elasticdumpRepository: docker.io
 elasticdumpImage: taskrabbit/elasticsearch-dump
 
-# BusyBox image
-busyboxRepository: registry.hub.docker.com
-busyboxImage: library/busybox:latest
-
 # application image
-loggingRepository: docker.elastic.co
 image: kibana/kibana:5.5.0
 pullPolicy: Always
 
diff --git a/kubernetes/log/charts/log-logstash/Chart.yaml b/kubernetes/log/components/log-logstash/Chart.yaml
index 8349548f86..8349548f86 100644
--- a/kubernetes/log/charts/log-logstash/Chart.yaml
+++ b/kubernetes/log/components/log-logstash/Chart.yaml
diff --git a/kubernetes/log/components/log-logstash/requirements.yaml b/kubernetes/log/components/log-logstash/requirements.yaml
new file mode 100644
index 0000000000..bdc19209e7
--- /dev/null
+++ b/kubernetes/log/components/log-logstash/requirements.yaml
@@ -0,0 +1,22 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/log/charts/log-logstash/resources/config/logstash.yml b/kubernetes/log/components/log-logstash/resources/config/logstash.yml
index d19656dfb3..7c3bd8f851 100644
--- a/kubernetes/log/charts/log-logstash/resources/config/logstash.yml
+++ b/kubernetes/log/components/log-logstash/resources/config/logstash.yml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 http.host: "0.0.0.0"
 pipeline.workers: 3
 ## Path where pipeline configurations reside
diff --git a/kubernetes/log/charts/log-logstash/resources/config/onap-pipeline.conf b/kubernetes/log/components/log-logstash/resources/config/onap-pipeline.conf
index ae86385e2e..d6b0696b81 100644
--- a/kubernetes/log/charts/log-logstash/resources/config/onap-pipeline.conf
+++ b/kubernetes/log/components/log-logstash/resources/config/onap-pipeline.conf
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 input {
  beats {
 
diff --git a/kubernetes/log/charts/log-logstash/templates/NOTES.txt b/kubernetes/log/components/log-logstash/templates/NOTES.txt
index f115eb6f23..f115eb6f23 100644
--- a/kubernetes/log/charts/log-logstash/templates/NOTES.txt
+++ b/kubernetes/log/components/log-logstash/templates/NOTES.txt
diff --git a/kubernetes/log/charts/log-kibana/templates/configmap.yaml b/kubernetes/log/components/log-logstash/templates/configmap.yaml
index 4278a6e6d3..3e98246df1 100644
--- a/kubernetes/log/charts/log-kibana/templates/configmap.yaml
+++ b/kubernetes/log/components/log-logstash/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/log/charts/log-logstash/templates/deployment.yaml b/kubernetes/log/components/log-logstash/templates/deployment.yaml
index 156037bd29..566c7a3b10 100644
--- a/kubernetes/log/charts/log-logstash/templates/deployment.yaml
+++ b/kubernetes/log/components/log-logstash/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,8 +13,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "common.fullname" . }}
@@ -33,7 +35,7 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - log-elasticsearch
@@ -43,12 +45,12 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ .Values.global.loggingRepository| default .Values.loggingRepository }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.elasticRepository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           resources:
 {{ include "common.resources" . | indent 12 }}
diff --git a/kubernetes/log/charts/log-kibana/templates/ingress.yaml b/kubernetes/log/components/log-logstash/templates/ingress.yaml
index 8f87c68f1e..8f87c68f1e 100644
--- a/kubernetes/log/charts/log-kibana/templates/ingress.yaml
+++ b/kubernetes/log/components/log-logstash/templates/ingress.yaml
diff --git a/kubernetes/log/charts/log-logstash/templates/service.yaml b/kubernetes/log/components/log-logstash/templates/service.yaml
index d02f535958..7736f0c9d7 100644
--- a/kubernetes/log/charts/log-logstash/templates/service.yaml
+++ b/kubernetes/log/components/log-logstash/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/log/charts/log-logstash/values.yaml b/kubernetes/log/components/log-logstash/values.yaml
index a6e6c966ab..7a0674cdf5 100644
--- a/kubernetes/log/charts/log-logstash/values.yaml
+++ b/kubernetes/log/components/log-logstash/values.yaml
@@ -18,8 +18,6 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
   persistence: {}
 
 #################################################################
@@ -27,7 +25,6 @@ global:
 #################################################################
 
 # application image
-loggingRepository: docker.elastic.co
 image: logstash/logstash:5.4.3
 pullPolicy: Always
 
diff --git a/kubernetes/log/requirements.yaml b/kubernetes/log/requirements.yaml
index a7089ea6b3..ae81fc8441 100644
--- a/kubernetes/log/requirements.yaml
+++ b/kubernetes/log/requirements.yaml
@@ -16,3 +16,16 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
+  - name: log-elasticsearch
+    version: ~6.x-0
+    repository: 'file://components/log-elasticsearch'
+  - name: log-kibana
+    version: ~6.x-0
+    repository: 'file://components/log-kibana'
+  - name: log-logstash
+    version: ~6.x-0
+    repository: 'file://components/log-logstash'
+
diff --git a/kubernetes/log/values.yaml b/kubernetes/log/values.yaml
index 817baa476d..ddcf5235cd 100644
--- a/kubernetes/log/values.yaml
+++ b/kubernetes/log/values.yaml
@@ -18,4 +18,3 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
diff --git a/kubernetes/modeling/Makefile b/kubernetes/modeling/Makefile
index 82f7cf43d0..4c79718d02 100644
--- a/kubernetes/modeling/Makefile
+++ b/kubernetes/modeling/Makefile
@@ -1,4 +1,4 @@
-# Copyright © 2020 Samsung Electrinics
+# Copyright © 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,10 +12,40 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-make-modeling: make-modeling-etsicatalog
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
 
-make-modeling-etsicatalog:
-	cd charts && helm dep up modeling-etsicatalog && helm lint modeling-etsicatalog
 clean:
-	@find . -type f -name '*.tgz' -delete
-	@find . -type f -name '*.lock' -delete
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/modeling/components/Makefile b/kubernetes/modeling/components/Makefile
new file mode 100644
index 0000000000..bf267b7720
--- /dev/null
+++ b/kubernetes/modeling/components/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/esr/charts/esr-gui/.helmignore b/kubernetes/modeling/components/modeling-etsicatalog/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/esr/charts/esr-gui/.helmignore
+++ b/kubernetes/modeling/components/modeling-etsicatalog/.helmignore
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/Chart.yaml b/kubernetes/modeling/components/modeling-etsicatalog/Chart.yaml
index c167da1770..c167da1770 100644
--- a/kubernetes/modeling/charts/modeling-etsicatalog/Chart.yaml
+++ b/kubernetes/modeling/components/modeling-etsicatalog/Chart.yaml
diff --git a/kubernetes/modeling/components/modeling-etsicatalog/requirements.yaml b/kubernetes/modeling/components/modeling-etsicatalog/requirements.yaml
new file mode 100644
index 0000000000..cadf452100
--- /dev/null
+++ b/kubernetes/modeling/components/modeling-etsicatalog/requirements.yaml
@@ -0,0 +1,32 @@
+# Copyright © 2020 Samung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: mariadb-galera
+    version: ~6.x-0
+    repository: '@local'
+    condition: global.mariadbGalera.localCluster
+  - name: mariadb-init
+    version: ~6.x-0
+    repository: '@local'
+    condition: not global.mariadbGalera.localCluster
+  - name: readinessCheck
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/modeling/resources/config/logging/filebeat/filebeat.yml b/kubernetes/modeling/components/modeling-etsicatalog/resources/config/logging/filebeat/filebeat.yml
index 0bc14ea908..0bc14ea908 100644
--- a/kubernetes/modeling/resources/config/logging/filebeat/filebeat.yml
+++ b/kubernetes/modeling/components/modeling-etsicatalog/resources/config/logging/filebeat/filebeat.yml
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/resources/config/logging/log.yml b/kubernetes/modeling/components/modeling-etsicatalog/resources/config/logging/server/log.yml
index 5ac5fefe92..5ac5fefe92 100644
--- a/kubernetes/modeling/charts/modeling-etsicatalog/resources/config/logging/log.yml
+++ b/kubernetes/modeling/components/modeling-etsicatalog/resources/config/logging/server/log.yml
diff --git a/kubernetes/policy/charts/pdp/templates/configmap.yaml b/kubernetes/modeling/components/modeling-etsicatalog/templates/configmap.yaml
index 79c4d38c68..1a2112bbe2 100644
--- a/kubernetes/policy/charts/pdp/templates/configmap.yaml
+++ b/kubernetes/modeling/components/modeling-etsicatalog/templates/configmap.yaml
@@ -1,5 +1,5 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,19 +12,20 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ include "common.fullname" . }}-log-configmap
+  name: {{ include "common.fullname" . }}-logging-configmap
   namespace: {{ include "common.namespace" . }}
 data:
-{{ tpl (.Files.Glob "resources/config/log/xacml-pdp-rest/logback.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/logging/server/*").AsConfig . | indent 2 }}
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ include "common.fullname" . }}-pe-configmap
+  name: {{ include "common.fullname" . }}-modeling-filebeat-configmap
   namespace: {{ include "common.namespace" . }}
 data:
-{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/logging/filebeat/*").AsConfig . | indent 2 }}
\ No newline at end of file
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml b/kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml
index d3ca0416dc..1a303ff7aa 100644
--- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml
+++ b/kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -37,24 +39,25 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
-        - --container-name
-        - modeling-mariadb
+        - -j
+        - "{{ include "common.release" . }}-{{ include "common.name" . }}-config-job"
         env:
         - name: NAMESPACE
           valueFrom:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-readiness
+        name: {{ include "common.name" . }}-job-readiness
+      {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for.msb ) | indent 6 | trim }}
       - command:
         - /bin/sh
         - -c
         - chown -R 1000:1000 /service/modeling/etsicatalog/static
-        image: "{{ include "common.repository" . }}/{{ .Values.initImage }}"
+        image: {{ include "repositoryGenerator.image.busybox" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-init
         volumeMounts:
@@ -62,12 +65,7 @@ spec:
           mountPath: /service/modeling/etsicatalog/static
       containers:
         - name: {{ include "common.name" . }}
-          command:
-            - bash
-          args:
-            - -c
-            - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
@@ -86,16 +84,26 @@ spec:
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           env:
-          - name: MSB_PROTO
-            value: "{{ .Values.global.config.msbProtocol }}"
           - name: SSL_ENABLED
-            value: "{{ .Values.global.config.ssl_enabled }}"
+            value: "{{ .Values.config.ssl_enabled }}"
+          - name: MSB_ENABLED
+            value: "{{ .Values.config.msb_enabled }}"
           - name: MSB_ADDR
-            value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
-          - name: MYSQL_ADDR
-            value: {{ (index .Values "mariadb-galera" "service" "name") }}:{{ (index .Values "mariadb-galera" "service" "internalPort") }}
-          - name: MYSQL_ROOT_PASSWORD
-            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12}}
+            value: "{{ .Values.config.msbProtocol }}://{{ .Values.config.msbServiceName }}:{{ .Values.config.msbPort }}"
+          - name: SDC_ADDR
+            value: "{{ .Values.config.sdcProtocol }}://{{ .Values.config.sdcServiceName }}:{{ .Values.config.sdcPort }}"
+          - name: DMAAP_ENABLED
+            value: "{{ .Values.config.dmaap_enabled }}"
+          - name: DMAAP_ADDR
+            value: "{{ .Values.config.dmaapProtocol }}://{{ .Values.config.dmaapServiceName }}:{{ .Values.config.dmaapPort }}"
+          - name: DB_IP
+            value: "{{ include "common.mariadbService" . }}"
+          - name: DB_PORT
+            value: "{{ include "common.mariadbPort" . }}"
+          - name: DB_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-db-secret" "key" "login") | indent 12 }}
+          - name: DB_PASSWD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-db-secret" "key" "password") | indent 12 }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-etsicatalog
             mountPath: /service/modeling/etsicatalog/static
@@ -120,7 +128,7 @@ spec:
 
         # side car containers
         - name: {{ include "common.name" . }}-filebeat-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-filebeat-conf
@@ -150,7 +158,7 @@ spec:
 
         - name: {{ include "common.fullname" . }}-filebeat-conf
           configMap:
-            name: {{ include "common.release" . }}-modeling-filebeat-configmap
+            name: {{ include "common.fullname" . }}-modeling-filebeat-configmap
         - name: {{ include "common.fullname" . }}-data-filebeat
           emptyDir: {}
       imagePullSecrets:
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/pv.yaml b/kubernetes/modeling/components/modeling-etsicatalog/templates/pv.yaml
index d672025068..d672025068 100644
--- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/pv.yaml
+++ b/kubernetes/modeling/components/modeling-etsicatalog/templates/pv.yaml
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/pvc.yaml b/kubernetes/modeling/components/modeling-etsicatalog/templates/pvc.yaml
index e04a0b3ed3..e04a0b3ed3 100644
--- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/pvc.yaml
+++ b/kubernetes/modeling/components/modeling-etsicatalog/templates/pvc.yaml
diff --git a/kubernetes/modeling/components/modeling-etsicatalog/templates/secrets.yaml b/kubernetes/modeling/components/modeling-etsicatalog/templates/secrets.yaml
new file mode 100644
index 0000000000..8bfebf1679
--- /dev/null
+++ b/kubernetes/modeling/components/modeling-etsicatalog/templates/secrets.yaml
@@ -0,0 +1,16 @@
+{{/*# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml b/kubernetes/modeling/components/modeling-etsicatalog/templates/service.yaml
index 61aefa570c..f424cc644e 100644
--- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml
+++ b/kubernetes/modeling/components/modeling-etsicatalog/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
@@ -30,7 +32,7 @@ metadata:
           "url": "/api/parser/v1",
           "protocol": "REST",
           "port": "{{.Values.service.externalPort}}",
-          "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+          "enable_ssl": {{ .Values.config.ssl_enabled }},
           "visualRange":"1"
       },
       {
@@ -39,7 +41,7 @@ metadata:
           "url": "/api/catalog/v1",
           "protocol": "REST",
           "port": "{{.Values.service.externalPort}}",
-          "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+          "enable_ssl": {{ .Values.config.ssl_enabled }},
           "visualRange":"1"
       },
 	  {
@@ -48,7 +50,7 @@ metadata:
           "url": "/api/nsd/v1",
           "protocol": "REST",
           "port": "{{.Values.service.externalPort}}",
-          "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+          "enable_ssl": {{ .Values.config.ssl_enabled }},
           "visualRange":"1"
       },
 	  {
@@ -57,7 +59,7 @@ metadata:
           "url": "/api/vnfpkgm/v1",
           "protocol": "REST",
           "port": "{{.Values.service.externalPort}}",
-          "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+          "enable_ssl": {{ .Values.config.ssl_enabled }},
           "visualRange":"1"
       }
       ]'
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml
index 01747957e3..6c1cae2687 100644
--- a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml
+++ b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml
@@ -17,34 +17,44 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-
-  config:
-    ssl_enabled: false
-    msbProtocol: https
-    msbServiceName: msb-iag
-    msbPort: 443
 
   persistence:
     mountPath: /dockerdata-nfs
 
+  mariadbGalera:
+    #This flag allows Modeling to instantiate its own mariadb-galera cluster
+    localCluster: false
+    service: mariadb-galera
+    internalPort: 3306
+    nameOverride: mariadb-galera
+
+readinessCheck:
+  wait_for:
+    msb:
+      name: msb
+      containers:
+          - msb-iag
+
 #################################################################
 # Secrets metaconfig
 #################################################################
 secrets:
-  - uid: "db-root-pass"
-    externalSecret: '{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}'
-    type: password
+  - uid: modeling-db-secret
+    name: &dbSecretName '{{ include "common.release" . }}-modeling-db-secret'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+    login: '{{ .Values.config.db.userName }}'
+    password: '{{ .Values.config.db.userPassword }}'
 
 #################################################################
 # Dependencies configuration
 #################################################################
 
 mariadb-galera:
-  nameOverride: modeling-mariadb
+  config: &mariadbConfig
+    userCredentialsExternalSecret: *dbSecretName
+    mysqlDatabase: etsicatalog
+  nameOverride: modeling-db
   service:
     name: modeling-db
     portName: modeling-db
@@ -55,15 +65,39 @@ mariadb-galera:
     enabled: true
   disableNfsProvisioner: true
 
+mariadb-init:
+  config: *mariadbConfig
+  # nameOverride should be the same with common.name
+  nameOverride: modeling-etsicatalog
+
 #################################################################
 # Application configuration defaults.
 #################################################################
+config:
+  #application configuration about  msb
+  ssl_enabled: false
+  msb_enabled: false
+  msbProtocol: https
+  msbServiceName: msb-iag
+  msbPort: 443
+  sdcProtocol: https
+  sdcServiceName: sdc-be
+  sdcPort: 8443
+  dmaap_enabled: false
+  dmaapProtocol: https
+  dmaapServiceName: message-router-external
+  dmaapPort: 3905
+
+  #application configuration user password about mariadb
+  db:
+    userName: etsicatalog
+    # userPassword: password
+    # userCredentialsExternalSecret: some-secret
+
 # application image
 flavor: small
 
-repository: nexus3.onap.org:10001
-image: onap/modeling/etsicatalog:1.0.6
-initImage: busybox:latest
+image: onap/modeling/etsicatalog:1.0.9
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/modeling/requirements.yaml b/kubernetes/modeling/requirements.yaml
index f99477141f..ada1ded2c4 100644
--- a/kubernetes/modeling/requirements.yaml
+++ b/kubernetes/modeling/requirements.yaml
@@ -13,6 +13,6 @@
 # limitations under the License.
 
 dependencies:
-  - name: common
+  - name: modeling-etsicatalog
     version: ~6.x-0
-    repository: '@local'
+    repository: 'file://components/modeling-etsicatalog'
diff --git a/kubernetes/modeling/templates/configmap.yaml b/kubernetes/modeling/templates/configmap.yaml
deleted file mode 100644
index 02d5d9639c..0000000000
--- a/kubernetes/modeling/templates/configmap.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.release" . }}-modeling-filebeat-configmap
-  namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/filebeat/*").AsConfig . | indent 2 }}
\ No newline at end of file
diff --git a/kubernetes/msb/charts/kube2msb/templates/deployment.yaml b/kubernetes/msb/charts/kube2msb/templates/deployment.yaml
index 71e709f5e5..3d0dcd63ba 100644
--- a/kubernetes/msb/charts/kube2msb/templates/deployment.yaml
+++ b/kubernetes/msb/charts/kube2msb/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -37,7 +39,7 @@ spec:
       serviceAccountName: msb
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - msb-discovery
@@ -47,7 +49,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       containers:
diff --git a/kubernetes/msb/charts/kube2msb/values.yaml b/kubernetes/msb/charts/kube2msb/values.yaml
index 556931d07e..3c67227873 100644
--- a/kubernetes/msb/charts/kube2msb/values.yaml
+++ b/kubernetes/msb/charts/kube2msb/values.yaml
@@ -16,8 +16,7 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
+  readinessImage: onap/oom/readiness:3.0.1
 
 #################################################################
 # Application configuration defaults.
diff --git a/kubernetes/msb/charts/msb-consul/resources/docker-entrypoint.sh b/kubernetes/msb/charts/msb-consul/resources/docker-entrypoint.sh
new file mode 100755
index 0000000000..0cd46167e4
--- /dev/null
+++ b/kubernetes/msb/charts/msb-consul/resources/docker-entrypoint.sh
@@ -0,0 +1,100 @@
+#!/usr/bin/dumb-init /bin/sh
+set -e
+set -x
+
+# Note above that we run dumb-init as PID 1 in order to reap zombie processes
+# as well as forward signals to all processes in its session. Normally, sh
+# wouldn't do either of these functions so we'd leak zombies as well as do
+# unclean termination of all our sub-processes.
+# As of docker 1.13, using docker run --init achieves the same outcome.
+
+# You can set CONSUL_BIND_INTERFACE to the name of the interface you'd like to
+# bind to and this will look up the IP and pass the proper -bind= option along
+# to Consul.
+CONSUL_BIND=
+if [ -n "$CONSUL_BIND_INTERFACE" ]; then
+  CONSUL_BIND_ADDRESS=$(ip -o -4 addr list $CONSUL_BIND_INTERFACE | head -n1 | awk '{print $4}' | cut -d/ -f1)
+  if [ -z "$CONSUL_BIND_ADDRESS" ]; then
+    echo "Could not find IP for interface '$CONSUL_BIND_INTERFACE', exiting"
+    exit 1
+  fi
+
+  CONSUL_BIND="-bind=$CONSUL_BIND_ADDRESS"
+  echo "==> Found address '$CONSUL_BIND_ADDRESS' for interface '$CONSUL_BIND_INTERFACE', setting bind option..."
+fi
+
+# You can set CONSUL_CLIENT_INTERFACE to the name of the interface you'd like to
+# bind client intefaces (HTTP, DNS, and RPC) to and this will look up the IP and
+# pass the proper -client= option along to Consul.
+CONSUL_CLIENT=
+if [ -n "$CONSUL_CLIENT_INTERFACE" ]; then
+  CONSUL_CLIENT_ADDRESS=$(ip -o -4 addr list $CONSUL_CLIENT_INTERFACE | head -n1 | awk '{print $4}' | cut -d/ -f1)
+  if [ -z "$CONSUL_CLIENT_ADDRESS" ]; then
+    echo "Could not find IP for interface '$CONSUL_CLIENT_INTERFACE', exiting"
+    exit 1
+  fi
+
+  CONSUL_CLIENT="-client=$CONSUL_CLIENT_ADDRESS"
+  echo "==> Found address '$CONSUL_CLIENT_ADDRESS' for interface '$CONSUL_CLIENT_INTERFACE', setting client option..."
+fi
+
+# CONSUL_DATA_DIR is exposed as a volume for possible persistent storage. The
+# CONSUL_CONFIG_DIR isn't exposed as a volume but you can compose additional
+# config files in there if you use this image as a base, or use CONSUL_LOCAL_CONFIG
+# below.
+CONSUL_DATA_DIR=/consul/data
+CONSUL_CONFIG_DIR=/consul/config
+
+# You can also set the CONSUL_LOCAL_CONFIG environemnt variable to pass some
+# Consul configuration JSON without having to bind any volumes.
+if [ -n "$CONSUL_LOCAL_CONFIG" ]; then
+	echo "$CONSUL_LOCAL_CONFIG" > "$CONSUL_CONFIG_DIR/local.json"
+fi
+
+# If the user is trying to run Consul directly with some arguments, then
+# pass them to Consul.
+if [ "${1:0:1}" = '-' ]; then
+    set -- consul "$@"
+fi
+
+# Look for Consul subcommands.
+if [ "$1" = 'agent' ]; then
+    shift
+    set -- consul agent \
+        -data-dir="$CONSUL_DATA_DIR" \
+        -config-dir="$CONSUL_CONFIG_DIR" \
+        $CONSUL_BIND \
+        $CONSUL_CLIENT \
+        "$@"
+elif [ "$1" = 'version' ]; then
+    # This needs a special case because there's no help output.
+    set -- consul "$@"
+elif consul --help "$1" 2>&1 | grep -q "consul $1"; then
+    # We can't use the return code to check for the existence of a subcommand, so
+    # we have to use grep to look for a pattern in the help output.
+    set -- consul "$@"
+fi
+
+# If we are running Consul, make sure it executes as the proper user.
+if [ "$1" = 'consul' ]; then
+    # If the data or config dirs are bind mounted then chown them.
+    # Note: This checks for root ownership as that's the most common case.
+    if [ "$(stat -c %u /consul/data)" != "$(id -u consul)" ]; then
+        chown consul:consul /consul/data
+    fi
+    if [ "$(stat -c %u /consul/config)" != "$(id -u consul)" ]; then
+        chown consul:consul /consul/config
+    fi
+
+    # If requested, set the capability to bind to privileged ports before
+    # we drop to the non-root user. Note that this doesn't work with all
+    # storage drivers (it won't work with AUFS).
+    if [ ! -z ${CONSUL_ALLOW_PRIVILEGED_PORTS+x} ]; then
+        setcap "cap_net_bind_service=+ep" /bin/consul
+    fi
+
+# Instead of using this we run our pod as a non-root user.
+#    set -- su-exec consul:consul "$@"
+fi
+
+exec "$@"
diff --git a/kubernetes/msb/charts/msb-consul/templates/configmap.yaml b/kubernetes/msb/charts/msb-consul/templates/configmap.yaml
new file mode 100644
index 0000000000..32adcaec5f
--- /dev/null
+++ b/kubernetes/msb/charts/msb-consul/templates/configmap.yaml
@@ -0,0 +1,27 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-entrypoint
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/msb/charts/msb-consul/templates/deployment.yaml b/kubernetes/msb/charts/msb-consul/templates/deployment.yaml
index 985ab4e8af..c7472cca72 100644
--- a/kubernetes/msb/charts/msb-consul/templates/deployment.yaml
+++ b/kubernetes/msb/charts/msb-consul/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -39,6 +41,16 @@ spec:
         - name: {{ include "common.name" . }}
           image: "{{ .Values.global.dockerHubRepository | default .Values.dockerHubRepository }}/{{ .Values.image }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          securityContext:
+            runAsUser: {{ .Values.securityContext.runAsUser }}
+            runAsGroup: {{ .Values.securityContext.runAsGroup }}
+          command:
+            - docker-entrypoint.sh
+          args:
+            - "agent"
+            - "-dev"
+            - "-client"
+            - "0.0.0.0"
           ports:
           - containerPort: {{ .Values.service.internalPort }}
           # disable liveness probe when breakpoints set in debugger
@@ -60,6 +72,9 @@ spec:
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
+          - mountPath: /usr/local/bin/docker-entrypoint.sh
+            name: entrypoint
+            subPath: docker-entrypoint.sh
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -74,5 +89,9 @@ spec:
         - name: localtime
           hostPath:
             path: /etc/localtime
+        - name: entrypoint
+          configMap:
+            name: {{ include "common.fullname" . }}-entrypoint
+            defaultMode: 0777
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/msb/charts/msb-consul/templates/service.yaml b/kubernetes/msb/charts/msb-consul/templates/service.yaml
index 787c68e226..af735b6e74 100644
--- a/kubernetes/msb/charts/msb-consul/templates/service.yaml
+++ b/kubernetes/msb/charts/msb-consul/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 kind: Service
 metadata:
diff --git a/kubernetes/msb/charts/msb-consul/values.yaml b/kubernetes/msb/charts/msb-consul/values.yaml
index d11649754f..4704f3b24d 100644
--- a/kubernetes/msb/charts/msb-consul/values.yaml
+++ b/kubernetes/msb/charts/msb-consul/values.yaml
@@ -21,7 +21,7 @@ global:
 # Application configuration defaults.
 #################################################################
 # application image
-dockerHubRepository: registry.hub.docker.com
+dockerHubRepository: docker.io
 image: library/consul:1.4.3
 pullPolicy: Always
 istioSidecar: true
@@ -83,3 +83,8 @@ resources:
       cpu: 20m
       memory: 100Mi
   unlimited: {}
+
+securityContext:
+  fsGroup: 1000
+  runAsUser: 100
+  runAsGroup: 1000
diff --git a/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml b/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml
index af0b2b975c..3781d96328 100644
--- a/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml
+++ b/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml
@@ -41,6 +41,12 @@
   <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
   <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
 
+  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>${errorPattern}</pattern>
+    </encoder>
+  </appender>
+
   <appender name="EELFAudit"
             class="ch.qos.logback.core.rolling.RollingFileAppender">
     <file>${logDirectory}/${auditLogName}.log</file>
@@ -125,6 +131,7 @@
   
   <root level="INFO">
     <appender-ref ref="asyncEELFDebug" />
+    <appender-ref ref="STDOUT" />
   </root>
 
 </configuration>
diff --git a/kubernetes/msb/charts/msb-discovery/templates/configmap.yaml b/kubernetes/msb/charts/msb-discovery/templates/configmap.yaml
index b047550856..33c77e5eae 100644
--- a/kubernetes/msb/charts/msb-discovery/templates/configmap.yaml
+++ b/kubernetes/msb/charts/msb-discovery/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
diff --git a/kubernetes/msb/charts/msb-discovery/templates/deployment.yaml b/kubernetes/msb/charts/msb-discovery/templates/deployment.yaml
index b43cb00df4..bcb9da55a1 100644
--- a/kubernetes/msb/charts/msb-discovery/templates/deployment.yaml
+++ b/kubernetes/msb/charts/msb-discovery/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -37,7 +39,7 @@ spec:
       serviceAccountName: msb
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - msb-consul
@@ -47,7 +49,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       containers:
diff --git a/kubernetes/msb/charts/msb-discovery/templates/service.yaml b/kubernetes/msb/charts/msb-discovery/templates/service.yaml
index 787c68e226..af735b6e74 100644
--- a/kubernetes/msb/charts/msb-discovery/templates/service.yaml
+++ b/kubernetes/msb/charts/msb-discovery/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 kind: Service
 metadata:
diff --git a/kubernetes/msb/charts/msb-discovery/values.yaml b/kubernetes/msb/charts/msb-discovery/values.yaml
index 9f8f061d8e..4ac27a8f9d 100644
--- a/kubernetes/msb/charts/msb-discovery/values.yaml
+++ b/kubernetes/msb/charts/msb-discovery/values.yaml
@@ -16,8 +16,7 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
+  readinessImage: onap/oom/readiness:3.0.1
 
 #################################################################
 # Application configuration defaults.
diff --git a/kubernetes/msb/charts/msb-eag/resources/config/logback.xml b/kubernetes/msb/charts/msb-eag/resources/config/logback.xml
index 49d5e64896..6dc4443d6e 100644
--- a/kubernetes/msb/charts/msb-eag/resources/config/logback.xml
+++ b/kubernetes/msb/charts/msb-eag/resources/config/logback.xml
@@ -41,6 +41,12 @@
   <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
   <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
 
+  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>${errorPattern}</pattern>
+    </encoder>
+  </appender>
+
   <appender name="EELFAudit"
             class="ch.qos.logback.core.rolling.RollingFileAppender">
     <file>${logDirectory}/${auditLogName}.log</file>
@@ -125,6 +131,7 @@
   
   <root level="INFO">
     <appender-ref ref="asyncEELFDebug" />
+    <appender-ref ref="STDOUT" />
   </root>
 
 </configuration>
diff --git a/kubernetes/msb/charts/msb-eag/templates/configmap.yaml b/kubernetes/msb/charts/msb-eag/templates/configmap.yaml
index b047550856..33c77e5eae 100644
--- a/kubernetes/msb/charts/msb-eag/templates/configmap.yaml
+++ b/kubernetes/msb/charts/msb-eag/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
diff --git a/kubernetes/msb/charts/msb-eag/templates/deployment.yaml b/kubernetes/msb/charts/msb-eag/templates/deployment.yaml
index d3f4503093..8ce19fb304 100644
--- a/kubernetes/msb/charts/msb-eag/templates/deployment.yaml
+++ b/kubernetes/msb/charts/msb-eag/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -37,7 +39,7 @@ spec:
       serviceAccountName: msb
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - msb-discovery
@@ -47,7 +49,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       containers:
diff --git a/kubernetes/msb/charts/msb-eag/templates/service.yaml b/kubernetes/msb/charts/msb-eag/templates/service.yaml
index ad2addf267..e8e3a8a947 100644
--- a/kubernetes/msb/charts/msb-eag/templates/service.yaml
+++ b/kubernetes/msb/charts/msb-eag/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 kind: Service
 metadata:
diff --git a/kubernetes/msb/charts/msb-eag/values.yaml b/kubernetes/msb/charts/msb-eag/values.yaml
index 60c197327e..f63964cd15 100644
--- a/kubernetes/msb/charts/msb-eag/values.yaml
+++ b/kubernetes/msb/charts/msb-eag/values.yaml
@@ -16,8 +16,7 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
+  readinessImage: onap/oom/readiness:3.0.1
 
 #################################################################
 # Application configuration defaults.
diff --git a/kubernetes/msb/charts/msb-iag/resources/config/logback.xml b/kubernetes/msb/charts/msb-iag/resources/config/logback.xml
index bceefc500c..65ff43485a 100644
--- a/kubernetes/msb/charts/msb-iag/resources/config/logback.xml
+++ b/kubernetes/msb/charts/msb-iag/resources/config/logback.xml
@@ -41,6 +41,12 @@
   <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
   <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
 
+  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>${errorPattern}</pattern>
+    </encoder>
+  </appender>
+
   <appender name="EELFAudit"
             class="ch.qos.logback.core.rolling.RollingFileAppender">
     <file>${logDirectory}/${auditLogName}.log</file>
@@ -125,6 +131,7 @@
   
   <root level="INFO">
     <appender-ref ref="asyncEELFDebug" />
+    <appender-ref ref="STDOUT" />
   </root>
 
 </configuration>
diff --git a/kubernetes/msb/charts/msb-iag/templates/configmap.yaml b/kubernetes/msb/charts/msb-iag/templates/configmap.yaml
index b047550856..33c77e5eae 100644
--- a/kubernetes/msb/charts/msb-iag/templates/configmap.yaml
+++ b/kubernetes/msb/charts/msb-iag/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
diff --git a/kubernetes/msb/charts/msb-iag/templates/deployment.yaml b/kubernetes/msb/charts/msb-iag/templates/deployment.yaml
index d8838211dc..42f36cd279 100644
--- a/kubernetes/msb/charts/msb-iag/templates/deployment.yaml
+++ b/kubernetes/msb/charts/msb-iag/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -37,7 +39,7 @@ spec:
       serviceAccountName: msb
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - msb-discovery
@@ -47,7 +49,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       containers:
diff --git a/kubernetes/msb/charts/msb-iag/templates/service.yaml b/kubernetes/msb/charts/msb-iag/templates/service.yaml
index ad2addf267..e8e3a8a947 100644
--- a/kubernetes/msb/charts/msb-iag/templates/service.yaml
+++ b/kubernetes/msb/charts/msb-iag/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 kind: Service
 metadata:
diff --git a/kubernetes/msb/charts/msb-iag/values.yaml b/kubernetes/msb/charts/msb-iag/values.yaml
index a927816492..b1f19c9448 100644
--- a/kubernetes/msb/charts/msb-iag/values.yaml
+++ b/kubernetes/msb/charts/msb-iag/values.yaml
@@ -16,8 +16,7 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
+  readinessImage: onap/oom/readiness:3.0.1
 
 #################################################################
 # Application configuration defaults.
diff --git a/kubernetes/msb/resources/config/log/filebeat/filebeat.yml b/kubernetes/msb/resources/config/log/filebeat/filebeat.yml
index d4fb35bc61..2ba652719f 100644
--- a/kubernetes/msb/resources/config/log/filebeat/filebeat.yml
+++ b/kubernetes/msb/resources/config/log/filebeat/filebeat.yml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 filebeat.prospectors:
 #it is mandatory, in our case it's log
 - input_type: log
diff --git a/kubernetes/msb/templates/configmap.yaml b/kubernetes/msb/templates/configmap.yaml
index e71397b936..52714297fb 100644
--- a/kubernetes/msb/templates/configmap.yaml
+++ b/kubernetes/msb/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
diff --git a/kubernetes/msb/templates/serviceaccout.yaml b/kubernetes/msb/templates/serviceaccout.yaml
index c1e1a33174..ae1886239a 100644
--- a/kubernetes/msb/templates/serviceaccout.yaml
+++ b/kubernetes/msb/templates/serviceaccout.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada, ZTE
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
diff --git a/kubernetes/multicloud/Makefile b/kubernetes/multicloud/Makefile
index fde29904c7..4c79718d02 100644
--- a/kubernetes/multicloud/Makefile
+++ b/kubernetes/multicloud/Makefile
@@ -1,4 +1,4 @@
-# Copyright 2019 Intel Corporation, Inc
+# Copyright © 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,7 +12,40 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-make-multicloud: make-multicloud-k8s
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
 
-make-multicloud-k8s:
-	cd charts && helm dep up multicloud-k8s && helm lint multicloud-k8s
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/templates/configmap.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/templates/configmap.yaml
deleted file mode 100644
index 0f0b59fa18..0000000000
--- a/kubernetes/multicloud/charts/multicloud-prometheus/templates/configmap.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if .Values.global.prometheus.enabled -}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-
-{{- end -}}
\ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/templates/pvc.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/templates/pvc.yaml
deleted file mode 100644
index 83e05bf868..0000000000
--- a/kubernetes/multicloud/charts/multicloud-prometheus/templates/pvc.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if .Values.global.prometheus.enabled -}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-    release: "{{ include "common.release" . }}"
-    heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
-  annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
-  accessModes:
-    - {{ .Values.persistence.accessMode }}
-  storageClassName: {{ include "common.storageClass" . }}
-  resources:
-    requests:
-      storage: {{ .Values.persistence.size }}
-{{- end -}}
-
-{{- end -}}
diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/templates/deployment.yaml b/kubernetes/multicloud/charts/multicloud-starlingx/templates/deployment.yaml
deleted file mode 100644
index 80e9a97f3b..0000000000
--- a/kubernetes/multicloud/charts/multicloud-starlingx/templates/deployment.yaml
+++ /dev/null
@@ -1,131 +0,0 @@
-{{/*
-# Copyright (c) 2019 Intel Corporation.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      app: {{ include "common.name" . }}
-  template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
-      name: {{ include "common.name" . }}
-      annotations:
-        sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
-    spec:
-     containers:
-     - env:
-       - name: MSB_PROTO
-         value: {{ .Values.config.msbprotocol }}
-       - name: MSB_ADDR
-         value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
-       - name: MSB_PORT
-         value: "{{ .Values.config.msbPort }}"
-       - name: AAI_ADDR
-         value: aai.{{ include "common.namespace" . }}
-       - name: AAI_PORT
-         value: "{{ .Values.config.aai.port }}"
-       - name: AAI_SCHEMA_VERSION
-         value: "{{ .Values.config.aai.schemaVersion }}"
-       - name: AAI_USERNAME
-         value: "{{ .Values.config.aai.username }}"
-       - name: AAI_PASSWORD
-         value: "{{ .Values.config.aai.password }}"
-       - name: SSL_ENABLED
-         value: "{{ .Values.config.ssl_enabled }}"
-       name: {{ include "common.name" . }}
-       volumeMounts:
-       - mountPath: /var/log/onap
-         name: starlingx-log
-       - mountPath: /opt/starlingx/starlingx/pub/config/log.yml
-         name: starlingx-logconfig
-         subPath: log.yml
-       - mountPath: /opt/artifacts/
-         name: artifact-data
-       resources:
-{{ include "common.resources" . | indent 12 }}
-       image: "{{ include "common.repository" . }}/{{ .Values.image }}"
-       imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-       ports:
-       - containerPort: {{ .Values.service.internalPort }}
-       # disable liveness probe when breakpoints set in debugger
-       # so K8s doesn't restart unresponsive container
-       {{ if .Values.liveness.enabled }}
-       livenessProbe:
-         httpGet:
-           path: /api/multicloud-starlingx/v0/swagger.json
-           port: {{ .Values.service.internalPort }}
-           scheme: HTTPS
-         initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
-         periodSeconds: {{ .Values.liveness.periodSeconds }}
-         timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
-         successThreshold: {{ .Values.liveness.successThreshold }}
-         failureThreshold: {{ .Values.liveness.failureThreshold }}
-       {{ end }}
-     # side car containers
-     - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
-       imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-       name: filebeat-onap
-       volumeMounts:
-       - mountPath: /usr/share/filebeat/filebeat.yml
-         name: filebeat-conf
-         subPath: filebeat.yml
-       - mountPath: /var/log/onap
-         name: starlingx-log
-       - mountPath: /usr/share/filebeat/data
-         name: starlingx-data-filebeat
-     - image: "{{ include "common.repository" . }}/{{ .Values.global.artifactImage }}"
-       name: framework-artifactbroker
-       command: ["/opt/app/distribution/bin/artifact-dist.sh"]
-       args: ["/opt/app/distribution/etc/mounted/config.json"]
-       ports:
-       - containerPort: 9014
-         protocol: TCP
-       volumeMounts:
-       - mountPath: /opt/app/distribution/etc/mounted/config.json
-         name: starlingx-logconfig
-         subPath: config.json
-       - mountPath: /data
-         name: artifact-data
-
-     volumes:
-     - name: starlingx-log
-       emptyDir: {}
-     - name: starlingx-data-filebeat
-       emptyDir: {}
-     - name: filebeat-conf
-       configMap:
-         name: multicloud-filebeat-configmap
-     - name: starlingx-logconfig
-       configMap:
-         name: {{ include "common.fullname" . }}-log-configmap
-     - name: artifact-data
-       emptyDir: {}
-     imagePullSecrets:
-     - name: "{{ include "common.namespace" . }}-docker-registry-key"
-     restartPolicy: Always
diff --git a/kubernetes/multicloud/charts/multicloud-windriver/templates/deployment.yaml b/kubernetes/multicloud/charts/multicloud-windriver/templates/deployment.yaml
deleted file mode 100644
index b6773a5a6a..0000000000
--- a/kubernetes/multicloud/charts/multicloud-windriver/templates/deployment.yaml
+++ /dev/null
@@ -1,145 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      app: {{ include "common.name" . }}
-  template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
-      name: {{ include "common.name" . }}
-      annotations:
-        sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
-    spec:
-     initContainers:
-     - command: ["sh", "-c", "chown -R 100:101 /data"]
-       image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.global.ubuntuInitImage }}"
-       imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-       name: {{ include "common.name" . }}-init
-       volumeMounts:
-       - mountPath: /data
-         name: artifact-data
-     containers:
-     - env:
-       - name: MSB_PROTO
-         value: {{ .Values.config.msbprotocol }}
-       - name: MSB_ADDR
-         value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
-       - name: MSB_PORT
-         value: "{{ .Values.config.msbPort }}"
-       - name: AAI_ADDR
-         value: aai.{{ include "common.namespace" . }}
-       - name: AAI_PORT
-         value: "{{ .Values.config.aai.port }}"
-       - name: AAI_SCHEMA_VERSION
-         value: "{{ .Values.config.aai.schemaVersion }}"
-       - name: AAI_USERNAME
-         value: "{{ .Values.config.aai.username }}"
-       - name: AAI_PASSWORD
-         value: "{{ .Values.config.aai.password }}"
-       - name: SSL_ENABLED
-         value: "{{ .Values.config.ssl_enabled }}"
-       name: {{ include "common.name" . }}
-       volumeMounts:
-       - mountPath: /var/log/onap
-         name: windriver-log
-       - mountPath: /opt/windriver/titanium_cloud/pub/config/log.yml
-         name: windriver-logconfig
-         subPath: log.yml
-       - mountPath: /opt/artifacts/
-         name: artifact-data
-       resources:
-{{ include "common.resources" . | indent 12 }}
-       image: "{{ include "common.repository" . }}/{{ .Values.image }}"
-       imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-       ports:
-       - containerPort: {{ .Values.service.internalPort }}
-       # disable liveness probe when breakpoints set in debugger
-       # so K8s doesn't restart unresponsive container
-       {{ if .Values.liveness.enabled }}
-       livenessProbe:
-         httpGet:
-           path: /api/multicloud-titaniumcloud/v1/swagger.json
-           port: {{ .Values.service.internalPort }}
-           scheme: HTTPS
-         initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
-         periodSeconds: {{ .Values.liveness.periodSeconds }}
-         timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
-         successThreshold: {{ .Values.liveness.successThreshold }}
-         failureThreshold: {{ .Values.liveness.failureThreshold }}
-       {{ end }}
-     # side car containers
-     - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
-       imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-       name: filebeat-onap
-       volumeMounts:
-       - mountPath: /usr/share/filebeat/filebeat.yml
-         name: filebeat-conf
-         subPath: filebeat.yml
-       - mountPath: /var/log/onap
-         name: windriver-log
-       - mountPath: /usr/share/filebeat/data
-         name: windriver-data-filebeat
-     - image: "{{ include "common.repository" . }}/{{ .Values.global.artifactImage }}"
-       name: framework-artifactbroker
-       command: ["/opt/app/distribution/bin/artifact-dist.sh"]
-       args: ["/opt/app/distribution/etc/mounted/config.json"]
-       ports:
-       - containerPort: 9014
-         protocol: TCP
-       volumeMounts:
-       - mountPath: /opt/app/distribution/etc/mounted/config.json
-         name: windriver-logconfig
-         subPath: config.json
-       - mountPath: /data
-         name: artifact-data
-
-     volumes:
-     - name: windriver-log
-       emptyDir: {}
-     - name: windriver-data-filebeat
-       emptyDir: {}
-     - name: filebeat-conf
-       configMap:
-         name: multicloud-filebeat-configmap
-     - name: windriver-logconfig
-       configMap:
-         name: {{ include "common.fullname" . }}-log-configmap
-     - name: artifact-data
-     {{- if .Values.persistence.enabled }}
-       persistentVolumeClaim:
-         claimName: {{ include "common.fullname" . }}
-     {{- else }}
-       emptyDir: {}
-     {{- end }}
-     imagePullSecrets:
-     - name: "{{ include "common.namespace" . }}-docker-registry-key"
-     restartPolicy: Always
diff --git a/kubernetes/multicloud/components/Makefile b/kubernetes/multicloud/components/Makefile
new file mode 100644
index 0000000000..f2e7a1fb82
--- /dev/null
+++ b/kubernetes/multicloud/components/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := soHelpers
+HELM_BIN := helm
+HELM_CHARTS := soHelpers $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/.helmignore b/kubernetes/multicloud/components/multicloud-azure/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/modeling/charts/modeling-etsicatalog/.helmignore
+++ b/kubernetes/multicloud/components/multicloud-azure/.helmignore
diff --git a/kubernetes/multicloud/charts/multicloud-azure/Chart.yaml b/kubernetes/multicloud/components/multicloud-azure/Chart.yaml
index 578123c2a6..578123c2a6 100644
--- a/kubernetes/multicloud/charts/multicloud-azure/Chart.yaml
+++ b/kubernetes/multicloud/components/multicloud-azure/Chart.yaml
diff --git a/kubernetes/multicloud/components/multicloud-azure/requirements.yaml b/kubernetes/multicloud/components/multicloud-azure/requirements.yaml
new file mode 100644
index 0000000000..bdc19209e7
--- /dev/null
+++ b/kubernetes/multicloud/components/multicloud-azure/requirements.yaml
@@ -0,0 +1,22 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/multicloud/charts/multicloud-azure/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-azure/resources/config/log/log.yml
index 5e29829cc2..d47a3581c2 100644
--- a/kubernetes/multicloud/charts/multicloud-azure/resources/config/log/log.yml
+++ b/kubernetes/multicloud/components/multicloud-azure/resources/config/log/log.yml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 version: 1
 disable_existing_loggers: False
 
diff --git a/kubernetes/multicloud/charts/multicloud-azure/templates/NOTES.txt b/kubernetes/multicloud/components/multicloud-azure/templates/NOTES.txt
index befedf4578..befedf4578 100644
--- a/kubernetes/multicloud/charts/multicloud-azure/templates/NOTES.txt
+++ b/kubernetes/multicloud/components/multicloud-azure/templates/NOTES.txt
diff --git a/kubernetes/multicloud/charts/multicloud-azure/templates/configmap.yaml b/kubernetes/multicloud/components/multicloud-azure/templates/configmap.yaml
index 8a6c488ead..8a6c488ead 100644
--- a/kubernetes/multicloud/charts/multicloud-azure/templates/configmap.yaml
+++ b/kubernetes/multicloud/components/multicloud-azure/templates/configmap.yaml
diff --git a/kubernetes/multicloud/charts/multicloud-azure/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-azure/templates/deployment.yaml
index 312c46651b..445b0697d5 100644
--- a/kubernetes/multicloud/charts/multicloud-azure/templates/deployment.yaml
+++ b/kubernetes/multicloud/components/multicloud-azure/templates/deployment.yaml
@@ -64,7 +64,7 @@ spec:
          subPath: log.yml
        resources:
 {{ toYaml (pluck .Values.flavor .Values.resources| first) | indent 12 }}
-       image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+       image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
        ports:
        - containerPort: {{ .Values.service.internalPort }}
@@ -83,7 +83,7 @@ spec:
          failureThreshold: {{ .Values.liveness.failureThreshold }}
        {{ end -}}
        # side car containers
-     - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+     - image: {{ include "repositoryGenerator.image.logging" . }}
        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
        name: filebeat-onap
        volumeMounts:
diff --git a/kubernetes/multicloud/charts/multicloud-azure/templates/service.yaml b/kubernetes/multicloud/components/multicloud-azure/templates/service.yaml
index f52d8690ea..f52d8690ea 100644
--- a/kubernetes/multicloud/charts/multicloud-azure/templates/service.yaml
+++ b/kubernetes/multicloud/components/multicloud-azure/templates/service.yaml
diff --git a/kubernetes/multicloud/charts/multicloud-azure/values.yaml b/kubernetes/multicloud/components/multicloud-azure/values.yaml
index 131c8c9d65..0749c0b432 100644
--- a/kubernetes/multicloud/charts/multicloud-azure/values.yaml
+++ b/kubernetes/multicloud/components/multicloud-azure/values.yaml
@@ -23,7 +23,6 @@ global:
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
 image: onap/multicloud/azure:1.2.4
 pullPolicy: Always
 
diff --git a/kubernetes/multicloud/charts/multicloud-azure/.helmignore b/kubernetes/multicloud/components/multicloud-fcaps/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/multicloud/charts/multicloud-azure/.helmignore
+++ b/kubernetes/multicloud/components/multicloud-fcaps/.helmignore
diff --git a/kubernetes/multicloud/charts/multicloud-fcaps/Chart.yaml b/kubernetes/multicloud/components/multicloud-fcaps/Chart.yaml
index a392ba25a4..a392ba25a4 100644
--- a/kubernetes/multicloud/charts/multicloud-fcaps/Chart.yaml
+++ b/kubernetes/multicloud/components/multicloud-fcaps/Chart.yaml
diff --git a/kubernetes/multicloud/components/multicloud-fcaps/requirements.yaml b/kubernetes/multicloud/components/multicloud-fcaps/requirements.yaml
new file mode 100644
index 0000000000..bdc19209e7
--- /dev/null
+++ b/kubernetes/multicloud/components/multicloud-fcaps/requirements.yaml
@@ -0,0 +1,22 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/multicloud/charts/multicloud-fcaps/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-fcaps/resources/config/log/log.yml
index 49e532065d..21991b75fe 100644
--- a/kubernetes/multicloud/charts/multicloud-fcaps/resources/config/log/log.yml
+++ b/kubernetes/multicloud/components/multicloud-fcaps/resources/config/log/log.yml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright (c) 2019, CMCC Technologies Co., Ltd.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 version: 1
 disable_existing_loggers: False
 
diff --git a/kubernetes/multicloud/charts/multicloud-fcaps/templates/NOTES.txt b/kubernetes/multicloud/components/multicloud-fcaps/templates/NOTES.txt
index ae62a4f604..ae62a4f604 100644
--- a/kubernetes/multicloud/charts/multicloud-fcaps/templates/NOTES.txt
+++ b/kubernetes/multicloud/components/multicloud-fcaps/templates/NOTES.txt
diff --git a/kubernetes/multicloud/charts/multicloud-fcaps/templates/configmap.yaml b/kubernetes/multicloud/components/multicloud-fcaps/templates/configmap.yaml
index 5fb6bb69df..5fb6bb69df 100644
--- a/kubernetes/multicloud/charts/multicloud-fcaps/templates/configmap.yaml
+++ b/kubernetes/multicloud/components/multicloud-fcaps/templates/configmap.yaml
diff --git a/kubernetes/multicloud/charts/multicloud-fcaps/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-fcaps/templates/deployment.yaml
index 110f9aa84f..99d2314a07 100644
--- a/kubernetes/multicloud/charts/multicloud-fcaps/templates/deployment.yaml
+++ b/kubernetes/multicloud/components/multicloud-fcaps/templates/deployment.yaml
@@ -67,7 +67,7 @@ spec:
          subPath: log.yml
        resources:
 {{ include "common.resources" . | indent 12 }}
-       image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+       image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
        ports:
        - containerPort: {{ .Values.service.internalPort }}
@@ -86,7 +86,7 @@ spec:
          failureThreshold: {{ .Values.liveness.failureThreshold }}
        {{ end }}
      # side car containers
-     - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+     - image: {{ include "repositoryGenerator.image.logging" . }}
        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
        name: filebeat-onap
        volumeMounts:
@@ -97,7 +97,7 @@ spec:
          name: fcaps-log
        - mountPath: /usr/share/filebeat/data
          name: fcaps-data-filebeat
-     - image: {{ .Values.rabbitmq }}
+     - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.rabbitmq }}
        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
        name: rabbit-mq
 
diff --git a/kubernetes/multicloud/charts/multicloud-fcaps/templates/service.yaml b/kubernetes/multicloud/components/multicloud-fcaps/templates/service.yaml
index fabe32e0ff..fabe32e0ff 100644
--- a/kubernetes/multicloud/charts/multicloud-fcaps/templates/service.yaml
+++ b/kubernetes/multicloud/components/multicloud-fcaps/templates/service.yaml
diff --git a/kubernetes/multicloud/charts/multicloud-fcaps/values.yaml b/kubernetes/multicloud/components/multicloud-fcaps/values.yaml
index 6182cbe6c1..c66e4e829f 100644
--- a/kubernetes/multicloud/charts/multicloud-fcaps/values.yaml
+++ b/kubernetes/multicloud/components/multicloud-fcaps/values.yaml
@@ -22,7 +22,6 @@ global:
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
 image: onap/multicloud/openstack-fcaps:1.5.5
 pullPolicy: Always
 
diff --git a/kubernetes/multicloud/charts/multicloud-k8s/Chart.yaml b/kubernetes/multicloud/components/multicloud-k8s/Chart.yaml
index cbd8da9bec..cbd8da9bec 100644
--- a/kubernetes/multicloud/charts/multicloud-k8s/Chart.yaml
+++ b/kubernetes/multicloud/components/multicloud-k8s/Chart.yaml
diff --git a/kubernetes/multicloud/charts/multicloud-k8s/requirements.yaml b/kubernetes/multicloud/components/multicloud-k8s/requirements.yaml
index 78faffd976..9071fafece 100644
--- a/kubernetes/multicloud/charts/multicloud-k8s/requirements.yaml
+++ b/kubernetes/multicloud/components/multicloud-k8s/requirements.yaml
@@ -25,3 +25,6 @@ dependencies:
   - name: etcd
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/multicloud/charts/multicloud-k8s/resources/config/config.json b/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json
index 27df701b80..2ce2d8564b 100644
--- a/kubernetes/multicloud/charts/multicloud-k8s/resources/config/config.json
+++ b/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json
@@ -45,7 +45,8 @@
                     "HEAT_VOL",
                     "OTHER",
                     "VF_MODULES_METADATA",
-                    "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACT"
+                    "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACT",
+                    "HELM"
                 ],
                 "consumerGroup": "multicloud-k8s-group",
                 "environmentName": "AUTO",
diff --git a/kubernetes/multicloud/charts/multicloud-k8s/resources/config/k8sconfig.json b/kubernetes/multicloud/components/multicloud-k8s/resources/config/k8sconfig.json
index d6fa40d471..d6fa40d471 100644
--- a/kubernetes/multicloud/charts/multicloud-k8s/resources/config/k8sconfig.json
+++ b/kubernetes/multicloud/components/multicloud-k8s/resources/config/k8sconfig.json
diff --git a/kubernetes/multicloud/charts/multicloud-k8s/templates/configmap.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/configmap.yaml
index a159b65379..a159b65379 100644
--- a/kubernetes/multicloud/charts/multicloud-k8s/templates/configmap.yaml
+++ b/kubernetes/multicloud/components/multicloud-k8s/templates/configmap.yaml
diff --git a/kubernetes/multicloud/charts/multicloud-k8s/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml
index a64324a86e..9f50d35784 100644
--- a/kubernetes/multicloud/charts/multicloud-k8s/templates/deployment.yaml
+++ b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml
@@ -36,7 +36,7 @@ spec:
         release: {{ include "common.release" . }}
     spec:
       containers:
-      - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+      - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}
         command: ["/opt/multicloud/k8splugin/k8plugin"]
@@ -72,7 +72,7 @@ spec:
         affinity:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
-      - image: "{{ include "common.repository" . }}/{{ .Values.global.artifactImage }}"
+      - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.artifactImage }}
         name: framework-artifactbroker
         command: ["/opt/app/distribution/bin/artifact-dist.sh"]
         args: ["/opt/app/distribution/etc/mounted/config.json"]
diff --git a/kubernetes/multicloud/charts/multicloud-k8s/templates/service.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/service.yaml
index b2b39db899..b2b39db899 100644
--- a/kubernetes/multicloud/charts/multicloud-k8s/templates/service.yaml
+++ b/kubernetes/multicloud/components/multicloud-k8s/templates/service.yaml
diff --git a/kubernetes/multicloud/charts/multicloud-k8s/values.yaml b/kubernetes/multicloud/components/multicloud-k8s/values.yaml
index f0bfedb43a..5c840ec9a4 100644
--- a/kubernetes/multicloud/charts/multicloud-k8s/values.yaml
+++ b/kubernetes/multicloud/components/multicloud-k8s/values.yaml
@@ -17,17 +17,14 @@
 #################################################################
 global:
   nodePortPrefixExt: 304
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
   persistence: {}
+  artifactImage: onap/multicloud/framework-artifactbroker:1.6.0
+
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
-image: onap/multicloud/k8s:0.6.0
+image: onap/multicloud/k8s:0.7.0
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -74,6 +71,23 @@ mongo:
     mountSubPath: multicloud-k8s/mongo/data
     enabled: true
   disableNfsProvisioner: true
+  flavor: &storage_flavor large
+  resources: &storage_resources
+    small:
+      limits:
+        cpu: 100m
+        memory: 300Mi
+      requests:
+        cpu: 10m
+        memory: 75Mi
+    large:
+      limits:
+        cpu: 200m
+        memory: 1Gi
+      requests:
+        cpu: 50m
+        memory: 300Mi
+    unlimited: {}
 
 #etcd chart overrides for k8splugin
 etcd:
@@ -83,6 +97,8 @@ etcd:
   persistence:
     mountSubPath: multicloud-k8s/etcd/data
     enabled: true
+  flavor: *storage_flavor
+  resources: *storage_resources
 
 # No persistence right now as we rely on Mongo to handle that
 persistence:
diff --git a/kubernetes/multicloud/charts/multicloud-fcaps/.helmignore b/kubernetes/multicloud/components/multicloud-pike/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/multicloud/charts/multicloud-fcaps/.helmignore
+++ b/kubernetes/multicloud/components/multicloud-pike/.helmignore
diff --git a/kubernetes/multicloud/charts/multicloud-pike/Chart.yaml b/kubernetes/multicloud/components/multicloud-pike/Chart.yaml
index e86273c90b..e86273c90b 100644
--- a/kubernetes/multicloud/charts/multicloud-pike/Chart.yaml
+++ b/kubernetes/multicloud/components/multicloud-pike/Chart.yaml
diff --git a/kubernetes/multicloud/components/multicloud-pike/requirements.yaml b/kubernetes/multicloud/components/multicloud-pike/requirements.yaml
new file mode 100644
index 0000000000..bdc19209e7
--- /dev/null
+++ b/kubernetes/multicloud/components/multicloud-pike/requirements.yaml
@@ -0,0 +1,22 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/multicloud/charts/multicloud-pike/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml
index 8e40564093..43e681e615 100644
--- a/kubernetes/multicloud/charts/multicloud-pike/resources/config/log/log.yml
+++ b/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright (c) 2018 Intel Corporation.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 version: 1
 disable_existing_loggers: False
 
diff --git a/kubernetes/multicloud/charts/multicloud-pike/templates/NOTES.txt b/kubernetes/multicloud/components/multicloud-pike/templates/NOTES.txt
index 7adeb620b5..7adeb620b5 100644
--- a/kubernetes/multicloud/charts/multicloud-pike/templates/NOTES.txt
+++ b/kubernetes/multicloud/components/multicloud-pike/templates/NOTES.txt
diff --git a/kubernetes/multicloud/charts/multicloud-pike/templates/configmap.yaml b/kubernetes/multicloud/components/multicloud-pike/templates/configmap.yaml
index df5f76a478..df5f76a478 100644
--- a/kubernetes/multicloud/charts/multicloud-pike/templates/configmap.yaml
+++ b/kubernetes/multicloud/components/multicloud-pike/templates/configmap.yaml
diff --git a/kubernetes/multicloud/charts/multicloud-pike/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml
index 76f3e8cbdc..b48e8dc431 100644
--- a/kubernetes/multicloud/charts/multicloud-pike/templates/deployment.yaml
+++ b/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml
@@ -40,6 +40,8 @@ spec:
     spec:
      containers:
      - env:
+       - name: MSB_PROTO
+         value: {{ .Values.config.msbprotocol }}
        - name: MSB_ADDR
          value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
        - name: MSB_PORT
@@ -54,6 +56,8 @@ spec:
          value: "{{ .Values.config.aai.username }}"
        - name: AAI_PASSWORD
          value: "{{ .Values.config.aai.password }}"
+       - name: SSL_ENABLED
+         value: "{{ .Values.config.ssl_enabled }}"
        name: {{ include "common.name" . }}
        volumeMounts:
        - mountPath: /var/log/onap
@@ -63,7 +67,7 @@ spec:
          subPath: log.yml
        resources:
 {{ include "common.resources" . | indent 12 }}
-       image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+       image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
        ports:
        - containerPort: {{ .Values.service.internalPort }}
@@ -82,7 +86,7 @@ spec:
          failureThreshold: {{ .Values.liveness.failureThreshold }}
        {{ end }}
      # side car containers
-     - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+     - image: {{ include "repositoryGenerator.image.logging" . }}
        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
        name: filebeat-onap
        volumeMounts:
diff --git a/kubernetes/multicloud/charts/multicloud-pike/templates/service.yaml b/kubernetes/multicloud/components/multicloud-pike/templates/service.yaml
index 503fae375a..503fae375a 100644
--- a/kubernetes/multicloud/charts/multicloud-pike/templates/service.yaml
+++ b/kubernetes/multicloud/components/multicloud-pike/templates/service.yaml
diff --git a/kubernetes/multicloud/charts/multicloud-pike/values.yaml b/kubernetes/multicloud/components/multicloud-pike/values.yaml
index ec79a1a847..3fc572631a 100644
--- a/kubernetes/multicloud/charts/multicloud-pike/values.yaml
+++ b/kubernetes/multicloud/components/multicloud-pike/values.yaml
@@ -22,7 +22,6 @@ global:
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
 image: onap/multicloud/openstack-pike:1.5.5
 pullPolicy: Always
 
@@ -31,8 +30,10 @@ istioSidecar: true
 
 # application configuration
 config:
+  ssl_enabled: false
+  msbprotocol: https
   msbgateway: msb-iag
-  msbPort: 80
+  msbPort: 443
   aai:
     port: 8443
     schemaVersion: v13
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/Chart.yaml b/kubernetes/multicloud/components/multicloud-prometheus/Chart.yaml
index 0f5533dbb5..0f5533dbb5 100644
--- a/kubernetes/multicloud/charts/multicloud-prometheus/Chart.yaml
+++ b/kubernetes/multicloud/components/multicloud-prometheus/Chart.yaml
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/Chart.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/Chart.yaml
index 52116145b4..52116145b4 100644
--- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/Chart.yaml
+++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/Chart.yaml
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/resources/config/alertmanager.yml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/resources/config/alertmanager.yml
index 3dd1acb5b0..3dd1acb5b0 100644
--- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/resources/config/alertmanager.yml
+++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/resources/config/alertmanager.yml
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/configmap.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/templates/configmap.yaml
index 2dafcc381e..2dafcc381e 100644
--- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/configmap.yaml
+++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/templates/configmap.yaml
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/templates/deployment.yaml
index d81d638731..ca56b670cd 100644
--- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/deployment.yaml
+++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/templates/deployment.yaml
@@ -40,7 +40,7 @@ spec:
     spec:
       containers:
       - name: {{ include "common.name" . }}-configmap-reload
-        image: "{{ .Values.global.configmapReload.image.repository }}:{{ .Values.global.configmapReload.image.tag }}"
+        image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.global.configmapReload.image.repository }}:{{ .Values.global.configmapReload.image.tag }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         args:
           - --volume-dir=/etc/config
@@ -51,7 +51,7 @@ spec:
             readOnly: true
 
       - name: {{ include "common.name" . }}
-        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         args:
           - --config.file=/etc/config/alertmanager.yml
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/pv.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/templates/pv.yaml
index aa1485da57..aa1485da57 100644
--- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/pv.yaml
+++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/templates/pv.yaml
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/pvc.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/templates/pvc.yaml
index 918d002cdb..918d002cdb 100644
--- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/pvc.yaml
+++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/templates/pvc.yaml
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/service.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/templates/service.yaml
index da5156a93a..da5156a93a 100644
--- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/service.yaml
+++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/templates/service.yaml
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/values.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/values.yaml
index ccd70b30cf..ccd70b30cf 100644
--- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/values.yaml
+++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/values.yaml
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/Chart.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/Chart.yaml
index 1456eff4e7..1456eff4e7 100644
--- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/Chart.yaml
+++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/Chart.yaml
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/resources/config/grafana.ini b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/resources/config/grafana.ini
index 9dc0f09cd9..9dc0f09cd9 100644
--- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/resources/config/grafana.ini
+++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/resources/config/grafana.ini
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/configmap.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/templates/configmap.yaml
index ab570896db..ab570896db 100644
--- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/configmap.yaml
+++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/templates/configmap.yaml
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/templates/deployment.yaml
index 7fc8ac8c1e..2dea842733 100644
--- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/deployment.yaml
+++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/templates/deployment.yaml
@@ -41,7 +41,7 @@ spec:
       {{- if .Values.dashboards }}
       initContainers:
       - name: {{ include "common.name" . }}-download-dashboards
-        image: "{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}"
+        image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command: ["sh", "/etc/grafana/download_dashboards.sh"]
         volumeMounts:
@@ -54,7 +54,7 @@ spec:
 
       containers:
       - name: {{ include "common.name" . }}
-        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         resources:
 {{ toYaml .Values.resources | indent 10 }}
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/pv.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/templates/pv.yaml
index 0c7ea4b560..0c7ea4b560 100644
--- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/pv.yaml
+++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/templates/pv.yaml
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/pvc.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/templates/pvc.yaml
index 68ab6c487f..68ab6c487f 100644
--- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/pvc.yaml
+++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/templates/pvc.yaml
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/service.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/templates/service.yaml
index 775af0afa7..775af0afa7 100644
--- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/service.yaml
+++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/templates/service.yaml
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/values.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/values.yaml
index 43f4e93a6f..43f4e93a6f 100644
--- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/values.yaml
+++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/values.yaml
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/requirements.yaml b/kubernetes/multicloud/components/multicloud-prometheus/requirements.yaml
new file mode 100644
index 0000000000..bdc19209e7
--- /dev/null
+++ b/kubernetes/multicloud/components/multicloud-prometheus/requirements.yaml
@@ -0,0 +1,22 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/resources/config/prometheus.yml b/kubernetes/multicloud/components/multicloud-prometheus/resources/config/prometheus.yml
index 0355b48ab5..0355b48ab5 100644
--- a/kubernetes/multicloud/charts/multicloud-prometheus/resources/config/prometheus.yml
+++ b/kubernetes/multicloud/components/multicloud-prometheus/resources/config/prometheus.yml
diff --git a/kubernetes/sdnc/charts/ueb-listener/templates/configmap.yaml b/kubernetes/multicloud/components/multicloud-prometheus/templates/configmap.yaml
index c41c3ef0d6..471c9094aa 100644
--- a/kubernetes/sdnc/charts/ueb-listener/templates/configmap.yaml
+++ b/kubernetes/multicloud/components/multicloud-prometheus/templates/configmap.yaml
@@ -1,5 +1,5 @@
 {{/*
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright 2018 Intel Corporation, Inc
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -25,4 +25,4 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
\ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-prometheus/templates/deployment.yaml
index cb76bace9c..3a5c8edb5f 100644
--- a/kubernetes/multicloud/charts/multicloud-prometheus/templates/deployment.yaml
+++ b/kubernetes/multicloud/components/multicloud-prometheus/templates/deployment.yaml
@@ -14,8 +14,6 @@
 # limitations under the License.
 */}}
 
-{{- if .Values.global.prometheus.enabled -}}
-
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -39,7 +37,7 @@ spec:
       name: {{ include "common.name" . }}
     spec:
       initContainers:
-      - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+      - image: {{ include "repositoryGenerator.image.busybox" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-chown-init
         command: ["chown", "-R", "65534:65534", "{{ .Values.persistence.containerMountPath }}"]
@@ -48,7 +46,7 @@ spec:
           mountPath: {{ .Values.persistence.containerMountPath }}
       containers:
       - name: {{ include "common.name" . }}-configmap-reload
-        image: "{{ .Values.global.configmapReload.image.repository }}:{{ .Values.global.configmapReload.image.tag }}"
+        image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.global.configmapReload.image.repository }}:{{ .Values.global.configmapReload.image.tag }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         args:
           - --volume-dir=/etc/config
@@ -59,7 +57,7 @@ spec:
             readOnly: true
 
       - name: {{ include "common.name" . }}-server
-        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         args:
           - --config.file=/etc/config/prometheus.yml
@@ -121,5 +119,3 @@ spec:
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
       restartPolicy: Always
-
-{{- end -}}
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/templates/pv.yaml b/kubernetes/multicloud/components/multicloud-prometheus/templates/pv.yaml
index 9bd51de78c..1b67193e7a 100644
--- a/kubernetes/multicloud/charts/multicloud-prometheus/templates/pv.yaml
+++ b/kubernetes/multicloud/components/multicloud-prometheus/templates/pv.yaml
@@ -14,7 +14,6 @@
 # limitations under the License.
 */}}
 
-{{- if .Values.global.prometheus.enabled -}}
 {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
 {{- if eq "True" (include "common.needPV" .) -}}
 kind: PersistentVolume
@@ -39,4 +38,3 @@ spec:
     path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
 {{- end -}}
 {{- end -}}
-{{- end -}}
diff --git a/kubernetes/pnda/charts/dcae-pnda-bootstrap/templates/pvc.yaml b/kubernetes/multicloud/components/multicloud-prometheus/templates/pvc.yaml
index e9775d842d..77cc681743 100644
--- a/kubernetes/pnda/charts/dcae-pnda-bootstrap/templates/pvc.yaml
+++ b/kubernetes/multicloud/components/multicloud-prometheus/templates/pvc.yaml
@@ -1,5 +1,5 @@
 {{/*
-# Copyright © 2019 Amdocs, Bell Canada, Orange
+# Copyright 2018 Intel Corporation, Inc
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -13,6 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 */}}
+
 {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
 kind: PersistentVolumeClaim
 apiVersion: v1
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/templates/service.yaml b/kubernetes/multicloud/components/multicloud-prometheus/templates/service.yaml
index 90e21b7354..b8dbb687fb 100644
--- a/kubernetes/multicloud/charts/multicloud-prometheus/templates/service.yaml
+++ b/kubernetes/multicloud/components/multicloud-prometheus/templates/service.yaml
@@ -14,8 +14,6 @@
 # limitations under the License.
 */}}
 
-{{- if .Values.global.prometheus.enabled -}}
-
 apiVersion: v1
 kind: Service
 metadata:
@@ -41,6 +39,4 @@ spec:
     protocol: TCP
   selector:
     app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
-
-{{- end -}}
\ No newline at end of file
+    release: {{ include "common.release" . }}
\ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/values.yaml b/kubernetes/multicloud/components/multicloud-prometheus/values.yaml
index 5065392214..fa949c0c75 100644
--- a/kubernetes/multicloud/charts/multicloud-prometheus/values.yaml
+++ b/kubernetes/multicloud/components/multicloud-prometheus/values.yaml
@@ -17,12 +17,6 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  busyboxRepository: registry.hub.docker.com
-  busyboxImage: library/busybox:latest
   alertmanager:
     enabled: false
   grafana:
diff --git a/kubernetes/multicloud/charts/multicloud-pike/.helmignore b/kubernetes/multicloud/components/multicloud-starlingx/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/multicloud/charts/multicloud-pike/.helmignore
+++ b/kubernetes/multicloud/components/multicloud-starlingx/.helmignore
diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/Chart.yaml b/kubernetes/multicloud/components/multicloud-starlingx/Chart.yaml
index 1305d419bb..1fba2ae385 100644
--- a/kubernetes/multicloud/charts/multicloud-starlingx/Chart.yaml
+++ b/kubernetes/multicloud/components/multicloud-starlingx/Chart.yaml
@@ -15,4 +15,4 @@
 apiVersion: v1
 description: ONAP multicloud OpenStack Starlingx Plugin
 name: multicloud-starlingx
-version: 3.0.0
+version: 6.0.0
diff --git a/kubernetes/multicloud/components/multicloud-starlingx/requirements.yaml b/kubernetes/multicloud/components/multicloud-starlingx/requirements.yaml
new file mode 100644
index 0000000000..bdc19209e7
--- /dev/null
+++ b/kubernetes/multicloud/components/multicloud-starlingx/requirements.yaml
@@ -0,0 +1,22 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/config.json b/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/config.json
index da0727c3a7..da0727c3a7 100644
--- a/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/config.json
+++ b/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/config.json
diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml
index 9112e352e4..e4d3d54b38 100644
--- a/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/log.yml
+++ b/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright (c) 2019 Intel Corporation.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 version: 1
 disable_existing_loggers: False
 
diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/templates/NOTES.txt b/kubernetes/multicloud/components/multicloud-starlingx/templates/NOTES.txt
index 746215b541..746215b541 100644
--- a/kubernetes/multicloud/charts/multicloud-starlingx/templates/NOTES.txt
+++ b/kubernetes/multicloud/components/multicloud-starlingx/templates/NOTES.txt
diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/templates/configmap.yaml b/kubernetes/multicloud/components/multicloud-starlingx/templates/configmap.yaml
index e271a4f233..e271a4f233 100644
--- a/kubernetes/multicloud/charts/multicloud-starlingx/templates/configmap.yaml
+++ b/kubernetes/multicloud/components/multicloud-starlingx/templates/configmap.yaml
diff --git a/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml
new file mode 100644
index 0000000000..5413327d0b
--- /dev/null
+++ b/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml
@@ -0,0 +1,130 @@
+{{/*
+# Copyright (c) 2019 Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}
+        release: {{ include "common.release" . }}
+      name: {{ include "common.name" . }}
+      annotations:
+        sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
+    spec:
+      containers:
+      - env:
+        - name: MSB_PROTO
+          value: {{ .Values.config.msbprotocol }}
+        - name: MSB_ADDR
+          value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
+        - name: MSB_PORT
+          value: "{{ .Values.config.msbPort }}"
+        - name: AAI_ADDR
+          value: aai.{{ include "common.namespace" . }}
+        - name: AAI_PORT
+          value: "{{ .Values.config.aai.port }}"
+        - name: AAI_SCHEMA_VERSION
+          value: "{{ .Values.config.aai.schemaVersion }}"
+        - name: AAI_USERNAME
+          value: "{{ .Values.config.aai.username }}"
+        - name: AAI_PASSWORD
+          value: "{{ .Values.config.aai.password }}"
+        - name: SSL_ENABLED
+          value: "{{ .Values.config.ssl_enabled }}"
+        name: {{ include "common.name" . }}
+        volumeMounts:
+        - mountPath: /var/log/onap
+          name: starlingx-log
+        - mountPath: /opt/starlingx/starlingx/pub/config/log.yml
+          name: starlingx-logconfig
+          subPath: log.yml
+        - mountPath: /opt/artifacts/
+          name: artifact-data
+        resources: {{ include "common.resources" . | nindent 12 }}
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        ports:
+        - containerPort: {{ .Values.service.internalPort }}
+        # disable liveness probe when breakpoints set in debugger
+        # so K8s doesn't restart unresponsive container
+        {{ if .Values.liveness.enabled }}
+        livenessProbe:
+          httpGet:
+            path: /api/multicloud-starlingx/v0/swagger.json
+            port: {{ .Values.service.internalPort }}
+            scheme: HTTPS
+          initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.liveness.periodSeconds }}
+          timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+          successThreshold: {{ .Values.liveness.successThreshold }}
+          failureThreshold: {{ .Values.liveness.failureThreshold }}
+        {{ end }}
+      # side car containers
+      - image: {{ include "repositoryGenerator.image.logging" . }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: filebeat-onap
+        volumeMounts:
+        - mountPath: /usr/share/filebeat/filebeat.yml
+          name: filebeat-conf
+          subPath: filebeat.yml
+        - mountPath: /var/log/onap
+          name: starlingx-log
+        - mountPath: /usr/share/filebeat/data
+          name: starlingx-data-filebeat
+      - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.artifactImage }}
+        name: framework-artifactbroker
+        command: ["/opt/app/distribution/bin/artifact-dist.sh"]
+        args: ["/opt/app/distribution/etc/mounted/config.json"]
+        ports:
+        - containerPort: 9014
+          protocol: TCP
+        volumeMounts:
+        - mountPath: /opt/app/distribution/etc/mounted/config.json
+          name: starlingx-logconfig
+          subPath: config.json
+        - mountPath: /data
+          name: artifact-data
+
+      volumes:
+      - name: starlingx-log
+        emptyDir: {}
+      - name: starlingx-data-filebeat
+        emptyDir: {}
+      - name: filebeat-conf
+        configMap:
+          name: multicloud-filebeat-configmap
+      - name: starlingx-logconfig
+        configMap:
+          name: {{ include "common.fullname" . }}-log-configmap
+      - name: artifact-data
+        emptyDir: {}
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+      restartPolicy: Always
diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/templates/service.yaml b/kubernetes/multicloud/components/multicloud-starlingx/templates/service.yaml
index cf67f106ee..cf67f106ee 100644
--- a/kubernetes/multicloud/charts/multicloud-starlingx/templates/service.yaml
+++ b/kubernetes/multicloud/components/multicloud-starlingx/templates/service.yaml
diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/values.yaml b/kubernetes/multicloud/components/multicloud-starlingx/values.yaml
index cb065d6f20..cde6f67cc5 100644
--- a/kubernetes/multicloud/charts/multicloud-starlingx/values.yaml
+++ b/kubernetes/multicloud/components/multicloud-starlingx/values.yaml
@@ -17,6 +17,7 @@
 #################################################################
 global:
   nodePortPrefixExt: 304
+  artifactImage: onap/multicloud/framework-artifactbroker:1.6.0
 
 #################################################################
 # Application configuration defaults.
diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/.helmignore b/kubernetes/multicloud/components/multicloud-vio/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/multicloud/charts/multicloud-starlingx/.helmignore
+++ b/kubernetes/multicloud/components/multicloud-vio/.helmignore
diff --git a/kubernetes/multicloud/charts/multicloud-vio/Chart.yaml b/kubernetes/multicloud/components/multicloud-vio/Chart.yaml
index 4bb6ba05d5..4bb6ba05d5 100644
--- a/kubernetes/multicloud/charts/multicloud-vio/Chart.yaml
+++ b/kubernetes/multicloud/components/multicloud-vio/Chart.yaml
diff --git a/kubernetes/multicloud/components/multicloud-vio/requirements.yaml b/kubernetes/multicloud/components/multicloud-vio/requirements.yaml
new file mode 100644
index 0000000000..bdc19209e7
--- /dev/null
+++ b/kubernetes/multicloud/components/multicloud-vio/requirements.yaml
@@ -0,0 +1,22 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/multicloud/charts/multicloud-vio/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-vio/resources/config/log/log.yml
index 750b8c4140..137a6908f3 100644
--- a/kubernetes/multicloud/charts/multicloud-vio/resources/config/log/log.yml
+++ b/kubernetes/multicloud/components/multicloud-vio/resources/config/log/log.yml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 version: 1
 disable_existing_loggers: False
 
diff --git a/kubernetes/multicloud/charts/multicloud-vio/templates/NOTES.txt b/kubernetes/multicloud/components/multicloud-vio/templates/NOTES.txt
index befedf4578..befedf4578 100644
--- a/kubernetes/multicloud/charts/multicloud-vio/templates/NOTES.txt
+++ b/kubernetes/multicloud/components/multicloud-vio/templates/NOTES.txt
diff --git a/kubernetes/multicloud/charts/multicloud-vio/templates/configmap.yaml b/kubernetes/multicloud/components/multicloud-vio/templates/configmap.yaml
index ed43b24c76..ed43b24c76 100644
--- a/kubernetes/multicloud/charts/multicloud-vio/templates/configmap.yaml
+++ b/kubernetes/multicloud/components/multicloud-vio/templates/configmap.yaml
diff --git a/kubernetes/multicloud/charts/multicloud-vio/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-vio/templates/deployment.yaml
index 5cab1ad205..520f86a7d1 100644
--- a/kubernetes/multicloud/charts/multicloud-vio/templates/deployment.yaml
+++ b/kubernetes/multicloud/components/multicloud-vio/templates/deployment.yaml
@@ -64,7 +64,7 @@ spec:
          subPath: log.yml
        resources:
 {{ include "common.resources" . | indent 12 }}
-       image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+       image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
        ports:
        - containerPort: {{ .Values.service.internalPort }}
@@ -83,7 +83,7 @@ spec:
          failureThreshold: {{ .Values.liveness.failureThreshold }}
        {{ end -}}
        # side car containers
-     - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+     - image: {{ include "repositoryGenerator.image.logging" . }}
        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
        name: filebeat-onap
        volumeMounts:
diff --git a/kubernetes/multicloud/charts/multicloud-vio/templates/service.yaml b/kubernetes/multicloud/components/multicloud-vio/templates/service.yaml
index 4a926df420..4a926df420 100644
--- a/kubernetes/multicloud/charts/multicloud-vio/templates/service.yaml
+++ b/kubernetes/multicloud/components/multicloud-vio/templates/service.yaml
diff --git a/kubernetes/multicloud/charts/multicloud-vio/values.yaml b/kubernetes/multicloud/components/multicloud-vio/values.yaml
index c4618fa9c5..1a5af2ca48 100644
--- a/kubernetes/multicloud/charts/multicloud-vio/values.yaml
+++ b/kubernetes/multicloud/components/multicloud-vio/values.yaml
@@ -23,7 +23,6 @@ global:
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
 image: onap/multicloud/vio:1.4.1
 pullPolicy: Always
 
diff --git a/kubernetes/multicloud/charts/multicloud-vio/.helmignore b/kubernetes/multicloud/components/multicloud-windriver/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/multicloud/charts/multicloud-vio/.helmignore
+++ b/kubernetes/multicloud/components/multicloud-windriver/.helmignore
diff --git a/kubernetes/multicloud/charts/multicloud-windriver/Chart.yaml b/kubernetes/multicloud/components/multicloud-windriver/Chart.yaml
index eadb375669..eadb375669 100644
--- a/kubernetes/multicloud/charts/multicloud-windriver/Chart.yaml
+++ b/kubernetes/multicloud/components/multicloud-windriver/Chart.yaml
diff --git a/kubernetes/multicloud/components/multicloud-windriver/requirements.yaml b/kubernetes/multicloud/components/multicloud-windriver/requirements.yaml
new file mode 100644
index 0000000000..bdc19209e7
--- /dev/null
+++ b/kubernetes/multicloud/components/multicloud-windriver/requirements.yaml
@@ -0,0 +1,22 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/config.json b/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/config.json
index 655076a901..655076a901 100644
--- a/kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/config.json
+++ b/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/config.json
diff --git a/kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml
index 7e1735df08..79ff56adaa 100644
--- a/kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/log.yml
+++ b/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 version: 1
 disable_existing_loggers: False
 
diff --git a/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/test.txt b/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/test.txt
new file mode 100644
index 0000000000..6c1e709b92
--- /dev/null
+++ b/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/test.txt
@@ -0,0 +1 @@
+resources: {{ include "common.resources" . | indent 12 | trim}}
\ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-windriver/templates/NOTES.txt b/kubernetes/multicloud/components/multicloud-windriver/templates/NOTES.txt
index befedf4578..befedf4578 100644
--- a/kubernetes/multicloud/charts/multicloud-windriver/templates/NOTES.txt
+++ b/kubernetes/multicloud/components/multicloud-windriver/templates/NOTES.txt
diff --git a/kubernetes/multicloud/charts/multicloud-windriver/templates/configmap.yaml b/kubernetes/multicloud/components/multicloud-windriver/templates/configmap.yaml
index ed43b24c76..ed43b24c76 100644
--- a/kubernetes/multicloud/charts/multicloud-windriver/templates/configmap.yaml
+++ b/kubernetes/multicloud/components/multicloud-windriver/templates/configmap.yaml
diff --git a/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml
new file mode 100644
index 0000000000..2ed0b13249
--- /dev/null
+++ b/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml
@@ -0,0 +1,144 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}
+        release: {{ include "common.release" . }}
+      name: {{ include "common.name" . }}
+      annotations:
+        sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
+    spec:
+      initContainers:
+      - command: ["sh", "-c", "chown -R 100:101 /data"]
+        image: {{ include "repositoryGenerator.image.busybox" . }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ include "common.name" . }}-init
+        volumeMounts:
+        - mountPath: /data
+          name: artifact-data
+      containers:
+      - env:
+        - name: MSB_PROTO
+          value: {{ .Values.config.msbprotocol }}
+        - name: MSB_ADDR
+          value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
+        - name: MSB_PORT
+          value: "{{ .Values.config.msbPort }}"
+        - name: AAI_ADDR
+          value: aai.{{ include "common.namespace" . }}
+        - name: AAI_PORT
+          value: "{{ .Values.config.aai.port }}"
+        - name: AAI_SCHEMA_VERSION
+          value: "{{ .Values.config.aai.schemaVersion }}"
+        - name: AAI_USERNAME
+          value: "{{ .Values.config.aai.username }}"
+        - name: AAI_PASSWORD
+          value: "{{ .Values.config.aai.password }}"
+        - name: SSL_ENABLED
+          value: "{{ .Values.config.ssl_enabled }}"
+        name: {{ include "common.name" . }}
+        volumeMounts:
+        - mountPath: /var/log/onap
+          name: windriver-log
+        - mountPath: /opt/windriver/titanium_cloud/pub/config/log.yml
+          name: windriver-logconfig
+          subPath: log.yml
+        - mountPath: /opt/artifacts/
+          name: artifact-data
+        resources: {{ include "common.resources" . | nindent 12 }}
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        ports:
+        - containerPort: {{ .Values.service.internalPort }}
+        # disable liveness probe when breakpoints set in debugger
+        # so K8s doesn't restart unresponsive container
+        {{ if .Values.liveness.enabled }}
+        livenessProbe:
+          httpGet:
+            path: /api/multicloud-titaniumcloud/v1/swagger.json
+            port: {{ .Values.service.internalPort }}
+            scheme: HTTPS
+          initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.liveness.periodSeconds }}
+          timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+          successThreshold: {{ .Values.liveness.successThreshold }}
+          failureThreshold: {{ .Values.liveness.failureThreshold }}
+        {{ end }}
+      # side car containers
+      - image: {{ include "repositoryGenerator.image.logging" . }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: filebeat-onap
+        volumeMounts:
+        - mountPath: /usr/share/filebeat/filebeat.yml
+          name: filebeat-conf
+          subPath: filebeat.yml
+        - mountPath: /var/log/onap
+          name: windriver-log
+        - mountPath: /usr/share/filebeat/data
+          name: windriver-data-filebeat
+      - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.artifactImage }}
+        name: framework-artifactbroker
+        command: ["/opt/app/distribution/bin/artifact-dist.sh"]
+        args: ["/opt/app/distribution/etc/mounted/config.json"]
+        ports:
+        - containerPort: 9014
+          protocol: TCP
+        volumeMounts:
+        - mountPath: /opt/app/distribution/etc/mounted/config.json
+          name: windriver-logconfig
+          subPath: config.json
+        - mountPath: /data
+          name: artifact-data
+
+      volumes:
+      - name: windriver-log
+        emptyDir: {}
+      - name: windriver-data-filebeat
+        emptyDir: {}
+      - name: filebeat-conf
+        configMap:
+          name: multicloud-filebeat-configmap
+      - name: windriver-logconfig
+        configMap:
+          name: {{ include "common.fullname" . }}-log-configmap
+      - name: artifact-data
+      {{- if .Values.persistence.enabled }}
+        persistentVolumeClaim:
+          claimName: {{ include "common.fullname" . }}
+      {{- else }}
+        emptyDir: {}
+      {{- end }}
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+      restartPolicy: Always
diff --git a/kubernetes/multicloud/charts/multicloud-windriver/templates/pv.yaml b/kubernetes/multicloud/components/multicloud-windriver/templates/pv.yaml
index f798053f71..f798053f71 100644
--- a/kubernetes/multicloud/charts/multicloud-windriver/templates/pv.yaml
+++ b/kubernetes/multicloud/components/multicloud-windriver/templates/pv.yaml
diff --git a/kubernetes/multicloud/charts/multicloud-windriver/templates/pvc.yaml b/kubernetes/multicloud/components/multicloud-windriver/templates/pvc.yaml
index 3c4d646638..3c4d646638 100644
--- a/kubernetes/multicloud/charts/multicloud-windriver/templates/pvc.yaml
+++ b/kubernetes/multicloud/components/multicloud-windriver/templates/pvc.yaml
diff --git a/kubernetes/multicloud/charts/multicloud-windriver/templates/service.yaml b/kubernetes/multicloud/components/multicloud-windriver/templates/service.yaml
index 5a555b3222..5a555b3222 100644
--- a/kubernetes/multicloud/charts/multicloud-windriver/templates/service.yaml
+++ b/kubernetes/multicloud/components/multicloud-windriver/templates/service.yaml
diff --git a/kubernetes/multicloud/charts/multicloud-windriver/values.yaml b/kubernetes/multicloud/components/multicloud-windriver/values.yaml
index 8ab4d56010..e25a96ba05 100644
--- a/kubernetes/multicloud/charts/multicloud-windriver/values.yaml
+++ b/kubernetes/multicloud/components/multicloud-windriver/values.yaml
@@ -18,14 +18,13 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  ubuntuInitRepository: oomk8s
-  ubuntuInitImage: ubuntu-init:1.0.0
+  artifactImage: onap/multicloud/framework-artifactbroker:1.6.0
+  persistence: {}
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
 image: onap/multicloud/openstack-windriver:1.5.5
 pullPolicy: Always
 
diff --git a/kubernetes/multicloud/requirements.yaml b/kubernetes/multicloud/requirements.yaml
index caff1e5dc4..a37b9f7a83 100644
--- a/kubernetes/multicloud/requirements.yaml
+++ b/kubernetes/multicloud/requirements.yaml
@@ -17,3 +17,38 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
+  - name: multicloud-azure
+    version: ~6.x-0
+    repository: 'file://components/multicloud-azure'
+    condition: multicloud-azure.enabled
+  - name: multicloud-fcaps
+    version: ~6.x-0
+    repository: 'file://components/multicloud-fcaps'
+    condition: multicloud-fcaps.enabled
+  - name: multicloud-k8s
+    version: ~6.x-0
+    repository: 'file://components/multicloud-k8s'
+    condition: multicloud-k8s.enabled
+  - name: multicloud-pike
+    version: ~6.x-0
+    repository: 'file://components/multicloud-pike'
+    condition: multicloud-pike.enabled
+  - name: multicloud-prometheus
+    version: ~6.x-0
+    repository: 'file://components/multicloud-prometheus'
+    condition: multicloud-prometheus.enabled
+  - name: multicloud-starlingx
+    version: ~6.x-0
+    repository: 'file://components/multicloud-starlingx'
+    condition: multicloud-starlingx.enabled
+  - name: multicloud-vio
+    version: ~6.x-0
+    repository: 'file://components/multicloud-vio'
+    condition: multicloud-vio.enabled
+  - name: multicloud-windriver
+    version: ~6.x-0
+    repository: 'file://components/multicloud-windriver'
+    condition: multicloud-windriver.enabled
diff --git a/kubernetes/multicloud/resources/config/log/filebeat/filebeat.yml b/kubernetes/multicloud/resources/config/log/filebeat/filebeat.yml
index aa82aa71b9..3fa70aae56 100644
--- a/kubernetes/multicloud/resources/config/log/filebeat/filebeat.yml
+++ b/kubernetes/multicloud/resources/config/log/filebeat/filebeat.yml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 filebeat.prospectors:
 #it is mandatory, in our case it's log
 - input_type: log
diff --git a/kubernetes/multicloud/resources/config/log/framework/log.yml b/kubernetes/multicloud/resources/config/log/framework/log.yml
index 6c89ff3272..023ff81d50 100644
--- a/kubernetes/multicloud/resources/config/log/framework/log.yml
+++ b/kubernetes/multicloud/resources/config/log/framework/log.yml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 version: 1
 disable_existing_loggers: False
 
diff --git a/kubernetes/multicloud/templates/deployment.yaml b/kubernetes/multicloud/templates/deployment.yaml
index 8cae0b66cd..a5b8297e2f 100644
--- a/kubernetes/multicloud/templates/deployment.yaml
+++ b/kubernetes/multicloud/templates/deployment.yaml
@@ -59,7 +59,7 @@ spec:
          value: "{{ .Values.config.ssl_enabled }}"
        resources:
 {{ include "common.resources" . | indent 12 }}
-       image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+       image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
        name: {{ include "common.name" . }}
        volumeMounts:
@@ -89,7 +89,7 @@ spec:
        {{ end -}}
 
       # side car containers
-     - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+     - image: {{ include "repositoryGenerator.image.logging" . }}
        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
        name: filebeat-onap
        volumeMounts:
diff --git a/kubernetes/multicloud/values.yaml b/kubernetes/multicloud/values.yaml
index d075291db2..12d5d6a046 100644
--- a/kubernetes/multicloud/values.yaml
+++ b/kubernetes/multicloud/values.yaml
@@ -18,9 +18,7 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  artifactImage: onap/multicloud/framework-artifactbroker:1.5.1
+  artifactImage: onap/multicloud/framework-artifactbroker:1.6.0
   prometheus:
     enabled: false
   persistence: {}
@@ -29,13 +27,29 @@ global:
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
-image: onap/multicloud/framework:1.5.1
+image: onap/multicloud/framework:1.6.0
 pullPolicy: Always
 
 #Istio sidecar injection policy
 istioSidecar: true
 
+multicloud-azure:
+  enabled: true
+multicloud-fcaps:
+  enabled: true
+multicloud-k8s:
+  enabled: true
+multicloud-pike:
+  enabled: true
+multicloud-prometheus:
+  enabled: false
+multicloud-starlingx:
+  enabled: true
+multicloud-vio:
+  enabled: true
+multicloud-windriver:
+  enabled: true
+
 # application configuration
 config:
   ssl_enabled: true
diff --git a/kubernetes/nbi/requirements.yaml b/kubernetes/nbi/requirements.yaml
index 7ce343627a..f76d598417 100644
--- a/kubernetes/nbi/requirements.yaml
+++ b/kubernetes/nbi/requirements.yaml
@@ -34,3 +34,6 @@ dependencies:
     version: ~6.x-0
     repository: '@local'
     condition: not global.mariadbGalera.localCluster
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml
index 22dd4a1ded..4be444ad1b 100644
--- a/kubernetes/nbi/templates/deployment.yaml
+++ b/kubernetes/nbi/templates/deployment.yaml
@@ -1,5 +1,7 @@
+{{/*
 # Copyright © 2018 Orange
 # Modifications Copyright © 2018  Amdocs, Bell Canada
+# Modifications Copyright © 2020 Nokia
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,8 +14,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "common.fullname" . }}
@@ -24,6 +27,9 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 spec:
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
   replicas: {{ .Values.replicaCount }}
   template:
     metadata:
@@ -37,7 +43,7 @@ spec:
 {{- end }}
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
             - containerPort: {{ .Values.service.internalPort }}
@@ -45,7 +51,7 @@ spec:
           # so K8s doesn't restart unresponsive container
           {{- if .Values.global.aafEnabled }}
           command:
-          - bash
+          - sh
           args:
           - -c
           - |
@@ -94,6 +100,10 @@ spec:
               value: {{ .Values.config.openStackVNFTenantId | quote }}
             - name: ONAP_CLOUDOWNER
               value: {{ .Values.config.cloudOwner }}
+            - name: ONAP_K8SCLOUDREGIONID
+              value: {{ .Values.config.k8sCloudRegionId }}
+            - name: ONAP_K8SCLOUDOWNER
+              value: {{ .Values.config.k8sCloudOwner }}
             - name: NBI_URL
               value: "https://nbi.{{ include "common.namespace" . }}:8443/nbi/api/v4"
             - name: SDC_HOST
@@ -136,31 +146,9 @@ spec:
         affinity:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
-      # side car containers
-        # - name: filebeat-onap
-        #   image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
-        #   imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        #   volumeMounts:
-        #   - mountPath: /usr/share/filebeat/filebeat.yml
-        #     name: filebeat-conf
-        #     subPath: filebeat.yml
-        #   - mountPath: /home/esr/works/logs
-        #     name: esr-server-logs
-        #   - mountPath: /usr/share/filebeat/data
-        #     name: esr-server-filebeat
       volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: localtime
           hostPath:
             path: /etc/localtime
-        # - name: filebeat-conf
-        #   configMap:
-        #     name: {{ include "common.fullname" . }}-esr-filebeat
-        # - name: esr-server-logs
-        #   emptyDir: {}
-        # - name: esr-server-filebeat
-        #   emptyDir: {}
-        # - name: esrserver-log
-        #   configMap:
-        #     name: {{ include "common.fullname" . }}-esr-esrserver-log
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/nbi/templates/ingress.yaml b/kubernetes/nbi/templates/ingress.yaml
index 0cd8cfbd36..06e66ebbf1 100644
--- a/kubernetes/nbi/templates/ingress.yaml
+++ b/kubernetes/nbi/templates/ingress.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Samsung, Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.ingress" . }}
diff --git a/kubernetes/nbi/templates/secret.yaml b/kubernetes/nbi/templates/secret.yaml
index bd7eb8ea40..34932b713d 100644
--- a/kubernetes/nbi/templates/secret.yaml
+++ b/kubernetes/nbi/templates/secret.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/nbi/templates/service.yaml b/kubernetes/nbi/templates/service.yaml
index ccc1a13e71..4d5359ce0e 100644
--- a/kubernetes/nbi/templates/service.yaml
+++ b/kubernetes/nbi/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada, Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml
index 3828e25190..61d7680824 100644
--- a/kubernetes/nbi/values.yaml
+++ b/kubernetes/nbi/values.yaml
@@ -18,10 +18,6 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
   mariadbGalera: &mariadbGalera
     #This flag allows SO to instantiate its own mariadb-galera cluster
     localCluster: false
@@ -29,8 +25,6 @@ global:
     internalPort: 3306
     nameOverride: mariadb-galera
   aafEnabled: true
-  busyBoxImage: busybox:1.30
-  busyBoxRepository: docker.io
 
 #################################################################
 # AAF part
@@ -72,7 +66,7 @@ subChartsOnly:
 
 # application image
 repository: nexus3.onap.org:10001
-image: onap/externalapi/nbi:7.0.0
+image: onap/externalapi/nbi:7.0.2
 pullPolicy: IfNotPresent
 sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU=
 aai_authorization: Basic QUFJOkFBSQ==
@@ -84,6 +78,8 @@ config:
   logstashServiceName: log-ls
   logstashPort: 5044
   cloudOwner: CloudOwner
+  k8sCloudRegionId: k8sregionfour
+  k8sCloudOwner: k8scloudowner4
   ecompInstanceId: OOM
   openStackRegion: RegionOne
   openStackVNFTenantId: 31047205ce114b60833b23e400d6a535
diff --git a/kubernetes/onap/requirements.yaml b/kubernetes/onap/requirements.yaml
index 9385adea9a..51f1743773 100755
--- a/kubernetes/onap/requirements.yaml
+++ b/kubernetes/onap/requirements.yaml
@@ -1,4 +1,6 @@
 # Copyright © 2019 Amdocs, Bell Canada
+# Copyright (c) 2020 Nordix Foundation, Modifications
+# Modifications Copyright © 2020 Nokia
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -96,10 +98,6 @@ dependencies:
     version: ~6.x-0
     repository: '@local'
     condition: nbi.enabled
-  - name: pnda
-    version: ~6.x-0
-    repository: '@local'
-    condition: pnda.enabled
   - name: policy
     version: ~6.x-0
     repository: '@local'
@@ -116,6 +114,9 @@ dependencies:
     version: ~6.x-0
     repository: '@local'
     condition: oof.enabled
+  - name: repository-wrapper
+    version: ~6.x-0
+    repository: '@local'
   - name: robot
     version: ~6.x-0
     repository: '@local'
@@ -152,3 +153,15 @@ dependencies:
     version: ~6.x-0
     repository: '@local'
     condition: modeling.enabled
+  - name: platform
+    version: ~6.x-0
+    repository: '@local'
+    condition: platform.enabled
+  - name: a1policymanagement
+    version: ~6.x-0
+    repository: '@local'
+    condition: a1policymanagement.enabled
+  - name: cert-wrapper
+    version: ~6.x-0
+    repository: '@local'
+    condition: cert-wrapper.enabled
diff --git a/kubernetes/onap/resources/environments/dev.yaml b/kubernetes/onap/resources/environments/dev.yaml
index fa8619ed93..dd22d8fc75 100644
--- a/kubernetes/onap/resources/environments/dev.yaml
+++ b/kubernetes/onap/resources/environments/dev.yaml
@@ -31,8 +31,9 @@ global:
   # any other repository that hosts images for ONAP components.
   #repository: nexus3.onap.org:10001
 
-  # readiness check - temporary repo until images migrated to nexus3
-  readinessRepository: oomk8s
+  # readiness check
+  readinessImage: onap/oom/readiness:3.0.1
+
   # logging agent - temporary repo until images migrated to nexus3
   loggingRepository: docker.elastic.co
 
diff --git a/kubernetes/onap/resources/environments/public-cloud.yaml b/kubernetes/onap/resources/environments/public-cloud.yaml
index 3062e4e3fa..4a910987a9 100644
--- a/kubernetes/onap/resources/environments/public-cloud.yaml
+++ b/kubernetes/onap/resources/environments/public-cloud.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2017 Amdocs, Bell Canada
+# Copyright (c) 2020 Nordix Foundation, Modifications
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -146,9 +147,6 @@ sdnc:
   sdnc-ansible-server:
     readiness:
       initialDelaySeconds: 120
-  sdnc-portal:
-    readiness:
-      initialDelaySeconds: 120
   ueb-listener:
     liveness:
       initialDelaySeconds: 60
@@ -177,3 +175,10 @@ mariadb-galera:
     readiness:
       initialDelaySeconds: 120
 
+a1policymanagement:
+  liveness:
+    initialDelaySeconds: 60
+    periodSeconds: 10
+  readiness:
+    initialDelaySeconds: 60
+    periodSeconds: 10
diff --git a/kubernetes/onap/resources/overrides/environment.yaml b/kubernetes/onap/resources/overrides/environment.yaml
index 2788e244e2..61b1838b83 100644
--- a/kubernetes/onap/resources/overrides/environment.yaml
+++ b/kubernetes/onap/resources/overrides/environment.yaml
@@ -92,6 +92,11 @@ clamp:
     initialDelaySeconds: 60
   readiness:
     initialDelaySeconds: 60
+  clamp-mariadb:
+    liveness:
+      initialDelaySeconds: 30
+    readiness:
+      initialDelaySeconds: 30
 dcaegen2:
   dcae-cloudify-manager:
     liveness:
@@ -213,9 +218,6 @@ sdnc:
   sdnc-ansible-server:
     readiness:
       initialDelaySeconds: 120
-  sdnc-portal:
-    readiness:
-      initialDelaySeconds: 120
   ueb-listener:
     liveness:
       initialDelaySeconds: 60
diff --git a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
index 5b59c65db7..be052996b7 100644
--- a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
+++ b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
@@ -34,8 +34,9 @@ global:
     user: docker
     password: docker
 
-  # readiness check - temporary repo until images migrated to nexus3
-  readinessRepository: oomk8s
+  # readiness check
+  readinessImage: onap/oom/readiness:3.0.1
+
   # logging agent - temporary repo until images migrated to nexus3
   loggingRepository: docker.elastic.co
 
@@ -95,8 +96,6 @@ contrib:
   enabled: false
 dcaegen2:
   enabled: false
-pnda:
-  enabled: false
 dmaap:
   enabled: true
 esr:
diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml
index 86f898d18c..1d0663ea65 100644
--- a/kubernetes/onap/resources/overrides/onap-all.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all.yaml
@@ -1,4 +1,6 @@
 # Copyright © 2019 Amdocs, Bell Canada
+# Copyright (c) 2020 Nordix Foundation, Modifications
+# Modifications Copyright © 2020 Nokia
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -79,3 +81,7 @@ vnfsdk:
   enabled: true
 modeling:
   enabled: true
+platform:
+  enabled: true
+a1policymanagement:
+  enabled: true
\ No newline at end of file
diff --git a/kubernetes/onap/resources/overrides/aaf-cert-service-environment.yaml b/kubernetes/onap/resources/overrides/oom-cert-service-environment.yaml
index da00f61e2f..9914e1496e 100644
--- a/kubernetes/onap/resources/overrides/aaf-cert-service-environment.yaml
+++ b/kubernetes/onap/resources/overrides/oom-cert-service-environment.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2020 Nordix Foundation
+# Modifications Copyright © 2020 Nokia
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -34,7 +35,7 @@
 #################################################################
 global:
   cmpv2Enabled: true
-  aaf:
+  platform:
     certServiceClient:
       envVariables:
         # Certificate related
diff --git a/kubernetes/onap/templates/clusterrolebinding.yaml b/kubernetes/onap/templates/clusterrolebinding.yaml
index 2367143b11..d8584db65a 100644
--- a/kubernetes/onap/templates/clusterrolebinding.yaml
+++ b/kubernetes/onap/templates/clusterrolebinding.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,8 +12,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: {{ include "common.namespace" . }}-binding
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index b96385cf07..3c8b1e9d90 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -1,4 +1,6 @@
 # Copyright © 2019 Amdocs, Bell Canada
+# Copyright (c) 2020 Nordix Foundation, Modifications
+# Modifications Copyright © 2020 Nokia
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -38,35 +40,73 @@ global:
   addTestingComponents: &testing false
 
   # ONAP Repository
-  # Uncomment the following to enable the use of a single docker
-  # repository but ONLY if your repository mirrors all ONAP
-  # docker images. This includes all images from dockerhub and
-  # any other repository that hosts images for ONAP components.
-  #repository: nexus3.onap.org:10001
+  # Four different repositories are used
+  # You can change individually these repositories to ones that will serve the
+  # right images. If credentials are needed for one of them, see below.
+  repository: nexus3.onap.org:10001
+  dockerHubRepository: &dockerHubRepository docker.io
+  elasticRepository: &elasticRepository docker.elastic.co
+  googleK8sRepository: k8s.gcr.io
+ 
+
+  #/!\ DEPRECATED /!\
+  # Legacy repositories which will be removed at the end of migration.
+  # Please don't use
+  loggingRepository: *elasticRepository
+  busyboxRepository: *dockerHubRepository
+
+  # Default credentials
+  # they're optional. If the target repository doesn't need them, comment them
   repositoryCred:
     user: docker
     password: docker
-  dockerHubRepository: docker.io
-
-  # readiness check - temporary repo until images migrated to nexus3
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.2.2
+  # If you want / need authentication on the repositories, please set
+  # Don't set them if the target repo is the same than others
+  # so id you've set repository to value `my.private.repo` and same for
+  # dockerHubRepository, you'll have to configure only repository (exclusive) OR
+  # dockerHubCred.
+  # dockerHubCred:
+  #   user: myuser
+  #   password: mypassord
+  # elasticCred:
+  #   user: myuser
+  #   password: mypassord
+  # googleK8sCred:
+  #   user: myuser
+  #   password: mypassord
+
+
+  # common global images
+  # Busybox for simple shell manipulation
+  busyboxImage: busybox:1.32
 
   # curl image
   curlImage: curlimages/curl:7.69.1
 
-  # logging agent - temporary repo until images migrated to nexus3
-  loggingRepository: docker.elastic.co
+  # env substitution image
+  envsubstImage: dibi/envsubst:1
+
+  # generate htpasswd files image
+  # there's only latest image for htpasswd
+  htpasswdImage: xmartlabs/htpasswd:latest
+
+  # kubenretes client image
+  kubectlImage: bitnami/kubectl:1.19
+
+  # logging agent
+  loggingImage: beats/filebeat:5.5.0
 
-  # dockerHub main repository
-  dockerHubRepository: docker.io
+  # mariadb client image
+  mariadbImage: mariadb:10.1.48
 
-  # busybox repo and image
-  busyboxRepository: docker.io
-  busyboxImage: busybox:1.30
+  # nginx server image
+  nginxImage: bitnami/nginx:1.18-debian-10
 
-  # kubeclt image
-  kubectlImage: "bitnami/kubectl:1.15"
+  # postgreSQL client and server image
+  postgresImage: crunchydata/crunchy-postgres:centos7-10.11-4.2.1
+
+  # readiness check image
+  readinessImage: onap/oom/readiness:3.0.1
 
   # image pull policy
   pullPolicy: Always
@@ -90,12 +130,23 @@ global:
   # flag to enable debugging - application support required
   debugEnabled: false
 
+  # default password complexity
+  # available options: phrase, name, pin, basic, short, medium, long, maximum security
+  # More datails: https://masterpassword.app/masterpassword-algorithm.pdf
+  passwordStrength: long
+
+  # configuration to set log level to all components (the one that are using
+  # "common.log.level" to set this)
+  # can be overrided per components by setting logConfiguration.logLevelOverride
+  # to the desired value
+  # logLevel: DEBUG
+
   #Global ingress configuration
   ingress:
     enabled: false
     virtualhost:
-        enabled: true
-        baseurl: "simpledemo.onap.org"
+      enabled: true
+      baseurl: "simpledemo.onap.org"
 
   # Global Service Mesh configuration
   # POC Mode, don't use it in production
@@ -111,12 +162,12 @@ global:
 
   # Enabling CMPv2
   cmpv2Enabled: true
-  aaf:
+  platform:
     certServiceClient:
-      image: onap/org.onap.aaf.certservice.aaf-certservice-client:1.2.0
+      image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
       secret:
-        name: aaf-cert-service-client-tls-secret
-        mountPath: /etc/onap/aaf/certservice/certs/
+        name: oom-cert-service-client-tls-secret
+        mountPath: /etc/onap/oom/certservice/certs/
       envVariables:
         # Certificate related
         cmpv2Organization: "Linux-Foundation"
@@ -126,13 +177,19 @@ global:
         cmpv2Country: "US"
         # Client configuration related
         caName: "RA"
-        requestURL: "https://aaf-cert-service:8443/v1/certificate/"
+        requestURL: "https://oom-cert-service:8443/v1/certificate/"
         requestTimeout: "30000"
-        keystorePath: "/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks"
+        keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks"
+        outputType: "P12"
         keystorePassword: "secret"
-        truststorePath: "/etc/onap/aaf/certservice/certs/truststore.jks"
+        truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
         truststorePassword: "secret"
 
+  # Indicates offline deployment build
+  # Set to true if you are rendering helm charts for offline deployment
+  # Otherwise keep it disabled
+  offlineDeploymentBuild: false
+
   # TLS
   # Set to false if you want to disable TLS for NodePorts. Be aware that this
   # will loosen your security.
@@ -144,13 +201,12 @@ global:
   # default
   centralizedLoggingEnabled: &centralizedLogging false
 
-
-# Example of specific for the components where you want to disable TLS only for
-# it:
-# if set this element will force or not tls even if global.serviceMesh.tls and
-# global.tlsEnabled is set otherwise.
-# robot:
-#   tlsOverride: false
+  # Example of specific for the components where you want to disable TLS only for
+  # it:
+  # if set this element will force or not tls even if global.serviceMesh.tls and
+  # global.tlsEnabled is set otherwise.
+  # robot:
+  #   tlsOverride: false
 
   # Global storage configuration
   #    Set to "-" for default, or with the name of the storage class
@@ -215,8 +271,6 @@ dcaegen2:
   enabled: false
 dcaemod:
   enabled: false
-pnda:
-  enabled: false
 dmaap:
   enabled: false
 esr:
@@ -283,6 +337,12 @@ so:
     openStackServiceTenantName: "service"
     openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
 
+  # in order to enable static password for so-monitoring uncomment:
+  # so-monitoring:
+  #   server:
+  #     monitoring:
+  #       password: demo123456!
+
   # configure embedded mariadb
   mariadb:
     config:
@@ -297,3 +357,12 @@ vnfsdk:
   enabled: false
 modeling:
   enabled: false
+platform:
+  enabled: false
+a1policymanagement:
+  enabled: false
+
+cert-wrapper:
+  enabled: true
+repository-wrapper:
+  enabled: true
diff --git a/kubernetes/oof/.helmignore b/kubernetes/oof/.helmignore
new file mode 100644
index 0000000000..68ffb32406
--- /dev/null
+++ b/kubernetes/oof/.helmignore
@@ -0,0 +1 @@
+components/
diff --git a/kubernetes/oof/Makefile b/kubernetes/oof/Makefile
index e27258aafc..ad7fad7bbd 100644
--- a/kubernetes/oof/Makefile
+++ b/kubernetes/oof/Makefile
@@ -1,4 +1,4 @@
-# Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware
+# Copyright © 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,6 +12,46 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-make-has:
-	cd charts && helm dep up oof-has
-	cd charts && helm dep up oof-cmso
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+	@if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.cred.props b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.cred.props
deleted file mode 100644
index b56c500ffd..0000000000
--- a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.cred.props
+++ /dev/null
@@ -1,22 +0,0 @@
- # -------------------------------------------------------------------------
- #   Copyright (c) 2019 AT&T Intellectual Property
- #
- #   Licensed under the Apache License, Version 2.0 (the "License");
- #   you may not use this file except in compliance with the License.
- #   You may obtain a copy of the License at
- #
- #       http://www.apache.org/licenses/LICENSE-2.0
- #
- #   Unless required by applicable law or agreed to in writing, software
- #   distributed under the License is distributed on an "AS IS" BASIS,
- #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- #   See the License for the specific language governing permissions and
- #   limitations under the License.
- #
- # -------------------------------------------------------------------------
- #
-
-aaf_id=oof@oof.onap.org
-aaf_password=demo123456!
-cadi_keyfile=/share/etc/certs/org.onap.oof.keyfile
-cadi_truststore=/share/etc/certs//truststoreONAPall.jks
diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.jks b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.jks
deleted file mode 100644
index f1e01085f9..0000000000
--- a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.jks
+++ /dev/null
diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.keyfile b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.keyfile
deleted file mode 100644
index 78a6afba63..0000000000
--- a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.keyfile
+++ /dev/null
@@ -1,27 +0,0 @@
-dX1X5XcwStbiOmKV2k-px6nukVP3Ucg3mB6Rx3IyAyAQOZx8nU-TBK9kOV635VI5559pLF6z7jGR
-BcBfEgQtiO93vGKsSfkiVjorFz5UDqqXvoW6kFz4yQHBYR8cfFIRQ4L6mitfrs6gsM0d7CBqBz29
-I5lyzeSzmaPmJDP92jw--y3cvGRYYNLGvl3U3IIeCFX9IkDY29OZazaQaihAZx2trjLZKEeuzLN1
-6JQGbKEqCCRzZ46TXnH1DKRPxxV2aNzb_3I8402XUmlGBPf0Ucyj2wlBWrSApVVaxKKIEgIjf7vs
-x2fEMD-ye--2MkalDZ6Tm_x75GFKiia7Uc2fBBb4xHGZZEmKTh4php1Gu3v1bVY8hjXXVTpF-WXm
-cm9T4uczm_CgnKE4PtqLnYQg87LI8ONbWIE5jkgu1D4lhWkzO8nMrQlnFT0HlB-CRGu_xRsIWvnc
-bTA8K4iKJMHm7IhRfrBFNRBSq8AH_9LoUfTQ62C-Nt8g6Wu7ox6fO_dus1S9H9ndNzos31IVrn1h
-5QHxuBCUORISWjGoEQSM6spz3pyvbNMgKpkkg2izwXzDwc3RbqOgiSY8WtpKXuWceU-Ltl_npFpO
-O1suykGF6fnuql87ERJ7mcEiNd8L2_GuxTr-0YbbWgCK2IBDyfNc6ayTcjN0huoF72umE0ODQ0aK
-0HUAWAV4W6cWXEj7iOpMx1jkDURbWEdPetlz-LZKv7aN3s65Cl4Nib7ltWrs9ilP5J-KUKTkUPpM
-poBWXVZf4IjNx3H2KFzdLeGSXO3kG46tQDeeloFuY2yk1FWeyS9xLS60H2komdIW6qRVVBzeJHRN
-7dYMK5AhAgOghhe5XBhH1yHVdjLJuOMXPRrXe8dTyNU6fD1rHuvGukwSLW9lXsQkJBENfsIxY-At
--j6Gm54G_Dz5k7tu7ThpCREVxNoBDMOBC_RemS0P-pqHSEpxEc0OjLQbVSPBQRa3eaRiqLMz_dop
-FGJt56UE73Qn0HWQw16lSdKSDtuSlByEwbQ8fRFN6e2f6DCHwW81kPpfJBcoPgO4RcoazNfbLXGI
-c3q9SSpOy6r33lPT8ZigURWiNqgO2NgWswAhaN1lllbXooQxhmTnokTxi8lbQ45ZMI0n5TKFJVAB
-TtEpi4VESECsda-Rlt2w-SE9QMSSxbdYcoMutupHoj2EuRcEDAW9ghLcfBqBkGapS_Vk-E7VYBqT
-mCzuKx5WdvNj9RFCIHq7U6axpddRd7XGgKhQwyLo075DLlpULcXjHegh2Dv_U-CgwMc7J4NfCNYL
-atLIkKAhxiaHt7nkhSVKsJK89-7_NQd-OubYnUNMREoEBJautCFfyiL5fooEb2Vdu1S-27fAYk3f
-9Zv4j_lwldSGBkNZg8vKGsSLgl9acdXld_zyUI9iGe-cj5eibI7LLpaxRL9UyBJWvElyDdTQvTZL
-DdpWmy3QF9GUGx0AwZixPixXdIHmmu2yOu1kFqNAjHqfVfoyNETlGrQRM5IPQ6RmBhWC3Iv5mSNA
-FZ0J95bvy9_HS718wAhlEiw4B6FGnTR8KZozfOtr2ihh8QybBgvvJrs-68RIB56gWyavbn-aAnXi
-zTI1YYCVzBDVv4XPzqK4itVl5gPb3KCHPUSlrVhkPLXAUix3b4-nu4pk8veAE1CYZCIy_GqPNUOT
-LqLl4-WMHodF7SLNzvPSqgolCC1TjnuO1ysOHlK86W7nZPyrpnideiLbGs6G51cG0pIcDIyWNm6d
-9TXQTiRx87cZxRxEEFz57ftjqy3qhg_sw2ziFWOeItEO6OaOgwfH2OtMToeBWiJepyfG1eB4n7jH
-OsTQLSvCt2gHI1zXyCtYBZKeZI2dxO6cOdh5ljIuS0rABHe1BP2ZkKmJIXoEPFstJlAz4GPaghL4
-8rCndhdyoW7CayzBAAe5balYq63qjqUD_eOIp-pHcEe0Mfbmzu4CDSK8-40Qia6ApskFsRCkzu1V
-Pf1fH6-3rvQZFqt6irr_7HWUFhGRcXw9kBOy8h24nTawv-L6eydW5iX0pwRMz_QfHo_Krm6O
\ No newline at end of file
diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.location.props b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.location.props
deleted file mode 100644
index 7e154c4665..0000000000
--- a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.location.props
+++ /dev/null
@@ -1,20 +0,0 @@
- # -------------------------------------------------------------------------
- #   Copyright (c) 2019 AT&T Intellectual Property
- #
- #   Licensed under the Apache License, Version 2.0 (the "License");
- #   you may not use this file except in compliance with the License.
- #   You may obtain a copy of the License at
- #
- #       http://www.apache.org/licenses/LICENSE-2.0
- #
- #   Unless required by applicable law or agreed to in writing, software
- #   distributed under the License is distributed on an "AS IS" BASIS,
- #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- #   See the License for the specific language governing permissions and
- #   limitations under the License.
- #
- # -------------------------------------------------------------------------
- #
-
-cadi_latitude=0.00
-cadi_longitude=0.00
diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.props b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.props
deleted file mode 100644
index c96e7f7b04..0000000000
--- a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.props
+++ /dev/null
@@ -1,26 +0,0 @@
- # -------------------------------------------------------------------------
- #   Copyright (c) 2019 AT&T Intellectual Property
- #
- #   Licensed under the Apache License, Version 2.0 (the "License");
- #   you may not use this file except in compliance with the License.
- #   You may obtain a copy of the License at
- #
- #       http://www.apache.org/licenses/LICENSE-2.0
- #
- #   Unless required by applicable law or agreed to in writing, software
- #   distributed under the License is distributed on an "AS IS" BASIS,
- #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- #   See the License for the specific language governing permissions and
- #   limitations under the License.
- #
- # -------------------------------------------------------------------------
- #
-
-aaf_id=oof@oof.onap.org
-aaf_locate_url=https://aaf-locate:8095
-aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1
-cadi_etc_dir=/share/etc/certs/
-cadi_latitude=0.00
-cadi_longitude=0.00
-cadi_prop_files=/share/etc/certs/org.onap.oof.location.props:/share/etc/certs/org.onap.oof.cred.props
-cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1
diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/truststoreONAPall.jks b/kubernetes/oof/charts/oof-cmso/resources/certs/truststoreONAPall.jks
deleted file mode 100644
index ff844b109d..0000000000
--- a/kubernetes/oof/charts/oof-cmso/resources/certs/truststoreONAPall.jks
+++ /dev/null
diff --git a/kubernetes/oof/charts/oof-cmso/values.yaml b/kubernetes/oof/charts/oof-cmso/values.yaml
deleted file mode 100644
index b1c3561538..0000000000
--- a/kubernetes/oof/charts/oof-cmso/values.yaml
+++ /dev/null
@@ -1,92 +0,0 @@
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
-  - uid: cmso-db-root-password
-    name: '{{ include "common.release" . }}-cmso-db-root-password'
-    type: password
-    password: ''
-    policy: generate
-  - uid: cmso-db-secret
-    name: '{{ include "common.release" . }}-cmso-db-secret'
-    type: basicAuth
-    externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
-    login: '{{ .Values.config.db.userName }}'
-    password: '{{ .Values.config.db.userPassword }}'
-    passwordPolicy: generate
-
-mariadb-galera:
-  replicaCount: 1
-  nameOverride: cmso-db
-  service:
-    type: ClusterIP
-    name: oof-cmso-dbhost
-    portName: cmso-dbhost
-  nfsprovisionerPrefix: cmso
-  sdnctlPrefix: cmso
-  persistence:
-    mountSubPath: cmso/data
-    enabled: true
-  disableNfsProvisioner: true
-  config:
-    mariadbRootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
-    userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
-    mysqlDatabase: cmso
-  externalConfig: |
-    [mysqld]
-    lower_case_table_names = 1
-
-global:
-  commonConfigPrefix: "oof-cmso"
-  truststoreFile: "truststoreONAPall.jks"
-  keystoreFile: "org.onap.oof.jks"
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  keystorePassword: OA7*y0PEGTma?$be2z#0$:L]
-  truststorePassword:
-  authentication: aaf-auth
-  busyBoxImage: busybox:1.30
-  busyBoxRepository: docker.io
-
-flavor: small
-
-config:
-  log:
-    logstashServiceName: log-ls
-    logstashPort: 5044
-  db:
-    # userCredentialsExternalsecret: some secret
-    userName: cmso-admin
-    # userPassword: password
-
-oof-cmso-service:
-  config:
-    db:
-      userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
-      rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
-      host: oof-cmso-dbhost
-      container: cmso-db
-      mysqlDatabase: cmso
-
-oof-cmso-optimizer:
-  config:
-    db:
-      userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
-      rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
-      host: oof-cmso-dbhost
-      container: cmso-db
-      mysqlDatabase: optimizer
diff --git a/kubernetes/oof/charts/oof-has/resources/config/AAF_RootCA.cer b/kubernetes/oof/charts/oof-has/resources/config/AAF_RootCA.cer
deleted file mode 100755
index e9a50d7ea0..0000000000
--- a/kubernetes/oof/charts/oof-has/resources/config/AAF_RootCA.cer
+++ /dev/null
@@ -1,31 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
diff --git a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt b/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt
deleted file mode 100644
index 68f474b44f..0000000000
--- a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt
+++ /dev/null
@@ -1,89 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFEDCCA/igAwIBAgIILW/fiLbps5cwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
-BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
-bnRlcm1lZGlhdGVDQV85MB4XDTIwMDQwNDE4NDMxNloXDTIxMDQwNDE4NDMxNlow
-XjERMA8GA1UEAwwIb29mLm9uYXAxHTAbBgNVBAsMFG9vZkBvb2Yub25hcC5vcmc6
-REVWMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv9ebvHIAgYYtJZDvxwDLR
-UlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+CLYpRbLQ
-IlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8MS2XrnxB
-HpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCKGUfEjKb+
-LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaHKfVxm1ZH
-hvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2guGQUGsib
-AgMBAAGjggHnMIIB4zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB
-Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze
-81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ
-MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUkjCndmbyBIsg2xtiFYgeONQa8Ysw
-ggEtBgNVHREEggEkMIIBIIEfbWFyay5kLm1hbmFnZXJAcGVvcGxlLm9zYWFmLmNv
-bYIIb29mLm9uYXCCCWNtc28tb25hcIIcY21zby5hcGkuc2ltcGxlZGVtby5vbmFw
-Lm9yZ4IJY21zby5vbmFwgghvb2YtY21zb4ISb29mLWNtc28tb3B0aW1pemVyghJv
-b2YtY21zby10aWNrZXRtZ3SCEW9vZi1jbXNvLXRvcG9sb2d5ggtvb2YtaGFzLWFw
-aYIQb29mLWhhcy1hcGkub25hcIIIb29mLW9uYXCCCm9vZi1vcHRlbmeCD29vZi1v
-cHRlbmcub25hcIIIb29mLW9zZGaCDW9vZi1vc2RmLm9uYXCCG29vZi5hcGkuc2lt
-cGxlZGVtby5vbmFwLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAHoAD6tRvFPAtUfkU
-FsTO2p7lftMld0CzeAWfEln9vBXwr0ZGdNTP2TWJAcenIE1cwJavyQuDc3sZ4Z20
-/pOz1/oic9gnlVFe46/KRcwVUVXBU1EJlXB2UPU/v4MNrkWUcgqzEcxfKmBWl/My
-7OlQFc7zAeqZw6XtnaLzMipaXg98M7sWnfS4t116wfwmHIkP2RY7dAp1XAbzOW+X
-koFvfuj6MljxEzy8oc90SxhQHWNhWH73FxW0MuP+qf6x5PRciXIq6NJOrkG91Z0L
-mksGtWU58Y7uP9DzcxaOB4cv3UpK4rx//IUnAN4/aDxLq566A5qj21ftMhHlCFg5
-GsHFjQ==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
-RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN
-MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
-A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL
-neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d
-o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3
-nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV
-v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO
-15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw
-gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV
-M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
-BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
-AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q
-ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl
-u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+
-+pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/
-QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht
-8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX
-kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3
-aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky
-uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w
-tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep
-BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
-
-
diff --git a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key b/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key
deleted file mode 100644
index a83edd1f86..0000000000
--- a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCv9ebvHIAgYYtJ
-ZDvxwDLRUlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+
-CLYpRbLQIlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8
-MS2XrnxBHpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCK
-GUfEjKb+LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaH
-KfVxm1ZHhvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2g
-uGQUGsibAgMBAAECggEAZFnZWoTmjZET3sdLaJQ0ZyyKwuFnURqyO5m6YuWTaj4Q
-MFLBRJplneAQmOEGcdo5PsKcHDYM5185D6foO6GEWS86Dgqqm3TjAX0kUeRZY63V
-SpyBCWWsaH+vOKeL/T5UAF5PZky6kDFGlo11cwwP0ROdcuxflkck0DopoG7vMQE0
-XvOWDn9z7WLu6hph7RnweW5Wou3VG2WSlE8i7gngAExxRFs2RxUr3UHooUX0pLOY
-Qk/ofsWB6AhMD02BAIgKEWZK33+uTHUchbm3zA1sAx8vXoA5G9uSh/E+YnXbt3D0
-0wrHIJy+BW3f4WfGc7tE3HpsnLsnUwBV48DvG/zAAQKBgQD4HshYjEkT4WAVnzbe
-FaivRh67sFqHvkpSA4gmNdot1Q4MeZ1I5u2lKBntbxyk72m/zA/7qw2h1PT2r430
-XA2/cV+YHCiTbPqfm0Lj+w0ht+RmF3VQB1uHWjsVvybPIeuwVLZ3hgu2Tl2oDCKd
-8bKLpvj4fwZRxbp3G5VjuQztiwKBgQC1jHYVaUHkekshHG0HFPBKAEU8urSeKzoD
-Y7SyrDLQwx3rqhY3v0VZntjnT47JEThECunl5Aun0YJyMs12Ex0zI7ciC9WIgbHx
-Qhs/46uhKPuiEHzBsET6CX7wDBJMBIN6HrNMsSdCTmWZu6LGJSlHasEXnmKsTngF
-nYdBeQATMQKBgGMvOvtaqOPPli9OhApnMhVOvH5e0vGsed0rGEPeByeHIaSPAPbh
-iWIaE7M8VYEBS46mLkV2bW6hyILMTry+B6jd007lArtcNxuSXzzvYKJ39k9xVS32
-ovoKcdARp5vpfWPxmTdSWGA6F2pT34qv0aXNy3zamlYZ6p4uYpuIn8hdAoGAKL5h
-MeTxeMlJWyD6BwDX/IObBkoQhv7EgkY6I28p6FghuuXtHo26jqZrn13neZB3xC1+
-2K0ZQIxwbhigq8MWZoe5bdaiEYSp3q8rVmdN+VktP+3bUcyxbjv7VPwgjxbkOt/w
-9WE8olDd1Gab3UQxw2ld9GMDWhAyN3BnDnaNYcECgYBFyc/maooUp2x1SEh3UisY
-vkpzYvUyHGiq2/gwm1htz8HQO75RuNY/YtxN1m9jrMArPBy6OgQ/Wk3Zi6S8HqYY
-ENTUUsIVr33nJT3rOWWJ2qdAmo6kAWt/J3LPNV01MWZ2cU4DcEDF1ZVkGFVgI0ZC
-h+G1ZXD4PyjI6KWhRC3JuA==
------END PRIVATE KEY-----
\ No newline at end of file
diff --git a/kubernetes/oof/components/Makefile b/kubernetes/oof/components/Makefile
new file mode 100755
index 0000000000..d62cb0b700
--- /dev/null
+++ b/kubernetes/oof/components/Makefile
@@ -0,0 +1,56 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+	@if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/oof/components/oof-cmso/.helmignore b/kubernetes/oof/components/oof-cmso/.helmignore
new file mode 100644
index 0000000000..68ffb32406
--- /dev/null
+++ b/kubernetes/oof/components/oof-cmso/.helmignore
@@ -0,0 +1 @@
+components/
diff --git a/kubernetes/oof/charts/oof-cmso/Chart.yaml b/kubernetes/oof/components/oof-cmso/Chart.yaml
index a21ed25927..a21ed25927 100644
--- a/kubernetes/oof/charts/oof-cmso/Chart.yaml
+++ b/kubernetes/oof/components/oof-cmso/Chart.yaml
diff --git a/kubernetes/oof/components/oof-cmso/Makefile b/kubernetes/oof/components/oof-cmso/Makefile
new file mode 100644
index 0000000000..33d61041cd
--- /dev/null
+++ b/kubernetes/oof/components/oof-cmso/Makefile
@@ -0,0 +1,56 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+	@if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/oof/components/oof-cmso/components/Makefile b/kubernetes/oof/components/oof-cmso/components/Makefile
new file mode 100755
index 0000000000..36ea7b6c2b
--- /dev/null
+++ b/kubernetes/oof/components/oof-cmso/components/Makefile
@@ -0,0 +1,56 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+	@if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/Chart.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/Chart.yaml
index 7b55f08569..7b55f08569 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/Chart.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/Chart.yaml
diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/requirements.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/requirements.yaml
new file mode 100644
index 0000000000..2b3543a04f
--- /dev/null
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/requirements.yaml
@@ -0,0 +1,24 @@
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/cadi.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/cadi.properties
index 871341d1fa..d7387dd1e1 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/cadi.properties
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/cadi.properties
@@ -1,21 +1,23 @@
+{{/*
 #-------------------------------------------------------------------------------
 # ============LICENSE_START==============================================
 # Copyright (c) 2019 AT&T Intellectual Property.
 # =======================================================================
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain a 
+# not use this file except in compliance with the License. You may obtain a
 # copy of the License at
-# 
+#
 #        http://www.apache.org/licenses/LICENSE-2.0
-# 
-# Unless required by applicable law or agreed to in writing, software 
-# distributed under the License is distributed on an "AS IS" BASIS, 
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 
-# or implied. See the License for the specific language governing 
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+# or implied. See the License for the specific language governing
 # permissions and limitations under the License.
 # ============LICENSE_END=================================================
-# 
+#
 #-------------------------------------------------------------------------------
+*/}}
 cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
 
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/liquibase.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/liquibase.properties
index 32d77bb663..46855120cd 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/liquibase.properties
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/liquibase.properties
@@ -1,3 +1,4 @@
+{{/*
 ###
 # Copyright (c) 2019 AT&T Intellectual Property. 
 # Modifications Copyright (c) 2018 IBM. 
@@ -28,6 +29,7 @@
 # See the License for the specific language governing permissions and 
 # limitations under the License.
 ###
+*/}}
 spring.datasource.jdbcUrl=jdbc:mariadb://${DB_HOST}:${DB_PORT}/${DB_SCHEMA}?createDatabaseIfNotExist=true
 spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
 spring.datasource.username=${DB_USERNAME}
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/logback.xml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/logback.xml
index e4386fd249..e4386fd249 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/logback.xml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/logback.xml
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/optimizer.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties
index 32636f4b2e..4bf8f74666 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/optimizer.properties
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties
@@ -1,3 +1,4 @@
+{{/*
 #-------------------------------------------------------------------------------
 # ============LICENSE_START==============================================
 # Copyright (c) 2019 AT&T Intellectual Property.
@@ -16,6 +17,7 @@
 # ============LICENSE_END=================================================
 # 
 #-------------------------------------------------------------------------------
+*/}}
 spring.datasource.url=jdbc:mariadb://${DB_HOST}:${DB_PORT}/${DB_SCHEMA}
 spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
 spring.datasource.username=${DB_USERNAME}
@@ -59,5 +61,5 @@ aaf.enabled=true
 aaf.namespace=org.onap.oof
 
 cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
-aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
\ No newline at end of file
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
+aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/NOTES.txt b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/NOTES.txt
index 1103affff1..1103affff1 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/NOTES.txt
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/NOTES.txt
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/configmap.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/configmap.yaml
index e4d0a5c256..69614344fc 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/configmap.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml
index 67808472b6..c1d2602713 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml
@@ -1,4 +1,6 @@
+{{/*
 # Copyright © 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,8 +13,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "common.fullname" . }}
@@ -23,6 +26,9 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 spec:
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
   replicas: {{ .Values.replicaCount }}
   template:
     metadata:
@@ -32,7 +38,7 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - {{ .Values.config.db.container }}
@@ -42,18 +48,32 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
+      - name: {{ include "common.name" . }}-db-config-readiness
+        command:
+        - /app/ready.py
+        args:
+        - -j
+        - "{{ include "common.release" . }}-cmso-db-config-config-job"
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        image: {{ include "repositoryGenerator.image.readiness" . }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
       - name: {{ include "common.name" . }}-chown
         command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
-        image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+        image: {{ include "repositoryGenerator.image.busybox" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - name: {{ include "common.fullname" . }}-logs
           mountPath: /share/logs
       - name: db-init
-        image: "{{ include "common.repository" . }}/{{ .Values.dbinit.image }}"
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbinit.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         env:
         - name: DB_HOST
@@ -61,20 +81,21 @@ spec:
         - name: DB_PORT
           value: {{ .Values.config.db.port | quote}}
         - name: DB_USERNAME
-          value: {{ .Values.config.db.root }}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
         - name: DB_SCHEMA
           value: {{ .Values.config.db.mysqlDatabase }}
         - name: DB_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
         terminationMessagePolicy: File
         volumeMounts:
         - name: {{ include "common.fullname" . }}-config
           mountPath: /share/etc/config
         - name: {{ include "common.fullname" . }}-logs
           mountPath: /share/logs
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
       - name: {{ include "common.name" . }}
-        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         env:
         - name: DB_HOST
@@ -82,21 +103,26 @@ spec:
         - name: DB_PORT
           value: {{ .Values.config.db.port | quote}}
         - name: DB_USERNAME
-          value: {{ .Values.config.db.root }}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
         - name: DB_SCHEMA
           value: {{ .Values.config.db.mysqlDatabase }}
         - name: DB_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
         - name: JAVA_TRUSTSTORE
-          value: /share/etc/certs/{{ .Values.global.truststoreFile }}
+          value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }}
         - name: SSL_KEYSTORE
-          value: /share/etc/certs/{{ .Values.global.keystoreFile }}
+          value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }}
         - name: JAVA_TRUSTSTORE_PASSWORD
           value: {{ .Values.global.truststorePassword }}
-        - name: SSL_KEYSTORE_PASSWORD
-          value: {{ .Values.global.keystorePassword }}
         - name: AUTHENTICATION
           value: {{ .Values.global.authentication }}
+        command:
+        - /bin/sh
+        args:
+        - "-c"
+        - |
+          export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass)
+          ./startService.sh
         ports:
         - containerPort: {{ .Values.service.internalPort }}
         # disable liveness probe when breakpoints set in debugger
@@ -114,6 +140,7 @@ spec:
           initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
           periodSeconds: {{ .Values.readiness.periodSeconds }}
         volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 8 }}
         - name: {{ include "common.fullname" . }}-logs
           mountPath: /share/logs
         - name: {{ include "common.fullname" . }}-logs
@@ -135,6 +162,7 @@ spec:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
       volumes:
+        {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: {{ include "common.fullname" . }}-config
           configMap:
             name: {{ include "common.fullname" . }}
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/secret.yaml
index bd7eb8ea40..34932b713d 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/secret.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/service.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/service.yaml
index d0b586acf7..e8db9f7b2e 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/service.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml
index f3f176fded..0c7eb8d6a7 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2019 AT&T
+# Copyright (C) 2020 Wipro Limited.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,20 +18,18 @@
 #################################################################
 global: # global defaults
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
+  readinessImage: onap/oom/readiness:3.0.1
 
 subChartsOnly:
   enabled: true
 
 # application image
-repository: nexus3.onap.org:10001
-image: onap/optf-cmso-optimizer:2.2.0
+image: onap/optf-cmso-optimizer:2.3.0
 pullPolicy: Always
 
 #init container image
 dbinit:
-  image: onap/optf-cmso-dbinit:2.2.0
+  image: onap/optf-cmso-dbinit:2.3.0
 
 # flag to enable debugging - application support required
 debugEnabled: false
@@ -40,11 +39,6 @@ debugEnabled: false
 # Secrets metaconfig
 #################################################################
 secrets:
-  - uid: cmso-db-root-password
-    type: password
-    password: '{{ .Values.config.db.rootPassword }}'
-    externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
-    policy: required
   - uid: cmso-db-user-secret
     type: basicAuth
     externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
@@ -89,11 +83,10 @@ service:
 config:
   db:
     port: 3306
-    root: root
 #    rootPassword: pass
 #    rootPasswordExternalSecret: some secret
-#    user: cmso-admin
-#    password: pass
+    user: cmso-admin
+    password: pass
 #    userCredentialsExternalSecret: some-secret
 #    host: host
 #    container: container
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/Chart.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/Chart.yaml
index 09150985db..09150985db 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/Chart.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/Chart.yaml
diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/requirements.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/requirements.yaml
new file mode 100644
index 0000000000..6a956790c7
--- /dev/null
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/requirements.yaml
@@ -0,0 +1,24 @@
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/cadi.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cadi.properties
index 871341d1fa..d7387dd1e1 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/cadi.properties
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cadi.properties
@@ -1,21 +1,23 @@
+{{/*
 #-------------------------------------------------------------------------------
 # ============LICENSE_START==============================================
 # Copyright (c) 2019 AT&T Intellectual Property.
 # =======================================================================
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain a 
+# not use this file except in compliance with the License. You may obtain a
 # copy of the License at
-# 
+#
 #        http://www.apache.org/licenses/LICENSE-2.0
-# 
-# Unless required by applicable law or agreed to in writing, software 
-# distributed under the License is distributed on an "AS IS" BASIS, 
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 
-# or implied. See the License for the specific language governing 
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+# or implied. See the License for the specific language governing
 # permissions and limitations under the License.
 # ============LICENSE_END=================================================
-# 
+#
 #-------------------------------------------------------------------------------
+*/}}
 cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
 
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cmso.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties
index 68b36886e0..6525a4ee9c 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cmso.properties
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties
@@ -108,5 +108,5 @@ aaf.enabled=true
 aaf.namespace=org.onap.oof
 
 cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
 aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/liquibase.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/liquibase.properties
index 66dad37bd8..fb61e08fff 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/liquibase.properties
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/liquibase.properties
@@ -1,3 +1,4 @@
+{{/*
 ###
 # Copyright &#194;� 2017-2018 AT&T Intellectual Property. 
 # Modifications Copyright &#194;� 2018 IBM. 
@@ -28,6 +29,7 @@
 # See the License for the specific language governing permissions and 
 # limitations under the License.
 ###
+*/}}
 spring.datasource.jdbcUrl=jdbc:mariadb://${DB_HOST}:${DB_PORT}/${DB_SCHEMA}?createDatabaseIfNotExist=true
 spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
 spring.datasource.username=${DB_USERNAME}
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/logback.xml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/logback.xml
index e4386fd249..e4386fd249 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/logback.xml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/logback.xml
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/optimizer.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/optimizer.properties
index 1e4a8417c4..141b164e99 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/optimizer.properties
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/optimizer.properties
@@ -1,3 +1,4 @@
+{{/*
 #-------------------------------------------------------------------------------
 # Copyright (c) 2017-2018 AT&T Intellectual Property.
 # Modifications Copyright ? 2018 IBM.
@@ -28,7 +29,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #-------------------------------------------------------------------------------
+*/}}
 
 cmso.optimizer.request.url=https://oof-cmso-optimizer:7997/optimizer/v1/optimize/schedule
 cmso.optimizer.status.url=https://oof-cmso-optimizer:7997/optimizer/v1/optimize/schedule
-cmso.optimizer.health.url=https://oof-cmso-optimizer:7997/optimizer/v1/health?checkInterfaces=true
\ No newline at end of file
+cmso.optimizer.health.url=https://oof-cmso-optimizer:7997/optimizer/v1/health?checkInterfaces=true
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/ticketmgt.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/ticketmgt.properties
index bdf483d289..124df5712b 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/ticketmgt.properties
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/ticketmgt.properties
@@ -1,3 +1,4 @@
+{{/*
 #-------------------------------------------------------------------------------
 # Copyright � 2017-2018 AT&T Intellectual Property.
 # Modifications Copyright � 2018 IBM.
@@ -28,6 +29,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #-------------------------------------------------------------------------------
+*/}}
 
 tm.vnfs.per.ticket=1
 tm.getPath=http://localhost:8089/cmso/v1/tm/getChangeRecord
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/NOTES.txt b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/NOTES.txt
index 1103affff1..1103affff1 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/NOTES.txt
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/NOTES.txt
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/configmap.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/configmap.yaml
index e4d0a5c256..69614344fc 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/configmap.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml
index ca45d7ee12..27d52a24ba 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml
@@ -1,4 +1,6 @@
+{{/*
 # Copyright (c) 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,8 +13,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "common.fullname" . }}
@@ -23,6 +26,9 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 spec:
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
   replicas: {{ .Values.replicaCount }}
   template:
     metadata:
@@ -32,7 +38,7 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - {{ .Values.config.db.container }}
@@ -42,18 +48,32 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
+      - name: {{ include "common.name" . }}-db-config-readiness
+        command:
+        - /app/ready.py
+        args:
+        - -j
+        - "{{ include "common.release" . }}-cmso-db-config-config-job"
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        image: {{ include "repositoryGenerator.image.readiness" . }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
       - name: {{ include "common.name" . }}-chown
         command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
-        image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+        image: {{ include "repositoryGenerator.image.busybox" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - name: {{ include "common.fullname" . }}-logs
           mountPath: /share/logs
       - name: db-init
-        image: "{{ include "common.repository" . }}/{{ .Values.dbinit.image }}"
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbinit.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         env:
         - name: DB_HOST
@@ -61,21 +81,22 @@ spec:
         - name: DB_PORT
           value: {{ .Values.config.db.port | quote}}
         - name: DB_USERNAME
-          value: {{ .Values.config.db.root }}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
         - name: DB_SCHEMA
           value: {{ .Values.config.db.mysqlDatabase }}
         - name: DB_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
         terminationMessagePolicy: File
         volumeMounts:
         - name: {{ include "common.fullname" . }}-config
           mountPath: /share/etc/config
         - name: {{ include "common.fullname" . }}-logs
           mountPath: /share/logs
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
       # side car containers
       - name: filebeat-onap
-        image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+        image: {{ include "repositoryGenerator.image.logging" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - mountPath: /usr/share/filebeat/filebeat.yml
@@ -88,7 +109,7 @@ spec:
         resources:
 {{ include "common.resources" . }}
       - name: mso-simulator
-        image: "{{ include "common.repository" . }}/{{ .Values.robotimage }}"
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.robotimage }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - name: {{ include "common.fullname" . }}-config
@@ -98,7 +119,7 @@ spec:
         resources:
 {{ include "common.resources" . }}
       - name: {{ include "common.name" . }}
-        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         env:
         - name: DB_HOST
@@ -112,15 +133,20 @@ spec:
         - name: DB_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
         - name: JAVA_TRUSTSTORE
-          value: /share/etc/certs/{{ .Values.global.truststoreFile }}
+          value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }}
         - name: SSL_KEYSTORE
-          value: /share/etc/certs/{{ .Values.global.keystoreFile }}
+          value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }}
         - name: JAVA_TRUSTSTORE_PASSWORD
           value: {{ .Values.global.truststorePassword }}
-        - name: SSL_KEYSTORE_PASSWORD
-          value: {{ .Values.global.keystorePassword }}
         - name: AUTHENTICATION
           value: {{ .Values.global.authentication }}
+        command:
+        - /bin/sh
+        args:
+        - "-c"
+        - |
+          export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass)
+          ./startService.sh
         ports:
         - containerPort: {{ .Values.service.internalPort }}
         # disable liveness probe when breakpoints set in debugger
@@ -138,6 +164,7 @@ spec:
           initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
           periodSeconds: {{ .Values.readiness.periodSeconds }}
         volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 8 }}
         - name: {{ include "common.fullname" . }}-logs
           mountPath: /share/logs
         - name: {{ include "common.fullname" . }}-logs
@@ -159,6 +186,7 @@ spec:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
       volumes:
+        {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: {{ include "common.fullname" . }}-config
           configMap:
             name: {{ include "common.fullname" . }}
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/secret.yaml
index bd7eb8ea40..34932b713d 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/secret.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/service.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/service.yaml
index d0b586acf7..e8db9f7b2e 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/service.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml
index 90a74bd3ed..9973f85cff 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2018-2019 AT&T
+# Copyright (C) 2020 Wipro Limited.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,21 +18,18 @@
 #################################################################
 global: # global defaults
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
 
 subChartsOnly:
   enabled: true
 
 # application image
-repository: nexus3.onap.org:10001
-image: onap/optf-cmso-service:2.2.0
-robotimage: onap/optf-cmso-robot:2.2.0
+image: onap/optf-cmso-service:2.3.0
+robotimage: onap/optf-cmso-robot:2.3.0
 pullPolicy: Always
 
 #init container image
 dbinit:
-  image: onap/optf-cmso-dbinit:2.2.0
+  image: onap/optf-cmso-dbinit:2.3.0
 
 # flag to enable debugging - application support required
 debugEnabled: false
@@ -40,11 +38,6 @@ debugEnabled: false
 # Secrets metaconfig
 #################################################################
 secrets:
-  - uid: cmso-db-root-password
-    type: password
-    password: '{{ .Values.config.db.rootPassword }}'
-    externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
-    policy: required
   - uid: cmso-db-user-secret
     type: basicAuth
     externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
@@ -89,11 +82,10 @@ service:
 config:
   db:
     port: 3306
-    root: root
 #    rootPassword: pass
 #    rootPasswordExternalSecret: some secret
-#    user: cmso-admin
-#    password: pass
+    user: cmso-admin
+    password: pass
 #    userCredentialsExternalSecret: some-secret
 #    host: host
 #    container: container
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/Chart.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/Chart.yaml
index 030b3f63d0..030b3f63d0 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/Chart.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/Chart.yaml
diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/requirements.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/requirements.yaml
new file mode 100644
index 0000000000..6a956790c7
--- /dev/null
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/requirements.yaml
@@ -0,0 +1,24 @@
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cadi.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/resources/config/cadi.properties
index 871341d1fa..d7387dd1e1 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cadi.properties
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/resources/config/cadi.properties
@@ -1,21 +1,23 @@
+{{/*
 #-------------------------------------------------------------------------------
 # ============LICENSE_START==============================================
 # Copyright (c) 2019 AT&T Intellectual Property.
 # =======================================================================
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain a 
+# not use this file except in compliance with the License. You may obtain a
 # copy of the License at
-# 
+#
 #        http://www.apache.org/licenses/LICENSE-2.0
-# 
-# Unless required by applicable law or agreed to in writing, software 
-# distributed under the License is distributed on an "AS IS" BASIS, 
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 
-# or implied. See the License for the specific language governing 
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+# or implied. See the License for the specific language governing
 # permissions and limitations under the License.
 # ============LICENSE_END=================================================
-# 
+#
 #-------------------------------------------------------------------------------
+*/}}
 cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
 
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/logback.xml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/resources/config/logback.xml
index e4386fd249..e4386fd249 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/logback.xml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/resources/config/logback.xml
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/ticketmgt.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/resources/config/ticketmgt.properties
index e8fb5b6b4f..6480537988 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/ticketmgt.properties
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/resources/config/ticketmgt.properties
@@ -1,38 +1,40 @@
+{{/*
 #-------------------------------------------------------------------------------
 # Copyright � 2017-2019 AT&T Intellectual Property.
 # Modifications Copyright � 2018 IBM.
-# 
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #         http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-# 
-# 
+#
+#
 # Unless otherwise specified, all documentation contained herein is licensed
 # under the Creative Commons License, Attribution 4.0 Intl. (the �??License�?�);
 # you may not use this documentation except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #         https://creativecommons.org/licenses/by/4.0/
-# 
+#
 # Unless required by applicable law or agreed to in writing, documentation
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #-------------------------------------------------------------------------------
+*/}}
 cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
 aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
 
 aaf.urls=https://aaf-locate:8095
 aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties
 aaf.enabled=true
-aaf.namespace=org.onap.oof
\ No newline at end of file
+aaf.namespace=org.onap.oof
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/NOTES.txt b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/templates/NOTES.txt
index 1103affff1..1103affff1 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/NOTES.txt
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/templates/NOTES.txt
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/configmap.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/templates/configmap.yaml
index e4d0a5c256..69614344fc 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/configmap.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/deployment.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/templates/deployment.yaml
index 0b0b7e0890..9f9484ff94 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,8 +12,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "common.fullname" . }}
@@ -23,6 +25,9 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 spec:
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
   replicas: {{ .Values.replicaCount }}
   template:
     metadata:
@@ -33,26 +38,32 @@ spec:
       initContainers:
       - name: {{ include "common.name" . }}-chown
         command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
-        image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+        image: {{ include "repositoryGenerator.image.busybox" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
           - name: {{ include "common.fullname" . }}-logs
             mountPath: /share/logs
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
       - name: {{ include "common.name" . }}
-        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         env:
         - name: JAVA_TRUSTSTORE
-          value: /share/etc/certs/{{ .Values.global.truststoreFile }}
+          value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }}
         - name: SSL_KEYSTORE
-          value: /share/etc/certs/{{ .Values.global.keystoreFile }}
+          value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }}
         - name: JAVA_TRUSTSTORE_PASSWORD
           value: {{ .Values.global.truststorePassword }}
-        - name: SSL_KEYSTORE_PASSWORD
-          value: {{ .Values.global.keystorePassword }}
         - name: AUTHENTICATION
           value: proprietary-auth
+        command:
+        - /bin/sh
+        args:
+        - "-c"
+        - |
+          export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass)
+          ./startService.sh
         ports:
         - containerPort: {{ .Values.service.internalPort }}
         # disable liveness probe when breakpoints set in debugger
@@ -70,6 +81,7 @@ spec:
           initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
           periodSeconds: {{ .Values.readiness.periodSeconds }}
         volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 8 }}
         - name: {{ include "common.fullname" . }}-logs
           mountPath: /share/logs
         - name: {{ include "common.fullname" . }}-logs
@@ -91,6 +103,7 @@ spec:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
       volumes:
+        {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: {{ include "common.fullname" . }}-config
           configMap:
             name: {{ include "common.fullname" . }}
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/service.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/templates/service.yaml
index d0b586acf7..e8db9f7b2e 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/service.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml
index 846245a42c..3720c7d44b 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/values.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml
@@ -17,15 +17,13 @@
 #################################################################
 global: # global defaults
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
+  readinessImage: onap/oom/readiness:3.0.1
   authentication: proprietary-auth
 subChartsOnly:
   enabled: true
 
 # application image
-repository: nexus3.onap.org:10001
-image: onap/optf-cmso-ticketmgt:2.2.0
+image: onap/optf-cmso-ticketmgt:2.3.0
 pullPolicy: Always
 
 
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/Chart.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/Chart.yaml
index 006d6c5a2c..006d6c5a2c 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/Chart.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/Chart.yaml
diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/requirements.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/requirements.yaml
new file mode 100644
index 0000000000..6a956790c7
--- /dev/null
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/requirements.yaml
@@ -0,0 +1,24 @@
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/cadi.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/resources/config/cadi.properties
index 871341d1fa..d7387dd1e1 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/cadi.properties
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/resources/config/cadi.properties
@@ -1,21 +1,23 @@
+{{/*
 #-------------------------------------------------------------------------------
 # ============LICENSE_START==============================================
 # Copyright (c) 2019 AT&T Intellectual Property.
 # =======================================================================
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain a 
+# not use this file except in compliance with the License. You may obtain a
 # copy of the License at
-# 
+#
 #        http://www.apache.org/licenses/LICENSE-2.0
-# 
-# Unless required by applicable law or agreed to in writing, software 
-# distributed under the License is distributed on an "AS IS" BASIS, 
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 
-# or implied. See the License for the specific language governing 
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+# or implied. See the License for the specific language governing
 # permissions and limitations under the License.
 # ============LICENSE_END=================================================
-# 
+#
 #-------------------------------------------------------------------------------
+*/}}
 cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
 
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/logback.xml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/resources/config/logback.xml
index e4386fd249..e4386fd249 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/logback.xml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/resources/config/logback.xml
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/topology.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/resources/config/topology.properties
index e8fb5b6b4f..6480537988 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/topology.properties
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/resources/config/topology.properties
@@ -1,38 +1,40 @@
+{{/*
 #-------------------------------------------------------------------------------
 # Copyright � 2017-2019 AT&T Intellectual Property.
 # Modifications Copyright � 2018 IBM.
-# 
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #         http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-# 
-# 
+#
+#
 # Unless otherwise specified, all documentation contained herein is licensed
 # under the Creative Commons License, Attribution 4.0 Intl. (the �??License�?�);
 # you may not use this documentation except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #         https://creativecommons.org/licenses/by/4.0/
-# 
+#
 # Unless required by applicable law or agreed to in writing, documentation
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #-------------------------------------------------------------------------------
+*/}}
 cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
 aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
 
 aaf.urls=https://aaf-locate:8095
 aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties
 aaf.enabled=true
-aaf.namespace=org.onap.oof
\ No newline at end of file
+aaf.namespace=org.onap.oof
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/NOTES.txt b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/templates/NOTES.txt
index 1103affff1..1103affff1 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/NOTES.txt
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/templates/NOTES.txt
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/configmap.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/templates/configmap.yaml
index e4d0a5c256..69614344fc 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/configmap.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/deployment.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/templates/deployment.yaml
index a23ac430c9..c08d9a3451 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,8 +12,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "common.fullname" . }}
@@ -23,6 +25,9 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 spec:
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
   replicas: {{ .Values.replicaCount }}
   template:
     metadata:
@@ -33,26 +38,32 @@ spec:
       initContainers:
       - name: {{ include "common.name" . }}-chown
         command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
-        image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+        image: {{ include "repositoryGenerator.image.busybox" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - name: {{ include "common.fullname" . }}-logs
           mountPath: /share/logs
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
       - name: {{ include "common.name" . }}
-        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         env:
         - name: JAVA_TRUSTSTORE
-          value: /share/etc/certs/{{ .Values.global.truststoreFile }}
+          value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }}
         - name: SSL_KEYSTORE
-          value: /share/etc/certs/{{ .Values.global.keystoreFile }}
+          value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }}
         - name: JAVA_TRUSTSTORE_PASSWORD
           value: {{ .Values.global.truststorePassword }}
-        - name: SSL_KEYSTORE_PASSWORD
-          value: {{ .Values.global.keystorePassword }}
         - name: AUTHENTICATION
           value: {{ .Values.global.authentication }}
+        command:
+        - /bin/sh
+        args:
+        - "-c"
+        - |
+          export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass)
+          ./startService.sh
         ports:
         - containerPort: {{ .Values.service.internalPort }}
         # disable liveness probe when breakpoints set in debugger
@@ -70,6 +81,7 @@ spec:
           initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
           periodSeconds: {{ .Values.readiness.periodSeconds }}
         volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 8 }}
         - name: {{ include "common.fullname" . }}-logs
           mountPath: /share/logs
         - name: {{ include "common.fullname" . }}-logs
@@ -91,6 +103,7 @@ spec:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
       volumes:
+        {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: {{ include "common.fullname" . }}-config
           configMap:
             name: {{ include "common.fullname" . }}
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/service.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/templates/service.yaml
index d0b586acf7..e8db9f7b2e 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/service.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml
index 775da43928..bdf1606dd4 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/values.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml
@@ -17,15 +17,12 @@
 #################################################################
 global: # global defaults
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
 
 subChartsOnly:
   enabled: true
 
 # application image
-repository: nexus3.onap.org:10001
-image: onap/optf-cmso-topology:2.2.0
+image: onap/optf-cmso-topology:2.3.0
 pullPolicy: Always
 
 
diff --git a/kubernetes/oof/components/oof-cmso/requirements.yaml b/kubernetes/oof/components/oof-cmso/requirements.yaml
new file mode 100644
index 0000000000..0e79ed0250
--- /dev/null
+++ b/kubernetes/oof/components/oof-cmso/requirements.yaml
@@ -0,0 +1,47 @@
+# Copyright © 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    # local reference to common chart, as it is
+    # a part of this chart's package and will not
+    # be published independently to a repo (at this point)
+    repository: '@local'
+  - name: mariadb-galera
+    version: ~6.x-0
+    repository: '@local'
+  - name: mariadb-init
+    version: ~6.x-0
+    repository: '@local'
+  - name: oof-cmso-optimizer
+    version: ~6.x-0
+    repository: 'file://components/oof-cmso-optimizer'
+    condition: oof-cmso-optimizer.enabled
+  - name: oof-cmso-service
+    version: ~6.x-0
+    repository: 'file://components/oof-cmso-service'
+    condition: oof-cmso-service.enabled
+  - name: oof-cmso-ticketmgt
+    version: ~6.x-0
+    repository: 'file://components/oof-cmso-ticketmgt'
+    condition: oof-cmso-ticketmgt.enabled
+  - name: oof-cmso-topology
+    version: ~6.x-0
+    repository: 'file://components/oof-cmso-topology'
+    condition: oof-cmso-topology.enabled
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/AAFUserRoles.properties b/kubernetes/oof/components/oof-cmso/resources/certs/AAFUserRoles.properties
index e7fc221a20..e7fc221a20 100644
--- a/kubernetes/oof/charts/oof-cmso/resources/certs/AAFUserRoles.properties
+++ b/kubernetes/oof/components/oof-cmso/resources/certs/AAFUserRoles.properties
diff --git a/kubernetes/oof/charts/oof-cmso/resources/log/filebeat/filebeat.yml b/kubernetes/oof/components/oof-cmso/resources/log/filebeat/filebeat.yml
index 50586783e9..450b6f427e 100644
--- a/kubernetes/oof/charts/oof-cmso/resources/log/filebeat/filebeat.yml
+++ b/kubernetes/oof/components/oof-cmso/resources/log/filebeat/filebeat.yml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada, AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 filebeat.prospectors:
 #it is mandatory, in our case it's log
diff --git a/kubernetes/oof/charts/oof-cmso/templates/configmap.yaml b/kubernetes/oof/components/oof-cmso/templates/configmap.yaml
index f4a79627f6..03e006e6dc 100644
--- a/kubernetes/oof/charts/oof-cmso/templates/configmap.yaml
+++ b/kubernetes/oof/components/oof-cmso/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/oof/charts/oof-cmso/templates/secret.yaml b/kubernetes/oof/components/oof-cmso/templates/secret.yaml
index 3dbdd31b1f..992a471e08 100644
--- a/kubernetes/oof/charts/oof-cmso/templates/secret.yaml
+++ b/kubernetes/oof/components/oof-cmso/templates/secret.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada, AT&T
 # Copyright © 2020 Samsung Electronics
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
 ---
diff --git a/kubernetes/oof/components/oof-cmso/values.yaml b/kubernetes/oof/components/oof-cmso/values.yaml
new file mode 100644
index 0000000000..7405c487c4
--- /dev/null
+++ b/kubernetes/oof/components/oof-cmso/values.yaml
@@ -0,0 +1,149 @@
+# Copyright © 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: cmso-db-root-password
+    name: &rootPassword '{{ include "common.release" . }}-cmso-db-root-password'
+    type: password
+    password: ''
+    policy: generate
+  - uid: cmso-service-db-secret
+    name: &serviceDbCreds '{{ include "common.release" . }}-cmso-service-db-secret'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.db.service.userCredentialsExternalSecret) . }}'
+    login: '{{ .Values.config.db.service.userName }}'
+    password: '{{ .Values.config.db.service.userPassword }}'
+    passwordPolicy: generate
+  - uid: cmso-db-secret
+    name: &optimizerDbCreds '{{ include "common.release" . }}-cmso-optimizer-db-secret'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.db.optimizer.userCredentialsExternalSecret) . }}'
+    login: '{{ .Values.config.db.optimizer.userName }}'
+    password: '{{ .Values.config.db.optimizer.userPassword }}'
+    passwordPolicy: generate
+
+mariadb-galera:
+  replicaCount: 1
+  nameOverride: &containerName cmso-db
+  service:
+    type: ClusterIP
+    name: &serviceName oof-cmso-dbhost
+    portName: cmso-dbhost
+  nfsprovisionerPrefix: cmso
+  sdnctlPrefix: cmso
+  persistence:
+    mountSubPath: cmso/data
+    enabled: true
+  disableNfsProvisioner: true
+  config:
+    mariadbRootPasswordExternalSecret: *rootPassword
+    #    userCredentialsExternalSecret: *dbCreds
+    #    mysqlDatabase: cmso
+  externalConfig: |
+    [mysqld]
+    lower_case_table_names = 1
+
+global:
+  commonConfigPrefix: "oof-cmso"
+  truststoreFile: "truststoreONAPall.jks"
+  keystoreFile: "org.onap.oof.jks"
+  truststorePassword:
+  authentication: aaf-auth
+
+mariadb-init:
+  mariadbGalera:
+    containerName: *containerName
+    serviceName: *serviceName
+    servicePort: 3306
+    userRootSecret: *rootPassword
+  config:
+    userCredentialsExternalSecret: *serviceDbCreds
+    mysqlDatabase: cmso
+    mysqlAdditionalDatabases:
+      optimizer:
+        externalSecret: *optimizerDbCreds
+  nameOverride: cmso-db-config
+
+flavor: small
+
+config:
+  log:
+    logstashServiceName: log-ls
+    logstashPort: 5044
+  db:
+    service:
+      # userCredentialsExternalsecret: some secret
+      userName: cmso-admin
+      # userPassword: password
+    optimizer:
+      userName: cmso-optimizer
+
+#sub-charts configuration
+certInitializer: &certInitConfig
+  fqdn: "oof.onap"
+  app_ns: "org.osaaf.aaf"
+  fqi: "oof@oof.onap.org"
+  fqi_namespace: org.onap.oof
+  public_fqdn: "oof.onap.org"
+  aafDeployFqi: "deployer@people.osaaf.org"
+  aafDeployPass: demo123456!
+  cadi_latitude: "0.0"
+  cadi_longitude: "0.0"
+  credsPath: /opt/app/osaaf/local
+  appMountPath: /share/etc/osaaf
+  aaf_add_config: >
+    cd {{ .Values.credsPath }};
+    /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password_jks= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1;
+    find ./ -type f -exec sed -i -e 's/\/opt\/app\/osaaf\/local/\/share\/etc\/osaaf\/local/g' {} \;
+
+oof-cmso-service:
+  enabled: true
+  certInitializer:
+    << : *certInitConfig
+    nameOverride: oof-cmso-service-cert-initializer
+  config:
+    db:
+      userCredentialsExternalSecret: *serviceDbCreds
+      host: oof-cmso-dbhost
+      container: cmso-db
+      mysqlDatabase: cmso
+
+oof-cmso-optimizer:
+  enabled: true
+  certInitializer:
+    << : *certInitConfig
+    nameOverride: oof-cmso-optimizer-cert-initializer
+  config:
+    enabled: true
+    db:
+      userCredentialsExternalSecret: *optimizerDbCreds
+      host: oof-cmso-dbhost
+      container: cmso-db
+      mysqlDatabase: optimizer
+
+oof-cmso-topology:
+  enabled: true
+  certInitializer:
+    << : *certInitConfig
+    nameOverride: oof-cmso-topology-cert-initializer
+
+oof-cmso-ticketmgt:
+  enabled: true
+  certInitializer:
+    << : *certInitConfig
+    nameOverride: oof-cmso-ticketmgt-cert-initializer
diff --git a/kubernetes/oof/components/oof-has/.helmignore b/kubernetes/oof/components/oof-has/.helmignore
new file mode 100644
index 0000000000..68ffb32406
--- /dev/null
+++ b/kubernetes/oof/components/oof-has/.helmignore
@@ -0,0 +1 @@
+components/
diff --git a/kubernetes/oof/charts/oof-has/Chart.yaml b/kubernetes/oof/components/oof-has/Chart.yaml
index 3d507e913d..3d507e913d 100755
--- a/kubernetes/oof/charts/oof-has/Chart.yaml
+++ b/kubernetes/oof/components/oof-has/Chart.yaml
diff --git a/kubernetes/oof/components/oof-has/Makefile b/kubernetes/oof/components/oof-has/Makefile
new file mode 100644
index 0000000000..33d61041cd
--- /dev/null
+++ b/kubernetes/oof/components/oof-has/Makefile
@@ -0,0 +1,56 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+	@if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/oof/components/oof-has/components/Makefile b/kubernetes/oof/components/oof-has/components/Makefile
new file mode 100755
index 0000000000..36ea7b6c2b
--- /dev/null
+++ b/kubernetes/oof/components/oof-has/components/Makefile
@@ -0,0 +1,56 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+	@if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/Chart.yaml
index 231021ddcd..231021ddcd 100755
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/Chart.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/Chart.yaml
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml
new file mode 100644
index 0000000000..f9673d5b32
--- /dev/null
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml
@@ -0,0 +1,27 @@
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
+  - name: oof-templates
+    version: ~6.x-0
+    repository: 'file://../../../oof-templates'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/NOTES.txt b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/NOTES.txt
index 1ec56d38b3..1ec56d38b3 100755
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/NOTES.txt
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/NOTES.txt
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
index 7e0a88f94d..491250c72a 100755
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Copyright (C) 2020 Wipro Limited.
 # Modifications Copyright © 2018 AT&T,VMware
@@ -13,8 +14,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "common.fullname" . }}
@@ -25,6 +27,9 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 spec:
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
   replicas: {{ .Values.replicaCount }}
   template:
     metadata:
@@ -35,7 +40,7 @@ spec:
       initContainers:
       - name: {{ include "common.name" . }}-readiness
         command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - oof-has-controller
@@ -47,12 +52,12 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 
       - name: {{ include "common.name" . }}-onboard-readiness
         command:
-        - /root/job_complete.py
+        - /app/ready.py
         args:
         - -j
         - "{{ include "common.release" . }}-oof-has-onboard"
@@ -62,7 +67,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 
       - name: {{ include "common.name" . }}-has-sms-readiness
@@ -81,15 +86,16 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.global.curlImage }}"
+        image: {{ include "repositoryGenerator.image.curl" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
 
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command: ["/bin/bash","-c"]
-          args: ["/usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port={{ .Values.uwsgi.internalPort }} --die-on-term --exit-on-reload --logto /var/log/conductor/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:{{ .Values.uwsgi.internalPort }}"]
+          args: ["/usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port={{ .Values.uwsgi.internalPort }} --die-on-term --exit-on-reload --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --protocol=uwsgi --socket 0.0.0.0:{{ .Values.uwsgi.internalPort }}"]
           ports:
           - containerPort: {{ .Values.uwsgi.internalPort }}
           # disable liveness probe when breakpoints set in debugger
@@ -118,13 +124,21 @@ spec:
             name: {{ .Values.global.commonConfigPrefix  }}-config
             subPath: log.conf
           - mountPath: /usr/local/bin/AAF_RootCA.cer
-            name: {{ .Values.global.commonConfigPrefix }}-config
-            subPath: AAF_RootCA.cer
+            name: {{ include "common.fullname" . }}-onap-certs
+            subPath: aaf_root_ca.cer
           resources:
 {{ include "common.resources" . | indent 12 }}
         - name: {{ include "common.name" . }}-nginx
-          image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.nginx.image }}"
+          image: {{ include "repositoryGenerator.image.nginx" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          command:
+          - /bin/sh
+          args:
+          - "-c"
+          - |
+            grep -v '^$'  /opt/bitnami/nginx/ssl/local/org.onap.oof.crt > /tmp/oof.crt
+            cat /tmp/oof.crt /tmp/intermediate_root_ca.pem /tmp/AAF_RootCA.cer >> /opt/bitnami/nginx/org.onap.oof.crt
+            /opt/bitnami/scripts/nginx/entrypoint.sh /opt/bitnami/scripts/nginx/run.sh
           ports:
           - containerPort: {{ .Values.service.internalPort }}
           {{- if .Values.liveness.enabled }}
@@ -140,18 +154,19 @@ spec:
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
           - mountPath: /opt/bitnami/nginx/conf/nginx.conf
             name: {{ .Values.global.commonConfigPrefix  }}-config
             subPath: nginx.conf
-          - mountPath: /opt/bitnami/nginx/ssl/org.onap.oof.crt
-            name: {{ .Values.global.commonConfigPrefix }}-config
-            subPath: org.onap.oof.crt
-          - mountPath: /opt/bitnami/nginx/ssl/org.onap.oof.key
-            name: {{ .Values.global.commonConfigPrefix }}-config
-            subPath: org.onap.oof.key
+          - mountPath: /tmp/AAF_RootCA.cer
+            name: {{ include "common.fullname" . }}-onap-certs
+            subPath: aaf_root_ca.cer
+          - mountPath: /tmp/intermediate_root_ca.pem
+            name: {{ include "common.fullname" . }}-onap-certs
+            subPath: intermediate_root_ca.pem
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -163,6 +178,7 @@ spec:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
       volumes:
+        {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: localtime
           hostPath:
             path: /etc/localtime
@@ -176,11 +192,6 @@ spec:
               path: conductor.conf
             - key: log.conf
               path: log.conf
-            - key: AAF_RootCA.cer
-              path: AAF_RootCA.cer
-            - key: org.onap.oof.key
-              path: org.onap.oof.key
-            - key: org.onap.oof.crt
-              path: org.onap.oof.crt
+{{ include "oof.certificate.volume" . | indent 8 }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/ingress.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml
index 0cd8cfbd36..2afc5dad2a 100644
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/ingress.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2020 Samsung, Orange
+{{/*# Copyright © 2020 Samsung, Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,5 +11,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.ingress" . }}
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/secret.yaml
new file mode 100644
index 0000000000..c5fe2be5da
--- /dev/null
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/service.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml
index 1e6486a96d..751545ebef 100755
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/service.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T,VMware
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
index b9efec0b45..46d7172b84 100755
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
@@ -15,6 +15,17 @@
 
 global: # global defaults
   nodePortPrefix: 302
+  image:
+    optf_has: onap/optf-has:2.1.2
+
+#################################################################
+# secrets metaconfig
+#################################################################
+secrets:
+  - uid: oof-onap-certs
+    externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+    type: generic
+    filePaths: '{{ .Values.secretsFilePaths }}'
 
 service:
   type: NodePort
@@ -24,9 +35,6 @@ service:
   nodePort: 75
   portName: oof-has-api
 
-#sidecar container image
-nginx:
-  image: bitnami/nginx:1.18-debian-10
 #backend container info
 uwsgi:
   internalPort: 8080
@@ -65,6 +73,23 @@ readiness:
   initialDelaySeconds: 10
   periodSeconds: 10
 
+#sub-charts configuration
+certInitializer:
+  nameOverride: oof-has-cert-initializer
+  fqdn: "oof.onap"
+  app_ns: "org.osaaf.aaf"
+  fqi: "oof@oof.onap.org"
+  fqi_namespace: org.onap.oof
+  public_fqdn: "oof.onap.org"
+  aafDeployFqi: "deployer@people.osaaf.org"
+  aafDeployPass: demo123456!
+  cadi_latitude: "0.0"
+  cadi_longitude: "0.0"
+  credsPath: /opt/app/osaaf/local
+  appMountPath: /opt/bitnami/nginx/ssl
+  aaf_add_config: >
+    chmod 444 {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key;
+
 
 ingress:
   enabled: false
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/Chart.yaml
index 91310cb879..91310cb879 100755
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/Chart.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/Chart.yaml
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml
new file mode 100644
index 0000000000..8fde52a4c6
--- /dev/null
+++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml
@@ -0,0 +1,24 @@
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: oof-templates
+    version: ~6.x-0
+    repository: 'file://../../../oof-templates'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml
index 73c8e81cdb..8e0ff1aeb5 100755
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T,VMware
 #
@@ -12,8 +13,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "common.fullname" . }}
@@ -24,6 +26,9 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 spec:
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
   replicas: {{ .Values.replicaCount }}
   template:
     metadata:
@@ -34,7 +39,7 @@ spec:
       initContainers:
       - name: {{ include "common.name" . }}-readiness
         command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - music-springboot
@@ -46,12 +51,12 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 
       - name: {{ include "common.name" . }}-onboard-readiness
         command:
-        - /root/job_complete.py
+        - /app/ready.py
         args:
         - -j
         - "{{ include "common.release" . }}-oof-has-onboard"
@@ -61,7 +66,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 
       - name: {{ include "common.name" . }}-cont-sms-readiness
@@ -80,11 +85,11 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.global.curlImage }}"
+        image: {{ include "repositoryGenerator.image.curl" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
           - python
@@ -124,8 +129,8 @@ spec:
             name: {{ .Values.global.commonConfigPrefix }}-config
             subPath: healthy.sh
           - mountPath: /usr/local/bin/AAF_RootCA.cer
-            name: {{ .Values.global.commonConfigPrefix }}-config
-            subPath: AAF_RootCA.cer
+            name: {{ include "common.fullname" . }}-onap-certs
+            subPath: aaf_root_ca.cer
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -150,7 +155,6 @@ spec:
               path: log.conf
             - key: healthy.sh
               path: healthy.sh
-            - key: AAF_RootCA.cer
-              path: AAF_RootCA.cer
+{{ include "oof.certificate.volume" . | indent 8 }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml
new file mode 100644
index 0000000000..c5fe2be5da
--- /dev/null
+++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
index 0090742852..99dd66cf0f 100755
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
@@ -12,6 +12,19 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+global:
+  image:
+    optf_has: onap/optf-has:2.1.2
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: oof-onap-certs
+    externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+    type: generic
+    filePaths: '{{ .Values.secretsFilePaths }}'
+
 ingress:
   enabled: false
 replicaCount: 1
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-data/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/Chart.yaml
index 23cc3ca73c..23cc3ca73c 100755
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-data/Chart.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-data/Chart.yaml
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml
new file mode 100644
index 0000000000..8fde52a4c6
--- /dev/null
+++ b/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml
@@ -0,0 +1,24 @@
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: oof-templates
+    version: ~6.x-0
+    repository: 'file://../../../oof-templates'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml
index 054d181c96..f4ccd57773 100755
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T,VMware
 #
@@ -12,8 +13,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "common.fullname" . }}
@@ -24,6 +26,9 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 spec:
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
   replicas: {{ .Values.replicaCount }}
   template:
     metadata:
@@ -34,7 +39,7 @@ spec:
       initContainers:
       - name: {{ include "common.name" . }}-readiness
         command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - music-springboot
@@ -44,12 +49,12 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 
       - name: {{ include "common.name" . }}-onboard-readiness
         command:
-        - /root/job_complete.py
+        - /app/ready.py
         args:
         - -j
         - "{{ include "common.release" . }}-oof-has-onboard"
@@ -59,12 +64,12 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 
       - name: {{ include "common.name" . }}-health-readiness
         command:
-        - /root/job_complete.py
+        - /app/ready.py
         args:
         - -j
         - "{{ include "common.release" . }}-oof-has-healthcheck"
@@ -74,7 +79,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 
       - name: {{ include "common.name" . }}-data-sms-readiness
@@ -93,12 +98,12 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.global.curlImage }}"
+        image: {{ include "repositoryGenerator.image.curl" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
           - python
@@ -144,8 +149,8 @@ spec:
             name: {{ .Values.global.commonConfigPrefix }}-config
             subPath: aai_key.key
           - mountPath: /usr/local/bin/AAF_RootCA.cer
-            name: {{ .Values.global.commonConfigPrefix }}-config
-            subPath: AAF_RootCA.cer
+            name: {{ include "common.fullname" . }}-onap-certs
+            subPath: aaf_root_ca.cer
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -174,7 +179,6 @@ spec:
               path: aai_cert.cer
             - key: aai_key.key
               path: aai_key.key
-            - key: AAF_RootCA.cer
-              path: AAF_RootCA.cer
+{{ include "oof.certificate.volume" . | indent 8 }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/secret.yaml
new file mode 100644
index 0000000000..c5fe2be5da
--- /dev/null
+++ b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
index 0090742852..e7a63c5679 100755
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
@@ -12,6 +12,19 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+global:
+  image:
+    optf_has: onap/optf-has:2.1.2
+
+#################################################################
+# secrets metaconfig
+#################################################################
+secrets:
+  - uid: oof-onap-certs
+    externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+    type: generic
+    filePaths: '{{ .Values.secretsFilePaths }}'
+
 ingress:
   enabled: false
 replicaCount: 1
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/Chart.yaml
index bc6db44850..bc6db44850 100755
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/Chart.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/Chart.yaml
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml
new file mode 100644
index 0000000000..8fde52a4c6
--- /dev/null
+++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml
@@ -0,0 +1,24 @@
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: oof-templates
+    version: ~6.x-0
+    repository: 'file://../../../oof-templates'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml
index 335ac4c5a7..4d04b6fe76 100755
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T,VMware
 #
@@ -12,8 +13,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "common.fullname" . }}
@@ -24,6 +26,9 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 spec:
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
   replicas: {{ .Values.replicaCount }}
   template:
     metadata:
@@ -34,7 +39,7 @@ spec:
       initContainers:
       - name: {{ include "common.name" . }}-readiness
         command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - music-springboot
@@ -44,12 +49,12 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 
       - name: {{ include "common.name" . }}-onboard-readiness
         command:
-        - /root/job_complete.py
+        - /app/ready.py
         args:
         - -j
         - "{{ include "common.release" . }}-oof-has-onboard"
@@ -59,12 +64,12 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 
       - name: {{ include "common.name" . }}-health-readiness
         command:
-        - /root/job_complete.py
+        - /app/ready.py
         args:
         - -j
         - "{{ include "common.release" . }}-oof-has-healthcheck"
@@ -74,7 +79,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 
       - name: {{ include "common.name" . }}-resrv-sms-readiness
@@ -93,12 +98,12 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.global.curlImage }}"
+        image: {{ include "repositoryGenerator.image.curl" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
           - python
@@ -138,8 +143,8 @@ spec:
             name: {{ .Values.global.commonConfigPrefix }}-config
             subPath: healthy.sh
           - mountPath: /usr/local/bin/AAF_RootCA.cer
-            name: {{ .Values.global.commonConfigPrefix }}-config
-            subPath: AAF_RootCA.cer
+            name: {{ include "common.fullname" . }}-onap-certs
+            subPath: aaf_root_ca.cer
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -164,8 +169,6 @@ spec:
               path: log.conf
             - key: healthy.sh
               path: healthy.sh
-            - key: AAF_RootCA.cer
-              path: AAF_RootCA.cer
-
+{{ include "oof.certificate.volume" . | indent 8 }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml
new file mode 100644
index 0000000000..c5fe2be5da
--- /dev/null
+++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
index 0090742852..e7a63c5679 100755
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
@@ -12,6 +12,19 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+global:
+  image:
+    optf_has: onap/optf-has:2.1.2
+
+#################################################################
+# secrets metaconfig
+#################################################################
+secrets:
+  - uid: oof-onap-certs
+    externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+    type: generic
+    filePaths: '{{ .Values.secretsFilePaths }}'
+
 ingress:
   enabled: false
 replicaCount: 1
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/Chart.yaml
index 8cedfd5b01..8cedfd5b01 100755
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/Chart.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/Chart.yaml
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml
new file mode 100644
index 0000000000..8fde52a4c6
--- /dev/null
+++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml
@@ -0,0 +1,24 @@
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: oof-templates
+    version: ~6.x-0
+    repository: 'file://../../../oof-templates'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml
index 4c2a345054..6079dcfd6e 100755
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T,VMware
 #
@@ -12,8 +13,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "common.fullname" . }}
@@ -24,6 +26,9 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 spec:
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
   replicas: {{ .Values.replicaCount }}
   template:
     metadata:
@@ -34,7 +39,7 @@ spec:
       initContainers:
       - name: {{ include "common.name" . }}-readiness
         command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - music-springboot
@@ -44,12 +49,12 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 
       - name: {{ include "common.name" . }}-onboard-readiness
         command:
-        - /root/job_complete.py
+        - /app/ready.py
         args:
         - -j
         - "{{ include "common.release" . }}-oof-has-onboard"
@@ -59,12 +64,12 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 
       - name: {{ include "common.name" . }}-health-readiness
         command:
-        - /root/job_complete.py
+        - /app/ready.py
         args:
         - -j
         - "{{ include "common.release" . }}-oof-has-healthcheck"
@@ -74,7 +79,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 
       - name: {{ include "common.name" . }}-solvr-sms-readiness
@@ -93,12 +98,12 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.global.curlImage }}"
+        image: {{ include "repositoryGenerator.image.curl" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
           - python
@@ -138,8 +143,8 @@ spec:
             name: {{ .Values.global.commonConfigPrefix }}-config
             subPath: healthy.sh
           - mountPath: /usr/local/bin/AAF_RootCA.cer
-            name: {{ .Values.global.commonConfigPrefix }}-config
-            subPath: AAF_RootCA.cer
+            name: {{ include "common.fullname" . }}-onap-certs
+            subPath: aaf_root_ca.cer
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -164,7 +169,6 @@ spec:
               path: log.conf
             - key: healthy.sh
               path: healthy.sh
-            - key: AAF_RootCA.cer
-              path: AAF_RootCA.cer
+{{ include "oof.certificate.volume" . | indent 8 }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml
new file mode 100644
index 0000000000..c5fe2be5da
--- /dev/null
+++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
index 0090742852..e7a63c5679 100755
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-data/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
@@ -12,6 +12,19 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+global:
+  image:
+    optf_has: onap/optf-has:2.1.2
+
+#################################################################
+# secrets metaconfig
+#################################################################
+secrets:
+  - uid: oof-onap-certs
+    externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+    type: generic
+    filePaths: '{{ .Values.secretsFilePaths }}'
+
 ingress:
   enabled: false
 replicaCount: 1
diff --git a/kubernetes/oof/components/oof-has/requirements.yaml b/kubernetes/oof/components/oof-has/requirements.yaml
new file mode 100755
index 0000000000..d21a124449
--- /dev/null
+++ b/kubernetes/oof/components/oof-has/requirements.yaml
@@ -0,0 +1,45 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T,VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: music
+    version: ~6.x-0
+    repository: '@local'
+  - name: oof-has-api
+    version: ~6.x-0
+    repository: 'file://components/oof-has-api'
+    condition: oof-has-api.enabled
+  - name: oof-has-controller
+    version: ~6.x-0
+    repository: 'file://components/oof-has-controller'
+    condition: oof-has-controller.enabled
+  - name: oof-has-data
+    version: ~6.x-0
+    repository: 'file://components/oof-has-data'
+    condition: oof-has-data.enabled
+  - name: oof-has-reservation
+    version: ~6.x-0
+    repository: 'file://components/oof-has-reservation'
+    condition: oof-has-reservation.enabled
+  - name: oof-has-solver
+    version: ~6.x-0
+    repository: 'file://components/oof-has-solver'
+    condition: oof-has-solver.enabled
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/oof/charts/oof-has/resources/config/aai_cert.cer b/kubernetes/oof/components/oof-has/resources/config/aai_cert.cer
index 4c6eb916e6..4c6eb916e6 100755
--- a/kubernetes/oof/charts/oof-has/resources/config/aai_cert.cer
+++ b/kubernetes/oof/components/oof-has/resources/config/aai_cert.cer
diff --git a/kubernetes/oof/charts/oof-has/resources/config/aai_key.key b/kubernetes/oof/components/oof-has/resources/config/aai_key.key
index 246ff6d8cb..246ff6d8cb 100755
--- a/kubernetes/oof/charts/oof-has/resources/config/aai_key.key
+++ b/kubernetes/oof/components/oof-has/resources/config/aai_key.key
diff --git a/kubernetes/oof/charts/oof-has/resources/config/bundle.pem b/kubernetes/oof/components/oof-has/resources/config/bundle.pem
index 60121e751b..60121e751b 100755
--- a/kubernetes/oof/charts/oof-has/resources/config/bundle.pem
+++ b/kubernetes/oof/components/oof-has/resources/config/bundle.pem
diff --git a/kubernetes/oof/charts/oof-has/resources/config/conductor.conf b/kubernetes/oof/components/oof-has/resources/config/conductor.conf
index 881ed22562..a259a6d8d0 100755
--- a/kubernetes/oof/charts/oof-has/resources/config/conductor.conf
+++ b/kubernetes/oof/components/oof-has/resources/config/conductor.conf
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T,VMware, Intel Corporation.
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 [DEFAULT]
 
@@ -327,6 +329,8 @@ concurrent = true
 # Minimum value: 1
 #max_translation_counter = 1
 
+# (string value)
+opt_schema_file = /opt/has/conductor/etc/conductor/opt_schema.json
 
 [data]
 
@@ -361,7 +365,7 @@ concurrent = true
 #
 
 # Extensions list to use (list value)
-#extensions = aai
+extensions = aai,generator
 
 
 [messaging_server]
diff --git a/kubernetes/oof/charts/oof-has/resources/config/healthcheck.json b/kubernetes/oof/components/oof-has/resources/config/healthcheck.json
index 833fa0f5d9..833fa0f5d9 100755
--- a/kubernetes/oof/charts/oof-has/resources/config/healthcheck.json
+++ b/kubernetes/oof/components/oof-has/resources/config/healthcheck.json
diff --git a/kubernetes/oof/charts/oof-has/resources/config/healthy.sh b/kubernetes/oof/components/oof-has/resources/config/healthy.sh
index d78777ad1c..9f5309b5d5 100755
--- a/kubernetes/oof/charts/oof-has/resources/config/healthy.sh
+++ b/kubernetes/oof/components/oof-has/resources/config/healthy.sh
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T,VMware
 #
@@ -13,13 +14,15 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+*/}}
 #!/bin/bash
-
+{{/*
 # Controller is a process that reads from Music Q
 # It uses no ports (TCP or HTTP). The PROB will check
 # if the controller process exists or not. In case
 # it exists, it will send 0, else send 1 so k8s can i
 # restart the container
+*/}}
 
 pid="$(pgrep -f '/usr/local/bin/conductor')"
 if [ -z "$pid" ]
diff --git a/kubernetes/oof/charts/oof-has/resources/config/log.conf b/kubernetes/oof/components/oof-has/resources/config/log.conf
index c476d0b6c8..c9bf3fabc9 100755
--- a/kubernetes/oof/charts/oof-has/resources/config/log.conf
+++ b/kubernetes/oof/components/oof-has/resources/config/log.conf
@@ -1,5 +1,7 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T,VMware
+# Modifications Copyright (C) 2020 Wipro Limited.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,6 +14,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 [loggers]
 keys=root
@@ -25,7 +28,7 @@ handlers=trfhand,consoleHandler,audithand,metrichand,errhand,debughand
 
 [handler_consoleHandler]
 class=StreamHandler
-level=NOTSET
+level=INFO
 formatter=generic
 args=(sys.stdout,)
 
diff --git a/kubernetes/oof/charts/oof-has/resources/config/log/filebeat.yml b/kubernetes/oof/components/oof-has/resources/config/log/filebeat.yml
index aa19dc2d22..8b1e926e10 100755
--- a/kubernetes/oof/charts/oof-has/resources/config/log/filebeat.yml
+++ b/kubernetes/oof/components/oof-has/resources/config/log/filebeat.yml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T,VMware
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 filebeat.prospectors:
 #it is mandatory, in our case it's log
diff --git a/kubernetes/oof/charts/oof-has/resources/config/nginx.conf b/kubernetes/oof/components/oof-has/resources/config/nginx.conf
index 7b5c3a504c..cbb1b60a58 100644
--- a/kubernetes/oof/charts/oof-has/resources/config/nginx.conf
+++ b/kubernetes/oof/components/oof-has/resources/config/nginx.conf
@@ -13,9 +13,9 @@ http {
 
         listen              8091 ssl;
         server_name         oof;
-        ssl_certificate     /opt/bitnami/nginx/ssl/org.onap.oof.crt;
-        ssl_certificate_key /opt/bitnami/nginx/ssl/org.onap.oof.key;
-        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+        ssl_certificate     /opt/bitnami/nginx/org.onap.oof.crt;
+        ssl_certificate_key /opt/bitnami/nginx/ssl/local/org.onap.oof.key;
+        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
         ssl_ciphers         HIGH:!aNULL:!MD5;
 
         location / {
diff --git a/kubernetes/oof/charts/oof-has/resources/config/onboard.json b/kubernetes/oof/components/oof-has/resources/config/onboard.json
index 2c3d69be8d..2c3d69be8d 100755
--- a/kubernetes/oof/charts/oof-has/resources/config/onboard.json
+++ b/kubernetes/oof/components/oof-has/resources/config/onboard.json
diff --git a/kubernetes/oof/charts/oof-has/templates/configmap.yaml b/kubernetes/oof/components/oof-has/templates/configmap.yaml
index 39b69a6817..35581366e6 100755
--- a/kubernetes/oof/charts/oof-has/templates/configmap.yaml
+++ b/kubernetes/oof/components/oof-has/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T,VMware
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/oof/charts/oof-has/templates/job-healthcheck.yaml b/kubernetes/oof/components/oof-has/templates/job-healthcheck.yaml
index 34f215c9ab..49406ba423 100755
--- a/kubernetes/oof/charts/oof-has/templates/job-healthcheck.yaml
+++ b/kubernetes/oof/components/oof-has/templates/job-healthcheck.yaml
@@ -33,11 +33,11 @@ spec:
         release: {{ include "common.release" . }}
     spec:
       initContainers:
-      - image:  "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+      - image:  {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
         command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - oof-has-api
@@ -48,7 +48,7 @@ spec:
               apiVersion: v1
               fieldPath: metadata.namespace
       containers:
-      - image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
+      - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-healthcheck
         command:
@@ -76,7 +76,7 @@ spec:
             name: {{ .Values.global.commonConfigPrefix }}-config
             subPath: healthcheck.json
         resources:
-{{ toYaml .Values.resources | indent 10 }}
+{{ include "common.resources" . | indent 10 }}
       nodeSelector:
         {{- if .Values.nodeSelector }}
 {{ toYaml .Values.nodeSelector | indent 8 }}
diff --git a/kubernetes/oof/charts/oof-has/templates/job-onboard.yaml b/kubernetes/oof/components/oof-has/templates/job-onboard.yaml
index ad42a1fe08..a60372f30a 100755
--- a/kubernetes/oof/charts/oof-has/templates/job-onboard.yaml
+++ b/kubernetes/oof/components/oof-has/templates/job-onboard.yaml
@@ -33,11 +33,11 @@ spec:
         release: {{ include "common.release" . }}
     spec:
       initContainers:
-      - image:  "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+      - image:  {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
         command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - "music-springboot"
@@ -50,7 +50,7 @@ spec:
               apiVersion: v1
               fieldPath: metadata.namespace
       - command:
-        - /root/job_complete.py
+        - /app/ready.py
         args:
         - -j
         - "{{ include "common.release" . }}-music-cassandra-job-config"
@@ -60,11 +60,11 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-music-db-readiness
       containers:
-      - image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
+      - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-onboard
         command:
@@ -81,7 +81,7 @@ spec:
             name: {{ .Values.global.commonConfigPrefix }}-config
             subPath: onboard.json
         resources:
-{{ toYaml .Values.resources | indent 10 }}
+{{ include "common.resources" . | indent 10 }}
       nodeSelector:
         {{- if .Values.nodeSelector }}
 {{ toYaml .Values.nodeSelector | indent 8 }}
diff --git a/kubernetes/oof/components/oof-has/templates/secret.yaml b/kubernetes/oof/components/oof-has/templates/secret.yaml
new file mode 100644
index 0000000000..c5fe2be5da
--- /dev/null
+++ b/kubernetes/oof/components/oof-has/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/oof/charts/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml
index 309b59ca86..1389044870 100755
--- a/kubernetes/oof/charts/oof-has/values.yaml
+++ b/kubernetes/oof/components/oof-has/values.yaml
@@ -17,16 +17,21 @@
 # Global configuration defaults.
 #################################################################
 global:
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  repository: nexus3.onap.org:10001
   commonConfigPrefix: onap-oof-has
   image:
-    readiness: oomk8s/readiness-check:2.0.0
-    optf_has: onap/optf-has:2.0.4
-    filebeat: docker.elastic.co/beats/filebeat:5.5.0
+    optf_has: onap/optf-has:2.1.2
+  persistence:
+    enabled: true
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: oof-onap-certs
+    name: &oof-certs  '{{ include "common.release" . }}-oof-onap-certs'
+    externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+    type: generic
+    filePaths: '{{ .Values.secretsFilePaths }}'
 
 pullPolicy: Always
 nodePortPrefix: 302
@@ -67,3 +72,20 @@ resources:
       cpu: 1000m
   unlimited: {}
 
+#component overrides
+oof-has-api:
+  enabled: true
+  certSecret: *oof-certs
+oof-has-controller:
+  enabled: true
+  certSecret: *oof-certs
+oof-has-data:
+  enabled: true
+  certSecret: *oof-certs
+oof-has-reservation:
+  enabled: true
+  certSecret: *oof-certs
+oof-has-solver:
+  enabled: true
+  certSecret: *oof-certs
+
diff --git a/kubernetes/oof/components/oof-templates/Chart.yaml b/kubernetes/oof/components/oof-templates/Chart.yaml
new file mode 100755
index 0000000000..885491c1a9
--- /dev/null
+++ b/kubernetes/oof/components/oof-templates/Chart.yaml
@@ -0,0 +1,19 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T,VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP OOF helm templates
+name: oof-templates
+version: 6.0.0
diff --git a/kubernetes/log/charts/log-elasticsearch/requirements.yaml b/kubernetes/oof/components/oof-templates/requirements.yaml
index caff1e5dc4..b93260a4fa 100644..100755
--- a/kubernetes/log/charts/log-elasticsearch/requirements.yaml
+++ b/kubernetes/oof/components/oof-templates/requirements.yaml
@@ -1,5 +1,5 @@
 # Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018 AT&T,VMware
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,3 +17,4 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+
diff --git a/kubernetes/oof/components/oof-templates/templates/_certificate.tpl b/kubernetes/oof/components/oof-templates/templates/_certificate.tpl
new file mode 100644
index 0000000000..4da128bcbb
--- /dev/null
+++ b/kubernetes/oof/components/oof-templates/templates/_certificate.tpl
@@ -0,0 +1,11 @@
+{{- define "oof.certificate.volume" -}}
+- name: {{ include "common.fullname" . }}-onap-certs
+  secret:
+    secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "oof-onap-certs") }}
+    items:
+    - key: aaf_root_ca.cer
+      path: aaf_root_ca.cer
+    - key: intermediate_root_ca.pem
+      path: intermediate_root_ca.pem
+{{- end -}}
+
diff --git a/kubernetes/policy/charts/pdp/resources/config/pe/pdp-tweaks.sh b/kubernetes/oof/components/oof-templates/values.yaml
index 6060fe9b6f..a97238e9af 100644
--- a/kubernetes/policy/charts/pdp/resources/config/pe/pdp-tweaks.sh
+++ b/kubernetes/oof/components/oof-templates/values.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
+# Copyright (C) 2020 Wipro Limited.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,5 +12,3 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-#! /bin/bash
-
diff --git a/kubernetes/oof/requirements.yaml b/kubernetes/oof/requirements.yaml
index ce567f9d3a..a68ce411f1 100755
--- a/kubernetes/oof/requirements.yaml
+++ b/kubernetes/oof/requirements.yaml
@@ -17,3 +17,20 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
+  - name: oof-cmso
+    version: ~6.x-0
+    repository: 'file://components/oof-cmso'
+    condition: oof-cmso.enabled
+  - name: oof-has
+    version: ~6.x-0
+    repository: 'file://components/oof-has'
+    condition: oof-has.enabled
+  - name: oof-templates
+    version: ~6.x-0
+    repository: 'file://components/oof-templates'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/oof/resources/config/aaf_root_ca.cer b/kubernetes/oof/resources/config/certs/aaf_root_ca.cer
index e9a50d7ea0..e9a50d7ea0 100755
--- a/kubernetes/oof/resources/config/aaf_root_ca.cer
+++ b/kubernetes/oof/resources/config/certs/aaf_root_ca.cer
diff --git a/kubernetes/oof/resources/config/certs/intermediate_root_ca.pem b/kubernetes/oof/resources/config/certs/intermediate_root_ca.pem
new file mode 100644
index 0000000000..b67866d160
--- /dev/null
+++ b/kubernetes/oof/resources/config/certs/intermediate_root_ca.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
+RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN
+MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
+A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL
+neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d
+o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3
+nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV
+v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO
+15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw
+gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV
+M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
+BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
+AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q
+ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl
+u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+
++pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/
+QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht
+8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX
+kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3
+aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky
+uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w
+tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep
+BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k=
+-----END CERTIFICATE-----
+
diff --git a/kubernetes/oof/resources/config/common_config.yaml b/kubernetes/oof/resources/config/conf/common_config.yaml
index 9515f30fc0..1109ab8167 100644
--- a/kubernetes/oof/resources/config/common_config.yaml
+++ b/kubernetes/oof/resources/config/conf/common_config.yaml
@@ -5,7 +5,7 @@ osdf_system:
         external: 8698  # clients use this port on DockerHost
     osdf_ip_default: 0.0.0.0
 #        # Important Note: At deployment time, we need to ensure the port mapping is done
-    ssl_context: ['/opt/app/ssl_cert/org.onap.oof.crt', '/opt/app/ssl_cert/org.onap.oof.key']
+    ssl_context: ['/opt/osdf/org.onap.oof.crt', '/opt/osdf/osaaf/local/org.onap.oof.key']
 
 osdf_temp:  # special configuration required for "workarounds" or testing
     local_policies:
@@ -40,12 +40,11 @@ osdf_temp:  # special configuration required for "workarounds" or testing
             - vnfPolicy_vPGN_TD.json
             - affinity_vFW_TD.json
             - QueryPolicy_vFW_TD.json
-
-        slice_selection_policy_dir_urllc_1: "./test/policy-local-files/"
-        slice_selection_policy_files_urllc_1:
-            - vnfPolicy_URLLC_Core_1.json
-            - thresholdPolicy_URLLC_Core_1.json
-            - subscriber_policy_URLLC_1.json
+        slice_selection_policy_dir_embb-nst: "./test/policy-local-files/slice-selection-files/"
+        slice_selection_policy_files_embb-nst:
+            - query_policy_nsi.json
+            - threshold_policy_nsi.json
+            - vnf_policy_nsi_shared_case.json
 
 service_info:
     vCPE:
@@ -65,6 +64,15 @@ references:
     subscriber_role:
         source: onap.policies.optimization.SubscriberPolicy
         value: properties.properties.subscriberRole
+    resource_sharing_level:
+        source: request
+        value: serviceProfile.resourceSharingLevel
+    slice_scope:
+        source: request
+        value: slice_scope
+    reuse_preference:
+        source: request
+        value: preferReuse
 
 policy_info:
     prioritization_attributes:
@@ -81,9 +89,21 @@ policy_info:
         policy_scope:
             -
                 scope:
-                  - OSDF_FRANKFURT
+                    - get_param: slice_scope
                 services:
                     - get_param: service_name
+                resources:
+                    - get_param: service_name
+
+    subnet_selection:
+        policy_fetch: by_scope
+        policy_scope:
+            - scope:
+                  - OSDF_GUILIN
+              services:
+                  - get_param: service_name
+              resources:
+                  - get_param: service_name
 
     placement:
         policy_fetch: by_scope
@@ -103,3 +123,13 @@ policy_info:
     default:  # if no explicit service related information is needed
         policy_fetch: by_name
         policy_scope: none
+
+PCI:
+    ML:
+        average_ho_threshold: 10000
+        latest_ho_threshold: 500
+    DES:
+        service_id: ho_metric
+        filter:
+            interval: 10
+    ml_enabled: false
diff --git a/kubernetes/oof/resources/config/conf/log.yml b/kubernetes/oof/resources/config/conf/log.yml
new file mode 100644
index 0000000000..3966ea28c0
--- /dev/null
+++ b/kubernetes/oof/resources/config/conf/log.yml
@@ -0,0 +1,101 @@
+version: 1
+disable_existing_loggers: True
+
+loggers:
+  error:
+    handlers: [error_handler, console_handler]
+    level: "WARN"
+    propagate: True
+  debug:
+    handlers: [debug_handler, console_handler]
+    level: "DEBUG"
+    propagate: True
+  metrics:
+    handlers: [metrics_handler, console_handler]
+    level: "INFO"
+    propagate: True
+  audit:
+    handlers: [audit_handler, console_handler]
+    level: "INFO"
+    propagate: True
+handlers:
+  debug_handler:
+    level: "DEBUG"
+    class: "logging.handlers.TimedRotatingFileHandler"
+    filename: "logs/debug.log"
+    formatter: "debugFormat"
+    when: midnight
+    interval: 1
+    utc: True
+    delay: False
+    backupCount: 10
+  error_handler:
+    level: "WARN"
+    class: "logging.handlers.TimedRotatingFileHandler"
+    filename: "logs/error.log"
+    formatter: "errorFormat"
+    when: midnight
+    interval: 1
+    utc: True
+    delay: False
+    backupCount: 10
+  metrics_handler:
+    level: "INFO"
+    class: "logging.handlers.TimedRotatingFileHandler"
+    filename: "logs/metrics.log"
+    formatter: "metricsFormat"
+    when: midnight
+    interval: 1
+    utc: True
+    delay: False
+    backupCount: 10
+  audit_handler:
+    level: "INFO"
+    class: "logging.handlers.TimedRotatingFileHandler"
+    filename: "logs/audit.log"
+    formatter: "auditFormat"
+    when: midnight
+    interval: 1
+    utc: True
+    delay: False
+    backupCount: 10
+  console_handler:
+    level: "DEBUG"
+    class: "logging.StreamHandler"
+    formatter: "metricsFormat"
+
+formatters:
+  standard:
+    format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
+  debugFormat:
+    format: "%(mdc)s"
+    datefmt: "%Y-%m-%dT%H:%M:%S"
+    mdcfmt: "%(asctime)s.%(msecs)03d+00:00|{requestID}|%(threadName)s|{server}|%(levelname)s|%(message)s"
+    (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+  errorFormat:
+    format: "%(mdc)s"
+    datefmt: "%Y-%m-%dT%H:%M:%S"
+    mdcfmt: "%(asctime)s.%(msecs)03d+00:00|{requestID}|%(threadName)s|{serviceName}|{partnerName}\
+    |{targetEntity}|{targetServiceName}|%(levelname)s|{errorCode}|{errorDescription}|%(message)s"
+    (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+  auditFormat:
+    format: "%(mdc)s"
+    datefmt: "%Y-%m-%dT%H:%M:%S"
+    mdcfmt: "{entryTimestamp}+00:00|%(asctime)s.%(msecs)03d+00:00|{requestID}|{serviceInstanceID}\
+        |%(threadName)s|{server}|{serviceName}|{partnerName}|{statusCode}|{responseCode}|{responseDescription}\
+        |{instanceUUID}|%(levelname)s|{severity}|{serverIPAddress}|{timer}|{server}|{IPAddress}||{unused}\
+        |{processKey}|{customField1}|{customField2}|{customField3}|{customField4}|%(message)s"
+    (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+  metricsFormat:
+    format: "%(mdc)s"
+    datefmt: "%Y-%m-%dT%H:%M:%S"
+    mdcfmt: "{entryTimestamp}+00:00|%(asctime)s.%(msecs)03d+00:00|{requestID}|{serviceInstanceID}\
+        |%(threadName)s|{server}|{serviceName}|{partnerName}|{targetEntity}|{targetServiceName}|{statusCode}|{responseCode}|{responseDescription}\
+        |{instanceUUID}|%(levelname)s|{severity}|{serverIPAddress}|{timer}|{server}|{IPAddress}||{unused}\
+        |{processKey}|{TargetVirtualEntity}|{customField1}|{customField2}|{customField3}|{customField4}|%(message)s"
+    (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+  mdcFormat:
+    format: "%(asctime)s.%(msecs)03d+00:00|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s"
+    mdcfmt: "{requestID} {invocationID} {serviceName} {serverIPAddress}"
+    (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+
diff --git a/kubernetes/oof/resources/config/osdf_config.yaml b/kubernetes/oof/resources/config/conf/osdf_config.yaml
index b544c42e7a..97d037a8f8 100755
--- a/kubernetes/oof/resources/config/osdf_config.yaml
+++ b/kubernetes/oof/resources/config/conf/osdf_config.yaml
@@ -48,5 +48,22 @@ configDbUrl: {{ .Values.config.configDbUrl }}
 configDbGetCellListUrl: {{ .Values.config.configDbGetCellListUrl }}
 configDbGetNbrListUrl: {{ .Values.config.configDbGetNbrListUrl }}
 
+# AAI api
+aaiUrl: {{ .Values.config.aaiUrl }}
+aaiGetLinksUrl: {{ .Values.config.aaiGetLinksUrl }}
+aaiServiceInstanceUrl : {{ .Values.config.aaiServiceInstanceUrl }}
+aaiGetControllersUrl: {{ .Values.config.aaiGetControllersUrl }}
+controllerQueryUrl: {{ .Values.config.controllerQueryUrl }}
+aaiGetInterDomainLinksUrl: {{ .Values.config.aaiGetInterDomainLinksUrl }}
+
+#DES api
+desUrl: {{ .Values.config.desUrl }}
+desApiPath: {{ .Values.config.desApiPath }}
+desHeaders:
+  Accept: application/json
+  Content-Type: application/json
+desUsername: {{ .Values.config.desUsername }}
+desPassword: {{ .Values.config.desPassword }}
+
 #key
 appkey: ''
diff --git a/kubernetes/oof/resources/config/org.onap.oof.crt b/kubernetes/oof/resources/config/org.onap.oof.crt
deleted file mode 100644
index 68f474b44f..0000000000
--- a/kubernetes/oof/resources/config/org.onap.oof.crt
+++ /dev/null
@@ -1,89 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFEDCCA/igAwIBAgIILW/fiLbps5cwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
-BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
-bnRlcm1lZGlhdGVDQV85MB4XDTIwMDQwNDE4NDMxNloXDTIxMDQwNDE4NDMxNlow
-XjERMA8GA1UEAwwIb29mLm9uYXAxHTAbBgNVBAsMFG9vZkBvb2Yub25hcC5vcmc6
-REVWMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv9ebvHIAgYYtJZDvxwDLR
-UlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+CLYpRbLQ
-IlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8MS2XrnxB
-HpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCKGUfEjKb+
-LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaHKfVxm1ZH
-hvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2guGQUGsib
-AgMBAAGjggHnMIIB4zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB
-Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze
-81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ
-MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUkjCndmbyBIsg2xtiFYgeONQa8Ysw
-ggEtBgNVHREEggEkMIIBIIEfbWFyay5kLm1hbmFnZXJAcGVvcGxlLm9zYWFmLmNv
-bYIIb29mLm9uYXCCCWNtc28tb25hcIIcY21zby5hcGkuc2ltcGxlZGVtby5vbmFw
-Lm9yZ4IJY21zby5vbmFwgghvb2YtY21zb4ISb29mLWNtc28tb3B0aW1pemVyghJv
-b2YtY21zby10aWNrZXRtZ3SCEW9vZi1jbXNvLXRvcG9sb2d5ggtvb2YtaGFzLWFw
-aYIQb29mLWhhcy1hcGkub25hcIIIb29mLW9uYXCCCm9vZi1vcHRlbmeCD29vZi1v
-cHRlbmcub25hcIIIb29mLW9zZGaCDW9vZi1vc2RmLm9uYXCCG29vZi5hcGkuc2lt
-cGxlZGVtby5vbmFwLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAHoAD6tRvFPAtUfkU
-FsTO2p7lftMld0CzeAWfEln9vBXwr0ZGdNTP2TWJAcenIE1cwJavyQuDc3sZ4Z20
-/pOz1/oic9gnlVFe46/KRcwVUVXBU1EJlXB2UPU/v4MNrkWUcgqzEcxfKmBWl/My
-7OlQFc7zAeqZw6XtnaLzMipaXg98M7sWnfS4t116wfwmHIkP2RY7dAp1XAbzOW+X
-koFvfuj6MljxEzy8oc90SxhQHWNhWH73FxW0MuP+qf6x5PRciXIq6NJOrkG91Z0L
-mksGtWU58Y7uP9DzcxaOB4cv3UpK4rx//IUnAN4/aDxLq566A5qj21ftMhHlCFg5
-GsHFjQ==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
-RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN
-MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
-A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL
-neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d
-o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3
-nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV
-v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO
-15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw
-gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV
-M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
-BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
-AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q
-ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl
-u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+
-+pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/
-QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht
-8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX
-kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3
-aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky
-uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w
-tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep
-BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
-
-
diff --git a/kubernetes/oof/resources/config/org.onap.oof.key b/kubernetes/oof/resources/config/org.onap.oof.key
deleted file mode 100644
index a83edd1f86..0000000000
--- a/kubernetes/oof/resources/config/org.onap.oof.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCv9ebvHIAgYYtJ
-ZDvxwDLRUlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+
-CLYpRbLQIlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8
-MS2XrnxBHpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCK
-GUfEjKb+LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaH
-KfVxm1ZHhvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2g
-uGQUGsibAgMBAAECggEAZFnZWoTmjZET3sdLaJQ0ZyyKwuFnURqyO5m6YuWTaj4Q
-MFLBRJplneAQmOEGcdo5PsKcHDYM5185D6foO6GEWS86Dgqqm3TjAX0kUeRZY63V
-SpyBCWWsaH+vOKeL/T5UAF5PZky6kDFGlo11cwwP0ROdcuxflkck0DopoG7vMQE0
-XvOWDn9z7WLu6hph7RnweW5Wou3VG2WSlE8i7gngAExxRFs2RxUr3UHooUX0pLOY
-Qk/ofsWB6AhMD02BAIgKEWZK33+uTHUchbm3zA1sAx8vXoA5G9uSh/E+YnXbt3D0
-0wrHIJy+BW3f4WfGc7tE3HpsnLsnUwBV48DvG/zAAQKBgQD4HshYjEkT4WAVnzbe
-FaivRh67sFqHvkpSA4gmNdot1Q4MeZ1I5u2lKBntbxyk72m/zA/7qw2h1PT2r430
-XA2/cV+YHCiTbPqfm0Lj+w0ht+RmF3VQB1uHWjsVvybPIeuwVLZ3hgu2Tl2oDCKd
-8bKLpvj4fwZRxbp3G5VjuQztiwKBgQC1jHYVaUHkekshHG0HFPBKAEU8urSeKzoD
-Y7SyrDLQwx3rqhY3v0VZntjnT47JEThECunl5Aun0YJyMs12Ex0zI7ciC9WIgbHx
-Qhs/46uhKPuiEHzBsET6CX7wDBJMBIN6HrNMsSdCTmWZu6LGJSlHasEXnmKsTngF
-nYdBeQATMQKBgGMvOvtaqOPPli9OhApnMhVOvH5e0vGsed0rGEPeByeHIaSPAPbh
-iWIaE7M8VYEBS46mLkV2bW6hyILMTry+B6jd007lArtcNxuSXzzvYKJ39k9xVS32
-ovoKcdARp5vpfWPxmTdSWGA6F2pT34qv0aXNy3zamlYZ6p4uYpuIn8hdAoGAKL5h
-MeTxeMlJWyD6BwDX/IObBkoQhv7EgkY6I28p6FghuuXtHo26jqZrn13neZB3xC1+
-2K0ZQIxwbhigq8MWZoe5bdaiEYSp3q8rVmdN+VktP+3bUcyxbjv7VPwgjxbkOt/w
-9WE8olDd1Gab3UQxw2ld9GMDWhAyN3BnDnaNYcECgYBFyc/maooUp2x1SEh3UisY
-vkpzYvUyHGiq2/gwm1htz8HQO75RuNY/YtxN1m9jrMArPBy6OgQ/Wk3Zi6S8HqYY
-ENTUUsIVr33nJT3rOWWJ2qdAmo6kAWt/J3LPNV01MWZ2cU4DcEDF1ZVkGFVgI0ZC
-h+G1ZXD4PyjI6KWhRC3JuA==
------END PRIVATE KEY-----
\ No newline at end of file
diff --git a/kubernetes/oof/templates/configmap.yaml b/kubernetes/oof/templates/configmap.yaml
index 75f7e42277..59920a63bd 100644
--- a/kubernetes/oof/templates/configmap.yaml
+++ b/kubernetes/oof/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T,VMware
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
@@ -24,4 +26,4 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/conf/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/oof/templates/deployment.yaml b/kubernetes/oof/templates/deployment.yaml
index 55c5b0c171..2b1eeba747 100644
--- a/kubernetes/oof/templates/deployment.yaml
+++ b/kubernetes/oof/templates/deployment.yaml
@@ -1,5 +1,7 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T,VMware
+# Modifications Copyright (C) 2020 Wipro Limited.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,8 +14,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "common.fullname" . }}
@@ -24,6 +27,9 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 spec:
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
   replicas: {{ .Values.replicaCount }}
   template:
     metadata:
@@ -33,7 +39,7 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - policy-xacml-pdp
@@ -43,7 +49,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       - command:
@@ -61,14 +67,22 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.global.curlImage }}"
+        image: {{ include "repositoryGenerator.image.curl" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-osdf-sms-readiness
-
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          command:
+          - /bin/sh
+          args:
+          - "-c"
+          - |
+            grep -v '^$'  /opt/osdf/osaaf/local/org.onap.oof.crt > /tmp/oof.crt
+            cat /tmp/oof.crt /opt/app/ssl_cert/intermediate_root_ca.pem /opt/app/ssl_cert/aaf_root_ca.cer >> /opt/osdf/org.onap.oof.crt
+            ./osdfapp.sh -x osdfapp.py
           ports:
           - containerPort: {{ .Values.service.internalPort }}
           # disable liveness probe when breakpoints set in debugger
@@ -87,6 +101,7 @@ spec:
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           env:
           volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
@@ -94,17 +109,17 @@ spec:
             name: {{ include "common.fullname" . }}-config
             subPath: osdf_config.yaml
           - mountPath: /opt/app/ssl_cert/aaf_root_ca.cer
-            name: {{ include "common.fullname" . }}-config
+            name: {{ include "common.fullname" . }}-onap-certs
             subPath: aaf_root_ca.cer
-          - mountPath: /opt/app/ssl_cert/org.onap.oof.crt
-            name: {{ include "common.fullname" . }}-config
-            subPath: org.onap.oof.crt
-          - mountPath: /opt/app/ssl_cert/org.onap.oof.key
-            name: {{ include "common.fullname" . }}-config
-            subPath: org.onap.oof.key
+          - mountPath: /opt/app/ssl_cert/intermediate_root_ca.pem
+            name: {{ include "common.fullname" . }}-onap-certs
+            subPath: intermediate_root_ca.pem
           - mountPath: /opt/osdf/config/common_config.yaml
             name: {{ include "common.fullname" . }}-config
             subPath: common_config.yaml
+          - mountPath: /opt/osdf/config/log.yml
+            name: {{ include "common.fullname" . }}-config
+            subPath: log.yml
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -117,6 +132,7 @@ spec:
         {{- end }}
 
       volumes:
+       {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: localtime
           hostPath:
             path: /etc/localtime
@@ -126,13 +142,10 @@ spec:
             items:
             - key: osdf_config.yaml
               path: osdf_config.yaml
-            - key: aaf_root_ca.cer
-              path: aaf_root_ca.cer
             - key: common_config.yaml
               path: common_config.yaml
-            - key: org.onap.oof.crt
-              path: org.onap.oof.crt
-            - key: org.onap.oof.key
-              path: org.onap.oof.key
+            - key: log.yml
+              path: log.yml
+{{ include "oof.certificate.volume" . | indent 8 }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/templates/secret.yaml b/kubernetes/oof/templates/secret.yaml
new file mode 100644
index 0000000000..c5fe2be5da
--- /dev/null
+++ b/kubernetes/oof/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/oof/templates/service.yaml b/kubernetes/oof/templates/service.yaml
index 9964d8d5c5..0706a8d6d4 100644
--- a/kubernetes/oof/templates/service.yaml
+++ b/kubernetes/oof/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T,VMware
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml
index 13e0045858..db7c9d2231 100644
--- a/kubernetes/oof/values.yaml
+++ b/kubernetes/oof/values.yaml
@@ -17,17 +17,25 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
   persistence: {}
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: oof-onap-certs
+    name: &oof-certs '{{ include "common.release" . }}-oof-onap-certs'
+    externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+    type: generic
+    filePaths:
+      - resources/config/certs/intermediate_root_ca.pem
+      - resources/config/certs/aaf_root_ca.cer
+
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
-image: onap/optf-osdf:2.0.4
+image: onap/optf-osdf:3.0.2
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -79,12 +87,42 @@ config:
   configDbUrl: http://config.db.url:8080
   configDbGetCellListUrl: 'SDNCConfigDBAPI/getCellList'
   configDbGetNbrListUrl: 'SDNCConfigDBAPI/getNbrList'
+  #aai api
+  aaiUrl: https://aai:8443
+  aaiGetLinksUrl: /aai/v16/network/logical-links
+  aaiServiceInstanceUrl : /aai/v20/nodes/service-instances/service-instance/
+  aaiGetControllersUrl: /aai/v19/external-system/esr-thirdparty-sdnc-list
+  controllerQueryUrl: /aai/v19/query?format=resource
+  aaiGetInterDomainLinksUrl: /aai/v19/network/logical-links?link-type=inter-domain&operational-status=up
+  #des api
+  desUrl: https://des.url:9000
+  desApiPath: /datalake/v1/exposure/
+  desUsername: ''
+  desPassword: ''
 # default number of instances
 replicaCount: 1
 nodeSelector: {}
 affinity: {}
 # Resource Limit flavor -By Default using small
 flavor: small
+
+#sub-charts configuration
+certInitializer:
+  nameOverride: oof-osdf-cert-initializer
+  fqdn: "oof.onap"
+  app_ns: "org.osaaf.aaf"
+  fqi: "oof@oof.onap.org"
+  fqi_namespace: org.onap.oof
+  public_fqdn: "oof.onap.org"
+  aafDeployFqi: "deployer@people.osaaf.org"
+  aafDeployPass: demo123456!
+  cadi_latitude: "0.0"
+  cadi_longitude: "0.0"
+  credsPath: /opt/app/osaaf/local
+  appMountPath: /opt/osdf/osaaf
+  aaf_add_config: >
+    chmod 444 {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key;
+
 # Segregation for Different environment (Small and Large)
 resources:
   small:
@@ -126,3 +164,11 @@ ingress:
       port: 8698
   config:
     ssl: "redirect"
+
+#component overrides
+
+oof-cmso:
+  enabled: true
+oof-has:
+  enabled: true
+  certSecret: *oof-certs
diff --git a/kubernetes/pomba/charts/pomba-data-router/resources/config/data-router.properties b/kubernetes/platform/.gitignore
index e69de29bb2..e69de29bb2 100644
--- a/kubernetes/pomba/charts/pomba-data-router/resources/config/data-router.properties
+++ b/kubernetes/platform/.gitignore
diff --git a/kubernetes/vfc/charts/vfc-vnfres/.helmignore b/kubernetes/platform/.helmignore
index f0c1319444..7ddbad7ef4 100644
--- a/kubernetes/vfc/charts/vfc-vnfres/.helmignore
+++ b/kubernetes/platform/.helmignore
@@ -19,3 +19,4 @@
 .project
 .idea/
 *.tmproj
+components/
diff --git a/kubernetes/dcaegen2/components/dcae-redis/Chart.yaml b/kubernetes/platform/Chart.yaml
index d4c264f713..000f3b3fda 100644
--- a/kubernetes/dcaegen2/components/dcae-redis/Chart.yaml
+++ b/kubernetes/platform/Chart.yaml
@@ -1,5 +1,6 @@
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright © 2018 ZTE
+# Modifications Copyright © 2018 AT&T, Amdocs, Bell Canada
+# Modifications Copyright © 2020 Nokia
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,6 +15,6 @@
 # limitations under the License.
 
 apiVersion: v1
-description: ONAP DCAE Redis
-name: dcae-redis
+description: ONAP platform components
+name: platform
 version: 6.0.0
diff --git a/kubernetes/platform/Makefile b/kubernetes/platform/Makefile
new file mode 100644
index 0000000000..c5dd3f2df5
--- /dev/null
+++ b/kubernetes/platform/Makefile
@@ -0,0 +1,56 @@
+# Copyright © 2020 Samsung Electronics, Orange, Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+	@if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/platform/components/Makefile b/kubernetes/platform/components/Makefile
new file mode 100644
index 0000000000..2fd1980ed0
--- /dev/null
+++ b/kubernetes/platform/components/Makefile
@@ -0,0 +1,57 @@
+# Copyright © 2020 Samsung Electronics
+# Modifications Copyright © 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+	@if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/.helmignore b/kubernetes/platform/components/oom-cert-service/.helmignore
index f0c1319444..50af031725 100644
--- a/kubernetes/vfc/charts/vfc-vnfmgr/.helmignore
+++ b/kubernetes/platform/components/oom-cert-service/.helmignore
@@ -19,3 +19,4 @@
 .project
 .idea/
 *.tmproj
+.vscode/
diff --git a/kubernetes/aaf/components/aaf-cert-service/Chart.yaml b/kubernetes/platform/components/oom-cert-service/Chart.yaml
index 525b2ac4b6..dd99988868 100644
--- a/kubernetes/aaf/components/aaf-cert-service/Chart.yaml
+++ b/kubernetes/platform/components/oom-cert-service/Chart.yaml
@@ -13,6 +13,6 @@
 # limitations under the License.
 
 apiVersion: v1
-description: ONAP AAF Cert Service
-name: aaf-cert-service
-version: 6.0.0
+description: ONAP Cert Service
+name: oom-cert-service
+version: 6.0.0
\ No newline at end of file
diff --git a/kubernetes/platform/components/oom-cert-service/Makefile b/kubernetes/platform/components/oom-cert-service/Makefile
new file mode 100644
index 0000000000..736a19fbd4
--- /dev/null
+++ b/kubernetes/platform/components/oom-cert-service/Makefile
@@ -0,0 +1,153 @@
+CERTS_DIR = resources
+CURRENT_DIR := ${CURDIR}
+DOCKER_CONTAINER = generate-certs
+DOCKER_EXEC = docker exec ${DOCKER_CONTAINER}
+
+all: start_docker \
+     clear_all \
+     root_generate_keys \
+     root_create_certificate \
+     root_self_sign_certificate \
+     client_generate_keys \
+     client_generate_csr \
+     client_sign_certificate_by_root \
+     client_import_root_certificate \
+     client_convert_certificate_to_jks \
+     server_generate_keys \
+     server_generate_csr \
+     server_sign_certificate_by_root \
+     server_import_root_certificate \
+     server_convert_certificate_to_jks \
+     server_convert_certificate_to_p12 \
+     clear_unused_files \
+     stop_docker
+
+.PHONY: all
+
+# Starts docker container for generating certificates - deletes first, if already running
+start_docker:
+	@make stop_docker
+	$(eval REPOSITORY := $(shell cat ./values.yaml | grep -i "^[ \t]*repository" -m1 | xargs | cut -d ' ' -f2))
+	$(eval JAVA_IMAGE := $(shell cat ./values.yaml | grep -i "^[ \t]*certificateGenerationImage" -m1 | xargs | cut -d ' ' -f2))
+	$(eval FULL_JAVA_IMAGE := $(REPOSITORY)/$(JAVA_IMAGE))
+	$(eval USERNAME :=$(shell id -u))
+	$(eval GROUP :=$(shell id -g))
+	docker run --rm --name ${DOCKER_CONTAINER} --user "$(USERNAME):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/app -w /app --entrypoint "sh" -td $(FULL_JAVA_IMAGE)
+
+# Stops docker container for generating  certificates. 'true' is used to return 0 status code, if container is already deleted
+stop_docker:
+	docker rm ${DOCKER_CONTAINER} -f 1>/dev/null || true
+
+#Clear all files related to certificates
+clear_all:
+	@make clear_existing_certificates
+	@make clear_unused_files
+
+#Clear certificates
+clear_existing_certificates:
+	@echo "Clear certificates"
+	${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12
+	@echo "#####done#####"
+
+#Generate root private and public keys
+root_generate_keys:
+	@echo "Generate root private and public keys"
+	${DOCKER_EXEC} keytool -genkeypair -v -alias root -keyalg RSA -keysize 4096 -validity 3650 -keystore root-keystore.jks \
+    -dname "CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL" -keypass secret \
+    -storepass secret -ext BasicConstraints:critical="ca:true"
+	@echo "#####done#####"
+
+#Export public key as certificate
+root_create_certificate:
+	@echo "(Export public key as certificate)"
+	${DOCKER_EXEC} keytool -exportcert -alias root -keystore root-keystore.jks -storepass secret -file root.crt -rfc
+	@echo "#####done#####"
+
+#Self-signed root (import root certificate into truststore)
+root_self_sign_certificate:
+	@echo "(Self-signed root (import root certificate into truststore))"
+	${DOCKER_EXEC} keytool -importcert -alias root -keystore truststore.jks -file root.crt -storepass secret -noprompt
+	@echo "#####done#####"
+
+#Generate certService's client private and public keys
+client_generate_keys:
+	@echo "Generate certService's client private and public keys"
+	${DOCKER_EXEC} keytool -genkeypair -v -alias certServiceClient -keyalg RSA -keysize 2048 -validity 365 \
+    -keystore certServiceClient-keystore.jks -storetype JKS \
+    -dname "CN=certServiceClient.com,OU=certServiceClient company,O=certServiceClient org,L=Wroclaw,ST=Dolny Slask,C=PL" \
+    -keypass secret -storepass secret
+	@echo "####done####"
+
+#Generate certificate signing request for certService's client
+client_generate_csr:
+	@echo "Generate certificate signing request for certService's client"
+	${DOCKER_EXEC} keytool -certreq -keystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -file certServiceClient.csr
+	@echo "####done####"
+
+#Sign certService's client certificate by root CA
+client_sign_certificate_by_root:
+	@echo "Sign certService's client certificate by root CA"
+	${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceClient.csr \
+    -outfile certServiceClientByRoot.crt -rfc -ext bc=0  -ext ExtendedkeyUsage="serverAuth,clientAuth"
+	@echo "####done####"
+
+#Import root certificate into client
+client_import_root_certificate:
+	@echo "Import root certificate into intermediate"
+	${DOCKER_EXEC} sh -c "cat root.crt >> certServiceClientByRoot.crt"
+	@echo "####done####"
+
+#Import signed certificate into certService's client
+client_convert_certificate_to_jks:
+	@echo "Import signed certificate into certService's client"
+	${DOCKER_EXEC} keytool -importcert -file certServiceClientByRoot.crt -destkeystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -noprompt
+	@echo "####done####"
+
+#Generate certService private and public keys
+server_generate_keys:
+	@echo "Generate certService private and public keys"
+	${DOCKER_EXEC} keytool -genkeypair -v -alias oom-cert-service -keyalg RSA -keysize 2048 -validity 365 \
+    -keystore certServiceServer-keystore.jks -storetype JKS \
+    -dname "CN=oom-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \
+    -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false"
+	@echo "####done####"
+
+#Generate certificate signing request for certService
+server_generate_csr:
+	@echo "Generate certificate signing request for certService"
+	${DOCKER_EXEC} keytool -certreq -keystore certServiceServer-keystore.jks -alias oom-cert-service -storepass secret -file certServiceServer.csr
+	@echo "####done####"
+
+#Sign certService certificate by root CA
+server_sign_certificate_by_root:
+	@echo "Sign certService certificate by root CA"
+	${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \
+    -outfile certServiceServerByRoot.crt -rfc -ext bc=0  -ext ExtendedkeyUsage="serverAuth,clientAuth" \
+    -ext SubjectAlternativeName:="DNS:oom-cert-service,DNS:localhost"
+	@echo "####done####"
+
+#Import root certificate into server
+server_import_root_certificate:
+	@echo "Import root certificate into intermediate(server)"
+	${DOCKER_EXEC} sh -c "cat root.crt >> certServiceServerByRoot.crt"
+	@echo "####done####"
+
+#Import signed certificate into certService
+server_convert_certificate_to_jks:
+	@echo "Import signed certificate into certService"
+	${DOCKER_EXEC} keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias oom-cert-service \
+    -storepass secret -noprompt
+	@echo "####done####"
+
+#Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)
+server_convert_certificate_to_p12:
+	@echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)"
+	${DOCKER_EXEC} keytool -importkeystore -srckeystore certServiceServer-keystore.jks -srcstorepass secret \
+        -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret
+	@echo "#####done#####"
+
+#Clear unused certificates
+clear_unused_files:
+	@echo "Clear unused certificates"
+	${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt  certServiceServer.csr
+	@echo "#####done#####"
diff --git a/kubernetes/platform/components/oom-cert-service/requirements.yaml b/kubernetes/platform/components/oom-cert-service/requirements.yaml
new file mode 100644
index 0000000000..26bc7a64d8
--- /dev/null
+++ b/kubernetes/platform/components/oom-cert-service/requirements.yaml
@@ -0,0 +1,21 @@
+ # Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/default/cmpServers.json b/kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json
index 358f2a82c7..358f2a82c7 100644
--- a/kubernetes/aaf/components/aaf-cert-service/resources/default/cmpServers.json
+++ b/kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json
diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/test/cmpServers.json b/kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json
index 06e1087f60..06e1087f60 100644
--- a/kubernetes/aaf/components/aaf-cert-service/resources/test/cmpServers.json
+++ b/kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json
diff --git a/kubernetes/aaf/components/aaf-cert-service/templates/deployment.yaml b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml
index a44066461b..c4d7440b20 100644
--- a/kubernetes/aaf/components/aaf-cert-service/templates/deployment.yaml
+++ b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2020, Nokia
+{{/*# Copyright © 2020, Nokia
 # Modifications Copyright  © 2020, Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,7 +11,7 @@
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
-# limitations under the License.
+# limitations under the License.*/}}
 
 {{- if .Values.global.cmpv2Enabled }}
 apiVersion: apps/v1
@@ -43,7 +43,7 @@ spec:
       initContainers:
         - name: wait-for-ejbca
           command:
-          - /root/ready.py
+          - /app/ready.py
           args:
           - --container-name
           - ejbca-ejbca
@@ -53,10 +53,10 @@ spec:
               fieldRef:
                 apiVersion: v1
                 fieldPath: metadata.namespace
-          image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+          image: {{ include "repositoryGenerator.image.readiness" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         - name: subsitute-envs
-          image: "{{ .Values.global.envsubstImage }}"
+          image: {{ include "repositoryGenerator.image.envsubst" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command: ['sh', '-c', "cd /config-input &&  envsubst < cmpServers.json > {{ .Values.cmpServers.volume.mountPath }}/cmpServers.json"]
           volumeMounts:
@@ -78,7 +78,7 @@ spec:
 {{- end }}
       containers:
         - name: {{ include "common.name" . }}
-          image: {{ include "common.repository" . }}/{{ .Values.image }}
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports: {{ include "common.containerPorts" . | nindent 10 }}
           env:
diff --git a/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml b/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml
new file mode 100644
index 0000000000..ba12874eb6
--- /dev/null
+++ b/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml
@@ -0,0 +1,31 @@
+{{/*
+  # Copyright © 2020, Nokia
+  #
+  # Licensed under the Apache License, Version 2.0 (the "License");
+  # you may not use this file except in compliance with the License.
+  # You may obtain a copy of the License at
+  #
+  #       http://www.apache.org/licenses/LICENSE-2.0
+  #
+  # Unless required by applicable law or agreed to in writing, software
+  # distributed under the License is distributed on an "AS IS" BASIS,
+  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  # See the License for the specific language governing permissions and
+  # limitations under the License.
+*/}}
+
+{{- if .Values.global.offlineDeploymentBuild }}
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector: {{- include "common.selectors" . | nindent 4 }}
+  template:
+    metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+    spec:
+      containers:
+        - name: {{ include "common.name" . }}
+          image: {{ include "common.repository" . }}/{{ .Values.certificateGenerationImage }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{ end -}}
diff --git a/kubernetes/aaf/components/aaf-cert-service/templates/secret.yaml b/kubernetes/platform/components/oom-cert-service/templates/secret.yaml
index ac92f56487..280922a014 100644
--- a/kubernetes/aaf/components/aaf-cert-service/templates/secret.yaml
+++ b/kubernetes/platform/components/oom-cert-service/templates/secret.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2020, Nokia
+{{/*# Copyright © 2020, Nokia
 # Modifications Copyright  © 2020, Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,7 +11,7 @@
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
-# limitations under the License.
+# limitations under the License.*/}}
 
 {{- if .Values.global.cmpv2Enabled }}
 {{ include "common.secretFast" . }}
@@ -31,7 +31,7 @@ data:
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ .Values.global.aaf.certServiceClient.secret.name | default .Values.tls.client.secret.defaultName }}
+  name: {{ .Values.global.certService.certServiceClient.secret.name | default .Values.tls.client.secret.defaultName }}
 type: Opaque
 data:
   certServiceClient-keystore.jks:
diff --git a/kubernetes/aaf/components/aaf-cert-service/templates/service.yaml b/kubernetes/platform/components/oom-cert-service/templates/service.yaml
index 60e2afa41d..5ae6b36dad 100644
--- a/kubernetes/aaf/components/aaf-cert-service/templates/service.yaml
+++ b/kubernetes/platform/components/oom-cert-service/templates/service.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2020, Nokia
+{{/*# Copyright © 2020, Nokia
 # Modifications Copyright  © 2020, Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,7 +11,7 @@
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
-# limitations under the License.
+# limitations under the License.*/}}
 {{- if .Values.global.cmpv2Enabled }}
   {{ include "common.service" . }}
 {{ end -}}
\ No newline at end of file
diff --git a/kubernetes/aaf/components/aaf-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml
index ee3beffd7f..ee51ec7a7d 100644
--- a/kubernetes/aaf/components/aaf-cert-service/values.yaml
+++ b/kubernetes/platform/components/oom-cert-service/values.yaml
@@ -1,5 +1,6 @@
 # Copyright © 2020, Nokia
 # Modifications Copyright  © 2020, Nordix Foundation, Orange
+# Modifications Copyright © 2020 Nokia
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,25 +16,13 @@
 
 # Global
 global:
-  envsubstImage: dibi/envsubst
   nodePortPrefix: 302
-  # Readiness image
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  # Ubuntu Init image
-  ubuntuInitRepository: registry.hub.docker.com
-  ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
-  # Logging image
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  # BusyBox image
-  busyboxRepository: registry.hub.docker.com
-  busyboxImage: library/busybox:1.31
   persistence:
     enabled: true
   # Standard OOM
   pullPolicy: "Always"
   repository: "nexus3.onap.org:10001"
+  offlineDeploymentBuild: false
 
 
 # Service configuration
@@ -44,10 +33,12 @@ service:
       port: 8443
       port_protocol: http
 
+# Certificates generation configuration
+certificateGenerationImage: onap/integration-java11:7.1.0
 
 # Deployment configuration
-repository: nexus3.onap.org:10001
-image: onap/org.onap.aaf.certservice.aaf-certservice-api:1.2.0
+repository: "nexus3.onap.org:10001"
+image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0
 pullPolicy: Always
 replicaCount: 1
 
@@ -82,21 +73,21 @@ resources:
 # Application configuration
 cmpServers:
   secret:
-    name: aaf-cert-service-secret
+    name: oom-cert-service-secret
   volume:
-    name: aaf-cert-service-volume
-    mountPath: /etc/onap/aaf/certservice
+    name: oom-cert-service-volume
+    mountPath: /etc/onap/oom/certservice
 
 tls:
   server:
     secret:
-      name: aaf-cert-service-server-tls-secret
+      name: oom-cert-service-server-tls-secret
     volume:
-      name: aaf-cert-service-server-tls-volume
-      mountPath: /etc/onap/aaf/certservice/certs/
+      name: oom-cert-service-server-tls-volume
+      mountPath: /etc/onap/oom/certservice/certs/
   client:
     secret:
-      defaultName: aaf-cert-service-client-tls-secret
+      defaultName: oom-cert-service-client-tls-secret
 
 envs:
   keystore:
@@ -117,9 +108,10 @@ credentials:
     #truststorePasswordExternalSecret:
   # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled
   cmp:
-    #clientIakExternalSecret:
+    # Used only if cmpv2 testing is enabled
+    clientIakExternalSecret: '{{ include "common.release" . }}-ejbca-client-iak'
     #clientRvExternalSecret:
-    #raIakExternalSecret:
+    raIakExternalSecret: '{{ include "common.release" . }}-ejbca-ra-iak'
     #raRvExternalSecret:
     client: {}
       # iak: mypassword
diff --git a/kubernetes/platform/requirements.yaml b/kubernetes/platform/requirements.yaml
new file mode 100644
index 0000000000..648197898d
--- /dev/null
+++ b/kubernetes/platform/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: oom-cert-service
+    version: ~6.x-0
+    repository: 'file://components/oom-cert-service'
\ No newline at end of file
diff --git a/kubernetes/platform/values.yaml b/kubernetes/platform/values.yaml
new file mode 100644
index 0000000000..d21fb791e2
--- /dev/null
+++ b/kubernetes/platform/values.yaml
@@ -0,0 +1,62 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 AT&T
+# Modifications Copyright © 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+
+global:
+  nodePortPrefix: 302
+  persistence:
+    enabled: true
+  # Standard OOM
+  pullPolicy: "Always"
+
+  cmpv2Enabled: true
+  addTestingComponents: false
+
+  certService:
+    certServiceClient:
+      secret:
+        name: oom-cert-service-client-tls-secret
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+flavor: small
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 350
+  periodSeconds: 10
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: true
+
+readiness:
+  initialDelaySeconds: 150
+  periodSeconds: 10
+
+persistence: {}
+
+resources: {}
diff --git a/kubernetes/pnda/charts/dcae-pnda-bootstrap/Chart.yaml b/kubernetes/pnda/charts/dcae-pnda-bootstrap/Chart.yaml
deleted file mode 100644
index 77f4f7ff88..0000000000
--- a/kubernetes/pnda/charts/dcae-pnda-bootstrap/Chart.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-apiVersion: v1
-description: ONAP DCAE PNDA Bootstrap
-name: dcae-pnda-bootstrap
-version: 6.0.0
diff --git a/kubernetes/pnda/charts/dcae-pnda-bootstrap/requirements.yaml b/kubernetes/pnda/charts/dcae-pnda-bootstrap/requirements.yaml
deleted file mode 100644
index 9f6d817592..0000000000
--- a/kubernetes/pnda/charts/dcae-pnda-bootstrap/requirements.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-dependencies:
-  - name: common
-    version: ~6.x-0
-    repository: '@local'
diff --git a/kubernetes/pnda/charts/dcae-pnda-bootstrap/resources/inputs/pnda_env.yaml b/kubernetes/pnda/charts/dcae-pnda-bootstrap/resources/inputs/pnda_env.yaml
deleted file mode 100644
index 555b9e4de4..0000000000
--- a/kubernetes/pnda/charts/dcae-pnda-bootstrap/resources/inputs/pnda_env.yaml
+++ /dev/null
@@ -1,230 +0,0 @@
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-infrastructure :
-  # infrastructure used for pnda deployment
-  # Valid Values are:
-  #   - aws
-  #   - openstack
-  #   - existing-machines
-  #   - terraform
-  INFRASTRUCTURE_TYPE: openstack
-
-  # The user name to use when logging into the  instances
-  # For aws target user-name allowed :
-  #            Target         AWS         Openstack
-  #
-  #   Distro   Redhat:       ec2-user     cloud-user
-  #            CentOS:       centos       cloud-user
-  OS_USER: {{ .Values.pnda.osUser }}
-
-  # CIDR specifying the address range for the network containing all PNDA instances
-  networkCidr: {{ .Values.pnda.networkCidr }}
-
-openstack_parameters:
-  # KEYSTONE_USER: Username for the openstack clients to use
-  KEYSTONE_USER: {{ .Values.openstack.keystoneUser }}
-
-  # KEYSTONE_PASSWORD: Password for the openstack clients to use
-  KEYSTONE_PASSWORD: {{ .Values.openstack.keystonePassword }}
-
-  # KEYSTONE_TENANT: Name of the tenant / project in the openstack environment. The
-  # PNDA stack will be created in this project.
-  KEYSTONE_TENANT: {{ .Values.openstack.keystoneTenant }}
-
-  # KEYSTONE_AUTH_URL: Keystone authentication URL. The Openstack console provides this
-  # under the Access & Security section.
-  KEYSTONE_AUTH_URL: {{ .Values.openstack.keystoneAuthUrl }}
-
-  # KEYSTONE_AUTH_VERSION: Keystone authentication version. The Openstack console provides this
-  # under the Access & Security section.
-  KEYSTONE_AUTH_VERSION: '2'
-
-  # KEYSTONE_REGION_NAME: Keystone region. The Openstack console provides this
-  # under the Access & Security section.
-  KEYSTONE_REGION_NAME: {{ .Values.openstack.keystoneRegion }}
-
-  # imageId: Base image to use for the created instances. It should be created by
-  # following the guide in https://github.com/pndaproject/pnda-dib-elements
-  #
-  imageId: {{ .Values.openstack.imageId }}
-
-  # CIDR specifying the address range that may access the created PNDA instances
-  whitelistSshAccess: {{ .Values.openstack.whitelistSshAccess }}
-
-  # UUID of the public network in openstack to use
-  externalPublicNetworkId: {{ .Values.openstack.publicNetworkId }}
-
-  useExistingNetwork: {{ .Values.openstack.useExistingNetwork }}
-
-  existingNetworkId: {{ .Values.openstack.existingNetworkId }}
-
-  existingSubnetId: {{ .Values.openstack.existingSubnetId }}
-
-  # CIDR specifying the address range for the public subnet (bastion access)
-  publicSubnetCidr: {{ .Values.openstack.publicSubnetCidr }}
-
-platform_salt:
-  # Use either PLATFORM_GIT_REPO_URI + PLATFORM_GIT_BRANCH or PLATFORM_SALT_LOCAL
-  PLATFORM_SALT_LOCAL: /platform-salt
-
-pnda_application_repo:
-  # Type of storage to use for PNDA application packages
-  #   s3     - AWS S3. Also set PNDA_APPS_CONTAINER, PNDA_APPS_FOLDER, PNDA_APPS_REGION, PNDA_APPS_ACCESS_KEY_ID, PNDA_APPS_SECRET_ACCESS_KEY
-  #   sshfs  - standard file system. Also set PR_FS_LOCATION_PATH, PR_SSHFS_USER, PR_SSHFS_HOST, PR_SSHFS_PATH and PR_SSHFS_KEY
-  #   local  - local filesystem on the package repository service server. Also set PR_FS_LOCATION_PATH.
-  #   swift  - Openstack swift. Also set PNDA_APPS_CONTAINER and PNDA_APPS_FOLDER
-  PR_FS_TYPE: {{ .Values.pnda.apps.fsType }}
-
-  # S3 container to use for PNDA application packages
-  PNDA_APPS_CONTAINER: {{ .Values.pnda.apps.s3container }}
-
-  # Name of folder within PNDA_APPS_CONTAINER that contains the PNDA application packages
-  PNDA_APPS_FOLDER: {{ .Values.pnda.apps.s3folder }}
-
-  # AWS region that contains the PNDA_APPS_CONTAINER bucket
-  PNDA_APPS_REGION: {{ .Values.pnda.apps.s3region }}
-
-  # API key for s3 access to PNDA_APPS_CONTAINER. These keys are stored on the cloud instances so should be restricted
-  # only allow access to the PNDA_APPS_CONTAINER bucket
-  PNDA_APPS_ACCESS_KEY_ID: {{ .Values.pnda.apps.s3keyid }}
-  PNDA_APPS_SECRET_ACCESS_KEY: {{ .Values.pnda.apps.s3secret }}
-
-  # Path on file system if PR_FS_TYPE is 'local' or 'sshfs'
-  PR_FS_LOCATION_PATH: {{ .Values.pnda.apps.fsLocation | print "/opt/pnda/packages" }}
-
-  # SSH accessed file system to use for PNDA application packages
-  PR_SSHFS_USER: centos
-  PR_SSHFS_HOST: 127.0.0.1
-  PR_SSHFS_PATH: /mnt/packages
-  PR_SSHFS_KEY: key.pem
-
-pnda_data_archive:
-  # S3 container to use for archiving PNDA datasets
-  PNDA_ARCHIVE_CONTAINER: pnda-archive
-
-  # AWS region that contains the PNDA_ARCHIVE_CONTAINER bucket
-  PNDA_ARCHIVE_REGION: eu-west-1
-
-  # API key for s3 access to PNDA_ARCHIVE_CONTAINER. These keys are stored on the cloud instances so should be restricted
-  # only allow access to the PNDA_ARCHIVE_CONTAINER bucket
-  PNDA_ARCHIVE_ACCESS_KEY_ID: xxxx
-  PNDA_ARCHIVE_SECRET_ACCESS_KEY: xxxx
-
-ntp:
-  # Optional ntp servers. Use this if the standard NTP servers on the Internet cannot be reached
-  # and a local NTP server has been configured. PNDA will not work without NTP.
-  # example format: 'xxx.ntp.org'
-  #For REJECT_OUTBOUND="YES" then NTP server/s must.
-  NTP_SERVERS:
-    - {{ .Values.pnda.ntp }}
-
-dns:
-  # External DNS servers list
-  nameServers:
-    - {{ .Values.pnda.nameserver }}
-
-mirrors:
-  # Mirror of resources required for provisioning PNDA, see PNDA guide for instructions on how to set this up
-  PNDA_MIRROR:
-
-hadoop:
-  # Hadoop distribution to install
-  # Valid values are:
-  # - HDP
-  # - CDH
-  HADOOP_DISTRO: HDP
-  # Spark version to enable for oozie (HDP only)
-  # Valid values are:
-  # - 1
-  # - 2
-  OOZIE_SPARK_VERSION: 1
-
-connectivity:
-  # The IP address of the client that created PNDA
-  CLIENT_IP: {{ .Values.pnda.outboundCidr }}
-  # Add online repositories for yum, apt-get, pip, etc alongside PNDA mirror
-  ADD_ONLINE_REPOS: "YES"
-  # RPM Extras repository to enable when ADD_ONLINE_REPOS=YES
-  RPM_EXTRAS_REPO_NAME: rhui-REGION-rhel-server-optional
-  # RPM Optional repository to enable when ADD_ONLINE_REPOS=YES
-  RPM_OPTIONAL_REPO_NAME: rhui-REGION-rhel-server-extras
-
-network_interfaces:
-  PNDA_INTERNAL_NETWORK: eth0
-  PNDA_INGEST_NETWORK: eth0
-
-cli:
-  # Maximum number of outbound connections that the CLI will attempt to open at once
-  # Consider increasing this when creating clusters with more than 100 nodes to speed
-  # up PNDA creation time.
-  MAX_SIMULTANEOUS_OUTBOUND_CONNECTIONS: 100
-
-security:
-  # The path were to find the security material (certificate/key).
-  # The directory should be structured as defined in this' repo's directory structure with the same name.
-  # The security material should conform to the guidelines defined in the README.md file in
-  # the containing sub directory.
-  SECURITY_MATERIAL_PATH: ./platform-certificates/
-
-  # Address of LDAP server
-  # All instances will have PAM configured to authenticate with this LDAP server if set
-  # Leave blank to disable LDAP-PAM integration
-  LDAP_SERVER: ''
-
-  # Base DN for LDAP server to use when enabling client PAM integration with LDAP
-  LDAP_BASE_DN: dc=nodomain
-
-features:
-  # Include experimental features.
-  # Set to "NO", omit setting or omit features section entirely to turn off experimental features
-  EXPERIMENTAL_FEATURES: "NO"
-
-domain:
-  # Top-level domain
-  TOP_LEVEL_DOMAIN: pnda.local
-
-  # Second-level domain
-  SECOND_LEVEL_DOMAIN: dc1
-
-dataset_compaction:
-  # Enable/Disable compaction on datasets.
-  # "YES" to enable.
-  # "NO" to disable.
-  COMPACTION: "NO"
-  # If compaction is enabled, PATTERN sets the frequency of compaction.
-  # H - hourly compaction.
-  # d - daily compaction.
-  # M - monthly compaction.
-  # Y - yearly compaction.
-  PATTERN: d
-
-datanode:
-  # DATANODE_VOLUME_COUNT sets the number of data volumes on each hadoop datanode
-  DATA_VOLUME_COUNT: 1
-  # DEVICE_ROOT sets the disk device root name
-  DEVICE_ROOT: xvdb
-
-kafka:
-  # DATA_DIRS sets the data dirs on kafka node
-  KAFKA_DATA_DIRS:
-    - /var/kafka-logs
-  # DEVICE_ROOT sets the disk device root name
-  KAFKA_DEVICE_ROOT: xvdb
-
-generic:
-  #GENERIC_DEVICE_ROOT sets the disk device root name for generic instances.
-  GENERIC_DEVICE_ROOT: xvdb
diff --git a/kubernetes/pnda/charts/dcae-pnda-bootstrap/resources/scripts/bootstrap.sh b/kubernetes/pnda/charts/dcae-pnda-bootstrap/resources/scripts/bootstrap.sh
deleted file mode 100755
index ab7eaa3f76..0000000000
--- a/kubernetes/pnda/charts/dcae-pnda-bootstrap/resources/scripts/bootstrap.sh
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/bin/sh
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-# Install PNDA in Openstack with Heat templates
-# Expects:
-#   Input files for components to be installed in /inputs
-
-if [ "z{{ .Values.enabled }}" != "ztrue" ]
-then
-   echo
-   echo "PNDA bootstrap is disabled - skipping pnda-cli launch"
-   echo
-   exit 0
-fi
-
-set -ex
-
-CLUSTER_PREFIX="{{ include "common.release" . }}-{{ include "common.namespace" . }}-pnda"
-DATANODES="{{ .Values.pnda.dataNodes }}"
-KAFKANODES="{{ .Values.pnda.kafkaNodes }}"
-VERSION="{{ .Values.pnda.version }}"
-KEYPAIR_NAME="{{ .Values.pnda_keypair_name }}"
-KEYFILE="$KEYPAIR_NAME.pem"
-
-cd /pnda-cli
-
-cp /inputs/pnda_env.yaml .
-cp /secrets/pnda.pem $KEYFILE
-chmod 600 $KEYFILE
-
-(cd tools && ./gen-certs.py)
-
-KUBE_API="https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT_HTTPS/api/v1"
-KUBE_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
-
-for i in 1 2 3 4 5 6 7 8 9
-do
-  MIRROR_IP=$(curl -s $KUBE_API/namespaces/{{ include "common.namespace" . }}/pods \
-            --header "Authorization: Bearer $KUBE_TOKEN" \
-            --insecure | jq -r '.items[].status | select(.containerStatuses != null) | select(.containerStatuses[].ready and .containerStatuses[].name=="dcae-pnda-mirror") | .hostIP')
-  MIRROR_PORT=$(curl -s $KUBE_API/namespaces/{{ include "common.namespace" . }}/services/dcae-pnda-mirror \
-              --header "Authorization: Bearer $KUBE_TOKEN" \
-              --insecure | jq -r '.spec.ports[] | select(.name=="dcae-pnda-mirror") | .nodePort')
-
-  if [ "x${MIRROR_IP}" != "xnull" -a "x${MIRROR_PORT}" != "xnull" ]; then
-    PNDA_MIRROR="http://$MIRROR_IP:$MIRROR_PORT"
-    break
-  fi
-  sleep 5
-done
-
-[ -z "${PNDA_MIRROR}" ] && { echo "Unable to get PNDA mirror IP:PORT"; exit 1; }
-
-sed -i -e 's?CLIENT_IP/32?CLIENT_IP?' bootstrap-scripts/package-install.sh
-
-./cli/pnda-cli.py create -e $CLUSTER_PREFIX -f pico -n $DATANODES -k $KAFKANODES \
-                  -b $VERSION -s $KEYPAIR_NAME --set "mirrors.PNDA_MIRROR=$PNDA_MIRROR"
diff --git a/kubernetes/pnda/charts/dcae-pnda-bootstrap/templates/configmap.yaml b/kubernetes/pnda/charts/dcae-pnda-bootstrap/templates/configmap.yaml
deleted file mode 100644
index d1f00027c3..0000000000
--- a/kubernetes/pnda/charts/dcae-pnda-bootstrap/templates/configmap.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-inputs
-  namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/inputs/*").AsConfig . | indent 2 }}
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-scripts
-  namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/scripts/*").AsConfig . | indent 2 }}
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-secrets
-  namespace: {{ include "common.namespace" . }}
-data:
-  pnda.pem: |
-{{ .Values.pnda_secret | indent 4 }}
-
diff --git a/kubernetes/pnda/charts/dcae-pnda-bootstrap/templates/job.yaml b/kubernetes/pnda/charts/dcae-pnda-bootstrap/templates/job.yaml
deleted file mode 100644
index 8dd83846b9..0000000000
--- a/kubernetes/pnda/charts/dcae-pnda-bootstrap/templates/job.yaml
+++ /dev/null
@@ -1,87 +0,0 @@
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-spec:
-  completions: 1
-  backoffLimit: 0
-  template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
-    spec:
-      restartPolicy: Never
-      initContainers:
-        - name: {{ include "common.name" . }}-readiness
-          image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          command:
-            - /root/ready.py
-          args:
-            - --container-name
-            - dcae-pnda-mirror
-            - "-t"
-            - "75"
-          env:
-          - name: NAMESPACE
-            valueFrom:
-              fieldRef:
-                apiVersion: v1
-                fieldPath: metadata.namespace
-      containers:
-        - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          volumeMounts:
-            - mountPath: /inputs
-              name: {{ include "common.fullname" . }}-inputs
-            - mountPath: /scripts
-              name: {{ include "common.fullname" . }}-scripts
-            - mountPath: /secrets
-              name: {{ include "common.fullname" . }}-secrets
-            - mountPath: /pnda-cli/cli/logs
-              name: {{ include "common.fullname" . }}-logs
-          command:
-            - "/scripts/bootstrap.sh"
-      volumes:
-        - name: {{ include "common.fullname" . }}-inputs
-          configMap:
-            name: {{ include "common.fullname" . }}-inputs
-        - name: {{ include "common.fullname" . }}-scripts
-          configMap:
-            name: {{ include "common.fullname" . }}-scripts
-            defaultMode: 0755
-        - name: {{ include "common.fullname" . }}-secrets
-          configMap:
-            name: {{ include "common.fullname" . }}-secrets
-        - name: {{ include "common.fullname" . }}-logs
-        {{- if .Values.persistence.enabled }}
-          persistentVolumeClaim:
-            claimName: {{ include "common.fullname" . }}
-        {{- else }}
-          emptyDir: {}
-        {{- end }}
diff --git a/kubernetes/pnda/charts/dcae-pnda-bootstrap/templates/pv.yaml b/kubernetes/pnda/charts/dcae-pnda-bootstrap/templates/pv.yaml
deleted file mode 100644
index 75ee218bd7..0000000000
--- a/kubernetes/pnda/charts/dcae-pnda-bootstrap/templates/pv.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-{{/*
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
-    release: "{{ include "common.release" . }}"
-    heritage: "{{ .Release.Service }}"
-    name: {{ include "common.fullname" . }}
-spec:
-  storageClassName: manual
-  capacity:
-    storage: {{ .Values.persistence.size }}
-  accessModes:
-    - {{ .Values.persistence.accessMode }}
-  persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
-  storageClassName: "{{ include "common.fullname" . }}-data"
-  hostPath:
-    path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
diff --git a/kubernetes/pnda/charts/dcae-pnda-bootstrap/values.yaml b/kubernetes/pnda/charts/dcae-pnda-bootstrap/values.yaml
deleted file mode 100644
index da5f7a14e4..0000000000
--- a/kubernetes/pnda/charts/dcae-pnda-bootstrap/values.yaml
+++ /dev/null
@@ -1,96 +0,0 @@
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
-  nodePortPrefixExt: 304
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  persistence: {}
-
-#################################################################
-# PNDA configuration defaults.
-#################################################################
-
-enabled: false
-
-pnda:
-  version: release/5.0
-  dataNodes: 2
-  kafkaNodes: 1
-  osUser: centos
-  nameserver: 8.8.8.8
-  ntp: pool.ntp.org
-  apps:
-    fsType: local
-  networkCidr: 10.0.0.0/16
-  outboundCidr: 0.0.0.0/0
-
-pnda_keypair_name: pnda
-pnda_secret: replace-me
-
-#################################################################
-# Openstack connection params.
-#################################################################
-
-openstack:
-  keystoneUser: onap
-  keystonePassword: onap
-  keystoneTenant: onap
-  keystoneAuthUrl: 'http://10.60.18.18:5000/v2.0/'
-  keystoneRegion: regionOne
-  imageId: id_of_image
-  publicNetworkId: id_of_public_network
-  useExistingNetwork: true
-  existingNetworkId: id_of_onap_network
-  existingSubnetId: id_of_onap_subnet
-  whitelistSshAccess: 0.0.0.0/0
-  publicSubnetCidr: 10.0.0.0/24
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-
-
-repository: pndareg.ctao6.net
-image: onap/org.onap.dcaegen2.deployments.pnda-bootstrap-container:6.0.0
-pullPolicy: Always
-
-## Persist data to a persitent volume
-persistence:
-  enabled: true
-
-  ## A manually managed Persistent Volume and Claim
-  ## Requires persistence.enabled: true
-  ## If defined, PVC must be created manually before volume will be bound
-  # existingClaim:
-  volumeReclaimPolicy: Retain
-
-  ## database data Persistent Volume Storage Class
-  ## If defined, storageClassName: <storageClass>
-  ## If set to "-", storageClassName: "", which disables dynamic provisioning
-  ## If undefined (the default) or set to null, no storageClassName spec is
-  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
-  ##   GKE, AWS & OpenStack)
-  accessMode: ReadWriteOnce
-  size: 10Mi
-  mountPath: /dockerdata-nfs
-  mountSubPath: dcae-pnda-bootstrap/logs
diff --git a/kubernetes/pnda/charts/dcae-pnda-mirror/Chart.yaml b/kubernetes/pnda/charts/dcae-pnda-mirror/Chart.yaml
deleted file mode 100644
index 16ee1a6fe2..0000000000
--- a/kubernetes/pnda/charts/dcae-pnda-mirror/Chart.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-apiVersion: v1
-description: ONAP DCAE PNDA Mirror
-name: dcae-pnda-mirror
-version: 6.0.0
diff --git a/kubernetes/pnda/charts/dcae-pnda-mirror/requirements.yaml b/kubernetes/pnda/charts/dcae-pnda-mirror/requirements.yaml
deleted file mode 100644
index 9f6d817592..0000000000
--- a/kubernetes/pnda/charts/dcae-pnda-mirror/requirements.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-dependencies:
-  - name: common
-    version: ~6.x-0
-    repository: '@local'
diff --git a/kubernetes/pnda/charts/dcae-pnda-mirror/templates/deployment.yaml b/kubernetes/pnda/charts/dcae-pnda-mirror/templates/deployment.yaml
deleted file mode 100644
index c328644122..0000000000
--- a/kubernetes/pnda/charts/dcae-pnda-mirror/templates/deployment.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-spec:
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
-    spec:
-      containers:
-        - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          ports:
-            - containerPort: {{ .Values.service.internalPort }}
-          # disable liveness probe when breakpoints set in debugger
-          # so K8s doesn't restart unresponsive container
-          {{- if eq .Values.liveness.enabled true }}
-          livenessProbe:
-            tcpSocket:
-              port: {{ .Values.service.internalPort }}
-            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
-            periodSeconds: {{ .Values.liveness.periodSeconds }}
-          {{ end -}}
-          readinessProbe:
-            tcpSocket:
-              port: {{ .Values.service.internalPort }}
-            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
-            periodSeconds: {{ .Values.readiness.periodSeconds }}
diff --git a/kubernetes/pnda/charts/dcae-pnda-mirror/templates/service.yaml b/kubernetes/pnda/charts/dcae-pnda-mirror/templates/service.yaml
deleted file mode 100644
index e3308184fa..0000000000
--- a/kubernetes/pnda/charts/dcae-pnda-mirror/templates/service.yaml
+++ /dev/null
@@ -1,42 +0,0 @@
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "common.servicename" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-  annotations:
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    {{if eq .Values.service.type "NodePort" -}}
-    - port: {{ .Values.service.externalPort }}
-      nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }}
-      name: {{ .Values.service.portName }}
-    {{- else -}}
-    - port: {{ .Values.service.externalPort }}
-      targetPort: {{ .Values.service.internalPort }}
-      name: {{ .Values.service.portName }}
-    {{- end}}
-  selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
diff --git a/kubernetes/pnda/charts/dcae-pnda-mirror/values.yaml b/kubernetes/pnda/charts/dcae-pnda-mirror/values.yaml
deleted file mode 100644
index b9d6cb9234..0000000000
--- a/kubernetes/pnda/charts/dcae-pnda-mirror/values.yaml
+++ /dev/null
@@ -1,75 +0,0 @@
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
-  nodePortPrefixExt: 304
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  persistence: {}
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-
-repository: pndareg.ctao6.net
-image: onap/org.onap.dcaegen2.deployments.pnda-mirror-container:6.0.0
-pullPolicy: Always
-
-# application configuration
-# Example:
-config: {}
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
-  initialDelaySeconds: 60
-  periodSeconds: 10
-  timeoutSeconds: 10
-  # necessary to disable liveness probe when setting breakpoints
-  # in debugger so K8s doesn't restart unresponsive container
-  enabled: true
-
-readiness:
-  initialDelaySeconds: 15
-  periodSeconds: 10
-
-service:
-  type: NodePort
-  portName: dcae-pnda-mirror
-  nodePort: "00"
-  externalPort: 80
-  internalPort: 80
-
-## Persist data to a persitent volume
-persistence:
-  enabled: false
-
-ingress:
-  enabled: false
-
-resources: {}
diff --git a/kubernetes/pnda/requirements.yaml b/kubernetes/pnda/requirements.yaml
deleted file mode 100644
index 9f6d817592..0000000000
--- a/kubernetes/pnda/requirements.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-dependencies:
-  - name: common
-    version: ~6.x-0
-    repository: '@local'
diff --git a/kubernetes/policy/.helmignore b/kubernetes/policy/.helmignore
index f0c1319444..7ddbad7ef4 100644..100755
--- a/kubernetes/policy/.helmignore
+++ b/kubernetes/policy/.helmignore
@@ -19,3 +19,4 @@
 .project
 .idea/
 *.tmproj
+components/
diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml
index f98bcd6fdd..57dd77ec37 100644..100755
--- a/kubernetes/policy/Chart.yaml
+++ b/kubernetes/policy/Chart.yaml
@@ -1,5 +1,5 @@
 # Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,6 +14,6 @@
 # limitations under the License.
 
 apiVersion: v1
-description: ONAP Policy Administration Point
+description: ONAP Policy
 name: policy
 version: 6.0.0
diff --git a/kubernetes/policy/Makefile b/kubernetes/policy/Makefile
new file mode 100755
index 0000000000..4c79718d02
--- /dev/null
+++ b/kubernetes/policy/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw-tweaks.sh b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw-tweaks.sh
deleted file mode 100644
index d7b27a071c..0000000000
--- a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw-tweaks.sh
+++ /dev/null
@@ -1,41 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#! /bin/bash
-
-PROPS_BUILD="${POLICY_HOME}/etc/build.info"
-
-PROPS_RUNTIME="${POLICY_HOME}/servers/brmsgw/config.properties"
-PROPS_INSTALL="${POLICY_HOME}/install/servers/brmsgw/config.properties"
-
-
-if [ ! -f "${PROPS_BUILD}" ]; then
-	echo "error: version information does not exist: ${PROPS_BUILD}"
-	exit 1
-fi
-
-source "${POLICY_HOME}/etc/build.info"
-
-if [ -z "${version}" ]; then
-	echo "error: no version information present"
-	exit 1
-fi
-
-for CONFIG in ${PROPS_RUNTIME} ${PROPS_INSTALL}; do
-	if [ ! -f "${CONFIG}" ]; then
-		echo "warning: configuration does not exist: ${CONFIG}"
-	else
-		sed -i -e "s/brms.dependency.version=.*/brms.dependency.version=${version}/g" "${CONFIG}"
-	fi
-done
diff --git a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf
deleted file mode 100644
index a0e5d1ec87..0000000000
--- a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf
+++ /dev/null
@@ -1,67 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# BRMSpep component installation configuration parameters
-BRMSGW_JMX_PORT=9989
-
-COMPONENT_X_MX_MB=1024
-COMPONENT_X_MS_MB=1024
-
-REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/
-REST_PDP_ID=https://{{ .Values.global.pdp.nameOverride }}:{{.Values.config.pdpPort}}/pdp/
-
-PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID}
-PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD}
-PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID}
-PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD}
-
-M2_HOME=/usr/share/java/maven-3
-snapshotRepositoryID=policy-nexus-snapshots
-snapshotRepositoryName=Snapshots
-snapshotRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.config.nexusPort}}/nexus/content/repositories/snapshots
-releaseRepositoryID=policy-nexus-releases
-releaseRepositoryName=Releases
-releaseRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases
-repositoryUsername=${REPOSITORY_USERNAME}
-repositoryPassword=${REPOSITORY_PASSWORD}
-UEB_URL=message-router
-UEB_TOPIC=PDPD-CONFIGURATION
-UEB_API_KEY=
-UEB_API_SECRET=
-
-groupID=org.onap.policy-engine
-artifactID=drlPDPGroup
-AMSTERDAM_GROUP_ID=org.onap.policy-engine.drools.amsterdam
-AMSTERDAM_ARTIFACT_ID=policy-amsterdam-rules
-
-# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase
-resource_name=brmsgw_1
-node_type=brms_gateway
-
-#Environment should be Set either DEV, TEST or PROD
-ENVIRONMENT=TEST
-
-#Notification Properties... type can be either websocket, ueb, or dmaap
-BRMS_NOTIFICATION_TYPE=websocket
-BRMS_UEB_URL=message-router
-BRMS_UEB_TOPIC=PDPD-CONFIGURATION
-BRMS_UEB_DELAY=
-BRMS_CLIENT_ID=python
-BRMS_CLIENT_KEY=dGVzdA==
-BRMS_UEB_API_KEY=
-BRMS_UEB_API_SECRET=
-
-#Dependency.json file version
-BRMS_DEPENDENCY_VERSION=1.6.4
-BRMS_MODELS_DEPENDENCY_VERSION=2.2.6
diff --git a/kubernetes/policy/charts/brmsgw/templates/NOTES.txt b/kubernetes/policy/charts/brmsgw/templates/NOTES.txt
deleted file mode 100644
index fa0aa7d258..0000000000
--- a/kubernetes/policy/charts/brmsgw/templates/NOTES.txt
+++ /dev/null
@@ -1,33 +0,0 @@
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/policy/charts/brmsgw/templates/configmap.yaml b/kubernetes/policy/charts/brmsgw/templates/configmap.yaml
deleted file mode 100644
index 9e515917a0..0000000000
--- a/kubernetes/policy/charts/brmsgw/templates/configmap.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-pe-configmap
-  namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }}
-
diff --git a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml
deleted file mode 100644
index 7dd96926ce..0000000000
--- a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml
+++ /dev/null
@@ -1,174 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-spec:
-  selector:
-    matchLabels:
-      app: {{ include "common.name" . }}
-  replicas: {{ .Values.replicaCount }}
-  template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
-    spec:
-      initContainers:
-      - command:
-        - sh
-        args:
-        - -c
-        - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done"
-        env:
-        - name: JDBC_USER
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
-        - name: JDBC_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
-        - name: PDP_HTTP_USER_ID
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
-        - name: PDP_HTTP_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
-        - name: PDP_PAP_PDP_HTTP_USER_ID
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
-        - name: PDP_PAP_PDP_HTTP_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
-        - name: REPOSITORY_USERNAME
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }}
-        - name: REPOSITORY_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }}
-        volumeMounts:
-        - mountPath: /config-input/pe
-          name: pe-input
-        - mountPath: /config-input/pe-brmsgw
-          name: pe-brmsgw-input
-        - mountPath: /config/pe
-          name: pe
-        - mountPath: /config/pe-brmsgw
-          name: pe-brmsgw
-        image: "{{ .Values.global.envsubstImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-update-config
-      - command:
-        - /root/ready.py
-        args:
-        - --container-name
-        - {{ .Values.global.pap.nameOverride }}
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-readiness
-      containers:
-      - command:
-        - /bin/bash
-        - ./do-start.sh
-        - brmsgw
-        name: {{ include "common.name" . }}
-        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        env:
-        - name: JDBC_USER
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
-        - name: JDBC_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
-        - name: PDP_HTTP_USER_ID
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
-        - name: PDP_HTTP_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
-        - name: PDP_PAP_PDP_HTTP_USER_ID
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
-        - name: PDP_PAP_PDP_HTTP_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
-        - name: REPOSITORY_USERNAME
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }}
-        - name: REPOSITORY_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }}
-        ports:
-        - containerPort: {{ .Values.service.externalPort }}
-        {{- if eq .Values.liveness.enabled true }}
-        livenessProbe:
-          tcpSocket:
-            port: {{ .Values.service.externalPort }}
-          initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
-          periodSeconds: {{ .Values.liveness.periodSeconds }}
-        {{- end }}
-        readinessProbe:
-          tcpSocket:
-            port: {{ .Values.service.externalPort }}
-          initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
-          periodSeconds: {{ .Values.readiness.periodSeconds }}
-        volumeMounts:
-        - mountPath: /etc/localtime
-          name: localtime
-          readOnly: true
-        - mountPath: /tmp/policy-install/config/brmsgw-tweaks.sh
-          name: pe-brmsgw
-          subPath: brmsgw-tweaks.sh
-        - mountPath: /tmp/policy-install/config/brmsgw.conf
-          name: pe-brmsgw
-          subPath: brmsgw.conf
-        - mountPath: /tmp/policy-install/config/base.conf
-          name: pe
-          subPath: base.conf
-        - mountPath: /tmp/policy-install/do-start.sh
-          name: pe-scripts
-          subPath: do-start.sh
-        resources:
-{{ include "common.resources" . | indent 12 }}
-      {{- if .Values.nodeSelector }}
-      nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
-      {{- end -}}
-      {{- if .Values.affinity }}
-      affinity:
-{{ toYaml .Values.affinity | indent 10 }}
-      {{- end }}
-      volumes:
-        - name: localtime
-          hostPath:
-            path: /etc/localtime
-        - name: pe-input
-          configMap:
-            name: {{ include "common.release" . }}-pe-configmap
-            defaultMode: 0755
-        - name: pe-scripts
-          configMap:
-            name: {{ include "common.release" . }}-pe-scripts-configmap
-            defaultMode: 0777
-        - name: pe-brmsgw-input
-          configMap:
-            name: {{ include "common.fullname" . }}-pe-configmap
-            defaultMode: 0755
-        - name: pe
-          emptyDir:
-            medium: Memory
-        - name: pe-brmsgw
-          emptyDir:
-            medium: Memory
-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/policy/charts/brmsgw/values.yaml b/kubernetes/policy/charts/brmsgw/values.yaml
deleted file mode 100644
index 70a2e3e855..0000000000
--- a/kubernetes/policy/charts/brmsgw/values.yaml
+++ /dev/null
@@ -1,133 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
-  nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  envsubstImage: dibi/envsubst
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
-  - uid: db-secret
-    type: basicAuth
-    externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
-    login: '{{ .Values.db.user }}'
-    password: '{{ .Values.db.password }}'
-    passwordPolicy: required
-  - uid: pdp-http-creds
-    type: basicAuth
-    externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}'
-    login: '{{ .Values.pdp.pdphttpuserid }}'
-    password: '{{ .Values.pdp.pdphttppassword }}'
-    passwordPolicy: required
-  - uid: pap-http-creds
-    type: basicAuth
-    externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}'
-    login: '{{ .Values.pap.pdppappdphttpuserid }}'
-    password: '{{ .Values.pap.pdppappdphttppassword }}'
-    passwordPolicy: required
-  - uid: nexus-creds
-    type: basicAuth
-    externalSecret: '{{ tpl (default "" .Values.nexus.nexusCredsExternalSecret) . }}'
-    login: '{{ .Values.nexus.repositoryUsername }}'
-    password: '{{ .Values.nexus.repositoryPassword }}'
-    passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.4
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
-  papPort: 9091
-  pdpPort: 8081
-  nexusPort: 8081
-
-db:
-  user: policy_user
-  password: policy_user
-pdp:
-  pdphttpuserid: testpdp
-  pdphttppassword: alpha123
-pap:
-  pdppappdphttpuserid: testpap
-  pdppappdphttppassword: alpha123
-nexus:
-  repositoryUsername: admin
-  repositoryPassword: admin123
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
-  initialDelaySeconds: 10
-  periodSeconds: 10
-  # necessary to disable liveness probe when setting breakpoints
-  # in debugger so K8s doesn't restart unresponsive container
-  enabled: false
-
-readiness:
-  initialDelaySeconds: 30
-  periodSeconds: 10
-
-service:
-  type: ClusterIP
-  name: brmsgw
-  portName: brmsgw
-  externalPort: 9989
-  internalPort: 9989
-  nodePort: 16
-
-
-ingress:
-  enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
-  small:
-    limits:
-      cpu: 1
-      memory: 2Gi
-    requests:
-      cpu: 10m
-      memory: 0.5Gi
-  large:
-    limits:
-      cpu: 2
-      memory: 4Gi
-    requests:
-      cpu: 20m
-      memory: 1Gi
-  unlimited: {}
diff --git a/kubernetes/policy/charts/drools/charts/nexus/templates/NOTES.txt b/kubernetes/policy/charts/drools/charts/nexus/templates/NOTES.txt
deleted file mode 100644
index 5d0107eb99..0000000000
--- a/kubernetes/policy/charts/drools/charts/nexus/templates/NOTES.txt
+++ /dev/null
@@ -1,33 +0,0 @@
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/policy/charts/drools/resources/configmaps/feature-healthcheck.properties b/kubernetes/policy/charts/drools/resources/configmaps/feature-healthcheck.properties
deleted file mode 100644
index 189248ffb3..0000000000
--- a/kubernetes/policy/charts/drools/resources/configmaps/feature-healthcheck.properties
+++ /dev/null
@@ -1,47 +0,0 @@
-###
-# ============LICENSE_START=======================================================
-# feature-healthcheck
-# ================================================================================
-# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-
-http.server.services=HEALTHCHECK
-http.server.services.HEALTHCHECK.host=0.0.0.0
-http.server.services.HEALTHCHECK.port=6969
-http.server.services.HEALTHCHECK.restClasses=org.onap.policy.drools.healthcheck.RestHealthCheck
-http.server.services.HEALTHCHECK.managed=false
-http.server.services.HEALTHCHECK.swagger=true
-http.server.services.HEALTHCHECK.userName=${envd:HEALTHCHECK_USER}
-http.server.services.HEALTHCHECK.password=${envd:HEALTHCHECK_PASSWORD}
-http.server.services.HEALTHCHECK.https=true
-http.server.services.HEALTHCHECK.aaf=${envd:AAF:false}
-http.server.services.HEALTHCHECK.serialization.provider=org.onap.policy.common.gson.JacksonHandler,org.onap.policy.common.endpoints.http.server.YamlJacksonHandler
-
-http.client.services=PAP
-
-http.client.services.PAP.host={{ .Values.global.pap.nameOverride }}
-http.client.services.PAP.port=9091
-http.client.services.PAP.contextUriPath=pap/test
-http.client.services.PAP.https=true
-http.client.services.PAP.userName=${envd:PAP_LEGACY_USERNAME}
-http.client.services.PAP.password=${envd:PAP_LEGACY_PASSWORD}
-
-http.client.services.PDP.host={{ .Values.global.pdp.nameOverride }}
-http.client.services.PDP.port=8081
-http.client.services.PDP.contextUriPath=pdp/test
-http.client.services.PDP.https=true
-http.client.services.PDP.userName=${envd:PDP_LEGACY_USERNAME}
-http.client.services.PDP.password=${envd:PDP_LEGACY_PASSWORD}
diff --git a/kubernetes/policy/charts/pap/templates/NOTES.txt b/kubernetes/policy/charts/pap/templates/NOTES.txt
deleted file mode 100644
index 170b03e6db..0000000000
--- a/kubernetes/policy/charts/pap/templates/NOTES.txt
+++ /dev/null
@@ -1,37 +0,0 @@
-#  ============LICENSE_START=======================================================
-#   Copyright (C) 2019 Nordix Foundation.
-#  ================================================================================
-#  Licensed under the Apache License, Version 2.0 (the "License");
-#  you may not use this file except in compliance with the License.
-#  You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#  ============LICENSE_END=========================================================
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/policy/charts/pdp/resources/config/log/xacml-pdp-rest/logback.xml b/kubernetes/policy/charts/pdp/resources/config/log/xacml-pdp-rest/logback.xml
deleted file mode 100644
index daa4112e51..0000000000
--- a/kubernetes/policy/charts/pdp/resources/config/log/xacml-pdp-rest/logback.xml
+++ /dev/null
@@ -1,150 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License. 
--->
-
-<configuration scan="true" scanPeriod="3 seconds" debug="true">
-   <!--<jmxConfigurator /> -->
-   <!--  specify the base path of the log directory --> 
-   <property name="logDir" value="/var/log/onap" />
-   <!--  specify the component name -->
-   <property name="componentName" value="policy" />
-   <!-- specify the sub component name -->
-   <property name="subComponentName" value="xacml-pdp-rest" />
-   <!-- The directories where logs are written --> 
-   <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
-   <property name="pattern" value="%d{&amp;quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&amp;quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
-   <!--  log file names -->
-   <property name="errorLogName" value="error" />
-   <property name="metricsLogName" value="metrics" />
-   <property name="auditLogName" value="audit" />
-   <property name="debugLogName" value="debug" />
-   <property name="queueSize" value="256" />
-   <property name="maxFileSize" value="50MB" />
-   <property name="maxHistory" value="30" />
-   <property name="totalSizeCap" value="10GB" />
-   <!-- Example evaluator filter applied against console appender -->
-   <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
-      <encoder>
-         <pattern>${pattern}</pattern>
-      </encoder>
-   </appender>
-   <!-- ============================================================================ -->
-   <!-- EELF Appenders -->
-   <!-- ============================================================================ -->
-   <!-- The EELFAppender is used to record events to the general application 
-    log -->
-   <!-- EELF Audit Appender. This appender is used to record audit engine 
-    related logging events. The audit logger and appender are specializations 
-    of the EELF application root logger and appender. This can be used to segregate 
-    Policy engine events from other components, or it can be eliminated to record 
-    these events as part of the application root log. -->
-   <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
-      <file>${logDirectory}/${auditLogName}.log</file>
-      <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-         <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
-         <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
-            <maxFileSize>${maxFileSize}</maxFileSize>
-         </timeBasedFileNamingAndTriggeringPolicy>
-         <maxHistory>${maxHistory}</maxHistory>
-         <totalSizeCap>${totalSizeCap}</totalSizeCap>
-      </rollingPolicy>
-      <encoder>
-         <pattern>${pattern}</pattern>
-      </encoder>
-   </appender>
-   <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
-      <queueSize>${queueSize}</queueSize>
-      <appender-ref ref="EELFAudit" />
-   </appender>
-   <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">
-      <file>${logDirectory}/${metricsLogName}.log</file>
-      <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-         <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
-         <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
-            <maxFileSize>${maxFileSize}</maxFileSize>
-         </timeBasedFileNamingAndTriggeringPolicy>
-         <maxHistory>${maxHistory}</maxHistory>
-         <totalSizeCap>${totalSizeCap}</totalSizeCap>
-      </rollingPolicy>
-      <encoder>
-         <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - 
-        %msg%n"</pattern> -->
-         <pattern>${pattern}</pattern>
-      </encoder>
-   </appender>
-   <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
-      <queueSize>${queueSize}</queueSize>
-      <appender-ref ref="EELFMetrics" />
-   </appender>
-   <appender name="EELFError" class="ch.qos.logback.core.rolling.RollingFileAppender">
-      <file>${logDirectory}/${errorLogName}.log</file>
-      <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-         <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
-         <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
-            <maxFileSize>${maxFileSize}</maxFileSize>
-         </timeBasedFileNamingAndTriggeringPolicy>
-         <maxHistory>${maxHistory}</maxHistory>
-         <totalSizeCap>${totalSizeCap}</totalSizeCap>
-      </rollingPolicy>
-      <encoder>
-         <pattern>${pattern}</pattern>
-      </encoder>
-      <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
-         <level>INFO</level>
-      </filter>
-   </appender>
-   <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
-      <queueSize>${queueSize}</queueSize>
-      <appender-ref ref="EELFError" />
-   </appender>
-   <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
-      <file>${logDirectory}/${debugLogName}.log</file>
-      <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-         <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
-         <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
-            <maxFileSize>${maxFileSize}</maxFileSize>
-         </timeBasedFileNamingAndTriggeringPolicy>
-         <maxHistory>${maxHistory}</maxHistory>
-         <totalSizeCap>${totalSizeCap}</totalSizeCap>
-      </rollingPolicy>
-      <encoder>
-         <pattern>${pattern}</pattern>
-      </encoder>
-   </appender>
-   <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
-      <queueSize>${queueSize}</queueSize>
-      <appender-ref ref="EELFDebug" />
-      <includeCallerData>true</includeCallerData>
-   </appender>
-   <!-- ============================================================================ -->
-   <!--  EELF loggers -->
-   <!-- ============================================================================ -->
-   <logger name="com.att.eelf.audit" level="info" additivity="false">
-      <appender-ref ref="asyncEELFAudit" />
-   </logger>
-   <logger name="com.att.eelf.metrics" level="info" additivity="false">
-      <appender-ref ref="asyncEELFMetrics" />
-   </logger>
-   <logger name="com.att.eelf.error" level="info" additivity="false">
-      <appender-ref ref="asyncEELFError" />
-   </logger>
-   <logger name="com.att.eelf.debug" level="debug" additivity="false">
-      <appender-ref ref="asyncEELFDebug" />
-   </logger>
-   <root level="INFO">
-      <appender-ref ref="asyncEELFDebug" />
-   </root>
-</configuration>
diff --git a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf
deleted file mode 100644
index bb12880ca7..0000000000
--- a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf
+++ /dev/null
@@ -1,70 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# pdp component installation configuration parameters
-
-# tomcat specific parameters
-
-TOMCAT_JMX_PORT=9991
-TOMCAT_SHUTDOWN_PORT=8087
-SSL_HTTP_CONNECTOR_PORT=8081
-SSL_AJP_CONNECTOR_PORT=8381
-SSL_AJP_CONNECTOR_REDIRECT_PORT=8443
-
-TOMCAT_X_MS_MB=1024
-TOMCAT_X_MX_MB=1024
-
-# pdp properties
-
-UEB_CLUSTER=message-router
-
-REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/
-REST_PDP_ID=https://${{"{{"}}FQDN{{"}}"}}:{{.Values.service.externalPort}}/pdp/
-REST_PDP_CONFIG=/opt/app/policy/servers/pdp/bin/config
-REST_PDP_WEBAPPS=/opt/app/policy/servers/pdp/webapps
-REST_PDP_REGISTER=true
-REST_PDP_REGISTER_SLEEP=15
-REST_PDP_REGISTER_RETRIES=-1
-REST_PDP_MAXCONTENT=999999999
-
-# PDP related properties
-PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID}
-PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD}
-PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID}
-PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD}
-
-node_type=pdp_xacml
-resource_name=pdp_1
-dependency_groups=brmsgw_1
-test_via_jmx=true
-
-#
-# Notification Properties
-# Notification type: websocket, ueb or dmaap... if left blank websocket is the default
-PDP_NOTIFICATION_TYPE=websocket
-PDP_UEB_CLUSTER=
-PDP_UEB_TOPIC=
-PDP_UEB_DELAY=
-PDP_UEB_API_KEY=
-PDP_UEB_API_SECRET=
-PDP_DMAAP_AAF_LOGIN=
-PDP_DMAAP_AAF_PASSWORD=
-
-#AAF Policy Name space
-#Required only, when we use AAF
-POLICY_AAF_NAMESPACE=
-POLICY_AAF_RESOURCE=
-
-# Indeterminate resolution
-DECISION_INDETERMINATE_RESPONSE=PERMIT
diff --git a/kubernetes/policy/charts/pdp/resources/config/pe/pdplp.conf b/kubernetes/policy/charts/pdp/resources/config/pe/pdplp.conf
deleted file mode 100644
index e7171c280e..0000000000
--- a/kubernetes/policy/charts/pdp/resources/config/pe/pdplp.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# JVM specific parameters
-LOGPARSER_JMX_PORT=9997
-LOGPARSER_X_MS_MB=1024
-LOGPARSER_X_MX_MB=1024
-
-SERVER=https://{{ include "common.servicename" . }}:{{.Values.service.externalPort}}/pdp/
-LOGPATH=/var/log/onap/policy/pdpx/pdp-rest.log
-PARSERLOGPATH=/opt/app/policy/servers/pdplp/bin/IntegrityMonitor.log
-
-node_type=logparser
-# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase
-resource_name=pdplp_1
diff --git a/kubernetes/policy/charts/pdp/templates/NOTES.txt b/kubernetes/policy/charts/pdp/templates/NOTES.txt
deleted file mode 100644
index 868bb33d2b..0000000000
--- a/kubernetes/policy/charts/pdp/templates/NOTES.txt
+++ /dev/null
@@ -1,34 +0,0 @@
-
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/policy/charts/pdp/templates/service.yaml b/kubernetes/policy/charts/pdp/templates/service.yaml
deleted file mode 100644
index 864676ad6f..0000000000
--- a/kubernetes/policy/charts/pdp/templates/service.yaml
+++ /dev/null
@@ -1,53 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "common.servicename" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    msb.onap.org/service-info: '[
-      {
-          "serviceName": "{{ include "common.servicename" . }}",
-          "version": "v1",
-          "url": "/pdp",
-          "protocol": "REST",
-          "port": "{{ .Values.service.externalPort }}",
-          "visualRange":"1"
-      },
-      ]'
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    {{if eq .Values.service.type "NodePort" -}}
-    - port: {{ .Values.service.externalPort }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
-      name: {{ .Values.service.portName }}
-    {{- else -}}
-    - port: {{ .Values.service.externalPort }}
-      targetPort: {{ .Values.service.internalPort }}
-      name: {{ .Values.service.portName }}
-    {{- end}}
-  selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
-  sessionAffinity: None
-  clusterIP: None
diff --git a/kubernetes/policy/charts/pdp/templates/statefulset.yaml b/kubernetes/policy/charts/pdp/templates/statefulset.yaml
deleted file mode 100644
index 7e99b1bac0..0000000000
--- a/kubernetes/policy/charts/pdp/templates/statefulset.yaml
+++ /dev/null
@@ -1,184 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-spec:
-  serviceName: {{ include "common.servicename" . }}
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      app: {{ include "common.name" . }}
-  template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
-    spec:
-      initContainers:
-      - command:
-        - sh
-        args:
-        - -c
-        - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done"
-        env:
-        - name: JDBC_USER
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
-        - name: JDBC_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
-        - name: PDP_HTTP_USER_ID
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
-        - name: PDP_HTTP_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
-        - name: PDP_PAP_PDP_HTTP_USER_ID
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
-        - name: PDP_PAP_PDP_HTTP_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
-        volumeMounts:
-        - mountPath: /config-input/pe
-          name: pe-input
-        - mountPath: /config-input/pe-pdp
-          name: pe-pdp-input
-        - mountPath: /config/pe
-          name: pe
-        - mountPath: /config/pe-pdp
-          name: pe-pdp
-        image: "{{ .Values.global.envsubstImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-update-config
-      - command:
-        - /root/ready.py
-        args:
-        - --container-name
-        - {{ .Values.global.pap.nameOverride }}
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-readiness
-      containers:
-      - command:
-        - /bin/bash
-        - ./do-start.sh
-        - pdp
-        name: {{ include "common.name" . }}
-        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        env:
-        - name: JDBC_USER
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
-        - name: JDBC_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
-        resources:
-{{ include "common.resources" . | indent 12 }}
-        ports:
-        - containerPort: {{ .Values.service.externalPort }}
-        {{- if eq .Values.liveness.enabled true }}
-        livenessProbe:
-          tcpSocket:
-            port: {{ .Values.service.externalPort }}
-          initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
-          periodSeconds: {{ .Values.liveness.periodSeconds }}
-        {{- end }}
-        readinessProbe:
-          tcpSocket:
-            port: {{ .Values.service.externalPort }}
-          initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
-          periodSeconds: {{ .Values.readiness.periodSeconds }}
-        volumeMounts:
-        - mountPath: /etc/localtime
-          name: localtime
-          readOnly: true
-        - mountPath: /tmp/policy-install/config/base.conf
-          name: pe
-          subPath: base.conf
-        - mountPath: /tmp/policy-install/config/pdp-tweaks.sh
-          name: pe-pdp-input
-          subPath: pdp-tweaks.sh
-        - mountPath: /tmp/policy-install/config/pdplp.conf
-          name: pe-pdp
-          subPath: pdplp.conf
-        - mountPath: /tmp/policy-install/config/pdp.conf
-          name: pe-pdp
-          subPath: pdp.conf
-        - mountPath: /tmp/policy-install/do-start.sh
-          name: pe-scripts
-          subPath: do-start.sh
-        - mountPath: /var/log/onap
-          name: policy-logs
-        - mountPath:  /tmp/logback.xml
-          name: policy-logback
-          subPath: logback.xml
-        lifecycle:
-          postStart:
-            exec:
-              command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/opt/app/policy/servers/pdp/webapps/pdp/WEB-INF/classes/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
-      - image: {{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: filebeat-onap
-        volumeMounts:
-        - mountPath: /usr/share/filebeat/filebeat.yml
-          name: filebeat-conf
-          subPath: filebeat.yml
-        - mountPath: /var/log/onap
-          name: policy-logs
-        - mountPath: /usr/share/filebeat/data
-          name: policy-data-filebeat
-      volumes:
-      - name: localtime
-        hostPath:
-          path: /etc/localtime
-      - name: filebeat-conf
-        configMap:
-          name: {{ include "common.release" . }}-filebeat-configmap
-      - name: policy-logs
-        emptyDir: {}
-      - name: policy-data-filebeat
-        emptyDir: {}
-      - name: policy-logback
-        configMap:
-          name: {{ include "common.fullname" . }}-log-configmap
-      - name: pe-input
-        configMap:
-          name: {{ include "common.release" . }}-pe-configmap
-          defaultMode: 0755
-      - name: pe-scripts
-        configMap:
-          name: {{ include "common.release" . }}-pe-scripts-configmap
-          defaultMode: 0777
-      - name: pe-pdp-input
-        configMap:
-          name: {{ include "common.fullname" . }}-pe-configmap
-          defaultMode: 0755
-      - name: pe
-        emptyDir:
-          medium: Memory
-      - name: pe-pdp
-        emptyDir:
-          medium: Memory
-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/policy/charts/pdp/values.yaml b/kubernetes/policy/charts/pdp/values.yaml
deleted file mode 100644
index 8921eabf81..0000000000
--- a/kubernetes/policy/charts/pdp/values.yaml
+++ /dev/null
@@ -1,122 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018,2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
-  nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
-  - uid: db-secret
-    type: basicAuth
-    externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
-    login: '{{ .Values.db.user }}'
-    password: '{{ .Values.db.password }}'
-    passwordPolicy: required
-  - uid: pdp-http-creds
-    type: basicAuth
-    externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}'
-    login: '{{ .Values.pdp.pdphttpuserid }}'
-    password: '{{ .Values.pdp.pdphttppassword }}'
-    passwordPolicy: required
-  - uid: pap-http-creds
-    type: basicAuth
-    externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}'
-    login: '{{ .Values.pap.pdppappdphttpuserid }}'
-    password: '{{ .Values.pap.pdppappdphttppassword }}'
-    passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.4
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-
-db:
-  user: policy_user
-  password: policy_user
-pdp:
-  pdphttpuserid: testpdp
-  pdphttppassword: alpha123
-pap:
-  pdppappdphttpuserid: testpap
-  pdppappdphttppassword: alpha123
-
-config:
-  papPort: 9091
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
-  initialDelaySeconds: 10
-  periodSeconds: 10
-  # necessary to disable liveness probe when setting breakpoints
-  # in debugger so K8s doesn't restart unresponsive container
-  enabled: true
-
-readiness:
-  initialDelaySeconds: 10
-  periodSeconds: 10
-
-service:
-  type: ClusterIP
-  name: pdp
-  portName: pdp
-  internalPort: 8081
-  externalPort: 8081
-
-ingress:
-  enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
-  small:
-    limits:
-      cpu: 1
-      memory: 4Gi
-    requests:
-      cpu: 10m
-      memory: 1Gi
-  large:
-    limits:
-      cpu: 2
-      memory: 8Gi
-    requests:
-      cpu: 20m
-      memory: 2Gi
-  unlimited: {}
diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/secrets.yaml b/kubernetes/policy/charts/policy-apex-pdp/templates/secrets.yaml
deleted file mode 100644
index bd7eb8ea40..0000000000
--- a/kubernetes/policy/charts/policy-apex-pdp/templates/secrets.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/charts/policy-api/templates/secrets.yaml b/kubernetes/policy/charts/policy-api/templates/secrets.yaml
deleted file mode 100644
index bd7eb8ea40..0000000000
--- a/kubernetes/policy/charts/policy-api/templates/secrets.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/charts/policy-common/Chart.yaml b/kubernetes/policy/charts/policy-common/Chart.yaml
deleted file mode 100644
index 0af8e01b51..0000000000
--- a/kubernetes/policy/charts/policy-common/Chart.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP Policy Common
-name: policy-common
-version: 6.0.0
diff --git a/kubernetes/policy/charts/policy-common/requirements.yaml b/kubernetes/policy/charts/policy-common/requirements.yaml
deleted file mode 100644
index d3c442d32e..0000000000
--- a/kubernetes/policy/charts/policy-common/requirements.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
-  - name: common
-    version: ~6.x-0
-    # local reference to common chart, as it is
-    # a part of this chart's package and will not
-    # be published independently to a repo (at this point)
-    repository: '@local'
diff --git a/kubernetes/policy/charts/policy-common/resources/config/log/filebeat/filebeat.yml b/kubernetes/policy/charts/policy-common/resources/config/log/filebeat/filebeat.yml
deleted file mode 100644
index 258b654f6f..0000000000
--- a/kubernetes/policy/charts/policy-common/resources/config/log/filebeat/filebeat.yml
+++ /dev/null
@@ -1,55 +0,0 @@
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
-  #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
-  paths:
-    - /var/log/onap/*/*/*/*.log
-    - /var/log/onap/*/*/*.log
-    - /var/log/onap/*/*.log
-  #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
-  ignore_older: 48h
-  # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
-  clean_inactive: 96h
-
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
-  #List of logstash server ip addresses with port number.
-  #But, in our case, this will be the loadbalancer IP address.
-  #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
-  hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"]
-  #If enable will do load balancing among availabe Logstash, automatically.
-  loadbalance: true
-
-  #The list of root certificates for server verifications.
-  #If certificate_authorities is empty or not set, the trusted
-  #certificate authorities of the host system are used.
-  #ssl.certificate_authorities: $ssl.certificate_authorities
-
-  #The path to the certificate for SSL client authentication. If the certificate is not specified,
-  #client authentication is not available.
-  #ssl.certificate: $ssl.certificate
-
-  #The client certificate key used for client authentication.
-  #ssl.key: $ssl.key
-
-  #The passphrase used to decrypt an encrypted key stored in the configured key file
-  #ssl.key_passphrase: $ssl.key_passphrase
diff --git a/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf b/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf
deleted file mode 100644
index 810b090069..0000000000
--- a/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf
+++ /dev/null
@@ -1,44 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-JAVA_HOME=/usr/local/openjdk-11
-POLICY_HOME=/opt/app/policy
-POLICY_LOGS=/var/log/onap
-KEYSTORE_PASSWD=Pol1cy_0nap
-TRUSTSTORE_PASSWD=Pol1cy_0nap
-
-JDBC_DRIVER=org.mariadb.jdbc.Driver
-JDBC_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/onap_sdk?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30
-JDBC_LOG_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/log?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30
-
-JDBC_USER=${JDBC_USER}
-JDBC_PASSWORD=${JDBC_PASSWORD}
-
-site_name=site_1
-fp_monitor_interval=30
-failed_counter_threshold=3
-test_trans_interval=20
-write_fpc_interval=5
-max_fpc_update_interval=60
-test_via_jmx=false
-jmx_fqdn=
-
-AAF_NAMESPACE=org.onap.policy
-AAF_HOST=aaf-locate.{{.Release.Namespace}}
-
-ENVIRONMENT=TEST
-
-#Micro Service Model Properties
-policy_msOnapName=
-policy_msPolicyName=
diff --git a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh b/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh
deleted file mode 100644
index ee427af678..0000000000
--- a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh
+++ /dev/null
@@ -1,100 +0,0 @@
-#!/bin/bash
-
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-# Script to configure and start the Policy components that are to run in the designated container,
-# It is intended to be used as the entrypoint in the Dockerfile, so the last statement of the
-# script just goes into a long sleep so that the script does not exit (which would cause the
-# container to be torn down).
-
-container=$1
-
-case $container in
-pap)
-	comps="base pap paplp console mysql elk"
-	;;
-pdp)
-	comps="base pdp pdplp"
-	;;
-brmsgw)
-	comps="base brmsgw"
-	;;
-*)
-	echo "Usage: do-start.sh pap|pdp|brmsgw" >&2
-	exit 1
-esac
-
-
-# skip installation if build.info file is present (restarting an existing container)
-if [[ -f /opt/app/policy/etc/build.info ]]; then
-	echo "Found existing installation, will not reinstall"
-	. /opt/app/policy/etc/profile.d/env.sh
-
-else
-	if [[ -d config ]]; then
-		cp config/*.conf .
-	fi
-
-	for comp in $comps; do
-		echo "Installing component: $comp"
-		./docker-install.sh --install $comp
-	done
-	for comp in $comps; do
-		echo "Configuring component: $comp"
-		./docker-install.sh --configure $comp
-	done
-
-	. /opt/app/policy/etc/profile.d/env.sh
-
-	# install keystore
-        # override the policy keystore and truststore if present
-	if [[ -f config/policy-keystore ]]; then
-		cp config/policy-keystore $POLICY_HOME/etc/ssl
-	fi
-
-	if [[ -f config/policy-truststore ]]; then
-		cp -f config/policy-truststore $POLICY_HOME/etc/ssl
-	fi
-
-	if [[ -f config/$container-tweaks.sh ]] ; then
-		# file may not be executable; running it as an
-		# argument to bash avoids needing execute perms.
-		bash config/$container-tweaks.sh
-	fi
-
-	if [[ $container == pap ]]; then
-		# wait for DB up
-		# now that DB is up, invoke database upgrade
-		# (which does nothing if the db is already up-to-date)
-		if [[ -v JDBC_USER ]]; then
-			dbuser=${JDBC_USER};
-		else
-			dbuser=$(echo $(grep '^JDBC_USER=' base.conf | cut -f2 -d=))
-		fi
-
-		if [[ -v JDBC_PASSWORD ]]; then
-			dbpw=${JDBC_PASSWORD}
-		else
-			dbpw=$(echo $(grep '^JDBC_PASSWORD=' base.conf | cut -f2 -d=))
-		fi
-		db_upgrade_remote.sh $dbuser $dbpw {{.Values.global.mariadb.service.name}}
-	fi
-
-fi
-
-policy.sh start
-sleep 1000d
diff --git a/kubernetes/policy/charts/policy-common/templates/NOTES.txt b/kubernetes/policy/charts/policy-common/templates/NOTES.txt
deleted file mode 100644
index fa0aa7d258..0000000000
--- a/kubernetes/policy/charts/policy-common/templates/NOTES.txt
+++ /dev/null
@@ -1,33 +0,0 @@
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/policy/charts/policy-common/templates/configmap.yaml b/kubernetes/policy/charts/policy-common/templates/configmap.yaml
deleted file mode 100644
index 4aed50976c..0000000000
--- a/kubernetes/policy/charts/policy-common/templates/configmap.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.release" . }}-pe-configmap
-  namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.release" . }}-pe-scripts-configmap
-  namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/scripts/do-start.sh").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.release" . }}-filebeat-configmap
-  namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }}
diff --git a/kubernetes/policy/charts/policy-common/values.yaml b/kubernetes/policy/charts/policy-common/values.yaml
deleted file mode 100644
index 57eacc56f0..0000000000
--- a/kubernetes/policy/charts/policy-common/values.yaml
+++ /dev/null
@@ -1,81 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
-  nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
-  logstashServiceName: log-ls
-  logstashPort: 5044
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
-  initialDelaySeconds: 10
-  periodSeconds: 10
-  # necessary to disable liveness probe when setting breakpoints
-  # in debugger so K8s doesn't restart unresponsive container
-  enabled: true
-
-readiness:
-  initialDelaySeconds: 10
-  periodSeconds: 10
-
-service:
-  type: NodePort
-  name: <onap-app>
-  externalPort: <8080>
-  #Example internal target port if required
-  #internalPort: <80>
-  nodePort: <replace with unused node port suffix eg. 23>
-
-ingress:
-  enabled: false
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  #
-  # Example:
-  # Configure resource requests and limits
-  # ref: http://kubernetes.io/docs/user-guide/compute-resources/
-  # Minimum memory for development is 2 CPU cores and 4GB memory
-  # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-#  limits:
-#    cpu: 2
-#    memory: 4Gi
-#  requests:
-#    cpu: 2
-#    memory: 4Gi
diff --git a/kubernetes/policy/charts/policy-distribution/templates/NOTES.txt b/kubernetes/policy/charts/policy-distribution/templates/NOTES.txt
deleted file mode 100644
index c882c3385e..0000000000
--- a/kubernetes/policy/charts/policy-distribution/templates/NOTES.txt
+++ /dev/null
@@ -1,37 +0,0 @@
-#  ============LICENSE_START=======================================================
-#   Copyright (C) 2018 Ericsson. All rights reserved.
-#  ================================================================================
-#  Licensed under the Apache License, Version 2.0 (the "License");
-#  you may not use this file except in compliance with the License.
-#  You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#  ============LICENSE_END=========================================================
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/policy/charts/policy-distribution/templates/secrets.yaml b/kubernetes/policy/charts/policy-distribution/templates/secrets.yaml
deleted file mode 100644
index bd7eb8ea40..0000000000
--- a/kubernetes/policy/charts/policy-distribution/templates/secrets.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/requirements.yaml b/kubernetes/policy/charts/policy-xacml-pdp/requirements.yaml
deleted file mode 100644
index f70a3630c3..0000000000
--- a/kubernetes/policy/charts/policy-xacml-pdp/requirements.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-#  ============LICENSE_START=======================================================
-#   Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
-#  ================================================================================
-#  Licensed under the Apache License, Version 2.0 (the "License");
-#  you may not use this file except in compliance with the License.
-#  You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#  ============LICENSE_END=========================================================
-
-dependencies:
-  - name: common
-    version: ~6.x-0
-    repository: '@local'
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml
deleted file mode 100644
index bd7eb8ea40..0000000000
--- a/kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/components/Makefile b/kubernetes/policy/components/Makefile
new file mode 100755
index 0000000000..bf267b7720
--- /dev/null
+++ b/kubernetes/policy/components/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/policy/charts/policy-apex-pdp/Chart.yaml b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml
index d63683ed62..d63683ed62 100644..100755
--- a/kubernetes/policy/charts/policy-apex-pdp/Chart.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml
diff --git a/kubernetes/policy/charts/policy-apex-pdp/requirements.yaml b/kubernetes/policy/components/policy-apex-pdp/requirements.yaml
index 95b3b6deac..86751eae3c 100644..100755
--- a/kubernetes/policy/charts/policy-apex-pdp/requirements.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/requirements.yaml
@@ -1,5 +1,6 @@
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2018 Ericsson. All rights reserved.
+#   Modifications Copyright © 2020 AT&T. All rights reserved.
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -20,3 +21,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
index 767d1452cc..66a42f0171 100644..100755
--- a/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json
+++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
@@ -14,10 +14,6 @@
         "description":"Pdp Heartbeat",
         "supportedPolicyTypes": [
             {
-                "name": "onap.policies.controlloop.operational.Apex",
-                "version": "1.0.0"
-            },
-            {
                 "name": "onap.policies.native.Apex",
                 "version": "1.0.0"
             },
@@ -32,6 +28,7 @@
             "topic" : "POLICY-PDP-PAP",
             "servers" : [ "message-router" ],
             "useHttps" : true,
+            "fetchTimeout": 15000,
             "topicCommInfrastructure" : "dmaap"
         }],
         "topicSinks" : [{
diff --git a/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/config.json
index 5df0a26596..d6bd17f65b 100644..100755
--- a/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json
+++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/config.json
@@ -1,3 +1,4 @@
+{{/*
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2018 Ericsson. All rights reserved.
 #  ================================================================================
@@ -15,6 +16,7 @@
 #
 #  SPDX-License-Identifier: Apache-2.0
 #  ============LICENSE_END=========================================================
+*/}}
 {
   "javaProperties" : [
     ["javax.net.ssl.trustStore", "/opt/app/policy/apex-pdp/etc/ssl/policy-truststore"],
diff --git a/kubernetes/policy/charts/policy-apex-pdp/resources/config/logback.xml b/kubernetes/policy/components/policy-apex-pdp/resources/config/logback.xml
index 634176ea2c..83261220c9 100644..100755
--- a/kubernetes/policy/charts/policy-apex-pdp/resources/config/logback.xml
+++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/logback.xml
@@ -1,103 +1,103 @@
-<!--

-  ============LICENSE_START=======================================================

-   Copyright (C) 2020 Bell Canada. All rights reserved.

-  ================================================================================

-  Licensed under the Apache License, Version 2.0 (the "License");

-  you may not use this file except in compliance with the License.

-  You may obtain a copy of the License at

-       http://www.apache.org/licenses/LICENSE-2.0

-  Unless required by applicable law or agreed to in writing, software

-  distributed under the License is distributed on an "AS IS" BASIS,

-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

-  See the License for the specific language governing permissions and

-  limitations under the License.

-  SPDX-License-Identifier: Apache-2.0

-  ============LICENSE_END=========================================================

--->

-

-<configuration scan="true" scanPeriod="30 seconds" debug="false">

-

-    <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">

-        <file>/var/log/onap/policy/apex-pdp/error.log</file>

-        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">

-            <fileNamePattern>/var/log/onap/policy/apex-pdp/error.%d{yyyy-MM-dd}.%i.log.zip

-            </fileNamePattern>

-            <maxFileSize>50MB</maxFileSize>

-            <maxHistory>30</maxHistory>

-            <totalSizeCap>10GB</totalSizeCap>

-        </rollingPolicy>

-        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">

-            <level>WARN</level>

-        </filter>

-        <encoder>

-            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="ErrorOut" />

-    </appender>

-

-    <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">

-        <file>/var/log/onap/policy/apex-pdp/debug.log</file>

-        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">

-            <fileNamePattern>/var/log/onap/policy/apex-pdp/debug.%d{yyyy-MM-dd}.%i.log.zip

-            </fileNamePattern>

-            <maxFileSize>50MB</maxFileSize>

-            <maxHistory>30</maxHistory>

-            <totalSizeCap>10GB</totalSizeCap>

-        </rollingPolicy>

-        <encoder>

-            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="DebugOut" />

-    </appender>

-

-    <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">

-        <file>/var/log/onap/policy/apex-pdp/network.log</file>

-        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">

-            <fileNamePattern>/var/log/onap/policy/apex-pdp/network.%d{yyyy-MM-dd}.%i.log.zip

-            </fileNamePattern>

-            <maxFileSize>50MB</maxFileSize>

-            <maxHistory>30</maxHistory>

-            <totalSizeCap>10GB</totalSizeCap>

-        </rollingPolicy>

-        <encoder>

-            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="NetworkOut" />

-    </appender>

-

-    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">

-        <encoder>

-            <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="STDOUT" />

-    </appender>

-

-    <logger name="network" level="INFO" additivity="false">

-        <appender-ref ref="AsyncNetworkOut" />

-        <appender-ref ref="AsyncStdOut" />

-    </logger>

-

-    <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">

-        <appender-ref ref="AsyncNetworkOut" />

-        <appender-ref ref="AsyncStdOut" />

-    </logger>

-

-    <root level="INFO">

-        <appender-ref ref="AsyncDebugOut" />

-        <appender-ref ref="AsyncErrorOut" />

-        <appender-ref ref="AsyncStdOut" />

-    </root>

-

+<!--
+  ============LICENSE_START=======================================================
+   Copyright (C) 2020 Bell Canada. All rights reserved.
+  ================================================================================
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+       http://www.apache.org/licenses/LICENSE-2.0
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+  SPDX-License-Identifier: Apache-2.0
+  ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+    <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/apex-pdp/error.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/apex-pdp/error.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+            <level>WARN</level>
+        </filter>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="ErrorOut" />
+    </appender>
+
+    <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/apex-pdp/debug.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/apex-pdp/debug.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="DebugOut" />
+    </appender>
+
+    <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/apex-pdp/network.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/apex-pdp/network.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="NetworkOut" />
+    </appender>
+
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="STDOUT" />
+    </appender>
+
+    <logger name="network" level="INFO" additivity="false">
+        <appender-ref ref="AsyncNetworkOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </logger>
+
+    <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+        <appender-ref ref="AsyncNetworkOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </logger>
+
+    <root level="INFO">
+        <appender-ref ref="AsyncDebugOut" />
+        <appender-ref ref="AsyncErrorOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </root>
+
 </configuration>
\ No newline at end of file
diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/NOTES.txt b/kubernetes/policy/components/policy-apex-pdp/templates/NOTES.txt
index c882c3385e..c882c3385e 100644..100755
--- a/kubernetes/policy/charts/policy-apex-pdp/templates/NOTES.txt
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/NOTES.txt
diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/configmap.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/configmap.yaml
index 23fd1b56d0..5e2caa989f 100644..100755
--- a/kubernetes/policy/charts/policy-apex-pdp/templates/configmap.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/configmap.yaml
@@ -1,6 +1,8 @@
+{{/*
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2018 Ericsson. All rights reserved.
 #   Modifications Copyright (C) 2020 Nordix Foundation.
+#   Modifications Copyright (C) 2020 AT&T Intellectual Property.
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -16,12 +18,18 @@
 #
 #  SPDX-License-Identifier: Apache-2.0
 #  ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ include "common.fullname" . }}-configmap
   namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
 {{- with .Files.Glob "resources/config/*store" }}
 binaryData:
 {{- range $path, $bytes := . }}
diff --git a/kubernetes/policy/charts/pap/templates/secrets.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/secrets.yaml
index bd7eb8ea40..34932b713d 100644..100755
--- a/kubernetes/policy/charts/pap/templates/secrets.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/service.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml
index adbd5ed986..e28331baca 100644..100755
--- a/kubernetes/policy/charts/policy-apex-pdp/templates/service.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2018 Ericsson. All rights reserved.
 #  ================================================================================
@@ -15,6 +16,7 @@
 #
 #  SPDX-License-Identifier: Apache-2.0
 #  ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
index 71a7f3d39c..e9895c209b 100644..100755
--- a/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
@@ -1,5 +1,7 @@
+{{/*
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2018 Ericsson. All rights reserved.
+#   Modifications Copyright (C) 2020 AT&T Intellectual Property.
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -15,6 +17,7 @@
 #
 #  SPDX-License-Identifier: Apache-2.0
 #  ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: apps/v1
 kind: StatefulSet
@@ -43,10 +46,12 @@ spec:
         - sh
         args:
         - -c
-        - "export TRUSTSTORE_PASSWORD_BASE64=`echo -n ${TRUSTSTORE_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+        - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
         env:
         - name: TRUSTSTORE_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 10 }}
+        - name: KEYSTORE_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 10 }}
         - name: RESTSERVER_USER
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
         - name: RESTSERVER_PASSWORD
@@ -59,14 +64,15 @@ spec:
         image: "{{ .Values.global.envsubstImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
-          command:
-          - /opt/app/policy/apex-pdp/bin/apexOnapPf.sh
-          - -c
-          - /home/apexuser/config/OnapPfConfig.json
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          command: ["bash","-c"]
+          args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \
+                  source {{ .Values.certInitializer.credsPath }}/.ci; fi;\
+                  /opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"]
           ports:
           - containerPort: {{ .Values.service.externalPort }}
           {{- if eq .Values.liveness.enabled true }}
@@ -84,7 +90,14 @@ spec:
           env:
           - name: REPLICAS
             value: "{{ .Values.replicaCount }}"
+{{- if not .Values.global.aafEnabled }}
+          - name: KEYSTORE_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 12 }}
+          - name: TRUSTSTORE_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 12 }}
+{{- end }}
           volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
@@ -93,7 +106,7 @@ spec:
           - mountPath: /home/apexuser/config
             name: apexconfig
           resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
         {{- if .Values.nodeSelector }}
         nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 10 }}
@@ -103,6 +116,7 @@ spec:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
       volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
         - name: localtime
           hostPath:
             path: /etc/localtime
diff --git a/kubernetes/policy/charts/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml
index 35b2711b04..23788e2532 100644..100755
--- a/kubernetes/policy/charts/policy-apex-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml
@@ -22,6 +22,9 @@
 #################################################################
 global:
   nodePortPrefix: 302
+  readinessImage: onap/oom/readiness:3.0.1
+  envsubstImage: dibi/envsubst
+  aafEnabled: true
   persistence: {}
 
 #################################################################
@@ -35,16 +38,21 @@ secrets:
     password: '{{ .Values.restServer.password }}'
   - uid: truststore-pass
     type: password
-    externalSecret: '{{ tpl (default "" .Values.truststore.passwordExternalSecret) . }}'
-    password: '{{ .Values.truststore.password }}'
-    policy: required
+    externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+    password: '{{ .Values.certStores.trustStorePassword }}'
+    passwordPolicy: required
+  - uid: keystore-pass
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+    password: '{{ .Values.certStores.keyStorePassword }}'
+    passwordPolicy: required
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/policy-apex-pdp:2.4.0
+image: onap/policy-apex-pdp:2.4.4
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -57,6 +65,30 @@ restServer:
   password: zb!XztG34
 truststore:
   password: Pol1cy_0nap
+certStores:
+  keyStorePassword: Pol1cy_0nap
+  trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+  nameOverride: policy-apex-pdp-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  fqdn: policy
+  fqi: policy@policy.onap.org
+  public_fqdn: policy.onap.org
+  cadi_latitude: "0.0"
+  cadi_longitude: "0.0"
+  credsPath: /opt/app/osaaf/local
+  app_ns: org.osaaf.aaf
+  uid: 101
+  gid: 102
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh;
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass
+    {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+    echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
+    echo "export KEYSTORE_PASSWORD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+    chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
 
 # default number of instances
 replicaCount: 1
@@ -89,8 +121,8 @@ ingress:
   enabled: false
 
 # Resource Limit flavor -By Default using small
-flavor: small
 # Segregation for Different environment (Small and Large)
+flavor: small
 resources:
   small:
     limits:
diff --git a/kubernetes/policy/charts/policy-api/Chart.yaml b/kubernetes/policy/components/policy-api/Chart.yaml
index 021263a1fc..676a647e9a 100644..100755
--- a/kubernetes/policy/charts/policy-api/Chart.yaml
+++ b/kubernetes/policy/components/policy-api/Chart.yaml
@@ -1,5 +1,5 @@
 #  ============LICENSE_START=======================================================
-#   Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+#   Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
diff --git a/kubernetes/policy/charts/policy-api/requirements.yaml b/kubernetes/policy/components/policy-api/requirements.yaml
index f70a3630c3..c9502372be 100644..100755
--- a/kubernetes/policy/charts/policy-api/requirements.yaml
+++ b/kubernetes/policy/components/policy-api/requirements.yaml
@@ -1,5 +1,5 @@
 #  ============LICENSE_START=======================================================
-#   Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+#   Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -20,3 +20,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/policy/charts/policy-api/resources/config/config.json b/kubernetes/policy/components/policy-api/resources/config/config.json
index fba7e6ce12..729eea87ff 100644..100755
--- a/kubernetes/policy/charts/policy-api/resources/config/config.json
+++ b/kubernetes/policy/components/policy-api/resources/config/config.json
@@ -1,3 +1,4 @@
+{{/*
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
 #  ================================================================================
@@ -15,6 +16,7 @@
 #
 #  SPDX-License-Identifier: Apache-2.0
 #  ============LICENSE_END=========================================================
+*/}}
 {
     "name":"ApiGroup",
     "restServerParameters":{
@@ -29,13 +31,13 @@
         "name": "PolicyProviderParameterGroup",
         "implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl",
         "databaseDriver": "org.mariadb.jdbc.Driver",
-        "databaseUrl": "jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/policyadmin",
+        "databaseUrl": "jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin",
         "databaseUser": "${SQL_USER}",
-        "databasePassword": "${SQL_PASSWORD_BASE64}",
+        "databasePassword": "${SQL_PASSWORD}",
         "persistenceUnit": "PolicyMariaDb"
     },
     "preloadPolicyTypes": [
-        "policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app.yaml",
+        "policytypes/onap.policies.monitoring.tcagen2.yaml",
         "policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml",
         "policytypes/onap.policies.Optimization.yaml",
         "policytypes/onap.policies.optimization.Resource.yaml",
@@ -53,9 +55,10 @@
         "policytypes/onap.policies.controlloop.guard.common.Blacklist.yaml",
         "policytypes/onap.policies.controlloop.guard.common.FrequencyLimiter.yaml",
         "policytypes/onap.policies.controlloop.guard.common.MinMax.yaml",
+        "policytypes/onap.policies.controlloop.guard.common.Filter.yaml",
         "policytypes/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml",
-        "policytypes/onap.policies.controlloop.Operational.yaml",
         "policytypes/onap.policies.Naming.yaml",
+        "policytypes/onap.policies.Match.yaml",
         "policytypes/onap.policies.native.Drools.yaml",
         "policytypes/onap.policies.native.Xacml.yaml",
         "policytypes/onap.policies.native.Apex.yaml",
diff --git a/kubernetes/policy/charts/policy-api/resources/config/logback.xml b/kubernetes/policy/components/policy-api/resources/config/logback.xml
index 4b73633f26..7298e4cc14 100644..100755
--- a/kubernetes/policy/charts/policy-api/resources/config/logback.xml
+++ b/kubernetes/policy/components/policy-api/resources/config/logback.xml
@@ -1,159 +1,159 @@
-<!--

-  ============LICENSE_START=======================================================

-   Copyright (C) 2020 Bell Canada. All rights reserved.

-  ================================================================================

-  Licensed under the Apache License, Version 2.0 (the "License");

-  you may not use this file except in compliance with the License.

-  You may obtain a copy of the License at

-       http://www.apache.org/licenses/LICENSE-2.0

-  Unless required by applicable law or agreed to in writing, software

-  distributed under the License is distributed on an "AS IS" BASIS,

-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

-  See the License for the specific language governing permissions and

-  limitations under the License.

-  SPDX-License-Identifier: Apache-2.0

-  ============LICENSE_END=========================================================

--->

-

-<configuration scan="true" scanPeriod="30 seconds" debug="false">

-

-    <appender name="ErrorOut"

-        class="ch.qos.logback.core.rolling.RollingFileAppender">

-        <file>/var/log/onap/policy/api/error.log</file>

-        <rollingPolicy

-            class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">

-            <fileNamePattern>/var/log/onap/policy/api/error.%d{yyyy-MM-dd}.%i.log.zip

-            </fileNamePattern>

-            <maxFileSize>50MB</maxFileSize>

-            <maxHistory>30</maxHistory>

-            <totalSizeCap>10GB</totalSizeCap>

-        </rollingPolicy>

-        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">

-            <level>WARN</level>

-        </filter>

-        <encoder>

-            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncErrorOut"

-        class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="ErrorOut" />

-    </appender>

-

-    <appender name="DebugOut"

-        class="ch.qos.logback.core.rolling.RollingFileAppender">

-        <file>/var/log/onap/policy/api/debug.log</file>

-        <rollingPolicy

-            class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">

-            <fileNamePattern>/var/log/onap/policy/api/debug.%d{yyyy-MM-dd}.%i.log.zip

-            </fileNamePattern>

-            <maxFileSize>50MB</maxFileSize>

-            <maxHistory>30</maxHistory>

-            <totalSizeCap>10GB</totalSizeCap>

-        </rollingPolicy>

-        <encoder>

-            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncDebugOut"

-        class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="DebugOut" />

-    </appender>

-

-    <appender name="NetworkOut"

-        class="ch.qos.logback.core.rolling.RollingFileAppender">

-        <file>/var/log/onap/policy/api/network.log</file>

-        <rollingPolicy

-            class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">

-            <fileNamePattern>/var/log/onap/policy/api/network.%d{yyyy-MM-dd}.%i.log.zip

-            </fileNamePattern>

-            <maxFileSize>50MB</maxFileSize>

-            <maxHistory>30</maxHistory>

-            <totalSizeCap>10GB</totalSizeCap>

-        </rollingPolicy>

-        <encoder>

-            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncNetworkOut"

-        class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="NetworkOut" />

-    </appender>

-

-    <appender name="MetricOut"

-        class="ch.qos.logback.core.rolling.RollingFileAppender">

-        <file>/var/log/onap/policy/api/metric.log</file>

-        <rollingPolicy

-            class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">

-            <fileNamePattern>/var/log/onap/policy/api/metric.%d{yyyy-MM-dd}.%i.log.zip

-            </fileNamePattern>

-            <maxFileSize>50MB</maxFileSize>

-            <maxHistory>30</maxHistory>

-            <totalSizeCap>10GB</totalSizeCap>

-        </rollingPolicy>

-        <encoder>

-            <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncMetricOut"

-        class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="MetricOut" />

-    </appender>

-

-    <appender name="TransactionOut"

-        class="ch.qos.logback.core.rolling.RollingFileAppender">

-        <file>/var/log/onap/policy/api/audit.log</file>

-        <rollingPolicy

-            class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">

-            <fileNamePattern>/var/log/onap/policy/api/audit.%d{yyyy-MM-dd}.%i.log.zip

-            </fileNamePattern>

-            <maxFileSize>50MB</maxFileSize>

-            <maxHistory>30</maxHistory>

-            <totalSizeCap>10GB</totalSizeCap>

-        </rollingPolicy>

-        <encoder>

-            <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncTransactionOut"

-        class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="TransactionOut" />

-    </appender>

-

-    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">

-        <encoder>

-            <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="STDOUT" />

-    </appender>

-

-    <logger name="network" level="INFO" additivity="false">

-        <appender-ref ref="AsyncNetworkOut" />

-        <appender-ref ref="AsyncStdOut" />

-    </logger>

-

-    <logger name="org.eclipse.jetty.server.RequestLog" level="info"

-        additivity="false">

-        <appender-ref ref="AsyncNetworkOut" />

-        <appender-ref ref="AsyncStdOut" />

-    </logger>

-

-    <logger name="org.eclipse.jetty" level="ERROR" />

-

-    <root level="INFO">

-        <appender-ref ref="AsyncDebugOut" />

-        <appender-ref ref="AsyncErrorOut" />

-        <appender-ref ref="AsyncMetricOut" />

-        <appender-ref ref="AsyncTransactionOut" />

-        <appender-ref ref="AsyncStdOut" />

-    </root>

-

-</configuration>

+<!--
+  ============LICENSE_START=======================================================
+   Copyright (C) 2020 Bell Canada. All rights reserved.
+  ================================================================================
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+       http://www.apache.org/licenses/LICENSE-2.0
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+  SPDX-License-Identifier: Apache-2.0
+  ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+    <appender name="ErrorOut"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/api/error.log</file>
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/api/error.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+            <level>WARN</level>
+        </filter>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncErrorOut"
+        class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="ErrorOut" />
+    </appender>
+
+    <appender name="DebugOut"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/api/debug.log</file>
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/api/debug.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncDebugOut"
+        class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="DebugOut" />
+    </appender>
+
+    <appender name="NetworkOut"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/api/network.log</file>
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/api/network.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncNetworkOut"
+        class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="NetworkOut" />
+    </appender>
+
+    <appender name="MetricOut"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/api/metric.log</file>
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/api/metric.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncMetricOut"
+        class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="MetricOut" />
+    </appender>
+
+    <appender name="TransactionOut"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/api/audit.log</file>
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/api/audit.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncTransactionOut"
+        class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="TransactionOut" />
+    </appender>
+
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="STDOUT" />
+    </appender>
+
+    <logger name="network" level="INFO" additivity="false">
+        <appender-ref ref="AsyncNetworkOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </logger>
+
+    <logger name="org.eclipse.jetty.server.RequestLog" level="info"
+        additivity="false">
+        <appender-ref ref="AsyncNetworkOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </logger>
+
+    <logger name="org.eclipse.jetty" level="ERROR" />
+
+    <root level="INFO">
+        <appender-ref ref="AsyncDebugOut" />
+        <appender-ref ref="AsyncErrorOut" />
+        <appender-ref ref="AsyncMetricOut" />
+        <appender-ref ref="AsyncTransactionOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </root>
+
+</configuration>
diff --git a/kubernetes/policy/charts/policy-api/templates/configmap.yaml b/kubernetes/policy/components/policy-api/templates/configmap.yaml
index e2a3de7756..0c4e870481 100644..100755
--- a/kubernetes/policy/charts/policy-api/templates/configmap.yaml
+++ b/kubernetes/policy/components/policy-api/templates/configmap.yaml
@@ -1,6 +1,8 @@
+{{/*
 #  ============LICENSE_START=======================================================
-#   Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+#   Copyright (C) 2018 Ericsson. All rights reserved.
 #   Modifications Copyright (C) 2020 Nordix Foundation.
+#   Modified Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -16,12 +18,18 @@
 #
 #  SPDX-License-Identifier: Apache-2.0
 #  ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ include "common.fullname" . }}-configmap
   namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
 {{- with .Files.Glob "resources/config/*store" }}
 binaryData:
 {{- range $path, $bytes := . }}
diff --git a/kubernetes/policy/charts/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml
index f8da461fb4..021b49dc6d 100644..100755
--- a/kubernetes/policy/charts/policy-api/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml
@@ -21,25 +21,24 @@ spec:
     spec:
       initContainers:
         - command:
-          - /root/ready.py
+          - /app/ready.py
           args:
-          - --container-name
-          - {{ include "common.release" . }}-galera-config
+          - --job-name
+          - {{ include "common.release" . }}-policy-galera-config
           env:
           - name: NAMESPACE
             valueFrom:
               fieldRef:
                 apiVersion: v1
                 fieldPath: metadata.namespace
-          image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+          image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           name: {{ include "common.name" . }}-readiness
-
         - command:
           - sh
           args:
           - -c
-          - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+          - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
           env:
           - name: SQL_USER
             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }}
@@ -57,13 +56,24 @@ spec:
           image: "{{ .Values.global.envsubstImage }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           name: {{ include "common.name" . }}-update-config
-
+{{ include "common.certInitializer.initContainer" . | indent 8 }}
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+          command: ["bash","-c"]
+          args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+                  /opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/config.json"]
+{{- else }}
           command: ["/opt/app/policy/api/bin/policy-api.sh"]
           args: ["/opt/app/policy/api/etc/mounted/config.json"]
+          env:
+          - name: KEYSTORE_PASSWD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+          - name: TRUSTSTORE_PASSWD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
           # disable liveness probe when breakpoints set in debugger
@@ -81,13 +91,14 @@ spec:
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
           - mountPath: /opt/app/policy/api/etc/mounted
             name: apiconfig-processed
           resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
         {{- if .Values.nodeSelector }}
         nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 10 }}
@@ -97,6 +108,7 @@ spec:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
       volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
         - name: localtime
           hostPath:
              path: /etc/localtime
diff --git a/kubernetes/policy/charts/pdp/templates/secrets.yaml b/kubernetes/policy/components/policy-api/templates/secrets.yaml
index bd7eb8ea40..34932b713d 100644..100755
--- a/kubernetes/policy/charts/pdp/templates/secrets.yaml
+++ b/kubernetes/policy/components/policy-api/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/charts/policy-api/templates/service.yaml b/kubernetes/policy/components/policy-api/templates/service.yaml
index fba02c84b9..a1b5585db6 100644..100755
--- a/kubernetes/policy/charts/policy-api/templates/service.yaml
+++ b/kubernetes/policy/components/policy-api/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
 #  ================================================================================
@@ -15,6 +16,7 @@
 #
 #  SPDX-License-Identifier: Apache-2.0
 #  ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/policy/charts/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml
index 35700d9f9c..6f0a590f47 100644..100755
--- a/kubernetes/policy/charts/policy-api/values.yaml
+++ b/kubernetes/policy/components/policy-api/values.yaml
@@ -23,6 +23,8 @@ global:
   nodePortPrefix: 304
   persistence: {}
   envsubstImage: dibi/envsubst
+  aafEnabled: true
+  readinessImage: onap/oom/readiness:3.0.1
 
 #################################################################
 # Secrets metaconfig
@@ -40,13 +42,49 @@ secrets:
     login: '{{ .Values.restServer.user }}'
     password: '{{ .Values.restServer.password }}'
     passwordPolicy: required
+  - uid: keystore-password
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+    password: '{{ .Values.certStores.keyStorePassword }}'
+    passwordPolicy: required
+  - uid: truststore-password
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+    password: '{{ .Values.certStores.trustStorePassword }}'
+    passwordPolicy: required
+
+certStores:
+  keyStorePassword: Pol1cy_0nap
+  trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+  nameOverride: policy-api-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  fqdn: policy
+  fqi: policy@policy.onap.org
+  public_fqdn: policy.onap.org
+  cadi_latitude: "0.0"
+  cadi_longitude: "0.0"
+  credsPath: /opt/app/osaaf/local
+  app_ns: org.osaaf.aaf
+  uid: 100
+  gid: 101
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh;
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass
+    {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+    echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+    echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+    chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/policy-api:2.3.0
+image: onap/policy-api:2.3.3
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -56,6 +94,10 @@ debugEnabled: false
 db:
   user: policy_user
   password: policy_user
+  service:
+    name: policy-mariadb
+    internalPort: 3306
+
 restServer:
   user: healthcheck
   password: zb!XztG34
@@ -90,4 +132,21 @@ service:
 ingress:
   enabled: false
 
-resources: {}
+flavor: small
+resources:
+  small:
+    limits:
+      cpu: 1
+      memory: 4Gi
+    requests:
+      cpu: 100m
+      memory: 1Gi
+  large:
+    limits:
+      cpu: 2
+      memory: 8Gi
+    requests:
+      cpu: 200m
+      memory: 2Gi
+  unlimited: {}
+
diff --git a/kubernetes/policy/charts/policy-distribution/Chart.yaml b/kubernetes/policy/components/policy-distribution/Chart.yaml
index db04d7cc6d..db04d7cc6d 100644..100755
--- a/kubernetes/policy/charts/policy-distribution/Chart.yaml
+++ b/kubernetes/policy/components/policy-distribution/Chart.yaml
diff --git a/kubernetes/policy/charts/policy-distribution/requirements.yaml b/kubernetes/policy/components/policy-distribution/requirements.yaml
index 95b3b6deac..12ce3e0067 100644..100755
--- a/kubernetes/policy/charts/policy-distribution/requirements.yaml
+++ b/kubernetes/policy/components/policy-distribution/requirements.yaml
@@ -1,5 +1,6 @@
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2018 Ericsson. All rights reserved.
+#   Modifications Copyright (C) 2020 AT&T. All rights reserved.
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -20,3 +21,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/policy/charts/policy-distribution/resources/config/config.json b/kubernetes/policy/components/policy-distribution/resources/config/config.json
index 9b9a7a5a93..ae31633843 100644..100755
--- a/kubernetes/policy/charts/policy-distribution/resources/config/config.json
+++ b/kubernetes/policy/components/policy-distribution/resources/config/config.json
@@ -1,3 +1,4 @@
+{{/*
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2018 Ericsson. All rights reserved.
 #   Modifications Copyright (C) 2020 AT&T Intellectual Property.
@@ -16,6 +17,7 @@
 #
 #  SPDX-License-Identifier: Apache-2.0
 #  ============LICENSE_END=========================================================
+*/}}
 {
     "name":"SDCDistributionGroup",
     "restServerParameters":{
@@ -54,7 +56,7 @@
             "parameters":{
                 "asdcAddress": "sdc-be:8443",
                 "messageBusAddress": [
-                    "message-router"
+                    "message-router.{{ include "common.namespace" . }}"
                  ],
                 "user": "${SDCBE_USER}",
                 "password": "${SDCBE_PASSWORD}",
diff --git a/kubernetes/policy/charts/policy-distribution/resources/config/logback.xml b/kubernetes/policy/components/policy-distribution/resources/config/logback.xml
index 21dd0fca64..8d63217766 100644..100755
--- a/kubernetes/policy/charts/policy-distribution/resources/config/logback.xml
+++ b/kubernetes/policy/components/policy-distribution/resources/config/logback.xml
@@ -1,113 +1,113 @@
-<!--

-  ============LICENSE_START=======================================================

-   Copyright (C) 2020 Bell Canada. All rights reserved.

-  ================================================================================

-  Licensed under the Apache License, Version 2.0 (the "License");

-  you may not use this file except in compliance with the License.

-  You may obtain a copy of the License at

-       http://www.apache.org/licenses/LICENSE-2.0

-  Unless required by applicable law or agreed to in writing, software

-  distributed under the License is distributed on an "AS IS" BASIS,

-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

-  See the License for the specific language governing permissions and

-  limitations under the License.

-  SPDX-License-Identifier: Apache-2.0

-  ============LICENSE_END=========================================================

--->

-

-<configuration scan="true" scanPeriod="30 seconds" debug="false">

-

-    <appender name="ErrorOut"

-        class="ch.qos.logback.core.rolling.RollingFileAppender">

-        <file>/var/log/onap/policy/distribution/error.log</file>

-        <rollingPolicy

-            class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">

-            <fileNamePattern>/var/log/onap/policy/distribution/error.%d{yyyy-MM-dd}.%i.log.zip

-            </fileNamePattern>

-            <maxFileSize>50MB</maxFileSize>

-            <maxHistory>30</maxHistory>

-            <totalSizeCap>10GB</totalSizeCap>

-        </rollingPolicy>

-        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">

-            <level>WARN</level>

-        </filter>

-        <encoder>

-            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncErrorOut"

-        class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="ErrorOut" />

-    </appender>

-

-    <appender name="DebugOut"

-        class="ch.qos.logback.core.rolling.RollingFileAppender">

-        <file>/var/log/onap/policy/distribution/debug.log</file>

-        <rollingPolicy

-            class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">

-            <fileNamePattern>/var/log/onap/policy/distribution/debug.%d{yyyy-MM-dd}.%i.log.zip

-            </fileNamePattern>

-            <maxFileSize>50MB</maxFileSize>

-            <maxHistory>30</maxHistory>

-            <totalSizeCap>10GB</totalSizeCap>

-        </rollingPolicy>

-        <encoder>

-            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncDebugOut"

-        class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="DebugOut" />

-    </appender>

-

-    <appender name="NetworkOut"

-        class="ch.qos.logback.core.rolling.RollingFileAppender">

-        <file>/var/log/onap/policy/distribution/network.log</file>

-        <rollingPolicy

-            class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">

-            <fileNamePattern>/var/log/onap/policy/distribution/network.%d{yyyy-MM-dd}.%i.log.zip

-            </fileNamePattern>

-            <maxFileSize>50MB</maxFileSize>

-            <maxHistory>30</maxHistory>

-            <totalSizeCap>10GB</totalSizeCap>

-        </rollingPolicy>

-        <encoder>

-            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncNetworkOut"

-        class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="NetworkOut" />

-    </appender>

-

-    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">

-        <encoder>

-            <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="STDOUT" />

-    </appender>

-

-    <logger name="network" level="INFO" additivity="false">

-        <appender-ref ref="AsyncNetworkOut" />

-        <appender-ref ref="AsyncStdOut" />

-    </logger>

-

-    <logger name="org.eclipse.jetty.server.RequestLog" level="info"

-        additivity="false">

-        <appender-ref ref="AsyncNetworkOut" />

-        <appender-ref ref="AsyncStdOut" />

-    </logger>

-

-    <root level="INFO">

-        <appender-ref ref="AsyncDebugOut" />

-        <appender-ref ref="AsyncErrorOut" />

-        <appender-ref ref="AsyncStdOut" />

-    </root>

-

+<!--
+  ============LICENSE_START=======================================================
+   Copyright (C) 2020 Bell Canada. All rights reserved.
+  ================================================================================
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+       http://www.apache.org/licenses/LICENSE-2.0
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+  SPDX-License-Identifier: Apache-2.0
+  ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+    <appender name="ErrorOut"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/distribution/error.log</file>
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/distribution/error.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+            <level>WARN</level>
+        </filter>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncErrorOut"
+        class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="ErrorOut" />
+    </appender>
+
+    <appender name="DebugOut"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/distribution/debug.log</file>
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/distribution/debug.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncDebugOut"
+        class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="DebugOut" />
+    </appender>
+
+    <appender name="NetworkOut"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/distribution/network.log</file>
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/distribution/network.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncNetworkOut"
+        class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="NetworkOut" />
+    </appender>
+
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="STDOUT" />
+    </appender>
+
+    <logger name="network" level="INFO" additivity="false">
+        <appender-ref ref="AsyncNetworkOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </logger>
+
+    <logger name="org.eclipse.jetty.server.RequestLog" level="info"
+        additivity="false">
+        <appender-ref ref="AsyncNetworkOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </logger>
+
+    <root level="INFO">
+        <appender-ref ref="AsyncDebugOut" />
+        <appender-ref ref="AsyncErrorOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </root>
+
 </configuration>
\ No newline at end of file
diff --git a/kubernetes/policy/charts/policy-distribution/templates/configmap.yaml b/kubernetes/policy/components/policy-distribution/templates/configmap.yaml
index 23fd1b56d0..5e2caa989f 100644..100755
--- a/kubernetes/policy/charts/policy-distribution/templates/configmap.yaml
+++ b/kubernetes/policy/components/policy-distribution/templates/configmap.yaml
@@ -1,6 +1,8 @@
+{{/*
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2018 Ericsson. All rights reserved.
 #   Modifications Copyright (C) 2020 Nordix Foundation.
+#   Modifications Copyright (C) 2020 AT&T Intellectual Property.
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -16,12 +18,18 @@
 #
 #  SPDX-License-Identifier: Apache-2.0
 #  ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ include "common.fullname" . }}-configmap
   namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
 {{- with .Files.Glob "resources/config/*store" }}
 binaryData:
 {{- range $path, $bytes := . }}
diff --git a/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml
index 8301df1c78..8dd06e8924 100644..100755
--- a/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml
@@ -1,3 +1,23 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2020 AT&T Intellectual Property.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -50,12 +70,24 @@ spec:
         image: "{{ .Values.global.envsubstImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+          command: ["bash","-c"]
+          args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+                  /opt/app/policy/distribution/bin/policy-dist.sh /opt/app/policy/distribution/etc/mounted/config.json"]
+{{- else }}
           command: ["/opt/app/policy/distribution/bin/policy-dist.sh"]
           args: ["/opt/app/policy/distribution/etc/mounted/config.json"]
+          env:
+          - name: KEYSTORE_PASSWD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+          - name: TRUSTSTORE_PASSWD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
           # disable liveness probe when breakpoints set in debugger
@@ -73,13 +105,14 @@ spec:
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
           - mountPath: /opt/app/policy/distribution/etc/mounted
             name: distributionconfig
           resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
         {{- if .Values.nodeSelector }}
         nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 10 }}
@@ -89,6 +122,7 @@ spec:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
       volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
         - name: localtime
           hostPath:
              path: /etc/localtime
diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/secrets.yaml b/kubernetes/policy/components/policy-distribution/templates/secrets.yaml
index bd7eb8ea40..34932b713d 100644..100755
--- a/kubernetes/cds/charts/cds-blueprints-processor/templates/secrets.yaml
+++ b/kubernetes/policy/components/policy-distribution/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/charts/policy-distribution/templates/service.yaml b/kubernetes/policy/components/policy-distribution/templates/service.yaml
index 9619d0c834..4b91692749 100644..100755
--- a/kubernetes/policy/charts/policy-distribution/templates/service.yaml
+++ b/kubernetes/policy/components/policy-distribution/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2018 Ericsson. All rights reserved.
 #   Modifications Copyright (C) 2019 AT&T Intellectual Property.
@@ -16,6 +17,7 @@
 #
 #  SPDX-License-Identifier: Apache-2.0
 #  ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/policy/charts/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml
index 5165b16962..4de0643354 100644..100755
--- a/kubernetes/policy/charts/policy-distribution/values.yaml
+++ b/kubernetes/policy/components/policy-distribution/values.yaml
@@ -45,6 +45,16 @@ secrets:
     login: '{{ .Values.sdcBe.user }}'
     password: '{{ .Values.sdcBe.password }}'
     passwordPolicy: required
+  - uid: keystore-password
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+    password: '{{ .Values.certStores.keyStorePassword }}'
+    passwordPolicy: required
+  - uid: truststore-password
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+    password: '{{ .Values.certStores.trustStorePassword }}'
+    passwordPolicy: required
 
 #################################################################
 # Global configuration defaults.
@@ -52,13 +62,15 @@ secrets:
 global:
   persistence: {}
   envsubstImage: dibi/envsubst
+  aafEnabled: true
+  readinessImage: onap/oom/readiness:3.0.1
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/policy-distribution:2.4.0
+image: onap/policy-distribution:2.4.3
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -78,6 +90,30 @@ papParameters:
 sdcBe:
   user: policy
   password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+certStores:
+  keyStorePassword: Pol1cy_0nap
+  trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+  nameOverride: policy-distribution-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  fqdn: policy
+  fqi: policy@policy.onap.org
+  public_fqdn: policy.onap.org
+  cadi_latitude: "0.0"
+  cadi_longitude: "0.0"
+  credsPath: /opt/app/osaaf/local
+  app_ns: org.osaaf.aaf
+  uid: 100
+  gid: 101
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh;
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass
+    {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+    echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
+    echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+    chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
 
 # default number of instances
 replicaCount: 1
@@ -108,4 +144,20 @@ service:
 ingress:
   enabled: false
 
-resources: {}
+flavor: small
+resources:
+  small:
+    limits:
+      cpu: 1
+      memory: 4Gi
+    requests:
+      cpu: 100m
+      memory: 1Gi
+  large:
+    limits:
+      cpu: 2
+      memory: 8Gi
+    requests:
+      cpu: 200m
+      memory: 2Gi
+  unlimited: {}
diff --git a/kubernetes/policy/components/policy-drools-pdp/Chart.yaml b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml
new file mode 100755
index 0000000000..22567af862
--- /dev/null
+++ b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml
@@ -0,0 +1,19 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP Drools Policy Engine (PDP-D)
+name: policy-drools-pdp
+version: 6.0.0
diff --git a/kubernetes/policy/components/policy-drools-pdp/requirements.yaml b/kubernetes/policy/components/policy-drools-pdp/requirements.yaml
new file mode 100755
index 0000000000..ca24480fc8
--- /dev/null
+++ b/kubernetes/policy/components/policy-drools-pdp/requirements.yaml
@@ -0,0 +1,22 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/policy/charts/drools/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
index c996d13e27..ec8d119fa6 100644..100755
--- a/kubernetes/policy/charts/drools/resources/configmaps/base.conf
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017-2018 Amdocs, Bell Canada.
 # Modifications Copyright (C) 2018-2020 AT&T Intellectual Property.
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 # JVM options
 
@@ -30,14 +32,14 @@ TELEMETRY_HOST=0.0.0.0
 # nexus repository
 
 SNAPSHOT_REPOSITORY_ID=policy-nexus-snapshots
-SNAPSHOT_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/
+SNAPSHOT_REPOSITORY_URL=http://{{.Values.nexus.name}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/
 RELEASE_REPOSITORY_ID=policy-nexus-releases
-RELEASE_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/
+RELEASE_REPOSITORY_URL=http://{{.Values.nexus.name}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/
 REPOSITORY_OFFLINE={{.Values.nexus.offline}}
 
 # Relational (SQL) DB access
 
-SQL_HOST={{ .Values.global.mariadb.service.name }}
+SQL_HOST={{ .Values.db.name }}
 
 # AAF
 
@@ -57,6 +59,7 @@ PDPD_CONFIGURATION_PARTITION_KEY=
 
 POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP
 POLICY_PDP_PAP_GROUP=defaultGroup
+POLICY_PDP_PAP_POLICYTYPES=onap.policies.controlloop.operational.common.Drools
 
 # Symmetric Key for encoded sensitive data
 
diff --git a/kubernetes/policy/charts/drools/resources/configmaps/feature-pooling-dmaap.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf
index 44d0bf18ce..761e8afef8 100644..100755
--- a/kubernetes/policy/charts/drools/resources/configmaps/feature-pooling-dmaap.conf
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf
@@ -1,3 +1,4 @@
+{{/*
 # Copyright 2018-2019 AT&T Intellectual Property. All rights reserved.
 # Modifications Copyright © 2018 Amdocs, Bell Canada.
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 POOLING_TOPIC=POOLING
diff --git a/kubernetes/policy/charts/drools/resources/configmaps/logback.xml b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml
index 49a476cbf6..9cd92da7fa 100644..100755
--- a/kubernetes/policy/charts/drools/resources/configmaps/logback.xml
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml
@@ -1,162 +1,162 @@
-<!--

-  ============LICENSE_START=======================================================

-   Copyright (C) 2020 Bell Canada. All rights reserved.

-  ================================================================================

-  Licensed under the Apache License, Version 2.0 (the "License");

-  you may not use this file except in compliance with the License.

-  You may obtain a copy of the License at

-       http://www.apache.org/licenses/LICENSE-2.0

-  Unless required by applicable law or agreed to in writing, software

-  distributed under the License is distributed on an "AS IS" BASIS,

-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

-  See the License for the specific language governing permissions and

-  limitations under the License.

-  SPDX-License-Identifier: Apache-2.0

-  ============LICENSE_END=========================================================

--->

-

-<configuration scan="true" scanPeriod="30 seconds" debug="false">

-

-    <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">

-        <file>/var/log/onap/policy/pdpd/error.log</file>

-        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">

-            <fileNamePattern>/var/log/onap/policy/pdpd/error.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>

-            <maxFileSize>50MB</maxFileSize>

-            <maxHistory>30</maxHistory>

-            <totalSizeCap>10GB</totalSizeCap>

-        </rollingPolicy>

-        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">

-            <level>WARN</level>

-        </filter>

-        <encoder>

-            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="ErrorOut" />

-    </appender>

-

-    <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">

-        <file>/var/log/onap/policy/pdpd/debug.log</file>

-        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">

-            <fileNamePattern>/var/log/onap/policy/pdpd/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>

-            <maxFileSize>50MB</maxFileSize>

-            <maxHistory>30</maxHistory>

-            <totalSizeCap>10GB</totalSizeCap>

-        </rollingPolicy>

-        <encoder>

-            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="DebugOut" />

-    </appender>

-

-    <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">

-        <file>/var/log/onap/policy/pdpd/network.log</file>

-        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">

-            <fileNamePattern>/var/log/onap/policy/pdpd/network.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>

-            <maxFileSize>50MB</maxFileSize>

-            <maxHistory>30</maxHistory>

-            <totalSizeCap>10GB</totalSizeCap>

-        </rollingPolicy>

-        <encoder>

-            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="NetworkOut" />

-    </appender>

-

-    <appender name="MetricOut" class="ch.qos.logback.core.rolling.RollingFileAppender">

-        <file>/var/log/onap/policy/pdpd/metric.log</file>

-        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">

-            <fileNamePattern>/var/log/onap/policy/pdpd/metric.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>

-            <maxFileSize>50MB</maxFileSize>

-            <maxHistory>30</maxHistory>

-            <totalSizeCap>10GB</totalSizeCap>

-        </rollingPolicy>

-        <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />

-        <encoder>

-            <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncMetricOut" class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="MetricOut" />

-    </appender>

-

-    <appender name="TransactionOut" class="ch.qos.logback.core.rolling.RollingFileAppender">

-        <file>/var/log/onap/policy/pdpd/audit.log</file>

-        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">

-            <fileNamePattern>/var/log/onap/policy/pdpd/audit.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>

-            <maxFileSize>50MB</maxFileSize>

-            <maxHistory>30</maxHistory>

-            <totalSizeCap>10GB</totalSizeCap>

-        </rollingPolicy>

-        <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />

-        <encoder>

-            <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncTransactionOut" class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="TransactionOut" />

-    </appender>

-

-    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">

-        <encoder>

-            <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="STDOUT" />

-    </appender>

-

-    <appender name="MetricStdOut" class="ch.qos.logback.core.ConsoleAppender">

-        <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />

-        <encoder>

-            <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncMetricStdOut" class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="MetricStdOut" />

-    </appender>

-

-    <appender name="TransactionStdOut" class="ch.qos.logback.core.ConsoleAppender">

-        <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />

-        <encoder>

-            <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncTransactionStdOut" class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="TransactionStdOut" />

-    </appender>

-

-    <logger name="network" level="INFO" additivity="false">

-        <appender-ref ref="AsyncNetworkOut" />

-        <appender-ref ref="AsyncStdOut" />

-    </logger>

-

-    <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">

-        <appender-ref ref="AsyncNetworkOut" />

-        <appender-ref ref="AsyncStdOut" />

-    </logger>

-

-    <root level="INFO">

-        <appender-ref ref="AsyncDebugOut" />

-        <appender-ref ref="AsyncErrorOut" />

-        <appender-ref ref="AsyncMetricOut" />

-        <appender-ref ref="AsyncTransactionOut" />

-        <appender-ref ref="AsyncStdOut" />

-        <appender-ref ref="AsyncMetricStdOut" />

-        <appender-ref ref="AsyncTransactionStdOut" />

-    </root>

-

+<!--
+  ============LICENSE_START=======================================================
+   Copyright (C) 2020 Bell Canada. All rights reserved.
+  ================================================================================
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+       http://www.apache.org/licenses/LICENSE-2.0
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+  SPDX-License-Identifier: Apache-2.0
+  ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+    <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/pdpd/error.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/pdpd/error.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+            <level>WARN</level>
+        </filter>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="ErrorOut" />
+    </appender>
+
+    <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/pdpd/debug.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/pdpd/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="DebugOut" />
+    </appender>
+
+    <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/pdpd/network.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/pdpd/network.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="NetworkOut" />
+    </appender>
+
+    <appender name="MetricOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/pdpd/metric.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/pdpd/metric.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
+        <encoder>
+            <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncMetricOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="MetricOut" />
+    </appender>
+
+    <appender name="TransactionOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/pdpd/audit.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/pdpd/audit.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
+        <encoder>
+            <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncTransactionOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="TransactionOut" />
+    </appender>
+
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="STDOUT" />
+    </appender>
+
+    <appender name="MetricStdOut" class="ch.qos.logback.core.ConsoleAppender">
+        <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
+        <encoder>
+            <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncMetricStdOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="MetricStdOut" />
+    </appender>
+
+    <appender name="TransactionStdOut" class="ch.qos.logback.core.ConsoleAppender">
+        <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
+        <encoder>
+            <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncTransactionStdOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="TransactionStdOut" />
+    </appender>
+
+    <logger name="network" level="INFO" additivity="false">
+        <appender-ref ref="AsyncNetworkOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </logger>
+
+    <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+        <appender-ref ref="AsyncNetworkOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </logger>
+
+    <root level="INFO">
+        <appender-ref ref="AsyncDebugOut" />
+        <appender-ref ref="AsyncErrorOut" />
+        <appender-ref ref="AsyncMetricOut" />
+        <appender-ref ref="AsyncTransactionOut" />
+        <appender-ref ref="AsyncStdOut" />
+        <appender-ref ref="AsyncMetricStdOut" />
+        <appender-ref ref="AsyncTransactionStdOut" />
+    </root>
+
 </configuration>
\ No newline at end of file
diff --git a/kubernetes/policy/charts/drools/resources/configmaps/settings.xml b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/settings.xml
index 3777d27044..3777d27044 100644..100755
--- a/kubernetes/policy/charts/drools/resources/configmaps/settings.xml
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/settings.xml
diff --git a/kubernetes/policy/charts/drools/resources/secrets/credentials.conf b/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf
index bb2b90c1a7..a2a34056f1 100644..100755
--- a/kubernetes/policy/charts/drools/resources/secrets/credentials.conf
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf
@@ -1,3 +1,4 @@
+{{/*
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
 #  ================================================================================
@@ -15,8 +16,12 @@
 #
 #  SPDX-License-Identifier: Apache-2.0
 #  ============LICENSE_END=========================================================
+*/}}
 
+{{- if not .Values.global.aafEnabled }}
 KEYSTORE_PASSWD={{.Values.keystore.password}}
+{{- end }}
+
 TRUSTSTORE_PASSWD={{.Values.truststore.password}}
 
 TELEMETRY_USER={{.Values.telemetry.user}}
diff --git a/kubernetes/policy/charts/drools/templates/configmap.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/configmap.yaml
index 9a92ad9769..f5661429a1 100644..100755
--- a/kubernetes/policy/charts/drools/templates/configmap.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/templates/configmap.yaml
@@ -1,5 +1,6 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,12 +13,18 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ include "common.fullname" . }}-configmap
   namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
 {{- with .Files.Glob "resources/configmaps/*{.zip,store}" }}
 binaryData:
 {{- range $path, $bytes := . }}
diff --git a/kubernetes/policy/charts/drools/templates/secrets.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/secrets.yaml
index 7fb84b5ddc..f986994210 100644..100755
--- a/kubernetes/policy/charts/drools/templates/secrets.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018-2019 AT&T
 #
@@ -12,8 +13,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
 ---
 apiVersion: v1
 kind: Secret
diff --git a/kubernetes/policy/charts/drools/templates/service.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml
index 9f4ad9bed4..b41bf4fdb9 100644..100755
--- a/kubernetes/policy/charts/drools/templates/service.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018-2019 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/policy/charts/drools/templates/statefulset.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
index dd813b4107..1c9e18cc83 100644..100755
--- a/kubernetes/policy/charts/drools/templates/statefulset.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
@@ -1,5 +1,6 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: StatefulSet
@@ -37,25 +39,45 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
+        args:
+        - --job-name
+        - {{ include "common.release" . }}-policy-galera-config
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ include "common.name" . }}-db-readiness
+{{- if not .Values.nexus.offline }}
+      - command:
+        - /app/ready.py
         args:
         - --container-name
-        - {{ include "common.release" . }}-galera-config
-        - --container-name
-        - {{ .Values.global.nexus.nameOverride }}
+        - {{ .Values.nexus.name }}
         env:
         - name: NAMESPACE
           valueFrom:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
+{{- end }}
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          command: ["bash","-c"]
+          args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \
+                  source {{ .Values.certInitializer.credsPath }}/.ci; fi;\
+                  cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\
+                  /opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"]
           ports:
           - containerPort: {{ .Values.service.externalPort }}
           - containerPort: {{ .Values.service.externalPort2 }}
@@ -75,10 +97,11 @@ spec:
           - name: REPLICAS
             value: "{{ .Values.replicaCount }}"
           - name: SQL_USER
-            {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
           - name: SQL_PASSWORD
-            {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
           volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
@@ -92,22 +115,9 @@ spec:
             name: drools-config
             subPath: {{ base $path }}
           {{- end }}
-          - mountPath: /var/log/onap
-            name: policy-logs
           resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
         {{- if .Values.nodeSelector }}
-        - image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.loggingImage }}"
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          name: filebeat-onap
-          volumeMounts:
-          - mountPath: /usr/share/filebeat/filebeat.yml
-            name: filebeat-conf
-            subPath: filebeat.yml
-          - mountPath: /var/log/onap
-            name: policy-logs
-          - mountPath: /usr/share/filebeat/data
-            name: policy-data-filebeat
         nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 10 }}
         {{- end -}}
@@ -116,16 +126,10 @@ spec:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
       volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
         - name: localtime
           hostPath:
             path: /etc/localtime
-        - name: filebeat-conf
-          configMap:
-            name: {{ include "common.release" . }}-filebeat-configmap
-        - name: policy-logs
-          emptyDir: {}
-        - name: policy-data-filebeat
-          emptyDir: {}
         - name: drools-config
           configMap:
             name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml
index 292305fa43..6c865d8369 100644..100755
--- a/kubernetes/policy/charts/drools/values.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml
@@ -1,5 +1,5 @@
 # Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2020 AT&T
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -18,8 +18,7 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
+  readinessImage: onap/oom/readiness:3.0.1
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
   ubuntuImage: ubuntu:16.04
@@ -40,7 +39,7 @@ secrets:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/policy-pdpd-cl:1.7.0
+image: onap/policy-pdpd-cl:1.7.5
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -67,8 +66,8 @@ readiness:
 
 service:
   type: ClusterIP
-  name: drools
-  portName: drools
+  name: policy-drools-pdp
+  portName: policy-drools-pdp
   internalPort: 6969
   externalPort: 6969
   nodePort: 17
@@ -81,6 +80,27 @@ ingress:
 
 # Default installation values to be overridden
 
+certInitializer:
+  nameOverride: policy-drools-pdp-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  fqdn: policy
+  fqi: policy@policy.onap.org
+  public_fqdn: policy.onap.org
+  cadi_latitude: "0.0"
+  cadi_longitude: "0.0"
+  credsPath: /opt/app/osaaf/local
+  app_ns: org.osaaf.aaf
+  uid: 1000
+  gid: 1000
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh;
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass
+    {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+    echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
+    echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+    chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
 server:
   jvmOpts: -server -XshowSettings:vm
 
@@ -98,12 +118,14 @@ telemetry:
   password: demo123456!
 
 nexus:
+  name: policy-nexus
+  port: 8081
   user: admin
   password: admin123
-  port: 8081
   offline: true
 
 db:
+  name: policy-mariadb
   user: policy_user
   password: policy_user
 
@@ -155,8 +177,8 @@ cds:
     svcPort: 9111
 
 # Resource Limit flavor -By Default using small
+# Segregation for Different environment (small, large, or unlimited)
 flavor: small
-# Segregation for Different environment (Small and Large)
 resources:
   small:
     limits:
diff --git a/kubernetes/policy/charts/drools/charts/nexus/Chart.yaml b/kubernetes/policy/components/policy-nexus/Chart.yaml
index faf8a38748..09103ed352 100644..100755
--- a/kubernetes/policy/charts/drools/charts/nexus/Chart.yaml
+++ b/kubernetes/policy/components/policy-nexus/Chart.yaml
@@ -1,5 +1,5 @@
 # Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018-2020 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,5 +15,5 @@
 
 apiVersion: v1
 description: ONAP Policy Nexus
-name: nexus
+name: policy-nexus
 version: 6.0.0
diff --git a/kubernetes/clamp/charts/clamp-backend/requirements.yaml b/kubernetes/policy/components/policy-nexus/requirements.yaml
index d3c442d32e..d3c442d32e 100644..100755
--- a/kubernetes/clamp/charts/clamp-backend/requirements.yaml
+++ b/kubernetes/policy/components/policy-nexus/requirements.yaml
diff --git a/kubernetes/policy/charts/drools/charts/nexus/templates/deployment.yaml b/kubernetes/policy/components/policy-nexus/templates/deployment.yaml
index 3c2aa0e953..9b76e06be8 100644..100755
--- a/kubernetes/policy/charts/drools/charts/nexus/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-nexus/templates/deployment.yaml
@@ -1,5 +1,6 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -68,7 +70,11 @@ spec:
           - mountPath: /sonatype-work
             name: nexus-data
           resources:
-{{ include "common.resources" . | indent 12 }}
+{{- if eq .Values.resources.flavor "large" }}
+{{ toYaml .Values.resources.large | indent 12 }}
+{{- else }}
+{{ toYaml .Values.resources.small | indent 12 }}
+{{- end -}}
         {{- if .Values.nodeSelector }}
         nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 10 }}
diff --git a/kubernetes/policy/charts/drools/charts/nexus/templates/pv.yaml b/kubernetes/policy/components/policy-nexus/templates/pv.yaml
index 62e66f1602..62e66f1602 100644..100755
--- a/kubernetes/policy/charts/drools/charts/nexus/templates/pv.yaml
+++ b/kubernetes/policy/components/policy-nexus/templates/pv.yaml
diff --git a/kubernetes/policy/charts/drools/charts/nexus/templates/pvc.yaml b/kubernetes/policy/components/policy-nexus/templates/pvc.yaml
index 1cadcc51d5..1cadcc51d5 100644..100755
--- a/kubernetes/policy/charts/drools/charts/nexus/templates/pvc.yaml
+++ b/kubernetes/policy/components/policy-nexus/templates/pvc.yaml
diff --git a/kubernetes/policy/charts/brmsgw/templates/service.yaml b/kubernetes/policy/components/policy-nexus/templates/service.yaml
index 7883651a2e..55defa9e92 100644..100755
--- a/kubernetes/policy/charts/brmsgw/templates/service.yaml
+++ b/kubernetes/policy/components/policy-nexus/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/policy/charts/drools/charts/nexus/values.yaml b/kubernetes/policy/components/policy-nexus/values.yaml
index 2024bca973..69be914bd4 100644..100755
--- a/kubernetes/policy/charts/drools/charts/nexus/values.yaml
+++ b/kubernetes/policy/components/policy-nexus/values.yaml
@@ -1,5 +1,5 @@
 # Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -18,8 +18,7 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
+  readinessImage: onap/oom/readiness:3.0.1
   ubuntuInitRepository: oomk8s
   ubuntuInitImage: ubuntu-init:1.0.0
   persistence: {}
@@ -60,8 +59,8 @@ readiness:
 
 service:
   type: ClusterIP
-  name: nexus
-  portName: nexus
+  name: policy-nexus
+  portName: policy-nexus
   externalPort: 8081
   internalPort: 8081
   nodePort: 36
@@ -76,12 +75,12 @@ persistence:
   accessMode: ReadWriteOnce
   size: 2Gi
   mountPath: /dockerdata-nfs
-  mountSubPath: nexus/data
+  mountSubPath: policy/nexus/data
 
-# Resource Limit flavor -By Default using small
-flavor: small
 # Segregation for Different environment (Small and Large)
+# Resource Limit flavor - By Default using small
 resources:
+  flavor: small
   small:
     limits:
       cpu: 1
diff --git a/kubernetes/policy/charts/pap/Chart.yaml b/kubernetes/policy/components/policy-pap/Chart.yaml
index 9133e8685a..6affa3432d 100644..100755
--- a/kubernetes/policy/charts/pap/Chart.yaml
+++ b/kubernetes/policy/components/policy-pap/Chart.yaml
@@ -1,5 +1,6 @@
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2019 Nordix Foundation.
+#   Modified Copyright (C) 2020 AT&T Intellectual Property.
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -18,5 +19,5 @@
 
 apiVersion: v1
 description: ONAP Policy Administration (PAP)
-name: pap
+name: policy-pap
 version: 6.0.0
diff --git a/kubernetes/policy/charts/pap/requirements.yaml b/kubernetes/policy/components/policy-pap/requirements.yaml
index a6c2f0a42a..aa47b48548 100644..100755
--- a/kubernetes/policy/charts/pap/requirements.yaml
+++ b/kubernetes/policy/components/policy-pap/requirements.yaml
@@ -1,5 +1,6 @@
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2019 Nordix Foundation.
+#   Modified Copyright (C) 2020 AT&T Intellectual Property.
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -20,3 +21,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/policy/charts/pap/resources/config/config.json b/kubernetes/policy/components/policy-pap/resources/config/config.json
index aba167708c..0b30a27535 100644..100755
--- a/kubernetes/policy/charts/pap/resources/config/config.json
+++ b/kubernetes/policy/components/policy-pap/resources/config/config.json
@@ -1,3 +1,4 @@
+{{/*
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2019 Nordix Foundation.
 #  ================================================================================
@@ -15,6 +16,7 @@
 #
 #  SPDX-License-Identifier: Apache-2.0
 #  ============LICENSE_END=========================================================
+*/}}
 {
     "name":"PapGroup",
     "restServerParameters":{
@@ -40,9 +42,9 @@
         "name": "PolicyProviderParameterGroup",
         "implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl",
         "databaseDriver": "org.mariadb.jdbc.Driver",
-        "databaseUrl": "jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/{{ .Values.global.mariadb.config.mysqlDatabase }}",
+        "databaseUrl": "jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin",
         "databaseUser": "${SQL_USER}",
-        "databasePassword": "${SQL_PASSWORD_BASE64}",
+        "databasePassword": "${SQL_PASSWORD}",
         "persistenceUnit": "PolicyMariaDb"
     },
     "topicParameterGroup": {
diff --git a/kubernetes/policy/charts/pap/resources/config/logback.xml b/kubernetes/policy/components/policy-pap/resources/config/logback.xml
index 233e6a7dbe..6038e20b84 100644..100755
--- a/kubernetes/policy/charts/pap/resources/config/logback.xml
+++ b/kubernetes/policy/components/policy-pap/resources/config/logback.xml
@@ -1,103 +1,103 @@
-<!--

-  ============LICENSE_START=======================================================

-   Copyright (C) 2020 Bell Canada. All rights reserved.

-  ================================================================================

-  Licensed under the Apache License, Version 2.0 (the "License");

-  you may not use this file except in compliance with the License.

-  You may obtain a copy of the License at

-       http://www.apache.org/licenses/LICENSE-2.0

-  Unless required by applicable law or agreed to in writing, software

-  distributed under the License is distributed on an "AS IS" BASIS,

-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

-  See the License for the specific language governing permissions and

-  limitations under the License.

-  SPDX-License-Identifier: Apache-2.0

-  ============LICENSE_END=========================================================

--->

-

-<configuration scan="true" scanPeriod="30 seconds" debug="false">

-

-    <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">

-        <file>/var/log/onap/policy/pap/error.log</file>

-        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">

-            <fileNamePattern>/var/log/onap/policy/pap/error.%d{yyyy-MM-dd}.%i.log.zip

-            </fileNamePattern>

-            <maxFileSize>50MB</maxFileSize>

-            <maxHistory>30</maxHistory>

-            <totalSizeCap>10GB</totalSizeCap>

-        </rollingPolicy>

-        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">

-            <level>WARN</level>

-        </filter>

-        <encoder>

-            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="ErrorOut" />

-    </appender>

-

-    <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">

-        <file>/var/log/onap/policy/pap/debug.log</file>

-        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">

-            <fileNamePattern>/var/log/onap/policy/pap/debug.%d{yyyy-MM-dd}.%i.log.zip

-            </fileNamePattern>

-            <maxFileSize>50MB</maxFileSize>

-            <maxHistory>30</maxHistory>

-            <totalSizeCap>10GB</totalSizeCap>

-        </rollingPolicy>

-        <encoder>

-            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="DebugOut" />

-    </appender>

-

-    <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">

-        <file>/var/log/onap/policy/pap/network.log</file>

-        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">

-            <fileNamePattern>/var/log/onap/policy/pap/network.%d{yyyy-MM-dd}.%i.log.zip

-            </fileNamePattern>

-            <maxFileSize>50MB</maxFileSize>

-            <maxHistory>30</maxHistory>

-            <totalSizeCap>10GB</totalSizeCap>

-        </rollingPolicy>

-        <encoder>

-            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="NetworkOut" />

-    </appender>

-

-    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">

-        <encoder>

-            <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="STDOUT" />

-    </appender>

-

-    <logger name="network" level="INFO" additivity="false">

-        <appender-ref ref="AsyncNetworkOut" />

-        <appender-ref ref="AsyncStdOut" />

-    </logger>

-

-    <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">

-        <appender-ref ref="AsyncNetworkOut" />

-        <appender-ref ref="AsyncStdOut" />

-    </logger>

-

-    <root level="INFO">

-        <appender-ref ref="AsyncDebugOut" />

-        <appender-ref ref="AsyncErrorOut" />

-        <appender-ref ref="AsyncStdOut" />

-    </root>

-

-</configuration>

+<!--
+  ============LICENSE_START=======================================================
+   Copyright (C) 2020 Bell Canada. All rights reserved.
+  ================================================================================
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+       http://www.apache.org/licenses/LICENSE-2.0
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+  SPDX-License-Identifier: Apache-2.0
+  ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+    <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/pap/error.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/pap/error.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+            <level>WARN</level>
+        </filter>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="ErrorOut" />
+    </appender>
+
+    <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/pap/debug.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/pap/debug.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="DebugOut" />
+    </appender>
+
+    <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/pap/network.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/pap/network.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="NetworkOut" />
+    </appender>
+
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="STDOUT" />
+    </appender>
+
+    <logger name="network" level="INFO" additivity="false">
+        <appender-ref ref="AsyncNetworkOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </logger>
+
+    <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+        <appender-ref ref="AsyncNetworkOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </logger>
+
+    <root level="INFO">
+        <appender-ref ref="AsyncDebugOut" />
+        <appender-ref ref="AsyncErrorOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </root>
+
+</configuration>
diff --git a/kubernetes/policy/charts/pap/templates/configmap.yaml b/kubernetes/policy/components/policy-pap/templates/configmap.yaml
index 372bf4dcca..e1a5360ac2 100644..100755
--- a/kubernetes/policy/charts/pap/templates/configmap.yaml
+++ b/kubernetes/policy/components/policy-pap/templates/configmap.yaml
@@ -1,5 +1,7 @@
+{{/*
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2019-2020 Nordix Foundation. All rights reserved.
+#   Modifications Copyright (C) 2020 AT&T Intellectual Property.
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -15,12 +17,18 @@
 #
 #  SPDX-License-Identifier: Apache-2.0
 #  ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ include "common.fullname" . }}-configmap
   namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
 {{- with .Files.Glob "resources/config/*store" }}
 binaryData:
 {{- range $path, $bytes := . }}
diff --git a/kubernetes/policy/charts/pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml
index da44bd54f9..4f90d81b3b 100644..100755
--- a/kubernetes/policy/charts/pap/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml
@@ -1,3 +1,23 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2020 AT&T Intellectual Property.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
 apiVersion: apps/v1
 kind: Deployment
 metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
@@ -9,25 +29,24 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
-        - --container-name
-        - {{ .Values.global.mariadb.service.name }}
+        - --job-name
+        - {{ include "common.release" . }}-policy-galera-config
         env:
         - name: NAMESPACE
           valueFrom:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
-
       - command:
         - sh
         args:
         - -c
-        - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+        - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
         env:
         - name: SQL_USER
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
@@ -53,12 +72,24 @@ spec:
         image: "{{ .Values.global.envsubstImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+          command: ["bash","-c"]
+          args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+                  /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/config.json"]
+{{- else }}
           command: ["/opt/app/policy/pap/bin/policy-pap.sh"]
           args: ["/opt/app/policy/pap/etc/mounted/config.json"]
+          env:
+          - name: KEYSTORE_PASSWD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+          - name: TRUSTSTORE_PASSWD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
           ports: {{ include "common.containerPorts" . | nindent 12  }}
           # disable liveness probe when breakpoints set in debugger
           # so K8s doesn't restart unresponsive container
@@ -75,13 +106,14 @@ spec:
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
           - mountPath: /opt/app/policy/pap/etc/mounted
             name: papconfig-processed
           resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
         {{- if .Values.nodeSelector }}
         nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 10 }}
@@ -91,6 +123,7 @@ spec:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
       volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
         - name: localtime
           hostPath:
              path: /etc/localtime
diff --git a/kubernetes/policy/charts/brmsgw/templates/secrets.yaml b/kubernetes/policy/components/policy-pap/templates/secrets.yaml
index bd7eb8ea40..34932b713d 100644..100755
--- a/kubernetes/policy/charts/brmsgw/templates/secrets.yaml
+++ b/kubernetes/policy/components/policy-pap/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/charts/pap/templates/service.yaml b/kubernetes/policy/components/policy-pap/templates/service.yaml
index 5c4061e831..5bdc74727c 100644..100755
--- a/kubernetes/policy/charts/pap/templates/service.yaml
+++ b/kubernetes/policy/components/policy-pap/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2019 Nordix Foundation.
 #   Modifications Copyright (C) 2019 AT&T Intellectual Property.
@@ -17,5 +18,6 @@
 #
 #  SPDX-License-Identifier: Apache-2.0
 #  ============LICENSE_END=========================================================
+*/}}
 
 {{ include "common.service" . }}
diff --git a/kubernetes/policy/charts/pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml
index 3eba5564ac..796fcd0a9f 100644..100755
--- a/kubernetes/policy/charts/pap/values.yaml
+++ b/kubernetes/policy/components/policy-pap/values.yaml
@@ -25,6 +25,8 @@ global:
   nodePortPrefixExt: 304
   persistence: {}
   envsubstImage: dibi/envsubst
+  aafEnabled: true
+  readinessImage: onap/oom/readiness:3.0.1
 
 #################################################################
 # Secrets metaconfig
@@ -54,13 +56,49 @@ secrets:
     login: '{{ .Values.healthCheckRestClient.distribution.user }}'
     password: '{{ .Values.healthCheckRestClient.distribution.password }}'
     passwordPolicy: required
+  - uid: keystore-password
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+    password: '{{ .Values.certStores.keyStorePassword }}'
+    passwordPolicy: required
+  - uid: truststore-password
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+    password: '{{ .Values.certStores.trustStorePassword }}'
+    passwordPolicy: required
+
+certStores:
+  keyStorePassword: Pol1cy_0nap
+  trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+  nameOverride: policy-pap-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  fqdn: policy
+  fqi: policy@policy.onap.org
+  public_fqdn: policy.onap.org
+  cadi_latitude: "0.0"
+  cadi_longitude: "0.0"
+  credsPath: /opt/app/osaaf/local
+  app_ns: org.osaaf.aaf
+  uid: 100
+  gid: 101
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh;
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass
+    {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+    echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+    echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+    chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/policy-pap:2.3.0
+image: onap/policy-pap:2.3.3
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -71,9 +109,14 @@ debugEnabled: false
 db:
   user: policy_user
   password: policy_user
+  service:
+    name: policy-mariadb
+    internalPort: 3306
+
 restServer:
   user: healthcheck
   password: zb!XztG34
+
 healthCheckRestClient:
   api:
     user: healthcheck
@@ -115,4 +158,21 @@ service:
 ingress:
   enabled: false
 
-resources: {}
+flavor: small
+resources:
+  small:
+    limits:
+      cpu: 1
+      memory: 4Gi
+    requests:
+      cpu: 100m
+      memory: 1Gi
+  large:
+    limits:
+      cpu: 2
+      memory: 8Gi
+    requests:
+      cpu: 200m
+      memory: 2Gi
+  unlimited: {}
+
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/Chart.yaml b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml
index ab79a68745..fda3fde208 100644..100755
--- a/kubernetes/policy/charts/policy-xacml-pdp/Chart.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml
@@ -1,5 +1,5 @@
 #  ============LICENSE_START=======================================================
-#   Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+#   Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -17,6 +17,6 @@
 #  ============LICENSE_END=========================================================
 
 apiVersion: v1
-description: ONAP Policy XACML PDP
+description: ONAP Policy XACML PDP (PDP-X)
 name: policy-xacml-pdp
 version: 6.0.0
diff --git a/kubernetes/policy/components/policy-xacml-pdp/requirements.yaml b/kubernetes/policy/components/policy-xacml-pdp/requirements.yaml
new file mode 100755
index 0000000000..c9502372be
--- /dev/null
+++ b/kubernetes/policy/components/policy-xacml-pdp/requirements.yaml
@@ -0,0 +1,25 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json
index 1598ca4afa..8ad9fcc3c0 100644..100755
--- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json
+++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json
@@ -1,3 +1,4 @@
+{{/*
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
 #  ================================================================================
@@ -15,6 +16,7 @@
 #
 #  SPDX-License-Identifier: Apache-2.0
 #  ============LICENSE_END=========================================================
+*/}}
 {
     "name": "XacmlPdpParameters",
     "pdpGroup": "defaultGroup",
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/logback.xml b/kubernetes/policy/components/policy-xacml-pdp/resources/config/logback.xml
index 61fbe4b2cf..ae0beaade8 100644..100755
--- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/logback.xml
+++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/logback.xml
@@ -1,103 +1,103 @@
-<!--

-  ============LICENSE_START=======================================================

-   Copyright (C) 2020 Bell Canada. All rights reserved.

-  ================================================================================

-  Licensed under the Apache License, Version 2.0 (the "License");

-  you may not use this file except in compliance with the License.

-  You may obtain a copy of the License at

-       http://www.apache.org/licenses/LICENSE-2.0

-  Unless required by applicable law or agreed to in writing, software

-  distributed under the License is distributed on an "AS IS" BASIS,

-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

-  See the License for the specific language governing permissions and

-  limitations under the License.

-  SPDX-License-Identifier: Apache-2.0

-  ============LICENSE_END=========================================================

--->

-

-<configuration scan="true" scanPeriod="30 seconds" debug="false">

-

-    <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">

-        <file>/var/log/onap/policy/pdpx/error.log</file>

-        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">

-            <fileNamePattern>/var/log/onap/policy/pdpx/error.%d{yyyy-MM-dd}.%i.log.zip

-            </fileNamePattern>

-            <maxFileSize>50MB</maxFileSize>

-            <maxHistory>30</maxHistory>

-            <totalSizeCap>10GB</totalSizeCap>

-        </rollingPolicy>

-        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">

-            <level>WARN</level>

-        </filter>

-        <encoder>

-            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="ErrorOut" />

-    </appender>

-

-    <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">

-        <file>/var/log/onap/policy/pdpx/debug.log</file>

-        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">

-            <fileNamePattern>/var/log/onap/policy/pdpx/debug.%d{yyyy-MM-dd}.%i.log.zip

-            </fileNamePattern>

-            <maxFileSize>50MB</maxFileSize>

-            <maxHistory>30</maxHistory>

-            <totalSizeCap>10GB</totalSizeCap>

-        </rollingPolicy>

-        <encoder>

-            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="DebugOut" />

-    </appender>

-

-    <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">

-        <file>/var/log/onap/policy/pdpx/network.log</file>

-        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">

-            <fileNamePattern>/var/log/onap/policy/pdpx/network.%d{yyyy-MM-dd}.%i.log.zip

-            </fileNamePattern>

-            <maxFileSize>50MB</maxFileSize>

-            <maxHistory>30</maxHistory>

-            <totalSizeCap>10GB</totalSizeCap>

-        </rollingPolicy>

-        <encoder>

-            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="NetworkOut" />

-    </appender>

-

-    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">

-        <encoder>

-            <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>

-        </encoder>

-    </appender>

-

-    <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">

-        <appender-ref ref="STDOUT" />

-    </appender>

-

-    <logger name="network" level="INFO" additivity="false">

-        <appender-ref ref="AsyncNetworkOut" />

-        <appender-ref ref="AsyncStdOut" />

-    </logger>

-

-    <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">

-        <appender-ref ref="AsyncNetworkOut" />

-        <appender-ref ref="AsyncStdOut" />

-    </logger>

-

-    <root level="INFO">

-        <appender-ref ref="AsyncDebugOut" />

-        <appender-ref ref="AsyncErrorOut" />

-        <appender-ref ref="AsyncStdOut" />

-    </root>

-

+<!--
+  ============LICENSE_START=======================================================
+   Copyright (C) 2020 Bell Canada. All rights reserved.
+  ================================================================================
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+       http://www.apache.org/licenses/LICENSE-2.0
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+  SPDX-License-Identifier: Apache-2.0
+  ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+    <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/pdpx/error.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/pdpx/error.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+            <level>WARN</level>
+        </filter>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="ErrorOut" />
+    </appender>
+
+    <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/pdpx/debug.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/pdpx/debug.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="DebugOut" />
+    </appender>
+
+    <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/pdpx/network.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/pdpx/network.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="NetworkOut" />
+    </appender>
+
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="STDOUT" />
+    </appender>
+
+    <logger name="network" level="INFO" additivity="false">
+        <appender-ref ref="AsyncNetworkOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </logger>
+
+    <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+        <appender-ref ref="AsyncNetworkOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </logger>
+
+    <root level="INFO">
+        <appender-ref ref="AsyncDebugOut" />
+        <appender-ref ref="AsyncErrorOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </root>
+
 </configuration>
\ No newline at end of file
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties
index c7e4ad197e..0d773b50c0 100644..100755
--- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties
+++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties
@@ -1,8 +1,10 @@
+{{/*
 #
 # Properties that the embedded PDP engine uses to configure and load
 #
 # Standard API Factories
 #
+*/}}
 xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory
 xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory
 xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory
@@ -48,6 +50,6 @@ xacml.pip.engines=count-recent-operations,get-operation-outcome
 # JPA Properties
 #
 javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
-javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/operationshistory
+javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/operationshistory
 javax.persistence.jdbc.user=${SQL_USER}
-javax.persistence.jdbc.password=${SQL_PASSWORD_BASE64}
+javax.persistence.jdbc.password=${SQL_PASSWORD}
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/configmap.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/configmap.yaml
index 3ca4f82963..64b7c0a126 100644..100755
--- a/kubernetes/policy/charts/policy-xacml-pdp/templates/configmap.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/templates/configmap.yaml
@@ -1,5 +1,6 @@
+{{/*
 #  ============LICENSE_START=======================================================
-#   Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+#   Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
 #   Modifications Copyright (C) 2020 Nordix Foundation.
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
@@ -16,12 +17,18 @@
 #
 #  SPDX-License-Identifier: Apache-2.0
 #  ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ include "common.fullname" . }}-configmap
   namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
 {{- with .Files.Glob "resources/config/*store" }}
 binaryData:
 {{- range $path, $bytes := . }}
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
index 3580018eb4..e8473d2125 100644..100755
--- a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
@@ -1,3 +1,23 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2020 AT&T Intellectual Property.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -21,24 +41,24 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
-        - --container-name
-        - {{ include "common.release" . }}-galera-config
+        - --job-name
+        - {{ include "common.release" . }}-policy-galera-config
         env:
         - name: NAMESPACE
           valueFrom:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       - command:
         - sh
         args:
         - -c
-        - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+        - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
         env:
         - name: RESTSERVER_USER
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
@@ -60,12 +80,24 @@ spec:
         image: "{{ .Values.global.envsubstImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+          command: ["bash","-c"]
+          args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+                  /opt/app/policy/pdpx/bin/policy-pdpx.sh /opt/app/policy/pdpx/etc/mounted/config.json"]
+{{- else }}
           command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
           args: ["/opt/app/policy/pdpx/etc/mounted/config.json"]
+          env:
+          - name: KEYSTORE_PASSWD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+          - name: TRUSTSTORE_PASSWD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
           # disable liveness probe when breakpoints set in debugger
@@ -83,15 +115,14 @@ spec:
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
           - mountPath: /opt/app/policy/pdpx/etc/mounted
             name: pdpxconfig-processed
-            emptyDir:
-              medium: Memory
           resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
         {{- if .Values.nodeSelector }}
         nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 10 }}
@@ -101,6 +132,7 @@ spec:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
       volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
         - name: localtime
           hostPath:
              path: /etc/localtime
diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/secrets.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/secrets.yaml
new file mode 100755
index 0000000000..34932b713d
--- /dev/null
+++ b/kubernetes/policy/components/policy-xacml-pdp/templates/secrets.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/service.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml
index 33b990f208..123ae66432 100644..100755
--- a/kubernetes/policy/charts/policy-xacml-pdp/templates/service.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml
@@ -1,5 +1,6 @@
+{{/*
 #  ============LICENSE_START=======================================================
-#   Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+#   Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -15,6 +16,7 @@
 #
 #  SPDX-License-Identifier: Apache-2.0
 #  ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
index 36dd5a57cb..24be6c75c4 100644..100755
--- a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
@@ -22,6 +22,8 @@
 global:
   persistence: {}
   envsubstImage: dibi/envsubst
+  aafEnabled: true
+  readinessImage: onap/oom/readiness:3.0.1
 
 #################################################################
 # Secrets metaconfig
@@ -45,13 +47,49 @@ secrets:
     login: '{{ .Values.apiServer.user }}'
     password: '{{ .Values.apiServer.password }}'
     passwordPolicy: required
+  - uid: keystore-password
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+    password: '{{ .Values.certStores.keyStorePassword }}'
+    passwordPolicy: required
+  - uid: truststore-password
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+    password: '{{ .Values.certStores.trustStorePassword }}'
+    passwordPolicy: required
+
+certStores:
+  keyStorePassword: Pol1cy_0nap
+  trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+  nameOverride: policy-xacml-pdp-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  fqdn: policy
+  fqi: policy@policy.onap.org
+  public_fqdn: policy.onap.org
+  cadi_latitude: "0.0"
+  cadi_longitude: "0.0"
+  credsPath: /opt/app/osaaf/local
+  app_ns: org.osaaf.aaf
+  uid: 100
+  gid: 101
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh;
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass
+    {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+    echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+    echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+    chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/policy-xacml-pdp:2.3.0
+image: onap/policy-xacml-pdp:2.3.3
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -62,9 +100,14 @@ debugEnabled: false
 db:
   user: policy_user
   password: policy_user
+  service:
+    name: policy-mariadb
+    internalPort: 3306
+
 restServer:
   user: healthcheck
   password: zb!XztG34
+
 apiServer:
   user: healthcheck
   password: zb!XztG34
@@ -98,4 +141,21 @@ service:
 ingress:
   enabled: false
 
-resources: {}
+flavor: small
+resources:
+  small:
+    limits:
+      cpu: 1
+      memory: 4Gi
+    requests:
+      cpu: 100m
+      memory: 1Gi
+  large:
+    limits:
+      cpu: 2
+      memory: 8Gi
+    requests:
+      cpu: 200m
+      memory: 2Gi
+  unlimited: {}
+
diff --git a/kubernetes/policy/requirements.yaml b/kubernetes/policy/requirements.yaml
index 01e41d9d0f..53ab55d047 100644..100755
--- a/kubernetes/policy/requirements.yaml
+++ b/kubernetes/policy/requirements.yaml
@@ -1,5 +1,5 @@
 # Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -16,10 +16,35 @@
 dependencies:
   - name: common
     version: ~6.x-0
-    # local reference to common chart, as it is
-    # a part of this chart's package and will not
-    # be published independently to a repo (at this point)
     repository: '@local'
   - name: mariadb-galera
     version: ~6.x-0
     repository: '@local'
+  - name: policy-nexus
+    version: ~6.x-0
+    repository: 'file://components/policy-nexus'
+    condition: policy-nexus.enabled
+  - name: policy-api
+    version: ~6.x-0
+    repository: 'file://components/policy-api'
+    condition: policy-api.enabled
+  - name: policy-pap
+    version: ~6.x-0
+    repository: 'file://components/policy-pap'
+    condition: policy-pap.enabled
+  - name: policy-xacml-pdp
+    version: ~6.x-0
+    repository: 'file://components/policy-xacml-pdp'
+    condition: policy-xacml-pdp.enabled
+  - name: policy-apex-pdp
+    version: ~6.x-0
+    repository: 'file://components/policy-apex-pdp'
+    condition: policy-apex-pdp.enabled
+  - name: policy-drools-pdp
+    version: ~6.x-0
+    repository: 'file://components/policy-drools-pdp'
+    condition: policy-drools-pdp.enabled
+  - name: policy-distribution
+    version: ~6.x-0
+    repository: 'file://components/policy-distribution'
+    condition: policy-distribution.enabled
diff --git a/kubernetes/policy/resources/config/db.sh b/kubernetes/policy/resources/config/db.sh
index ef821a11d4..36f334a8b0 100644..100755
--- a/kubernetes/policy/resources/config/db.sh
+++ b/kubernetes/policy/resources/config/db.sh
@@ -1,5 +1,7 @@
+#!/bin/bash -x
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,9 +14,10 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
-#!/bin/bash -xv
 mysql() { /usr/bin/mysql  -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; };
+
 for db in support onap_sdk log migration operationshistory10 pooling policyadmin operationshistory
 do
 	mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
diff --git a/kubernetes/policy/resources/config/log/ep_sdk_app/logback.xml b/kubernetes/policy/resources/config/log/ep_sdk_app/logback.xml
deleted file mode 100644
index bcc6b167fc..0000000000
--- a/kubernetes/policy/resources/config/log/ep_sdk_app/logback.xml
+++ /dev/null
@@ -1,186 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
--->
-<configuration debug="true" scan="true" scanPeriod="3 seconds">
-   <!-- 
-  Logback files for the ECOMP SDK Application "ecomp_app"
-  are created in directory ${catalina.base}/logs/ecomp_app;
-  e.g., apache-tomcat-8.0.35/logs/ecomp_app/application.log  
-  -->
-   <!--<jmxConfigurator /> -->
-   <!--  specify the base path of the log directory -->
-   <property name="logDir" value="/var/log/onap" />
-   <!-- specify the component name -->
-   <property name="componentName" value="policy" />
-   <!-- specify the sub component name -->
-   <property name="subComponentName" value="ep_sdk_app" />
-   <!-- The directories where logs are written -->
-   <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
-   <property name="pattern" value="%d{&amp;quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&amp;quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
-   <!--  log file names -->
-   <property name="generalLogName" value="application" />
-   <property name="errorLogName" value="error" />
-   <property name="metricsLogName" value="metrics" />
-   <property name="auditLogName" value="audit" />
-   <property name="debugLogName" value="debug" />
-   <property name="queueSize" value="256" />
-   <property name="maxFileSize" value="50MB" />
-   <property name="maxHistory" value="30" />
-   <property name="totalSizeCap" value="10GB" />
-   <!--
-  These loggers are not used in code (yet). 
-  <property name="securityLogName" value="security" />
-  <property name="policyLogName" value="policy" />
-  <property name="performanceLogName" value="performance" />
-  <property name="serverLogName" value="server" />
-   -->
-   <!-- Example evaluator filter applied against console appender -->
-   <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT">
-      <encoder>
-         <pattern>${pattern}</pattern>
-      </encoder>
-   </appender>
-   <!-- ============================================================================ -->
-   <!-- EELF Appenders -->
-   <!-- ============================================================================ -->
-   <!-- The EELFAppender is used to record events to the general application 
-    log -->
-   <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELF">
-      <file>${logDirectory}/${generalLogName}.log</file>
-      <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-         <!-- daily rollover -->
-         <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
-         <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
-            <maxFileSize>${maxFileSize}</maxFileSize>
-         </timeBasedFileNamingAndTriggeringPolicy>
-         <maxHistory>${maxHistory}</maxHistory>
-         <totalSizeCap>${totalSizeCap}</totalSizeCap>
-      </rollingPolicy>
-      <encoder>
-         <pattern>${pattern}</pattern>
-      </encoder>
-      <filter class="org.openecomp.portalapp.util.CustomLoggingFilter" />
-   </appender>
-   <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELF">
-      <queueSize>${queueSize}</queueSize>
-      <!-- Class name is part of caller data -->
-      <includeCallerData>true</includeCallerData>
-      <appender-ref ref="EELF" />
-   </appender>
-   <!-- EELF Audit Appender. This appender is used to record audit engine 
-    related logging events. The audit logger and appender are specializations 
-    of the EELF application root logger and appender. This can be used to segregate 
-    Policy engine events from other components, or it can be eliminated to record 
-    these events as part of the application root log. -->
-   <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFAudit">
-      <file>${logDirectory}/${auditLogName}.log</file>
-      <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-         <!-- daily rollover -->
-         <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
-         <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
-            <maxFileSize>${maxFileSize}</maxFileSize>
-         </timeBasedFileNamingAndTriggeringPolicy>
-         <maxHistory>${maxHistory}</maxHistory>
-         <totalSizeCap>${totalSizeCap}</totalSizeCap>
-      </rollingPolicy>
-      <encoder>
-         <pattern>${pattern}</pattern>
-      </encoder>
-   </appender>
-   <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFAudit">
-      <queueSize>${queueSize}</queueSize>
-      <appender-ref ref="EELFAudit" />
-   </appender>
-   <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFMetrics">
-      <file>${logDirectory}/${metricsLogName}.log</file>
-      <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-         <!-- daily rollover -->
-         <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
-         <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
-            <maxFileSize>${maxFileSize}</maxFileSize>
-         </timeBasedFileNamingAndTriggeringPolicy>
-         <maxHistory>${maxHistory}</maxHistory>
-         <totalSizeCap>${totalSizeCap}</totalSizeCap>
-      </rollingPolicy>
-      <encoder>
-         <pattern>${pattern}</pattern>
-      </encoder>
-   </appender>
-   <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFMetrics">
-      <queueSize>${queueSize}</queueSize>
-      <appender-ref ref="EELFMetrics" />
-   </appender>
-   <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFError">
-      <file>${logDirectory}/${errorLogName}.log</file>
-      <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-         <!-- daily rollover -->
-         <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
-         <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
-            <maxFileSize>${maxFileSize}</maxFileSize>
-         </timeBasedFileNamingAndTriggeringPolicy>
-         <maxHistory>${maxHistory}</maxHistory>
-         <totalSizeCap>${totalSizeCap}</totalSizeCap>
-      </rollingPolicy>
-      <encoder>
-         <pattern>${pattern}</pattern>
-      </encoder>
-      <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
-         <level>INFO</level>
-      </filter>
-   </appender>
-   <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFError">
-      <queueSize>${queueSize}</queueSize>
-      <appender-ref ref="EELFError" />
-   </appender>
-   <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFDebug">
-      <file>${logDirectory}/${debugLogName}.log</file>
-      <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-         <!-- daily rollover -->
-         <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
-         <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
-            <maxFileSize>${maxFileSize}</maxFileSize>
-         </timeBasedFileNamingAndTriggeringPolicy>
-         <maxHistory>${maxHistory}</maxHistory>
-         <totalSizeCap>${totalSizeCap}</totalSizeCap>
-      </rollingPolicy>
-      <encoder>
-         <pattern>${pattern}</pattern>
-      </encoder>
-   </appender>
-   <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFDebug">
-      <queueSize>${queueSize}</queueSize>
-      <appender-ref ref="EELFDebug" />
-      <includeCallerData>true</includeCallerData>
-   </appender>
-   <!-- ============================================================================ -->
-   <!--  EELF loggers -->
-   <!-- ============================================================================ -->
-   <logger additivity="false" level="info" name="com.att.eelf.audit">
-      <appender-ref ref="asyncEELFAudit" />
-   </logger>
-   <logger additivity="false" level="info" name="com.att.eelf.metrics">
-      <appender-ref ref="asyncEELFMetrics" />
-   </logger>
-   <logger additivity="false" level="info" name="com.att.eelf.error">
-      <appender-ref ref="asyncEELFError" />
-   </logger>
-   <logger additivity="false" level="debug" name="com.att.eelf.debug">
-      <appender-ref ref="asyncEELFDebug" />
-   </logger>
-   <root level="INFO">
-      <appender-ref ref="asyncEELFDebug" />
-   </root>
-</configuration>
diff --git a/kubernetes/policy/resources/config/log/xacml-pap-rest/logback.xml b/kubernetes/policy/resources/config/log/xacml-pap-rest/logback.xml
deleted file mode 100644
index 9401e54861..0000000000
--- a/kubernetes/policy/resources/config/log/xacml-pap-rest/logback.xml
+++ /dev/null
@@ -1,150 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.  
--->
-
-<configuration debug="true" scan="true" scanPeriod="3 seconds">
-   <!--<jmxConfigurator /> -->
-   <!--  specify the base path of the log directory -->
-   <property name="logDir" value="/var/log/onap" />
-   <!--  specify the component name -->
-   <property name="componentName" value="policy" />
-   <!-- specify the sub component name -->
-   <property name="subComponentName" value="xacml-pap-rest" />
-   <!-- The directories where logs are written -->
-   <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
-   <property name="pattern" value="%d{&amp;quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&amp;quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
-   <!--  log file names -->
-   <property name="errorLogName" value="error" />
-   <property name="metricsLogName" value="metrics" />
-   <property name="auditLogName" value="audit" />
-   <property name="debugLogName" value="debug" />
-   <property name="queueSize" value="256" />
-   <property name="maxFileSize" value="50MB" />
-   <property name="maxHistory" value="30" />
-   <property name="totalSizeCap" value="10GB" />
-   <!-- Example evaluator filter applied against console appender -->
-   <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT">
-      <encoder>
-         <pattern>${pattern}</pattern>
-      </encoder>
-   </appender>
-   <!-- ============================================================================ -->
-   <!-- EELF Appenders -->
-   <!-- ============================================================================ -->
-   <!-- The EELFAppender is used to record events to the general application 
-    log -->
-   <!-- EELF Audit Appender. This appender is used to record audit engine 
-    related logging events. The audit logger and appender are specializations 
-    of the EELF application root logger and appender. This can be used to segregate 
-    Policy engine events from other components, or it can be eliminated to record 
-    these events as part of the application root log. -->
-   <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFAudit">
-      <file>${logDirectory}/${auditLogName}.log</file>
-      <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-         <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
-         <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
-            <maxFileSize>${maxFileSize}</maxFileSize>
-         </timeBasedFileNamingAndTriggeringPolicy>
-         <maxHistory>${maxHistory}</maxHistory>
-         <totalSizeCap>${totalSizeCap}</totalSizeCap>
-      </rollingPolicy>
-      <encoder>
-         <pattern>${pattern}</pattern>
-      </encoder>
-   </appender>
-   <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFAudit">
-      <queueSize>${queueSize}</queueSize>
-      <appender-ref ref="EELFAudit" />
-   </appender>
-   <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFMetrics">
-      <file>${logDirectory}/${metricsLogName}.log</file>
-      <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-         <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
-         <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
-            <maxFileSize>${maxFileSize}</maxFileSize>
-         </timeBasedFileNamingAndTriggeringPolicy>
-         <maxHistory>${maxHistory}</maxHistory>
-         <totalSizeCap>${totalSizeCap}</totalSizeCap>
-      </rollingPolicy>
-      <encoder>
-         <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - 
-        %msg%n"</pattern> -->
-         <pattern>${pattern}</pattern>
-      </encoder>
-   </appender>
-   <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFMetrics">
-      <queueSize>${queueSize}</queueSize>
-      <appender-ref ref="EELFMetrics" />
-   </appender>
-   <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFError">
-      <file>${logDirectory}/${errorLogName}.log</file>
-      <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-         <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
-         <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
-            <maxFileSize>${maxFileSize}</maxFileSize>
-         </timeBasedFileNamingAndTriggeringPolicy>
-         <maxHistory>${maxHistory}</maxHistory>
-         <totalSizeCap>${totalSizeCap}</totalSizeCap>
-      </rollingPolicy>
-      <encoder>
-         <pattern>${pattern}</pattern>
-      </encoder>
-      <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
-         <level>INFO</level>
-      </filter>
-   </appender>
-   <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFError">
-      <queueSize>${queueSize}</queueSize>
-      <appender-ref ref="EELFError" />
-   </appender>
-   <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFDebug">
-      <file>${logDirectory}/${debugLogName}.log</file>
-      <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-         <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
-         <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
-            <maxFileSize>${maxFileSize}</maxFileSize>
-         </timeBasedFileNamingAndTriggeringPolicy>
-         <maxHistory>${maxHistory}</maxHistory>
-         <totalSizeCap>${totalSizeCap}</totalSizeCap>
-      </rollingPolicy>
-      <encoder>
-         <pattern>${pattern}</pattern>
-      </encoder>
-   </appender>
-   <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFDebug">
-      <queueSize>${queueSize}</queueSize>
-      <appender-ref ref="EELFDebug" />
-      <includeCallerData>true</includeCallerData>
-   </appender>
-   <!-- ============================================================================ -->
-   <!--  EELF loggers -->
-   <!-- ============================================================================ -->
-   <logger additivity="false" level="info" name="com.att.eelf.audit">
-      <appender-ref ref="asyncEELFAudit" />
-   </logger>
-   <logger additivity="false" level="info" name="com.att.eelf.metrics">
-      <appender-ref ref="asyncEELFMetrics" />
-   </logger>
-   <logger additivity="false" level="info" name="com.att.eelf.error">
-      <appender-ref ref="asyncEELFError" />
-   </logger>
-   <logger additivity="false" level="debug" name="com.att.eelf.debug">
-      <appender-ref ref="asyncEELFDebug" />
-   </logger>
-   <root level="INFO">
-      <appender-ref ref="asyncEELFDebug" />
-   </root>
-</configuration>
diff --git a/kubernetes/policy/resources/config/pe/console.conf b/kubernetes/policy/resources/config/pe/console.conf
deleted file mode 100644
index cb170f0802..0000000000
--- a/kubernetes/policy/resources/config/pe/console.conf
+++ /dev/null
@@ -1,146 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# configs component installation configuration parameters
-
-# tomcat specific parameters
-
-TOMCAT_JMX_PORT=9993
-TOMCAT_SHUTDOWN_PORT=8090
-SSL_HTTP_CONNECTOR_PORT=8443
-SSL_HTTP_CONNECTOR_REDIRECT_PORT=8443
-SSL_AJP_CONNECTOR_PORT=8383
-SSL_AJP_CONNECTOR_REDIRECT_PORT=8443
-
-TOMCAT_X_MS_MB=2048
-TOMCAT_X_MX_MB=2048
-
-# ------------------ console properties ---------------------------
-
-#
-# Authorization Policy
-
-ROOT_POLICIES=admin
-ADMIN_FILE=Policy-Admin.xml
-
-
-# Set your domain here:
-
-REST_ADMIN_DOMAIN=com
-
-#
-# Location where the GIT repository is located
-#
-REST_ADMIN_REPOSITORY=repository
-
-#
-# Location where all the user workspaces are located.
-#
-REST_ADMIN_WORKSPACE=/opt/app/policy/servers/console/bin/workspace
-
-#
-# These can be set so the Admin Console knows who is logged on. Ideally, you can run the console in a J2EE
-# container and setup authentication as you please. Setting HttpSession attribute values will override these
-# values set in the properties files.
-#
-# ((HttpServletRequest) request).getSession().setAttribute("xacml.rest.admin.user.name", "Homer");
-#
-# The default policy: Policy-Admin.xml is extremely simple.
-#
-# You can test authorization within the Admin Console by changing the user id.
-# There are 3 supported user ids:
-#       guest - Read only access
-#       editor - Read/Write access
-#       admin - Read/Write/Admin access
-#
-# An empty or null value for xacml.rest.admin.user.id results in no access to the application at all.
-#
-# This is for development/demonstration purposes only. A production environment should provide authentication which is
-# outside the scope of this application. This application can be used to develop a XACML policy for user authorization
-# within this application.
-#
-
-REST_ADMIN_USER_NAME=Administrator
-REST_ADMIN_USER_ID=super-admin
-
-#
-#
-# Property to declare the max time frame for logs.
-#
-LOG_TIMEFRAME=30
-
-# Property to declare the number of visible rows for users in MicroService Policy
-COLUMN_COUNT=3
-
-# Dashboard refresh rate in miliseconds
-REFRESH_RATE=40000
-
-#
-# URL location for the PAP servlet.
-#
-
-
-REST_PAP_URL=https://{{.Values.global.pap.nameOverride}}:{{.Values.service.externalPort2}}/pap/
-
-#
-# Config/Action Properties location.
-#
-
-REST_CONFIG_HOME=/opt/app/policy/servers/pap/webapps/Config/
-REST_ACTION_HOME=/opt/app/policy/servers/pap/webapps/Action/
-REST_CONFIG_URL=https://{{.Values.global.pap.nameOverride}}:{{.Values.service.externalPort2}}/
-REST_CONFIG_WEBAPPS=/opt/app/policy/servers/pap/webapps/
-
-# PAP account information
-CONSOLE_PAP_HTTP_USER_ID=testpap
-CONSOLE_PAP_HTTP_PASSWORD=alpha123
-
-
-node_type=pap_admin
-resource_name=console_1
-
-# The (optional) period of time in seconds between executions of the integrity audit.
-# Value < 0 : Audit does not run (default value if property is not present = -1)
-# Value = 0 : Audit runs continuously
-# Value > 0 : The period of time in seconds between execution of the audit on a particular node
-integrity_audit_period_seconds=-1
-
-#Automatic Policy Distribution 
-automatic_push=false
-
-#Diff of policies for Firewall feature
-FW_GETURL=
-FW_AUTHOURL=
-FW_PROXY=
-FW_PORT=
-
-#SMTP Server Details for Java Mail
-onap_smtp_host=
-onap_smtp_port=25
-onap_smtp_userName=
-onap_smtp_password=
-onap_smtp_emailExtension=
-onap_application_name=
-
-#-----------------------ONAP-PORTAL-Properties----------------------
-
-ONAP_REDIRECT_URL=https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm
-ONAP_REST_URL=https://portal-app:8443/ONAPPORTAL/auxapi
-ONAP_UEB_URL_LIST=
-ONAP_PORTAL_INBOX_NAME=
-ONAP_UEB_APP_KEY=ueb_key_5
-ONAP_UEB_APP_SECRET=ueb_key_5
-ONAP_UEB_APP_MAILBOX_NAME=
-APP_DISPLAY_NAME=ONAP Policy
-ONAP_SHARED_CONTEXT_REST_URL=http://portal-app.{{.Release.Namespace}}:8989/ONAPPORTAL/context
diff --git a/kubernetes/policy/resources/config/pe/elk.conf b/kubernetes/policy/resources/config/pe/elk.conf
deleted file mode 100644
index 2750bff702..0000000000
--- a/kubernetes/policy/resources/config/pe/elk.conf
+++ /dev/null
@@ -1,17 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# elasticsearch
-
-ELK_JMX_PORT=9995
diff --git a/kubernetes/policy/resources/config/pe/mysql.conf b/kubernetes/policy/resources/config/pe/mysql.conf
deleted file mode 100644
index d4f83d414e..0000000000
--- a/kubernetes/policy/resources/config/pe/mysql.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# mysql scripts component installation configuration parameters
-
-# Path to mysql bin
-MYSQL_BIN=/usr/local/mysql/bin
-
diff --git a/kubernetes/policy/resources/config/pe/pap.conf b/kubernetes/policy/resources/config/pe/pap.conf
deleted file mode 100644
index ee1a492bc2..0000000000
--- a/kubernetes/policy/resources/config/pe/pap.conf
+++ /dev/null
@@ -1,68 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# pap component installation configuration parameters
-
-# tomcat specific parameters
-
-TOMCAT_JMX_PORT=9990
-TOMCAT_SHUTDOWN_PORT=9405
-SSL_HTTP_CONNECTOR_PORT=9091
-SSL_AJP_CONNECTOR_PORT=8380
-SSL_AJP_CONNECTOR_REDIRECT_PORT=8443
-
-TOMCAT_X_MS_MB=1024
-TOMCAT_X_MX_MB=1024
-
-# pap properties
-
-PAP_PDPS=/opt/app/policy/servers/pap/bin/pdps
-PAP_URL=https://{{ include "common.servicename" . }}:{{.Values.service.externalPort2}}/pap/
-
-PAP_INITIATE_PDP=true
-PAP_HEARTBEAT_INTERVAL=10000
-PAP_HEARTBEAT_TIMEOUT=10000
-
-REST_ADMIN_DOMAIN=com
-REST_ADMIN_REPOSITORY=repository
-REST_ADMIN_WORKSPACE=workspace
-
-# PDP related properties
-PAP_PDP_URL=https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-0.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/,testpdp,alpha123;https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-1.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/,testpdp,alpha123;https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-2.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/,testpdp,alpha123;https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-3.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/
-PAP_PDP_HTTP_USER_ID=testpdp
-PAP_PDP_HTTP_PASSWORD=alpha123
-
-PAP_HTTP_USER_ID=testpap
-PAP_HTTP_PASSWORD=alpha123
-
-#new values added 10-21-2015
-PROP_PAP_TRANS_WAIT=500000
-PROP_PAP_TRANS_TIMEOUT=5000
-PROP_PAP_AUDIT_TIMEOUT=300000
-PROP_PAP_RUN_AUDIT_FLAG=true
-PROP_PAP_AUDIT_FLAG=true
-
-PROP_PAP_INCOMINGNOTIFICATION_TRIES=4
-
-
-node_type=pap
-resource_name=pap_1
-dependency_groups=paplp_1
-test_via_jmx=true
-
-# The (optional) period of time in seconds between executions of the integrity audit.
-# Value < 0 : Audit does not run (default value if property is not present = -1)
-# Value = 0 : Audit runs continuously
-# Value > 0 : The period of time in seconds between execution of the audit on a particular node
-integrity_audit_period_seconds=-1
diff --git a/kubernetes/policy/resources/config/pe/paplp.conf b/kubernetes/policy/resources/config/pe/paplp.conf
deleted file mode 100644
index 34186d5652..0000000000
--- a/kubernetes/policy/resources/config/pe/paplp.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# JVM specific parameters
-LOGPARSER_JMX_PORT=9996
-LOGPARSER_X_MS_MB=1024
-LOGPARSER_X_MX_MB=1024
-
-SERVER=https://{{ include "common.servicename" . }}:{{.Values.service.externalPort2}}/pap/
-LOGPATH=/var/log/onap/policy/pap/pap-rest.log
-PARSERLOGPATH=/opt/app/policy/servers/paplp/bin/IntegrityMonitor.log
-
-node_type=logparser
-# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase
-resource_name=paplp_1
diff --git a/kubernetes/policy/templates/NOTES.txt b/kubernetes/policy/templates/NOTES.txt
deleted file mode 100644
index fa0aa7d258..0000000000
--- a/kubernetes/policy/templates/NOTES.txt
+++ /dev/null
@@ -1,33 +0,0 @@
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/policy/templates/configmap.yaml b/kubernetes/policy/templates/configmap.yaml
index 8c804c35ed..7809c746bb 100644..100755
--- a/kubernetes/policy/templates/configmap.yaml
+++ b/kubernetes/policy/templates/configmap.yaml
@@ -1,5 +1,6 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,35 +13,17 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ include "common.fullname" . }}-log-configmap
-  namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/xacml-pap-rest/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-sdk-log-configmap
-  namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/ep_sdk_app/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-pe-configmap
-  namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
   name: {{ include "common.fullname" . }}-db-configmap
   namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
 data:
 {{ tpl (.Files.Glob "resources/config/db.sh").AsConfig . | indent 2 }}
diff --git a/kubernetes/policy/templates/deployment.yaml b/kubernetes/policy/templates/deployment.yaml
deleted file mode 100644
index 73493056b7..0000000000
--- a/kubernetes/policy/templates/deployment.yaml
+++ /dev/null
@@ -1,182 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-spec:
-  selector:
-    matchLabels:
-      app: {{ include "common.name" . }}
-  replicas: {{ .Values.replicaCount }}
-  template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
-    spec:
-      initContainers:
-      - command:
-        - sh
-        args:
-        - -c
-        - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done"
-        env:
-        - name: JDBC_USER
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
-        - name: JDBC_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
-        volumeMounts:
-        - mountPath: /config-input
-          name: pe
-        - mountPath: /config
-          name: pe-processed
-        image: "{{ .Values.global.envsubstImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-update-config
-      - command:
-        - /root/ready.py
-        args:
-        - --container-name
-        - {{ include "common.release" . }}-galera-config
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-readiness
-      containers:
-        - command:
-          - /bin/bash
-          - ./do-start.sh
-          - pap
-          name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          resources:
-{{ include "common.resources" . | indent 12 }}
-          ports:
-          - containerPort: {{ .Values.service.externalPort }}
-          - containerPort: {{ .Values.service.externalPort2 }}
-          {{- if eq .Values.liveness.enabled true }}
-          livenessProbe:
-            tcpSocket:
-              port: {{ .Values.service.externalPort }}
-            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
-            periodSeconds: {{ .Values.liveness.periodSeconds }}
-          {{ end -}}
-          readinessProbe:
-            tcpSocket:
-              port: {{ .Values.service.externalPort }}
-            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
-            periodSeconds: {{ .Values.readiness.periodSeconds }}
-          env:
-          - name: PRELOAD_POLICIES
-            value: "{{ .Values.config.preloadPolicies }}"
-          volumeMounts:
-          - mountPath: /etc/localtime
-            name: localtime
-            readOnly: true
-          - mountPath: /tmp/policy-install/config/pap-tweaks.sh
-            name: pe-pap
-            subPath: pap-tweaks.sh
-          - mountPath: /tmp/policy-install/config/paplp.conf
-            name: pe-pap
-            subPath: paplp.conf
-          - mountPath: /tmp/policy-install/config/pap.conf
-            name: pe-pap
-            subPath: pap.conf
-          - mountPath: /tmp/policy-install/config/mysql.conf
-            name: pe-pap
-            subPath: mysql.conf
-          - mountPath: /tmp/policy-install/config/elk.conf
-            name: pe-pap
-            subPath: elk.conf
-          - mountPath: /tmp/policy-install/config/console.conf
-            name: pe-pap
-            subPath: console.conf
-          - mountPath: /tmp/policy-install/config/base.conf
-            name: pe-processed
-            subPath: base.conf
-          - mountPath: /tmp/policy-install/do-start.sh
-            name: pe-scripts
-            subPath: do-start.sh
-          - mountPath: /var/log/onap
-            name: policy-logs
-          - mountPath: /tmp/policy-install/logback.xml
-            name: policy-sdk-logback
-            subPath: logback.xml
-          - mountPath: /tmp/logback.xml
-            name: policy-logback
-            subPath: logback.xml
-          lifecycle:
-            postStart:
-              exec:
-                command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/opt/app/policy/servers/pap/webapps/pap/WEB-INF/classes/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; export SRC=/tmp/policy-install/logback.xml; export DST=/opt/app/policy/servers/console/webapps/onap/WEB-INF/classes/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
-        - image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.global.loggingImage | default .Values.loggingImage }}"
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          name: filebeat-onap
-          volumeMounts:
-          - mountPath: /usr/share/filebeat/filebeat.yml
-            name: filebeat-conf
-            subPath: filebeat.yml
-          - mountPath: /var/log/onap
-            name: policy-logs
-          - mountPath: /usr/share/filebeat/data
-            name: policy-data-filebeat
-      volumes:
-        - name: localtime
-          hostPath:
-            path: /etc/localtime
-        - name: filebeat-conf
-          configMap:
-            name: {{ include "common.release" . }}-filebeat-configmap
-        - name: policy-logs
-          emptyDir: {}
-        - name: policy-data-filebeat
-          emptyDir: {}
-        - name: policy-logback
-          configMap:
-            name: {{ include "common.fullname" . }}-log-configmap
-        - name: policy-sdk-logback
-          configMap:
-            name: {{ include "common.fullname" . }}-sdk-log-configmap
-        - name: pe
-          configMap:
-            name: {{ include "common.release" . }}-pe-configmap
-            defaultMode: 0755
-        - name: pe-scripts
-          configMap:
-            name: {{ include "common.release" . }}-pe-scripts-configmap
-            defaultMode: 0777
-        - name: pe-pap
-          configMap:
-            name: {{ include "common.fullname" . }}-pe-configmap
-            defaultMode: 0755
-        - name: pe-processed
-          emptyDir:
-            medium: Memory
-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml
index f6a1ace3dc..2c51728772 100644..100755
--- a/kubernetes/policy/templates/job.yaml
+++ b/kubernetes/policy/templates/job.yaml
@@ -1,4 +1,6 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada
+# Modifications Copyright © 2020 AT&T Intellectual Property
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,11 +13,12 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: {{ include "common.release" . }}-galera-config
+  name: {{ include "common.release" . }}-policy-galera-config
   namespace: {{ include "common.namespace" . }}
   labels:
     app: {{ include "common.name" . }}-job
@@ -30,10 +33,10 @@ spec:
       initContainers:
 #This container checks that all galera instances are up before initializing it.
       - name: {{ include "common.name" . }}-readiness
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
-        - /root/ready.py
+        - /app/ready.py
         - --container-name
         - {{ index .Values "mariadb-galera" "service" "name" }}
         env:
@@ -43,7 +46,7 @@ spec:
               apiVersion: v1
               fieldPath: metadata.namespace
       containers:
-      - name: {{ include "common.release" . }}-galera-config
+      - name: {{ include "common.release" . }}-policy-galera-config
         image: {{ .Values.mariadb_image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
@@ -64,6 +67,8 @@ spec:
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
         - name: MYSQL_PORT
           value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
+        resources:
+{{ include "common.resources" . }}
       restartPolicy: Never
       volumes:
         - name: {{ include "common.fullname" . }}-config
diff --git a/kubernetes/policy/templates/secrets.yaml b/kubernetes/policy/templates/secrets.yaml
index c1f98ba3cc..24c3857e6a 100644..100755
--- a/kubernetes/policy/templates/secrets.yaml
+++ b/kubernetes/policy/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T, Orange
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/templates/service.yaml b/kubernetes/policy/templates/service.yaml
deleted file mode 100644
index 9f4ad9bed4..0000000000
--- a/kubernetes/policy/templates/service.yaml
+++ /dev/null
@@ -1,46 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "common.servicename" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    {{if eq .Values.service.type "NodePort" -}}
-    - port: {{ .Values.service.externalPort }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
-      name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
-    - port: {{ .Values.service.externalPort2 }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
-      name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
-    {{- else -}}
-    - port: {{ .Values.service.externalPort }}
-      targetPort: {{ .Values.service.internalPort }}
-      name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
-    - port: {{ .Values.service.externalPort2 }}
-      targetPort: {{ .Values.service.internalPort2 }}
-      name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
-    {{- end}}
-  selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 4de13eee2d..714f9d928c 100644..100755
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -1,5 +1,5 @@
 # Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2020 AT&T
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,23 +17,8 @@
 # Global configuration defaults.
 #################################################################
 global:
-  nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  envsubstImage: dibi/envsubst
-  ubuntuImage: ubuntu:16.04
-  pdp:
-    nameOverride: pdp
-  pap:
-    nameOverride: pap
-  drools:
-    nameOverride: drools
-  brmwgw:
-    nameOverride: brmsgw
-  nexus:
-    nameOverride: nexus
+  readinessImage: onap/oom/readiness:3.0.1
+  aafEnabled: true
   mariadb:
     # '&mariadbConfig' means we "store" the values for  later use in the file
     # with '*mariadbConfig' pointer.
@@ -62,49 +47,44 @@ secrets:
     password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
     passwordPolicy: generate
 
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.4
-mariadb_image: library/mariadb:10
-pullPolicy: Always
-
-subChartsOnly:
-  enabled: true
-
 db: &dbSecretsHook
   credsExternalSecret: *dbSecretName
 
-pap:
-  nameOverride: pap
+policy-api:
+  enabled: true
   db: *dbSecretsHook
-pdp:
-  nameOverride: pdp
+policy-pap:
+  enabled: true
   db: *dbSecretsHook
-drools:
-  nameOverride: drools
+policy-xacml-pdp:
+  enabled: true
   db: *dbSecretsHook
-brmsgw:
-  nameOverride: brmsgw
+policy-apex-pdp:
+  enabled: true
   db: *dbSecretsHook
-policy-api:
+policy-drools-pdp:
+  enabled: true
   db: *dbSecretsHook
-policy-xacml-pdp:
+policy-distribution:
+  enabled: true
   db: *dbSecretsHook
+policy-nexus:
+  enabled: false
 
-nexus:
-  nameOverride: nexus
+#################################################################
+# DB configuration defaults.
+#################################################################
+
+repository: nexus3.onap.org:10001
+mariadb_image: library/mariadb:10
+pullPolicy: Always
+
+subChartsOnly:
+  enabled: true
 
 # flag to enable debugging - application support required
 debugEnabled: false
 
-# application configuration
-config:
-  preloadPolicies: false
-  pdpPort: 8081
-
 # default number of instances
 replicaCount: 1
 
@@ -124,26 +104,6 @@ readiness:
   initialDelaySeconds: 10
   periodSeconds: 10
 
-service:
-  type: NodePort
-  name: pap
-  portName: pap
-  internalPort: 8443
-  externalPort: 8443
-  nodePort: 19
-  internalPort2: 9091
-  externalPort2: 9091
-  nodePort2: 18
-
-ingress:
-  enabled: false
-  service:
-    - baseaddr: "policy.api"
-      name: "pap"
-      port: 8443
-  config:
-    ssl: "redirect"
-
 mariadb-galera:
   # mariadb-galera.config and global.mariadb.config must be equals
   config:
@@ -163,21 +123,22 @@ mariadb-galera:
     lower_case_table_names = 1
 
 # Resource Limit flavor -By Default using small
+# Segregation for Different environment (small, large, or unlimited)
 flavor: small
-# Segregation for Different environment (Small and Large)
 resources:
   small:
     limits:
       cpu: 1
       memory: 4Gi
     requests:
-      cpu: 10m
+      cpu: 100m
       memory: 1Gi
   large:
     limits:
       cpu: 2
       memory: 8Gi
     requests:
-      cpu: 20m
+      cpu: 200m
       memory: 2Gi
   unlimited: {}
+
diff --git a/kubernetes/pomba/Makefile b/kubernetes/pomba/Makefile
new file mode 100644
index 0000000000..4c79718d02
--- /dev/null
+++ b/kubernetes/pomba/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/pomba/charts/pomba-aaictxbuilder/requirements.yaml b/kubernetes/pomba/charts/pomba-aaictxbuilder/requirements.yaml
deleted file mode 100644
index e4c7240290..0000000000
--- a/kubernetes/pomba/charts/pomba-aaictxbuilder/requirements.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
-  - name: common
-    version: ~6.x-0
-    repository: '@local'
diff --git a/kubernetes/pomba/charts/pomba-kibana/requirements.yaml b/kubernetes/pomba/charts/pomba-kibana/requirements.yaml
deleted file mode 100644
index 6a61926e9e..0000000000
--- a/kubernetes/pomba/charts/pomba-kibana/requirements.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
-  - name: common
-    version: ~6.x-0
-    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/requirements.yaml b/kubernetes/pomba/charts/pomba-networkdiscovery/requirements.yaml
deleted file mode 100644
index e10a513d1a..0000000000
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/requirements.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-# Copyright © 2018 Amdocs

-#

-# Licensed under the Apache License, Version 2.0 (the "License");

-# you may not use this file except in compliance with the License.

-# You may obtain a copy of the License at

-#

-#       http://www.apache.org/licenses/LICENSE-2.0

-#

-# Unless required by applicable law or agreed to in writing, software

-# distributed under the License is distributed on an "AS IS" BASIS,

-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

-# See the License for the specific language governing permissions and

-# limitations under the License.

-

-dependencies:

-  - name: common

-    version: ~6.x-0

-    repository: '@local'

diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/requirements.yaml b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/requirements.yaml
deleted file mode 100644
index e4c7240290..0000000000
--- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/requirements.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
-  - name: common
-    version: ~6.x-0
-    repository: '@local'
diff --git a/kubernetes/pomba/charts/pomba-sdcctxbuilder/requirements.yaml b/kubernetes/pomba/charts/pomba-sdcctxbuilder/requirements.yaml
deleted file mode 100644
index 6a61926e9e..0000000000
--- a/kubernetes/pomba/charts/pomba-sdcctxbuilder/requirements.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
-  - name: common
-    version: ~6.x-0
-    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/requirements.yaml b/kubernetes/pomba/charts/pomba-sdncctxbuilder/requirements.yaml
deleted file mode 100644
index e4c7240290..0000000000
--- a/kubernetes/pomba/charts/pomba-sdncctxbuilder/requirements.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
-  - name: common
-    version: ~6.x-0
-    repository: '@local'
diff --git a/kubernetes/pomba/charts/pomba-servicedecomposition/requirements.yaml b/kubernetes/pomba/charts/pomba-servicedecomposition/requirements.yaml
deleted file mode 100644
index 0b858a9edb..0000000000
--- a/kubernetes/pomba/charts/pomba-servicedecomposition/requirements.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-# Copyright � 2018 Amdocs

-#

-# Licensed under the Apache License, Version 2.0 (the "License");

-# you may not use this file except in compliance with the License.

-# You may obtain a copy of the License at

-#

-#       http://www.apache.org/licenses/LICENSE-2.0

-#

-# Unless required by applicable law or agreed to in writing, software

-# distributed under the License is distributed on an "AS IS" BASIS,

-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

-# See the License for the specific language governing permissions and

-# limitations under the License.

-

-dependencies:

-  - name: common

-    version: ~6.x-0

-    repository: '@local'

diff --git a/kubernetes/pomba/charts/pomba-servicedecomposition/templates/service.yaml b/kubernetes/pomba/charts/pomba-servicedecomposition/templates/service.yaml
deleted file mode 100644
index 8d8e3f3b39..0000000000
--- a/kubernetes/pomba/charts/pomba-servicedecomposition/templates/service.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "common.servicename" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    {{if eq .Values.service.type "NodePort" -}}
-    - port: {{ .Values.service.externalPort }}
-      #Example internal target port if required
-      #targetPort: {{ .Values.service.internalPort }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
-      name: {{ .Values.service.portName | default "http" }}
-    {{- else -}}
-    - port: {{ .Values.service.externalPort }}
-      targetPort: {{ .Values.service.internalPort }}
-      name: {{ .Values.service.portName | default "http" }}
-    {{- end}}
-  selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
diff --git a/kubernetes/pomba/components/Makefile b/kubernetes/pomba/components/Makefile
new file mode 100644
index 0000000000..bf267b7720
--- /dev/null
+++ b/kubernetes/pomba/components/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/pomba/charts/pomba-aaictxbuilder/Chart.yaml b/kubernetes/pomba/components/pomba-aaictxbuilder/Chart.yaml
index 92f1596141..92f1596141 100644
--- a/kubernetes/pomba/charts/pomba-aaictxbuilder/Chart.yaml
+++ b/kubernetes/pomba/components/pomba-aaictxbuilder/Chart.yaml
diff --git a/kubernetes/oof/charts/oof-has/requirements.yaml b/kubernetes/pomba/components/pomba-aaictxbuilder/requirements.yaml
index 685abbcc66..fbe51550f0 100755..100644
--- a/kubernetes/oof/charts/oof-has/requirements.yaml
+++ b/kubernetes/pomba/components/pomba-aaictxbuilder/requirements.yaml
@@ -1,5 +1,4 @@
 # Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,6 +16,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
-  - name: music
+  - name: repositoryGenerator
     version: ~6.x-0
     repository: '@local'
diff --git a/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/application.properties b/kubernetes/pomba/components/pomba-aaictxbuilder/resources/config/application.properties
index e171d173aa..fb27d9ce80 100644
--- a/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/application.properties
+++ b/kubernetes/pomba/components/pomba-aaictxbuilder/resources/config/application.properties
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License
+*/}}
 
 spring.jersey.type=filter
 spring.mvc.urls=swagger,docs,prometheus,auditevents,info,heapdump,autoconfig,beans,loggers,dump,env,trace,health,configprops,mappings,metrics,webjars
diff --git a/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/logback.xml b/kubernetes/pomba/components/pomba-aaictxbuilder/resources/config/logback.xml
index 0a4b616453..0a4b616453 100644
--- a/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/logback.xml
+++ b/kubernetes/pomba/components/pomba-aaictxbuilder/resources/config/logback.xml
diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/templates/configmap.yaml b/kubernetes/pomba/components/pomba-aaictxbuilder/templates/configmap.yaml
index 7c47fea02c..d0e26326ce 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/templates/configmap.yaml
+++ b/kubernetes/pomba/components/pomba-aaictxbuilder/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -12,6 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/pomba/charts/pomba-aaictxbuilder/templates/deployment.yaml b/kubernetes/pomba/components/pomba-aaictxbuilder/templates/deployment.yaml
index 0728a36061..d657215315 100644
--- a/kubernetes/pomba/charts/pomba-aaictxbuilder/templates/deployment.yaml
+++ b/kubernetes/pomba/components/pomba-aaictxbuilder/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: extensions/v1beta1
 kind: Deployment
@@ -32,7 +34,7 @@ spec:
     spec:
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
@@ -83,7 +85,7 @@ spec:
 
         # Filebeat sidecar container
         - name: {{ include "common.name" . }}-filebeat-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-filebeat-conf
diff --git a/kubernetes/pomba/charts/pomba-aaictxbuilder/templates/service.yaml b/kubernetes/pomba/components/pomba-aaictxbuilder/templates/service.yaml
index 8d8e3f3b39..2ebd6758a0 100644
--- a/kubernetes/pomba/charts/pomba-aaictxbuilder/templates/service.yaml
+++ b/kubernetes/pomba/components/pomba-aaictxbuilder/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/pomba/charts/pomba-aaictxbuilder/values.yaml b/kubernetes/pomba/components/pomba-aaictxbuilder/values.yaml
index c679b508b4..89cfd4d8d9 100644
--- a/kubernetes/pomba/charts/pomba-aaictxbuilder/values.yaml
+++ b/kubernetes/pomba/components/pomba-aaictxbuilder/values.yaml
@@ -17,13 +17,34 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  repository: nexus3.onap.org:10001
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: db-secret
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+    login: '{{ .Values.db.user }}'
+    password: '{{ .Values.db.password }}'
+    passwordPolicy: required
+  - uid: pdp-http-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}'
+    login: '{{ .Values.pdp.pdphttpuserid }}'
+    password: '{{ .Values.pdp.pdphttppassword }}'
+    passwordPolicy: required
+  - uid: pap-http-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}'
+    login: '{{ .Values.pap.pdppappdphttpuserid }}'
+    password: '{{ .Values.pap.pdppappdphttppassword }}'
+    passwordPolicy: required
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
 image:  onap/pomba-aai-context-builder:1.5.1
 pullPolicy: Always
 
diff --git a/kubernetes/multicloud/charts/multicloud-windriver/.helmignore b/kubernetes/pomba/components/pomba-contextaggregator/.helmignore
index f0c1319444..f0c1319444 100644..100755
--- a/kubernetes/multicloud/charts/multicloud-windriver/.helmignore
+++ b/kubernetes/pomba/components/pomba-contextaggregator/.helmignore
diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/Chart.yaml b/kubernetes/pomba/components/pomba-contextaggregator/Chart.yaml
index 10dfcd743a..10dfcd743a 100644
--- a/kubernetes/pomba/charts/pomba-contextaggregator/Chart.yaml
+++ b/kubernetes/pomba/components/pomba-contextaggregator/Chart.yaml
diff --git a/kubernetes/pomba/components/pomba-contextaggregator/requirements.yaml b/kubernetes/pomba/components/pomba-contextaggregator/requirements.yaml
new file mode 100644
index 0000000000..fbe51550f0
--- /dev/null
+++ b/kubernetes/pomba/components/pomba-contextaggregator/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/application.properties b/kubernetes/pomba/components/pomba-contextaggregator/resources/config/application.properties
index 8ffeb09d21..cddeeb3128 100755
--- a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/application.properties
+++ b/kubernetes/pomba/components/pomba-contextaggregator/resources/config/application.properties
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 server.port=9529
 server.ssl.key-store=/auth/tomcat_keystore
 server.ssl.key-store-password=onapSecret
diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/aai.properties b/kubernetes/pomba/components/pomba-contextaggregator/resources/config/builders/aai.properties
index db72a01a5e..a7dfa1adb8 100755
--- a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/aai.properties
+++ b/kubernetes/pomba/components/pomba-contextaggregator/resources/config/builders/aai.properties
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 server.host={{ .Values.config.aaiCtxBuilderHost }}
 basicauth.username={{ .Values.config.aaiCtxBuilderUsername }}
diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/ndcb.properties b/kubernetes/pomba/components/pomba-contextaggregator/resources/config/builders/ndcb.properties
index f07cb65c31..c8daafc6e8 100644
--- a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/ndcb.properties
+++ b/kubernetes/pomba/components/pomba-contextaggregator/resources/config/builders/ndcb.properties
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 server.host={{ .Values.global.networkdiscoveryCtxBuilderHost }}
 basicauth.username={{ .Values.config.networkdiscoveryCtxBuilderUsername }}
diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/sdc.properties b/kubernetes/pomba/components/pomba-contextaggregator/resources/config/builders/sdc.properties
index 77789f49bd..7cf98b1ddd 100755
--- a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/sdc.properties
+++ b/kubernetes/pomba/components/pomba-contextaggregator/resources/config/builders/sdc.properties
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 server.host={{ .Values.config.sdcCtxBuilderHost }}
 basicauth.username={{ .Values.config.sdcCtxBuilderUsername }}
 basicauth.password={{ .Values.config.sdcCtxBuilderPassword }}
diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/sdnc.properties b/kubernetes/pomba/components/pomba-contextaggregator/resources/config/builders/sdnc.properties
index b36f0c3175..85c213e966 100644
--- a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/sdnc.properties
+++ b/kubernetes/pomba/components/pomba-contextaggregator/resources/config/builders/sdnc.properties
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 server.host={{ .Values.config.sdncCtxBuilderHost }}
 basicauth.username={{ .Values.config.sdncCtxBuilderUsername }}
 basicauth.password={{ .Values.config.sdncCtxBuilderPassword }}
diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/logback.xml b/kubernetes/pomba/components/pomba-contextaggregator/resources/config/logback.xml
index 0a4b616453..0a4b616453 100644
--- a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/logback.xml
+++ b/kubernetes/pomba/components/pomba-contextaggregator/resources/config/logback.xml
diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/templates/configmap.yaml b/kubernetes/pomba/components/pomba-contextaggregator/templates/configmap.yaml
index 6225338c76..0af3832c49 100755
--- a/kubernetes/pomba/charts/pomba-contextaggregator/templates/configmap.yaml
+++ b/kubernetes/pomba/components/pomba-contextaggregator/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/templates/deployment.yaml b/kubernetes/pomba/components/pomba-contextaggregator/templates/deployment.yaml
index 226a1c4f65..a8cab88b6a 100755
--- a/kubernetes/pomba/charts/pomba-contextaggregator/templates/deployment.yaml
+++ b/kubernetes/pomba/components/pomba-contextaggregator/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: extensions/v1beta1
 kind: Deployment
@@ -32,7 +34,7 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - message-router
@@ -42,12 +44,12 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
@@ -101,7 +103,7 @@ spec:
 
         # Filebeat sidecar container
         - name: {{ include "common.name" . }}-filebeat-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-filebeat-conf
diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/templates/service.yaml b/kubernetes/pomba/components/pomba-contextaggregator/templates/service.yaml
index 8d8e3f3b39..2ebd6758a0 100644
--- a/kubernetes/pomba/charts/pomba-contextaggregator/templates/service.yaml
+++ b/kubernetes/pomba/components/pomba-contextaggregator/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/values.yaml b/kubernetes/pomba/components/pomba-contextaggregator/values.yaml
index 1756f7c5d9..6745f00b41 100755
--- a/kubernetes/pomba/charts/pomba-contextaggregator/values.yaml
+++ b/kubernetes/pomba/components/pomba-contextaggregator/values.yaml
@@ -17,9 +17,6 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  repository: nexus3.onap.org:10001
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
 
 #################################################################
 # Application configuration defaults.
diff --git a/kubernetes/pnda/charts/dcae-pnda-mirror/.helmignore b/kubernetes/pomba/components/pomba-data-router/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/pnda/charts/dcae-pnda-mirror/.helmignore
+++ b/kubernetes/pomba/components/pomba-data-router/.helmignore
diff --git a/kubernetes/pomba/charts/pomba-data-router/Chart.yaml b/kubernetes/pomba/components/pomba-data-router/Chart.yaml
index ce2fbacfa6..ce2fbacfa6 100644
--- a/kubernetes/pomba/charts/pomba-data-router/Chart.yaml
+++ b/kubernetes/pomba/components/pomba-data-router/Chart.yaml
diff --git a/kubernetes/pomba/components/pomba-data-router/requirements.yaml b/kubernetes/pomba/components/pomba-data-router/requirements.yaml
new file mode 100644
index 0000000000..fbe51550f0
--- /dev/null
+++ b/kubernetes/pomba/components/pomba-data-router/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/pomba/charts/pomba-data-router/resources/config/auth/client-cert-onap.p12 b/kubernetes/pomba/components/pomba-data-router/resources/config/auth/client-cert-onap.p12
index dbf4fcacec..dbf4fcacec 100644
--- a/kubernetes/pomba/charts/pomba-data-router/resources/config/auth/client-cert-onap.p12
+++ b/kubernetes/pomba/components/pomba-data-router/resources/config/auth/client-cert-onap.p12
diff --git a/kubernetes/pomba/charts/pomba-data-router/resources/config/auth/data-router_policy.json b/kubernetes/pomba/components/pomba-data-router/resources/config/auth/data-router_policy.json
index 18659a5d4d..18659a5d4d 100644
--- a/kubernetes/pomba/charts/pomba-data-router/resources/config/auth/data-router_policy.json
+++ b/kubernetes/pomba/components/pomba-data-router/resources/config/auth/data-router_policy.json
diff --git a/kubernetes/pomba/charts/pomba-data-router/resources/config/auth/tomcat_keystore b/kubernetes/pomba/components/pomba-data-router/resources/config/auth/tomcat_keystore
index 9eec841aa2..9eec841aa2 100644
--- a/kubernetes/pomba/charts/pomba-data-router/resources/config/auth/tomcat_keystore
+++ b/kubernetes/pomba/components/pomba-data-router/resources/config/auth/tomcat_keystore
diff --git a/kubernetes/pomba/components/pomba-data-router/resources/config/data-router.properties b/kubernetes/pomba/components/pomba-data-router/resources/config/data-router.properties
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/kubernetes/pomba/components/pomba-data-router/resources/config/data-router.properties
diff --git a/kubernetes/pomba/charts/pomba-data-router/resources/config/schemaIngest.properties b/kubernetes/pomba/components/pomba-data-router/resources/config/schemaIngest.properties
index 946bb63a13..ca9c4e557f 100644
--- a/kubernetes/pomba/charts/pomba-data-router/resources/config/schemaIngest.properties
+++ b/kubernetes/pomba/components/pomba-data-router/resources/config/schemaIngest.properties
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 
 # Properties for the SchemaLocationsBean
diff --git a/kubernetes/pomba/charts/pomba-data-router/resources/dynamic/conf/audit-bean.xml b/kubernetes/pomba/components/pomba-data-router/resources/dynamic/conf/audit-bean.xml
index 3f22a8b701..3f22a8b701 100644
--- a/kubernetes/pomba/charts/pomba-data-router/resources/dynamic/conf/audit-bean.xml
+++ b/kubernetes/pomba/components/pomba-data-router/resources/dynamic/conf/audit-bean.xml
diff --git a/kubernetes/pomba/charts/pomba-data-router/resources/dynamic/conf/poa-validation-bean.xml b/kubernetes/pomba/components/pomba-data-router/resources/dynamic/conf/poa-validation-bean.xml
index c5c8d615e4..c5c8d615e4 100644
--- a/kubernetes/pomba/charts/pomba-data-router/resources/dynamic/conf/poa-validation-bean.xml
+++ b/kubernetes/pomba/components/pomba-data-router/resources/dynamic/conf/poa-validation-bean.xml
diff --git a/kubernetes/pomba/charts/pomba-data-router/resources/dynamic/routes/audit.route b/kubernetes/pomba/components/pomba-data-router/resources/dynamic/routes/audit.route
index db631a84fe..db631a84fe 100644
--- a/kubernetes/pomba/charts/pomba-data-router/resources/dynamic/routes/audit.route
+++ b/kubernetes/pomba/components/pomba-data-router/resources/dynamic/routes/audit.route
diff --git a/kubernetes/pomba/charts/pomba-data-router/resources/dynamic/routes/poaValidation.route b/kubernetes/pomba/components/pomba-data-router/resources/dynamic/routes/poaValidation.route
index 655d436c9d..655d436c9d 100644
--- a/kubernetes/pomba/charts/pomba-data-router/resources/dynamic/routes/poaValidation.route
+++ b/kubernetes/pomba/components/pomba-data-router/resources/dynamic/routes/poaValidation.route
diff --git a/kubernetes/pomba/charts/pomba-data-router/templates/configmap.yaml b/kubernetes/pomba/components/pomba-data-router/templates/configmap.yaml
index c726e48ac7..97b9e8389a 100644
--- a/kubernetes/pomba/charts/pomba-data-router/templates/configmap.yaml
+++ b/kubernetes/pomba/components/pomba-data-router/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/pomba/charts/pomba-data-router/templates/deployment.yaml b/kubernetes/pomba/components/pomba-data-router/templates/deployment.yaml
index 5de98159b9..7b080ea6c7 100644
--- a/kubernetes/pomba/charts/pomba-data-router/templates/deployment.yaml
+++ b/kubernetes/pomba/components/pomba-data-router/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: extensions/v1beta1
 kind: Deployment
@@ -36,7 +38,7 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - pomba-search-data
@@ -46,7 +48,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       - command:
@@ -64,7 +66,7 @@ spec:
               fieldPath: metadata.namespace
         securityContext:
           privileged: true
-        image: {{ .Values.global.dockerhubRepository | default .Values.dockerhubRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+        image: {{ include "repositoryGenerator.image.busybox" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: init-sysctl
         volumeMounts:
@@ -72,7 +74,7 @@ spec:
           mountPath: /logroot/
       containers:
       - name: {{ include "common.name" . }}
-        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         env:
         - name: SERVICE_BEANS
@@ -130,7 +132,7 @@ spec:
 
       # Filebeat sidecar container
       - name: {{ include "common.name" . }}-filebeat-onap
-        image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+        image: {{ include "repositoryGenerator.image.logging" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - name: {{ include "common.fullname" . }}-filebeat-conf
diff --git a/kubernetes/log/charts/log-logstash/templates/ingress.yaml b/kubernetes/pomba/components/pomba-data-router/templates/ingress.yaml
index 8f87c68f1e..8f87c68f1e 100644
--- a/kubernetes/log/charts/log-logstash/templates/ingress.yaml
+++ b/kubernetes/pomba/components/pomba-data-router/templates/ingress.yaml
diff --git a/kubernetes/pomba/charts/pomba-data-router/templates/pv.yaml b/kubernetes/pomba/components/pomba-data-router/templates/pv.yaml
index bab5f83d85..bab5f83d85 100644
--- a/kubernetes/pomba/charts/pomba-data-router/templates/pv.yaml
+++ b/kubernetes/pomba/components/pomba-data-router/templates/pv.yaml
diff --git a/kubernetes/pomba/charts/pomba-data-router/templates/pvc.yaml b/kubernetes/pomba/components/pomba-data-router/templates/pvc.yaml
index 64d5d3d46a..64d5d3d46a 100644
--- a/kubernetes/pomba/charts/pomba-data-router/templates/pvc.yaml
+++ b/kubernetes/pomba/components/pomba-data-router/templates/pvc.yaml
diff --git a/kubernetes/pomba/charts/pomba-data-router/templates/secret.yaml b/kubernetes/pomba/components/pomba-data-router/templates/secret.yaml
index aa7c9388e4..e655997a19 100644
--- a/kubernetes/pomba/charts/pomba-data-router/templates/secret.yaml
+++ b/kubernetes/pomba/components/pomba-data-router/templates/secret.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Secret
diff --git a/kubernetes/pomba/charts/pomba-data-router/templates/service.yaml b/kubernetes/pomba/components/pomba-data-router/templates/service.yaml
index 8e93602d11..decee40960 100644
--- a/kubernetes/pomba/charts/pomba-data-router/templates/service.yaml
+++ b/kubernetes/pomba/components/pomba-data-router/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/pomba/charts/pomba-data-router/values.yaml b/kubernetes/pomba/components/pomba-data-router/values.yaml
index f891dce42f..aed767c9e2 100644
--- a/kubernetes/pomba/charts/pomba-data-router/values.yaml
+++ b/kubernetes/pomba/components/pomba-data-router/values.yaml
@@ -22,17 +22,14 @@
 global:
   nodePortPrefix: 302
   persistence: {}
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
 
 # application image
-repository: nexus3.onap.org:10001
 image: onap/data-router:1.3.3
 pullPolicy: Always
 restartPolicy: Always
 
 # BusyBox image
-busyboxRepository: registry.hub.docker.com
+busyboxRepository: docker.io
 busyboxImage: library/busybox:latest
 
 
diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/Chart.yaml b/kubernetes/pomba/components/pomba-elasticsearch/Chart.yaml
index 70efb7e2b4..70efb7e2b4 100644
--- a/kubernetes/pomba/charts/pomba-elasticsearch/Chart.yaml
+++ b/kubernetes/pomba/components/pomba-elasticsearch/Chart.yaml
diff --git a/kubernetes/pomba/components/pomba-elasticsearch/requirements.yaml b/kubernetes/pomba/components/pomba-elasticsearch/requirements.yaml
new file mode 100644
index 0000000000..fbe51550f0
--- /dev/null
+++ b/kubernetes/pomba/components/pomba-elasticsearch/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/resources/config/elasticsearch.yml b/kubernetes/pomba/components/pomba-elasticsearch/resources/config/elasticsearch.yml
index 2ffa686ba5..2ffa686ba5 100644
--- a/kubernetes/pomba/charts/pomba-elasticsearch/resources/config/elasticsearch.yml
+++ b/kubernetes/pomba/components/pomba-elasticsearch/resources/config/elasticsearch.yml
diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/templates/configmap.yaml b/kubernetes/pomba/components/pomba-elasticsearch/templates/configmap.yaml
index 4ccc7cc526..8ca06753fd 100644
--- a/kubernetes/pomba/charts/pomba-elasticsearch/templates/configmap.yaml
+++ b/kubernetes/pomba/components/pomba-elasticsearch/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/templates/deployment.yaml b/kubernetes/pomba/components/pomba-elasticsearch/templates/deployment.yaml
index 39303c4a6c..578a5cd723 100644
--- a/kubernetes/pomba/charts/pomba-elasticsearch/templates/deployment.yaml
+++ b/kubernetes/pomba/components/pomba-elasticsearch/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: extensions/v1beta1
 kind: Deployment
@@ -48,7 +50,7 @@ spec:
               fieldPath: metadata.namespace
         securityContext:
           privileged: true
-        image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }}
+        image: {{ include "repositoryGenerator.image.busybox" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: init-sysctl
         volumeMounts:
@@ -56,7 +58,7 @@ spec:
           mountPath: /logroot/
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.elasticRepository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/templates/pv-data.yaml b/kubernetes/pomba/components/pomba-elasticsearch/templates/pv-data.yaml
index 18994300db..18994300db 100644
--- a/kubernetes/pomba/charts/pomba-elasticsearch/templates/pv-data.yaml
+++ b/kubernetes/pomba/components/pomba-elasticsearch/templates/pv-data.yaml
diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/templates/pv-logs.yaml b/kubernetes/pomba/components/pomba-elasticsearch/templates/pv-logs.yaml
index 705ea83984..705ea83984 100644
--- a/kubernetes/pomba/charts/pomba-elasticsearch/templates/pv-logs.yaml
+++ b/kubernetes/pomba/components/pomba-elasticsearch/templates/pv-logs.yaml
diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/templates/pvc-data.yaml b/kubernetes/pomba/components/pomba-elasticsearch/templates/pvc-data.yaml
index 4004e00f7e..4004e00f7e 100644
--- a/kubernetes/pomba/charts/pomba-elasticsearch/templates/pvc-data.yaml
+++ b/kubernetes/pomba/components/pomba-elasticsearch/templates/pvc-data.yaml
diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/templates/pvc-logs.yaml b/kubernetes/pomba/components/pomba-elasticsearch/templates/pvc-logs.yaml
index f5898c129f..f5898c129f 100644
--- a/kubernetes/pomba/charts/pomba-elasticsearch/templates/pvc-logs.yaml
+++ b/kubernetes/pomba/components/pomba-elasticsearch/templates/pvc-logs.yaml
diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/templates/service.yaml b/kubernetes/pomba/components/pomba-elasticsearch/templates/service.yaml
index 17fe1b5141..0a12afb609 100644
--- a/kubernetes/pomba/charts/pomba-elasticsearch/templates/service.yaml
+++ b/kubernetes/pomba/components/pomba-elasticsearch/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/values.yaml b/kubernetes/pomba/components/pomba-elasticsearch/values.yaml
index 8201eff7b1..04b9434e02 100644
--- a/kubernetes/pomba/charts/pomba-elasticsearch/values.yaml
+++ b/kubernetes/pomba/components/pomba-elasticsearch/values.yaml
@@ -23,12 +23,7 @@ global:
 # Application configuration defaults.
 #################################################################
 
-# BusyBox image
-busyboxRepository: registry.hub.docker.com
-busyboxImage: library/busybox:latest
-
 # application image
-loggingRepository: docker.elastic.co
 image: elasticsearch/elasticsearch:6.6.2
 pullPolicy: Always
 
diff --git a/kubernetes/pomba/charts/pomba-kibana/Chart.yaml b/kubernetes/pomba/components/pomba-kibana/Chart.yaml
index 111730ce49..111730ce49 100644
--- a/kubernetes/pomba/charts/pomba-kibana/Chart.yaml
+++ b/kubernetes/pomba/components/pomba-kibana/Chart.yaml
diff --git a/kubernetes/pomba/components/pomba-kibana/requirements.yaml b/kubernetes/pomba/components/pomba-kibana/requirements.yaml
new file mode 100644
index 0000000000..fbe51550f0
--- /dev/null
+++ b/kubernetes/pomba/components/pomba-kibana/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.crt.pem b/kubernetes/pomba/components/pomba-kibana/resources/auth/pomba.crt.pem
index 11125eaef7..11125eaef7 100644
--- a/kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.crt.pem
+++ b/kubernetes/pomba/components/pomba-kibana/resources/auth/pomba.crt.pem
diff --git a/kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.key.pem b/kubernetes/pomba/components/pomba-kibana/resources/auth/pomba.key.pem
index db46f0d462..db46f0d462 100644
--- a/kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.key.pem
+++ b/kubernetes/pomba/components/pomba-kibana/resources/auth/pomba.key.pem
diff --git a/kubernetes/pomba/charts/pomba-kibana/resources/bin/kibana_start.sh b/kubernetes/pomba/components/pomba-kibana/resources/bin/kibana_start.sh
index 2323fe1280..781a4b7f67 100644
--- a/kubernetes/pomba/charts/pomba-kibana/resources/bin/kibana_start.sh
+++ b/kubernetes/pomba/components/pomba-kibana/resources/bin/kibana_start.sh
@@ -1,6 +1,7 @@
 #!/bin/bash
+{{/*
 
-# Copyright � 2018 Amdocs
+# Copyright � 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -13,6 +14,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 mkdir -p /usr/share/kibana/auth
 chmod 0777 /usr/share/kibana/auth
diff --git a/kubernetes/pomba/charts/pomba-kibana/resources/config/default-mapping.json b/kubernetes/pomba/components/pomba-kibana/resources/config/default-mapping.json
index 77afee7a03..77afee7a03 100644
--- a/kubernetes/pomba/charts/pomba-kibana/resources/config/default-mapping.json
+++ b/kubernetes/pomba/components/pomba-kibana/resources/config/default-mapping.json
diff --git a/kubernetes/pomba/charts/pomba-kibana/resources/config/default.json b/kubernetes/pomba/components/pomba-kibana/resources/config/default.json
index d54dbfe686..d54dbfe686 100644
--- a/kubernetes/pomba/charts/pomba-kibana/resources/config/default.json
+++ b/kubernetes/pomba/components/pomba-kibana/resources/config/default.json
diff --git a/kubernetes/pomba/charts/pomba-kibana/resources/config/kibana.yml b/kubernetes/pomba/components/pomba-kibana/resources/config/kibana.yml
index fdcdd02cc7..fdcdd02cc7 100644
--- a/kubernetes/pomba/charts/pomba-kibana/resources/config/kibana.yml
+++ b/kubernetes/pomba/components/pomba-kibana/resources/config/kibana.yml
diff --git a/kubernetes/pomba/charts/pomba-kibana/templates/configmap.yaml b/kubernetes/pomba/components/pomba-kibana/templates/configmap.yaml
index 4eb25fedcf..8facf30c14 100644
--- a/kubernetes/pomba/charts/pomba-kibana/templates/configmap.yaml
+++ b/kubernetes/pomba/components/pomba-kibana/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/pomba/charts/pomba-kibana/templates/deployment.yaml b/kubernetes/pomba/components/pomba-kibana/templates/deployment.yaml
index c955c6db07..7258784f09 100644
--- a/kubernetes/pomba/charts/pomba-kibana/templates/deployment.yaml
+++ b/kubernetes/pomba/components/pomba-kibana/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: extensions/v1beta1
 kind: Deployment
@@ -32,7 +34,7 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - pomba-elasticsearch
@@ -42,7 +44,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       - args:
@@ -55,7 +57,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.configRepository }}/{{ .Values.configImage }}"
+        image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.configImage }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-config-map
         volumeMounts:
@@ -72,7 +74,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.configRepository }}/{{ .Values.configImage }}"
+        image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.configImage }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-config
         volumeMounts:
@@ -81,7 +83,7 @@ spec:
             subPath: default.json
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.elasticRepository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command: ["/bin/bash"]
           args: ["-c", "/opt/app/bin/kibana_start.sh"]
diff --git a/kubernetes/pomba/charts/pomba-data-router/templates/ingress.yaml b/kubernetes/pomba/components/pomba-kibana/templates/ingress.yaml
index 8f87c68f1e..8f87c68f1e 100644
--- a/kubernetes/pomba/charts/pomba-data-router/templates/ingress.yaml
+++ b/kubernetes/pomba/components/pomba-kibana/templates/ingress.yaml
diff --git a/kubernetes/pomba/charts/pomba-kibana/templates/service.yaml b/kubernetes/pomba/components/pomba-kibana/templates/service.yaml
index 9a12412e74..decd606f35 100644
--- a/kubernetes/pomba/charts/pomba-kibana/templates/service.yaml
+++ b/kubernetes/pomba/components/pomba-kibana/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/pomba/charts/pomba-kibana/values.yaml b/kubernetes/pomba/components/pomba-kibana/values.yaml
index c892f1b85e..deed02fd18 100644
--- a/kubernetes/pomba/charts/pomba-kibana/values.yaml
+++ b/kubernetes/pomba/components/pomba-kibana/values.yaml
@@ -17,23 +17,15 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
   persistence: {}
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # Configuration image
-configRepository: docker.io
 configImage: taskrabbit/elasticsearch-dump
 
-# BusyBox image
-busyboxRepository: registry.hub.docker.com
-busyboxImage: library/busybox:latest
-
 # application image
-loggingRepository: docker.elastic.co
 image: kibana/kibana:6.6.2
 pullPolicy: Always
 
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/Chart.yaml b/kubernetes/pomba/components/pomba-networkdiscovery/Chart.yaml
index 9f8d3651b8..9f8d3651b8 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/Chart.yaml
+++ b/kubernetes/pomba/components/pomba-networkdiscovery/Chart.yaml
diff --git a/kubernetes/pomba/components/pomba-networkdiscovery/requirements.yaml b/kubernetes/pomba/components/pomba-networkdiscovery/requirements.yaml
new file mode 100644
index 0000000000..fbe51550f0
--- /dev/null
+++ b/kubernetes/pomba/components/pomba-networkdiscovery/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties b/kubernetes/pomba/components/pomba-networkdiscovery/resources/config/application.properties
index f09dc05980..19f9690f73 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties
+++ b/kubernetes/pomba/components/pomba-networkdiscovery/resources/config/application.properties
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License
+*/}}
 
 spring.jersey.type=filter
 
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/client-cert-onap.p12 b/kubernetes/pomba/components/pomba-networkdiscovery/resources/config/auth/client-cert-onap.p12
index dbf4fcacec..dbf4fcacec 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/client-cert-onap.p12
+++ b/kubernetes/pomba/components/pomba-networkdiscovery/resources/config/auth/client-cert-onap.p12
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/tomcat_keystore b/kubernetes/pomba/components/pomba-networkdiscovery/resources/config/auth/tomcat_keystore
index 9eec841aa2..9eec841aa2 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/tomcat_keystore
+++ b/kubernetes/pomba/components/pomba-networkdiscovery/resources/config/auth/tomcat_keystore
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/logback.xml b/kubernetes/pomba/components/pomba-networkdiscovery/resources/config/logback.xml
index 0a4b616453..0a4b616453 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/logback.xml
+++ b/kubernetes/pomba/components/pomba-networkdiscovery/resources/config/logback.xml
diff --git a/kubernetes/pomba/charts/pomba-aaictxbuilder/templates/configmap.yaml b/kubernetes/pomba/components/pomba-networkdiscovery/templates/configmap.yaml
index 7c47fea02c..2e1a4387e2 100644
--- a/kubernetes/pomba/charts/pomba-aaictxbuilder/templates/configmap.yaml
+++ b/kubernetes/pomba/components/pomba-networkdiscovery/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -12,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-
+*/}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml b/kubernetes/pomba/components/pomba-networkdiscovery/templates/deployment.yaml
index 5ca2307f4e..be6c7c423a 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml
+++ b/kubernetes/pomba/components/pomba-networkdiscovery/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: extensions/v1beta1
 kind: Deployment
@@ -32,7 +34,7 @@ spec:
     spec:
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
@@ -90,7 +92,7 @@ spec:
 
         # Filebeat sidecar container
         - name: {{ include "common.name" . }}-filebeat-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-filebeat-conf
diff --git a/kubernetes/pomba/charts/pomba-kibana/templates/ingress.yaml b/kubernetes/pomba/components/pomba-networkdiscovery/templates/ingress.yaml
index 8f87c68f1e..8f87c68f1e 100644
--- a/kubernetes/pomba/charts/pomba-kibana/templates/ingress.yaml
+++ b/kubernetes/pomba/components/pomba-networkdiscovery/templates/ingress.yaml
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/secrets.yaml b/kubernetes/pomba/components/pomba-networkdiscovery/templates/secrets.yaml
index ef48fbb5e1..6d357c496d 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/secrets.yaml
+++ b/kubernetes/pomba/components/pomba-networkdiscovery/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, AT&T

 #

 # Licensed under the Apache License, Version 2.0 (the "License");

@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 # See the License for the specific language governing permissions and

 # limitations under the License.

+*/}}
 

 apiVersion: v1

 kind: Secret

diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/service.yaml b/kubernetes/pomba/components/pomba-networkdiscovery/templates/service.yaml
index 73b290178c..a846fe3ec0 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/service.yaml
+++ b/kubernetes/pomba/components/pomba-networkdiscovery/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs

 #

 # Licensed under the Apache License, Version 2.0 (the "License");

@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 # See the License for the specific language governing permissions and

 # limitations under the License.

+*/}}
 

 apiVersion: v1

 kind: Service

diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml b/kubernetes/pomba/components/pomba-networkdiscovery/values.yaml
index ae613c6034..50c837d27d 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml
+++ b/kubernetes/pomba/components/pomba-networkdiscovery/values.yaml
@@ -17,13 +17,11 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  repository: nexus3.onap.org:10001
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
 image:  onap/network-discovery:1.5.1
 pullPolicy: Always
 
@@ -86,7 +84,7 @@ service:
   #Services may use any combination of ports depending on the 'type' of
   #service being defined.
   type: NodePort
-  name: pomba-networkdiscovery  
+  name: pomba-networkdiscovery
   externalPort: 9531
   internalPort: 8443
   nodePort: 99
@@ -100,7 +98,7 @@ ingress:
       port: 8443
   config:
     ssl: "redirect"
-    
+
 # Resource Limit flavor -By Default using small
 flavor: small
 # Segregation for Different environment (Small and Large)
diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/Chart.yaml b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/Chart.yaml
index d7cdd91aa3..d7cdd91aa3 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/Chart.yaml
+++ b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/Chart.yaml
diff --git a/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/requirements.yaml b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/requirements.yaml
new file mode 100644
index 0000000000..fbe51550f0
--- /dev/null
+++ b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/application.properties b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/resources/config/application.properties
index 5317ab353c..6b43aba20e 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/application.properties
+++ b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/resources/config/application.properties
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License
+*/}}
 
 spring.jersey.type=filter
 spring.mvc.urls=swagger,docs,prometheus,auditevents,info,heapdump,autoconfig,beans,loggers,dump,env,trace,health,configprops,mappings,metrics,webjars
diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/logback.xml b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/resources/config/logback.xml
index 0a4b616453..0a4b616453 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/logback.xml
+++ b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/resources/config/logback.xml
diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/configmap.yaml b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/templates/configmap.yaml
index 7c47fea02c..d0e26326ce 100644
--- a/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/configmap.yaml
+++ b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -12,6 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/templates/deployment.yaml b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/templates/deployment.yaml
index 8063f25275..32f35b695e 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/templates/deployment.yaml
+++ b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: extensions/v1beta1
 kind: Deployment
@@ -32,7 +34,7 @@ spec:
     spec:
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
@@ -82,7 +84,7 @@ spec:
 
         # Filebeat sidecar container
         - name: {{ include "common.name" . }}-filebeat-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-filebeat-conf
diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/service.yaml b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/templates/service.yaml
index 8d8e3f3b39..2ebd6758a0 100644
--- a/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/service.yaml
+++ b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/values.yaml
index de7d661f5b..3fa4b8b25e 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml
+++ b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/values.yaml
@@ -17,13 +17,11 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  repository: nexus3.onap.org:10001
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
 image:  onap/pomba-network-discovery-context-builder:1.5.1
 pullPolicy: Always
 
diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/.helmignore b/kubernetes/pomba/components/pomba-sdcctxbuilder/.helmignore
index f0c1319444..f0c1319444 100755..100644
--- a/kubernetes/pomba/charts/pomba-contextaggregator/.helmignore
+++ b/kubernetes/pomba/components/pomba-sdcctxbuilder/.helmignore
diff --git a/kubernetes/pomba/charts/pomba-sdcctxbuilder/Chart.yaml b/kubernetes/pomba/components/pomba-sdcctxbuilder/Chart.yaml
index c75c5a2c8f..c75c5a2c8f 100644
--- a/kubernetes/pomba/charts/pomba-sdcctxbuilder/Chart.yaml
+++ b/kubernetes/pomba/components/pomba-sdcctxbuilder/Chart.yaml
diff --git a/kubernetes/pomba/components/pomba-sdcctxbuilder/requirements.yaml b/kubernetes/pomba/components/pomba-sdcctxbuilder/requirements.yaml
new file mode 100644
index 0000000000..fbe51550f0
--- /dev/null
+++ b/kubernetes/pomba/components/pomba-sdcctxbuilder/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/pomba/charts/pomba-sdcctxbuilder/resources/config/README.txt b/kubernetes/pomba/components/pomba-sdcctxbuilder/resources/config/README.txt
index 5cc01497f5..5cc01497f5 100644
--- a/kubernetes/pomba/charts/pomba-sdcctxbuilder/resources/config/README.txt
+++ b/kubernetes/pomba/components/pomba-sdcctxbuilder/resources/config/README.txt
diff --git a/kubernetes/pomba/charts/pomba-sdcctxbuilder/resources/config/application.properties b/kubernetes/pomba/components/pomba-sdcctxbuilder/resources/config/application.properties
index 08879c5606..cfa618dad9 100644
--- a/kubernetes/pomba/charts/pomba-sdcctxbuilder/resources/config/application.properties
+++ b/kubernetes/pomba/components/pomba-sdcctxbuilder/resources/config/application.properties
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 spring.jersey.type=filter
 spring.mvc.urls=swagger,docs,prometheus,auditevents,info,heapdump,autoconfig,beans,loggers,dump,env,trace,health,configprops,mappings,metrics,webjars
diff --git a/kubernetes/pomba/charts/pomba-sdcctxbuilder/resources/config/logback.xml b/kubernetes/pomba/components/pomba-sdcctxbuilder/resources/config/logback.xml
index 0a4b616453..0a4b616453 100644
--- a/kubernetes/pomba/charts/pomba-sdcctxbuilder/resources/config/logback.xml
+++ b/kubernetes/pomba/components/pomba-sdcctxbuilder/resources/config/logback.xml
diff --git a/kubernetes/pomba/charts/pomba-sdcctxbuilder/templates/configmap.yaml b/kubernetes/pomba/components/pomba-sdcctxbuilder/templates/configmap.yaml
index bae6641e13..ab79c5c24f 100644
--- a/kubernetes/pomba/charts/pomba-sdcctxbuilder/templates/configmap.yaml
+++ b/kubernetes/pomba/components/pomba-sdcctxbuilder/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/pomba/charts/pomba-sdcctxbuilder/templates/deployment.yaml b/kubernetes/pomba/components/pomba-sdcctxbuilder/templates/deployment.yaml
index 02ee5f8ffa..67be143cd9 100644
--- a/kubernetes/pomba/charts/pomba-sdcctxbuilder/templates/deployment.yaml
+++ b/kubernetes/pomba/components/pomba-sdcctxbuilder/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: extensions/v1beta1
 kind: Deployment
@@ -32,7 +34,7 @@ spec:
     spec:
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
@@ -81,7 +83,7 @@ spec:
 
         # Filebeat sidecar container
         - name: {{ include "common.name" . }}-filebeat-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-filebeat-conf
diff --git a/kubernetes/pomba/charts/pomba-validation-service/templates/service.yaml b/kubernetes/pomba/components/pomba-sdcctxbuilder/templates/service.yaml
index 423df45189..8647447dc1 100644
--- a/kubernetes/pomba/charts/pomba-validation-service/templates/service.yaml
+++ b/kubernetes/pomba/components/pomba-sdcctxbuilder/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/pomba/charts/pomba-sdcctxbuilder/values.yaml b/kubernetes/pomba/components/pomba-sdcctxbuilder/values.yaml
index d05ec5b675..b9502d88c9 100644
--- a/kubernetes/pomba/charts/pomba-sdcctxbuilder/values.yaml
+++ b/kubernetes/pomba/components/pomba-sdcctxbuilder/values.yaml
@@ -17,17 +17,11 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  repository: nexus3.onap.org:10001
-#  readinessRepository: oomk8s
-#  readinessImage: readiness-check:2.0.0
-#  loggingRepository: docker.elastic.co
-#  loggingImage: beats/filebeat:5.5.0
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
 image:  onap/pomba-sdc-context-builder:1.5.1
 pullPolicy: Always
 
diff --git a/kubernetes/pomba/charts/pomba-data-router/.helmignore b/kubernetes/pomba/components/pomba-sdncctxbuilder/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/pomba/charts/pomba-data-router/.helmignore
+++ b/kubernetes/pomba/components/pomba-sdncctxbuilder/.helmignore
diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/Chart.yaml b/kubernetes/pomba/components/pomba-sdncctxbuilder/Chart.yaml
index edd2385f55..edd2385f55 100644
--- a/kubernetes/pomba/charts/pomba-sdncctxbuilder/Chart.yaml
+++ b/kubernetes/pomba/components/pomba-sdncctxbuilder/Chart.yaml
diff --git a/kubernetes/pomba/components/pomba-sdncctxbuilder/requirements.yaml b/kubernetes/pomba/components/pomba-sdncctxbuilder/requirements.yaml
new file mode 100644
index 0000000000..fbe51550f0
--- /dev/null
+++ b/kubernetes/pomba/components/pomba-sdncctxbuilder/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/application.properties b/kubernetes/pomba/components/pomba-sdncctxbuilder/resources/config/application.properties
index 24b443c57f..f95fa85fc1 100644
--- a/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/application.properties
+++ b/kubernetes/pomba/components/pomba-sdncctxbuilder/resources/config/application.properties
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2019 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License
+*/}}
 
 spring.jersey.type=filter
 spring.mvc.urls=swagger,docs,prometheus,auditevents,info,heapdump,autoconfig,beans,loggers,dump,env,trace,health,configprops,mappings,metrics,webjars
diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/logback.xml b/kubernetes/pomba/components/pomba-sdncctxbuilder/resources/config/logback.xml
index 0a4b616453..0a4b616453 100644
--- a/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/logback.xml
+++ b/kubernetes/pomba/components/pomba-sdncctxbuilder/resources/config/logback.xml
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/configmap.yaml b/kubernetes/pomba/components/pomba-sdncctxbuilder/templates/configmap.yaml
index 3c8606a835..d0e26326ce 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/configmap.yaml
+++ b/kubernetes/pomba/components/pomba-sdncctxbuilder/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -12,6 +13,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+*/}}
+
 apiVersion: v1
 kind: ConfigMap
 metadata:
diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/deployment.yaml b/kubernetes/pomba/components/pomba-sdncctxbuilder/templates/deployment.yaml
index 65cf63db2f..0bb855b6ce 100644
--- a/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/deployment.yaml
+++ b/kubernetes/pomba/components/pomba-sdncctxbuilder/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: extensions/v1beta1
 kind: Deployment
@@ -32,7 +34,7 @@ spec:
     spec:
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
@@ -81,7 +83,7 @@ spec:
 
         # Filebeat sidecar container
         - name: {{ include "common.name" . }}-filebeat-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-filebeat-conf
diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/templates/service.yaml b/kubernetes/pomba/components/pomba-sdncctxbuilder/templates/service.yaml
index 8d8e3f3b39..2ebd6758a0 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/templates/service.yaml
+++ b/kubernetes/pomba/components/pomba-sdncctxbuilder/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/values.yaml b/kubernetes/pomba/components/pomba-sdncctxbuilder/values.yaml
index 2b12660123..0c8814c6a3 100644
--- a/kubernetes/pomba/charts/pomba-sdncctxbuilder/values.yaml
+++ b/kubernetes/pomba/components/pomba-sdncctxbuilder/values.yaml
@@ -17,13 +17,11 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  repository: nexus3.onap.org:10001
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
 image:  onap/pomba-sdnc-context-builder:1.5.1
 pullPolicy: Always
 
diff --git a/kubernetes/pomba/charts/pomba-sdcctxbuilder/.helmignore b/kubernetes/pomba/components/pomba-search-data/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/pomba/charts/pomba-sdcctxbuilder/.helmignore
+++ b/kubernetes/pomba/components/pomba-search-data/.helmignore
diff --git a/kubernetes/pomba/charts/pomba-search-data/Chart.yaml b/kubernetes/pomba/components/pomba-search-data/Chart.yaml
index 5f3bc0ae79..5f3bc0ae79 100644
--- a/kubernetes/pomba/charts/pomba-search-data/Chart.yaml
+++ b/kubernetes/pomba/components/pomba-search-data/Chart.yaml
diff --git a/kubernetes/pomba/components/pomba-search-data/requirements.yaml b/kubernetes/pomba/components/pomba-search-data/requirements.yaml
new file mode 100644
index 0000000000..fbe51550f0
--- /dev/null
+++ b/kubernetes/pomba/components/pomba-search-data/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/pomba/charts/pomba-search-data/resources/config/analysis-config.json b/kubernetes/pomba/components/pomba-search-data/resources/config/analysis-config.json
index 0927d98748..0927d98748 100644
--- a/kubernetes/pomba/charts/pomba-search-data/resources/config/analysis-config.json
+++ b/kubernetes/pomba/components/pomba-search-data/resources/config/analysis-config.json
diff --git a/kubernetes/pomba/charts/pomba-search-data/resources/config/auth/search_policy.json b/kubernetes/pomba/components/pomba-search-data/resources/config/auth/search_policy.json
index 00a6de5f4a..00a6de5f4a 100644
--- a/kubernetes/pomba/charts/pomba-search-data/resources/config/auth/search_policy.json
+++ b/kubernetes/pomba/components/pomba-search-data/resources/config/auth/search_policy.json
diff --git a/kubernetes/pomba/charts/pomba-search-data/resources/config/auth/tomcat_keystore b/kubernetes/pomba/components/pomba-search-data/resources/config/auth/tomcat_keystore
index 9eec841aa2..9eec841aa2 100644
--- a/kubernetes/pomba/charts/pomba-search-data/resources/config/auth/tomcat_keystore
+++ b/kubernetes/pomba/components/pomba-search-data/resources/config/auth/tomcat_keystore
diff --git a/kubernetes/pomba/charts/pomba-search-data/resources/config/dynamic-custom-template.json b/kubernetes/pomba/components/pomba-search-data/resources/config/dynamic-custom-template.json
index 0bd8686f85..0bd8686f85 100644
--- a/kubernetes/pomba/charts/pomba-search-data/resources/config/dynamic-custom-template.json
+++ b/kubernetes/pomba/components/pomba-search-data/resources/config/dynamic-custom-template.json
diff --git a/kubernetes/pomba/charts/pomba-search-data/resources/config/elastic-search.properties b/kubernetes/pomba/components/pomba-search-data/resources/config/elastic-search.properties
index 3048e6019e..a42eb427bb 100644
--- a/kubernetes/pomba/charts/pomba-search-data/resources/config/elastic-search.properties
+++ b/kubernetes/pomba/components/pomba-search-data/resources/config/elastic-search.properties
@@ -1,4 +1,6 @@
+{{/*
 # ElasticSearch Configuration
+*/}}
 
 es.cluster-name=POMBA_ES
 es.ip-address=pomba-es.{{.Release.Namespace}}
diff --git a/kubernetes/pomba/charts/pomba-search-data/resources/config/es-payload-translation.json b/kubernetes/pomba/components/pomba-search-data/resources/config/es-payload-translation.json
index 58ed8f6428..58ed8f6428 100644
--- a/kubernetes/pomba/charts/pomba-search-data/resources/config/es-payload-translation.json
+++ b/kubernetes/pomba/components/pomba-search-data/resources/config/es-payload-translation.json
diff --git a/kubernetes/pomba/charts/pomba-search-data/resources/config/filter-config.json b/kubernetes/pomba/components/pomba-search-data/resources/config/filter-config.json
index 5f9120e889..5f9120e889 100644
--- a/kubernetes/pomba/charts/pomba-search-data/resources/config/filter-config.json
+++ b/kubernetes/pomba/components/pomba-search-data/resources/config/filter-config.json
diff --git a/kubernetes/pomba/charts/pomba-search-data/resources/config/log/logback.xml b/kubernetes/pomba/components/pomba-search-data/resources/config/log/logback.xml
index bfca544fe0..f84d1bbbb0 100644
--- a/kubernetes/pomba/charts/pomba-search-data/resources/config/log/logback.xml
+++ b/kubernetes/pomba/components/pomba-search-data/resources/config/log/logback.xml
@@ -163,6 +163,7 @@
 
         <root>
                 <appender-ref ref="asyncEELF" />
+                <appender-ref ref="STDOUT" />
                 <!-- <appender-ref ref="asyncEELFDebug" /> -->
         </root>
 
diff --git a/kubernetes/pomba/charts/pomba-search-data/templates/configmap.yaml b/kubernetes/pomba/components/pomba-search-data/templates/configmap.yaml
index 0715f0d51a..0715f0d51a 100644
--- a/kubernetes/pomba/charts/pomba-search-data/templates/configmap.yaml
+++ b/kubernetes/pomba/components/pomba-search-data/templates/configmap.yaml
diff --git a/kubernetes/pomba/charts/pomba-search-data/templates/deployment.yaml b/kubernetes/pomba/components/pomba-search-data/templates/deployment.yaml
index 6cd404b710..08fc3e9148 100644
--- a/kubernetes/pomba/charts/pomba-search-data/templates/deployment.yaml
+++ b/kubernetes/pomba/components/pomba-search-data/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: extensions/v1beta1
 kind: Deployment
@@ -36,7 +38,7 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - pomba-elasticsearch
@@ -46,12 +48,12 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       containers:
       - name: {{ include "common.name" . }}
-        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         env:
         - name: CONFIG_HOME
@@ -119,7 +121,7 @@ spec:
 
       # side car containers
       - name: filebeat-onap
-        image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+        image: {{ include "repositoryGenerator.image.logging" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - mountPath: /usr/share/filebeat/filebeat.yml
diff --git a/kubernetes/pomba/charts/pomba-search-data/templates/secret.yaml b/kubernetes/pomba/components/pomba-search-data/templates/secret.yaml
index 33b058fc8f..33b058fc8f 100644
--- a/kubernetes/pomba/charts/pomba-search-data/templates/secret.yaml
+++ b/kubernetes/pomba/components/pomba-search-data/templates/secret.yaml
diff --git a/kubernetes/pomba/charts/pomba-search-data/templates/service.yaml b/kubernetes/pomba/components/pomba-search-data/templates/service.yaml
index c786a5a894..c786a5a894 100644
--- a/kubernetes/pomba/charts/pomba-search-data/templates/service.yaml
+++ b/kubernetes/pomba/components/pomba-search-data/templates/service.yaml
diff --git a/kubernetes/pomba/charts/pomba-search-data/values.yaml b/kubernetes/pomba/components/pomba-search-data/values.yaml
index 88f45e35c2..a950750f85 100644
--- a/kubernetes/pomba/charts/pomba-search-data/values.yaml
+++ b/kubernetes/pomba/components/pomba-search-data/values.yaml
@@ -3,12 +3,9 @@
 # Declare variables to be passed into your templates.
 global: # global defaults
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
 
 
 # application image
-repository: nexus3.onap.org:10001
 image: onap/search-data-service:1.3.1
 pullPolicy: Always
 restartPolicy: Always
diff --git a/kubernetes/pomba/charts/pomba-servicedecomposition/Chart.yaml b/kubernetes/pomba/components/pomba-servicedecomposition/Chart.yaml
index d12b3f984d..d12b3f984d 100644
--- a/kubernetes/pomba/charts/pomba-servicedecomposition/Chart.yaml
+++ b/kubernetes/pomba/components/pomba-servicedecomposition/Chart.yaml
diff --git a/kubernetes/pomba/components/pomba-servicedecomposition/requirements.yaml b/kubernetes/pomba/components/pomba-servicedecomposition/requirements.yaml
new file mode 100644
index 0000000000..fbe51550f0
--- /dev/null
+++ b/kubernetes/pomba/components/pomba-servicedecomposition/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/pomba/charts/pomba-servicedecomposition/resources/config/application.properties b/kubernetes/pomba/components/pomba-servicedecomposition/resources/config/application.properties
index bbf0901449..d03f44a080 100644
--- a/kubernetes/pomba/charts/pomba-servicedecomposition/resources/config/application.properties
+++ b/kubernetes/pomba/components/pomba-servicedecomposition/resources/config/application.properties
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License
+*/}}
 
 spring.jersey.type=filter
 spring.mvc.urls=swagger,docs,prometheus,auditevents,info,heapdump,autoconfig,beans,loggers,dump,env,trace,health,configprops,mappings,metrics,webjars
diff --git a/kubernetes/pomba/charts/pomba-servicedecomposition/resources/config/log/logback.xml b/kubernetes/pomba/components/pomba-servicedecomposition/resources/config/log/logback.xml
index 3b02684b68..3b02684b68 100644
--- a/kubernetes/pomba/charts/pomba-servicedecomposition/resources/config/log/logback.xml
+++ b/kubernetes/pomba/components/pomba-servicedecomposition/resources/config/log/logback.xml
diff --git a/kubernetes/pomba/charts/pomba-servicedecomposition/templates/configmap.yaml b/kubernetes/pomba/components/pomba-servicedecomposition/templates/configmap.yaml
index 69823169c5..e2cb33c791 100644
--- a/kubernetes/pomba/charts/pomba-servicedecomposition/templates/configmap.yaml
+++ b/kubernetes/pomba/components/pomba-servicedecomposition/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -12,6 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/pomba/charts/pomba-servicedecomposition/templates/deployment.yaml b/kubernetes/pomba/components/pomba-servicedecomposition/templates/deployment.yaml
index 74e38f3de5..d30e921e12 100644
--- a/kubernetes/pomba/charts/pomba-servicedecomposition/templates/deployment.yaml
+++ b/kubernetes/pomba/components/pomba-servicedecomposition/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: extensions/v1beta1
 kind: Deployment
@@ -32,7 +34,7 @@ spec:
     spec:
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
@@ -78,7 +80,7 @@ spec:
 
         # Filebeat sidecar container
         - name: {{ include "common.name" . }}-filebeat-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-filebeat-conf
diff --git a/kubernetes/pomba/components/pomba-servicedecomposition/templates/service.yaml b/kubernetes/pomba/components/pomba-servicedecomposition/templates/service.yaml
new file mode 100644
index 0000000000..2ebd6758a0
--- /dev/null
+++ b/kubernetes/pomba/components/pomba-servicedecomposition/templates/service.yaml
@@ -0,0 +1,43 @@
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.servicename" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    {{if eq .Values.service.type "NodePort" -}}
+    - port: {{ .Values.service.externalPort }}
+      #Example internal target port if required
+      #targetPort: {{ .Values.service.internalPort }}
+      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+      name: {{ .Values.service.portName | default "http" }}
+    {{- else -}}
+    - port: {{ .Values.service.externalPort }}
+      targetPort: {{ .Values.service.internalPort }}
+      name: {{ .Values.service.portName | default "http" }}
+    {{- end}}
+  selector:
+    app: {{ include "common.name" . }}
+    release: {{ include "common.release" . }}
diff --git a/kubernetes/pomba/charts/pomba-servicedecomposition/values.yaml b/kubernetes/pomba/components/pomba-servicedecomposition/values.yaml
index ac8a379724..a0e849890a 100644
--- a/kubernetes/pomba/charts/pomba-servicedecomposition/values.yaml
+++ b/kubernetes/pomba/components/pomba-servicedecomposition/values.yaml
@@ -17,13 +17,11 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  repository: nexus3.onap.org:10001
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
 image:  onap/service-decomposition:1.5.1
 pullPolicy: Always
 
diff --git a/kubernetes/pomba/charts/pomba-validation-service/Chart.yaml b/kubernetes/pomba/components/pomba-validation-service/Chart.yaml
index 525de440a9..525de440a9 100644
--- a/kubernetes/pomba/charts/pomba-validation-service/Chart.yaml
+++ b/kubernetes/pomba/components/pomba-validation-service/Chart.yaml
diff --git a/kubernetes/pomba/components/pomba-validation-service/requirements.yaml b/kubernetes/pomba/components/pomba-validation-service/requirements.yaml
new file mode 100644
index 0000000000..fbe51550f0
--- /dev/null
+++ b/kubernetes/pomba/components/pomba-validation-service/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/README.txt b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/README.txt
index 5cc01497f5..5cc01497f5 100644
--- a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/README.txt
+++ b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/README.txt
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/aai-environment.properties b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/aai-environment.properties
index cd5c62e96b..cd5c62e96b 100644
--- a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/aai-environment.properties
+++ b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/aai-environment.properties
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth/client-cert-onap.p12 b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/auth/client-cert-onap.p12
index dbf4fcacec..dbf4fcacec 100644
--- a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth/client-cert-onap.p12
+++ b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/auth/client-cert-onap.p12
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth/tomcat_keystore b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/auth/tomcat_keystore
index 9eec841aa2..9eec841aa2 100644
--- a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth/tomcat_keystore
+++ b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/auth/tomcat_keystore
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth_policy.json b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/auth_policy.json
index ea5565a71e..ea5565a71e 100644
--- a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth_policy.json
+++ b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/auth_policy.json
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/rule-data-dictionary.properties b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/rule-data-dictionary.properties
index d93f030395..d93f030395 100644
--- a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/rule-data-dictionary.properties
+++ b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/rule-data-dictionary.properties
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/rule-indexing.properties b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/rule-indexing.properties
index 06f4626ab6..06f4626ab6 100644
--- a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/rule-indexing.properties
+++ b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/rule-indexing.properties
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/schemaIngest.properties b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/schemaIngest.properties
index 41e83bb11d..a711881dc5 100644
--- a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/schemaIngest.properties
+++ b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/schemaIngest.properties
@@ -1,5 +1,7 @@
+{{/*
 # Properties for the SchemaLocationsBean
 # The AAI Schema jar will be unpacked to bundleconfig/etc
+*/}}
 schemaConfig=bundleconfig
 # Files named aai_oxm_v*.xml are unpacked here:
 nodeDir=${APP_HOME}/bundleconfig/etc/oxm
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-audit-result.properties b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/topics/topic-poa-audit-result.properties
index 7d335aed50..fe8e2684d5 100644
--- a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-audit-result.properties
+++ b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/topics/topic-poa-audit-result.properties
@@ -1,3 +1,4 @@
+{{/*
 # ============LICENSE_START===================================================
 # Copyright (c) 2018 Amdocs
 # ============================================================================
@@ -13,6 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=====================================================
+*/}}
 
 poa-audit-result.name=POA-AUDIT-RESULT
 poa-audit-result.host=message-router:3904
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-rule-validation.properties b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/topics/topic-poa-rule-validation.properties
index 15c60afcc4..2dace57936 100644
--- a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-rule-validation.properties
+++ b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/topics/topic-poa-rule-validation.properties
@@ -1,3 +1,4 @@
+{{/*
 # ============LICENSE_START===================================================
 # Copyright (c) 2018 Amdocs
 # ============================================================================
@@ -13,6 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=====================================================
+*/}}
 
 poa-rule-validation.name=POA-RULE-VALIDATION
 poa-rule-validation.host=message-router:3904
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/validation-service-auth.properties b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/validation-service-auth.properties
index 8bbd4233a6..8bbd4233a6 100644
--- a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/validation-service-auth.properties
+++ b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/validation-service-auth.properties
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/validation-service.properties b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/validation-service.properties
index 9b2e86213a..9b2e86213a 100644
--- a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/validation-service.properties
+++ b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/validation-service.properties
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/application.properties b/kubernetes/pomba/components/pomba-validation-service/resources/application.properties
index a71bb9b01e..99879d4557 100644
--- a/kubernetes/pomba/charts/pomba-validation-service/resources/application.properties
+++ b/kubernetes/pomba/components/pomba-validation-service/resources/application.properties
@@ -1,3 +1,4 @@
+{{/*
 # ============LICENSE_START===================================================
 # Copyright (c) 2018 Amdocs
 # ============================================================================
@@ -16,6 +17,7 @@
 
 # Note that the start.sh script sets the following System Properties
 # We provide default values here for testing purposes
+*/}}
 APP_HOME=.
 CONFIG_HOME=appconfig
 com.att.eelf.logging.path=src/main/resources
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy b/kubernetes/pomba/components/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy
index 4a7f30452f..4a7f30452f 100644
--- a/kubernetes/pomba/charts/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy
+++ b/kubernetes/pomba/components/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy
diff --git a/kubernetes/pomba/charts/pomba-validation-service/templates/configmap.yaml b/kubernetes/pomba/components/pomba-validation-service/templates/configmap.yaml
index d3bfd813e6..9a9951ab9f 100644
--- a/kubernetes/pomba/charts/pomba-validation-service/templates/configmap.yaml
+++ b/kubernetes/pomba/components/pomba-validation-service/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/pomba/charts/pomba-validation-service/templates/deployment.yaml b/kubernetes/pomba/components/pomba-validation-service/templates/deployment.yaml
index d608a0ac92..1590f4e001 100644
--- a/kubernetes/pomba/charts/pomba-validation-service/templates/deployment.yaml
+++ b/kubernetes/pomba/components/pomba-validation-service/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: extensions/v1beta1
 kind: Deployment
@@ -32,7 +34,7 @@ spec:
     spec:
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
@@ -87,7 +89,7 @@ spec:
 
         # Filebeat sidecar container
         - name: {{ include "common.name" . }}-filebeat-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-filebeat-conf
diff --git a/kubernetes/pomba/charts/pomba-validation-service/templates/secrets.yaml b/kubernetes/pomba/components/pomba-validation-service/templates/secrets.yaml
index 323596762d..63d3b10f9a 100644
--- a/kubernetes/pomba/charts/pomba-validation-service/templates/secrets.yaml
+++ b/kubernetes/pomba/components/pomba-validation-service/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Secret
diff --git a/kubernetes/pomba/charts/pomba-sdcctxbuilder/templates/service.yaml b/kubernetes/pomba/components/pomba-validation-service/templates/service.yaml
index 423df45189..8647447dc1 100644
--- a/kubernetes/pomba/charts/pomba-sdcctxbuilder/templates/service.yaml
+++ b/kubernetes/pomba/components/pomba-validation-service/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/pomba/charts/pomba-validation-service/values.yaml b/kubernetes/pomba/components/pomba-validation-service/values.yaml
index d0b964e5e3..0626b0312e 100644
--- a/kubernetes/pomba/charts/pomba-validation-service/values.yaml
+++ b/kubernetes/pomba/components/pomba-validation-service/values.yaml
@@ -17,18 +17,11 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  repository: nexus3.onap.org:10001
-#  readinessRepository: oomk8s
-#  readinessImage: readiness-check:2.0.0
-#  loggingRepository: docker.elastic.co
-#  loggingImage: beats/filebeat:5.5.0
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-#repository: nexus3.onap.org:10001
-repository: nexus3.onap.org:10001
 image:  onap/validation:1.3.1
 #pullPolicy: Always
 pullPolicy: IfNotPresent
diff --git a/kubernetes/pomba/requirements.yaml b/kubernetes/pomba/requirements.yaml
index 9bf26c8d61..69d5a458ad 100644
--- a/kubernetes/pomba/requirements.yaml
+++ b/kubernetes/pomba/requirements.yaml
@@ -19,3 +19,51 @@ dependencies:
     # a part of this chart's package and will not
     # be published independently to a repo (at this point)
     repository: '@local'
+  - name: pomba-aaictxbuilder
+    version: ~6.x-0
+    repository: 'file://components/pomba-aaictxbuilder'
+    condition: pomba-aaictxbuilder.enabled
+  - name: pomba-contextaggregator
+    version: ~6.x-0
+    repository: 'file://components/pomba-contextaggregator'
+    condition: pomba-contextaggregator.enabled
+  - name: pomba-data-router
+    version: ~6.x-0
+    repository: 'file://components/pomba-data-router'
+    condition: pomba-data-router.enabled
+  - name: pomba-elasticsearch
+    version: ~6.x-0
+    repository: 'file://components/pomba-elasticsearch'
+    condition: pomba-elasticsearch.enabled
+  - name: pomba-kibana
+    version: ~6.x-0
+    repository: 'file://components/pomba-kibana'
+    condition: pomba-kibana.enabled
+  - name: pomba-networkdiscovery
+    version: ~6.x-0
+    repository: 'file://components/pomba-networkdiscovery'
+    condition: pomba-networkdiscovery.enabled
+  - name: pomba-networkdiscoveryctxbuilder
+    version: ~6.x-0
+    repository: 'file://components/pomba-networkdiscoveryctxbuilder'
+    condition: pomba-networkdiscoveryctxbuilder.enabled
+  - name: pomba-sdcctxbuilder
+    version: ~6.x-0
+    repository: 'file://components/pomba-sdcctxbuilder'
+    condition: pomba-sdcctxbuilder.enabled
+  - name: pomba-sdncctxbuilder
+    version: ~6.x-0
+    repository: 'file://components/pomba-sdncctxbuilder'
+    condition: pomba-sdncctxbuilder.enabled
+  - name: pomba-search-data
+    version: ~6.x-0
+    repository: 'file://components/pomba-search-data'
+    condition: pomba-search-data.enabled
+  - name: pomba-servicedecomposition
+    version: ~6.x-0
+    repository: 'file://components/pomba-servicedecomposition'
+    condition: pomba-servicedecomposition.enabled
+  - name: pomba-validation-service
+    version: ~6.x-0
+    repository: 'file://components/pomba-validation-service'
+    condition: pomba-validation-service.enabled
\ No newline at end of file
diff --git a/kubernetes/pomba/templates/configmap.yaml b/kubernetes/pomba/templates/configmap.yaml
index 7a8e71ff4b..4d7e4a0c97 100644
--- a/kubernetes/pomba/templates/configmap.yaml
+++ b/kubernetes/pomba/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/pomba/values.yaml b/kubernetes/pomba/values.yaml
index 04e89f07b3..28025ebc5b 100644
--- a/kubernetes/pomba/values.yaml
+++ b/kubernetes/pomba/values.yaml
@@ -17,15 +17,9 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  repository: nexus3.onap.org:10001
-  dockerhubRepository: docker.io
   networkdiscoveryCtxBuilderHost: pomba-networkdiscoveryctxbuilder
 
 # application configuration
 config:
   logstashServiceName: log-ls
   logstashPort: 5044
-
diff --git a/kubernetes/portal/.helmignore b/kubernetes/portal/.helmignore
index a2518729f5..7ddbad7ef4 100644
--- a/kubernetes/portal/.helmignore
+++ b/kubernetes/portal/.helmignore
@@ -1,24 +1,22 @@
-# Patterns to ignore when building packages.

-# This supports shell glob matching, relative path matching, and

-# negation (prefixed with !). Only one pattern per line.

-.DS_Store

-# Common VCS dirs

-.git/

-.gitignore

-.bzr/

-.bzrignore

-.hg/

-.hgignore

-.svn/

-# Common backup files

-*.swp

-*.bak

-*.tmp

-*~

-# Various IDEs

-.project

-.idea/

-*.tmproj

-

-# docker folder

-docker/

+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+components/
diff --git a/kubernetes/portal/Makefile b/kubernetes/portal/Makefile
index 8af301d7ae..89b2f465ec 100644
--- a/kubernetes/portal/Makefile
+++ b/kubernetes/portal/Makefile
@@ -18,7 +18,9 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages
 SECRET_DIR := $(OUTPUT_DIR)/secrets
 
 EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
 HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
 
 .PHONY: $(EXCLUDES) $(HELM_CHARTS)
 
@@ -32,15 +34,19 @@ make-%:
 	@if [ -f $*/Makefile ]; then make -C $*; fi
 
 dep-%: make-%
-	@if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
 
 lint-%: dep-%
-	@if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
 
 package-%: lint-%
 	@mkdir -p $(PACKAGE_DIR)
-	@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
-	@helm repo index $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+	@if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
 
 clean:
 	@rm -f */requirements.lock
diff --git a/kubernetes/portal/components/Makefile b/kubernetes/portal/components/Makefile
index 2fc0cbe4ab..d62cb0b700 100644
--- a/kubernetes/portal/components/Makefile
+++ b/kubernetes/portal/components/Makefile
@@ -18,7 +18,9 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages
 SECRET_DIR := $(OUTPUT_DIR)/secrets
 
 EXCLUDES :=
+HELM_BIN := helm
 HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
 
 .PHONY: $(EXCLUDES) $(HELM_CHARTS)
 
@@ -32,15 +34,19 @@ make-%:
 	@if [ -f $*/Makefile ]; then make -C $*; fi
 
 dep-%: make-%
-	@if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
 
 lint-%: dep-%
-	@if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
 
 package-%: lint-%
 	@mkdir -p $(PACKAGE_DIR)
-	@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
-	@helm repo index $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+	@if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
 
 clean:
 	@rm -f */requirements.lock
diff --git a/kubernetes/portal/components/portal-app/requirements.yaml b/kubernetes/portal/components/portal-app/requirements.yaml
index 00b92235f3..bfcaecb7aa 100644
--- a/kubernetes/portal/components/portal-app/requirements.yaml
+++ b/kubernetes/portal/components/portal-app/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
   - name: certInitializer
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/fusion.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/fusion.properties
index 148c080df5..004a1172a0 100755
--- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/fusion.properties
+++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/fusion.properties
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada, AT&T
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 # domain settings
 #domain_class_location =
diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/key.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/key.properties
new file mode 100644
index 0000000000..791853db8f
--- /dev/null
+++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/key.properties
@@ -0,0 +1,4 @@
+{{/*
+# Encrypted Properties
+*/}}
+cipher.enc.key = ${CIPHER_ENC_KEY}
diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml
index 99fe917de5..e707e259ca 100644
--- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml
+++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml
@@ -40,6 +40,8 @@
 	<!-- specify the component name -->

 	<property name="componentName" value="onapportal"></property>

 

+	<!--  specify the application name -->

+    <property name="application_name" value="Portal"></property>

 	<!-- specify the base path of the log directory -->

 	<property name="logDirPrefix" value="/var/log/onap"></property>

 

@@ -67,7 +69,7 @@
 		value="%X{MetricsLogBeginTimestamp}|%X{MetricsLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVisualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />

 

 	<property name="errorLoggerPattern"

-		value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ClassName}|%X{AlertSeverity}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />

+		value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ErrorCategory}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />

 

 	<property name="defaultLoggerPattern"

 		value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ClassName}| %msg%n" />

@@ -274,15 +276,15 @@
 		<appender-ref ref="asyncEELFServer" /> </logger> <logger name="com.att.eelf.policy"

 		level="info" additivity="false"> <appender-ref ref="asyncEELFPolicy" /> </logger> -->

 

-	<logger name="com.att.eelf.audit" level="info" additivity="false">

+	<logger name="EELFAudit" level="info" additivity="false">

 		<appender-ref ref="asyncEELFAudit" />

 	</logger>

 

-	<logger name="com.att.eelf.metrics" level="info" additivity="false">

+	<logger name="EELFMetrics" level="info" additivity="false">

 		<appender-ref ref="asyncEELFMetrics" />

 	</logger>

 

-	<logger name="com.att.eelf.error" level="info" additivity="false">

+	<logger name="EELFError" level="info" additivity="false">

 		<appender-ref ref="asyncEELFError" />

 	</logger>

 

@@ -292,6 +294,7 @@
 

 	<root level="INFO">

 		<appender-ref ref="asyncEELF" />

+		<appender-ref ref="STDOUT" />

 	</root>

 

 </configuration>

diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties
index 6981fb05bc..1fc99383cd 100644
--- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties
+++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada, AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 
 music.version = v2
@@ -27,8 +29,7 @@ music.serialize.compress = true
 
 #By default it's eventual
 music.atomic.get = false
-music.atomic.put = true
+music.atomic.put = false
 cassandra.host={{.Values.cassandra.service.name}}
-zookeeper.host={{.Values.zookeeper.service.name}}
-cassandra.user={{.Values.cassandra.config.cassandraUsername}}
-cassandra.password={{.Values.cassandra.config.cassandraPassword}}
+cassandra.user=${CASSA_USER}
+cassandra.password=${CASSA_PASSWORD}
diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/openid-connect.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/openid-connect.properties
index 1760d5bc71..63533621f7 100755
--- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/openid-connect.properties
+++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/openid-connect.properties
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada, AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 authentication_server_url = http://{{.Values.global.portalHostName}}:8383/openid-connect-server-webapp/
 ecomp_openid_connect_client = http://{{.Values.global.portalHostName}}:{{.Values.global.portalPort}}/ONAPPORTAL/openid_connect_login
diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/portal.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/portal.properties
index 06726702f0..4da4854188 100755
--- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/portal.properties
+++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/portal.properties
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada, AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 # Not used by portal
 portal.api.impl.class = org.onap.portalsdk.core.onboarding.client.OnBoardingApiServiceImpl.not.used.by.portal
diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
index b5b4e48b97..d246a6b0b1 100755
--- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
+++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada, AT&T
 # Modifications Copyright © 2020 AT&T
 #
@@ -12,12 +13,13 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 #mysql
 db.driver = org.mariadb.jdbc.Driver
 db.connectionURL = jdbc:mariadb:failover://portal-db:3306/portal
-db.userName =root
-db.password =Aa123456
+db.userName =${PORTAL_DB_USER}
+db.password =${PORTAL_DB_PASSWORD}
 db.hib.dialect = org.hibernate.dialect.MySQLDialect
 db.min_pool_size = 5
 db.max_pool_size = 10
@@ -122,4 +124,4 @@ remote_centralized_system_access = {{.Values.global.aafEnabled}}
 ext_central_access_user_name = aaf_admin@people.osaaf.org
 ext_central_access_password = demo123456!
 ext_central_access_url = {{.Values.aafURL}}
-ext_central_access_user_domain = @people.osaaf.org
\ No newline at end of file
+ext_central_access_user_domain = @people.osaaf.org
diff --git a/kubernetes/portal/components/portal-app/templates/configmap.yaml b/kubernetes/portal/components/portal-app/templates/configmap.yaml
index feaee66190..a6d8234ee6 100644
--- a/kubernetes/portal/components/portal-app/templates/configmap.yaml
+++ b/kubernetes/portal/components/portal-app/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2020 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/portal/components/portal-app/templates/deployment.yaml b/kubernetes/portal/components/portal-app/templates/deployment.yaml
index d6b9601beb..71b2aa3227 100644
--- a/kubernetes/portal/components/portal-app/templates/deployment.yaml
+++ b/kubernetes/portal/components/portal-app/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2020 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -36,10 +38,10 @@ spec:
     spec:
       initContainers:
       - name: {{ include "common.name" . }}-job-completion
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
         command:
-        - /root/job_complete.py
+        - /app/ready.py
         args:
         - --job-name
         - {{ include "common.release" . }}-portal-db-config
@@ -49,10 +51,46 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+      - name: {{ include "common.name" . }}-portal-config
+        image: {{ include "repositoryGenerator.image.envsubst" . }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+        - sh
+        args:
+        - "-c"
+        - |
+          cd /config-input && \
+          for PFILE in `ls -1 *.xml`
+          do
+            cp ${PFILE} /config
+            chmod 0755 /config/${PFILE}
+          done
+          cd /config-input && \
+          for PFILE in `ls -1 *.properties`
+          do
+            envsubst <${PFILE} >/config/${PFILE}
+            chmod 0755 /config/${PFILE}
+          done
+        env:
+          - name: CASSA_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }}
+          - name: CASSA_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }}
+          - name: CIPHER_ENC_KEY
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }}
+          - name: PORTAL_DB_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }}
+          - name: PORTAL_DB_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }}
+        volumeMounts:
+        - mountPath: /config-input
+          name: properties-onapportal-scrubbed
+        - mountPath: /config
+          name: properties-onapportal
 {{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
       - name: {{ include "common.name" . }}
-        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command: ["bash","-c"]
         {{- if .Values.global.aafEnabled }}
@@ -103,6 +141,9 @@ spec:
           mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/portal.properties"
           subPath: portal.properties
         - name: properties-onapportal
+          mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/key.properties"
+          subPath: key.properties
+        - name: properties-onapportal
           mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/music.properties"
           subPath: music.properties
         - name: properties-onapportal
@@ -114,6 +155,8 @@ spec:
         - name: properties-onapportal
           mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/web.xml"
           subPath: web.xml
+        - name: properties-onapportal
+          mountPath: "{{ .Values.global.env.tomcatDir }}/temp"
         - name: var-log-onap
           mountPath: /var/log/onap
         resources:
@@ -122,12 +165,12 @@ spec:
       nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 10 }}
       {{- end -}}
-      {{- if .Values.affinity }}
+{{- if .Values.affinity }}
       affinity:
 {{ toYaml .Values.affinity | indent 10 }}
       {{- end }}
       - name: filebeat-onap
-        image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+        image: {{ include "repositoryGenerator.image.logging" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - mountPath: /usr/share/filebeat/filebeat.yml
@@ -143,6 +186,9 @@ spec:
           hostPath:
             path: /etc/localtime
         - name: properties-onapportal
+          emptyDir:
+            medium: Memory
+        - name: properties-onapportal-scrubbed
           configMap:
             name: {{ include "common.fullname" . }}-onapportal
             defaultMode: 0755
diff --git a/kubernetes/portal/components/portal-app/templates/secret.yaml b/kubernetes/portal/components/portal-app/templates/secret.yaml
index a4019efa2b..78fc709202 100644
--- a/kubernetes/portal/components/portal-app/templates/secret.yaml
+++ b/kubernetes/portal/components/portal-app/templates/secret.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada, AT&T
 # Modifications Copyright © 2020 AT&T
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/portal/components/portal-app/templates/service.yaml b/kubernetes/portal/components/portal-app/templates/service.yaml
index dd207ea0e6..523b950f8b 100644
--- a/kubernetes/portal/components/portal-app/templates/service.yaml
+++ b/kubernetes/portal/components/portal-app/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/portal/components/portal-app/values.yaml b/kubernetes/portal/components/portal-app/values.yaml
index 9564723b17..0a818102c6 100644
--- a/kubernetes/portal/components/portal-app/values.yaml
+++ b/kubernetes/portal/components/portal-app/values.yaml
@@ -20,22 +20,45 @@ global:
   env:
     tomcatDir: "/usr/local/tomcat"
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
   #AAF service
   aafEnabled: true
 
+################################################################
+# Secrets metaconfig
+#################################################################
+
+secrets:
+  - uid: portal-cass
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.cassandra.config.cassandraExternalSecret) . }}'
+    login: '{{ .Values.cassandra.config.cassandraUsername }}'
+    password: '{{ .Values.cassandra.config.cassandraPassword }}'
+    passwordPolicy: required
+  - uid: cipher-enc-key
+    type: password
+    externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}'
+    password: '{{ .Values.config.cipherEncKey }}'
+    passwordPolicy: required
+  - uid: portal-backend-db
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}'
+    login: '{{ .Values.mariadb.config.backendUserName }}'
+    password: '{{ .Values.mariadb.config.backendPassword }}'
+    passwordPolicy: required
+
 #################################################################
 # Application configuration defaults.
 #################################################################
 
 # application image
-repository: nexus3.onap.org:10001
-image: onap/portal-app:3.2.3
+image: onap/portal-app:3.4.2
 pullPolicy: Always
 
+# application configuration
+config:
+  # cipherEncKeyExternalSecret: some secret
+  cipherEncKey: AGLDdG4D04BKm2IxIWEr8o==!
+
 #AAF local config
 
 aafURL: https://aaf-service:8100/authz/
@@ -98,6 +121,10 @@ service:
 mariadb:
   service:
     name: portal-db
+  config:
+    # backendDbExternalSecret: some secret
+    backendUserName: portal
+    backendPassword: portal
 widget:
   service:
     name: portal-widget
@@ -105,11 +132,9 @@ cassandra:
   service:
     name: portal-cassandra
   config:
+    # cassandraExternalSecret: some secret
     cassandraUsername: root
     cassandraPassword: Aa123456
-zookeeper:
-  service:
-    name: portal-zookeeper
 messageRouter:
   service:
     name: message-router
diff --git a/kubernetes/portal/components/portal-cassandra/requirements.yaml b/kubernetes/portal/components/portal-cassandra/requirements.yaml
index c5d7864b9d..7c92350367 100644
--- a/kubernetes/portal/components/portal-cassandra/requirements.yaml
+++ b/kubernetes/portal/components/portal-cassandra/requirements.yaml
@@ -16,3 +16,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/portal/components/portal-cassandra/templates/configmap.yaml b/kubernetes/portal/components/portal-cassandra/templates/configmap.yaml
index 4ed457d453..5cd33b43a2 100644
--- a/kubernetes/portal/components/portal-cassandra/templates/configmap.yaml
+++ b/kubernetes/portal/components/portal-cassandra/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml
index 5b4bf0c0e7..80197a6094 100644
--- a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml
+++ b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -36,7 +38,7 @@ spec:
     spec:
       containers:
       - name: {{ include "common.name" . }}
-        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         ports:
         - containerPort: {{ .Values.service.internalPort }}
@@ -64,9 +66,9 @@ spec:
           periodSeconds: {{ .Values.readiness.periodSeconds }}
         env:
           - name: CASSUSER
-            value: "{{ .Values.config.cassandraUsername }}"
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12}}
           - name: CASSPASS
-            value: "{{ .Values.config.cassandraPassword }}"
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12}}
           - name: JVM_OPTS
             value: "{{ .Values.config.cassandraJvmOpts }}"
           - name: POD_IP
diff --git a/kubernetes/portal/components/portal-cassandra/templates/secrets.yaml b/kubernetes/portal/components/portal-cassandra/templates/secrets.yaml
new file mode 100644
index 0000000000..34932b713d
--- /dev/null
+++ b/kubernetes/portal/components/portal-cassandra/templates/secrets.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/portal/components/portal-cassandra/templates/service.yaml b/kubernetes/portal/components/portal-cassandra/templates/service.yaml
index 3e66ac8574..8f486c2175 100644
--- a/kubernetes/portal/components/portal-cassandra/templates/service.yaml
+++ b/kubernetes/portal/components/portal-cassandra/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/portal/components/portal-cassandra/values.yaml b/kubernetes/portal/components/portal-cassandra/values.yaml
index 65fcdbe84a..a0488e5cc7 100644
--- a/kubernetes/portal/components/portal-cassandra/values.yaml
+++ b/kubernetes/portal/components/portal-cassandra/values.yaml
@@ -22,14 +22,24 @@ global: # global defaults
 
 
 # application image
-repository: nexus3.onap.org:10001
 image: onap/music/cassandra_music:3.0.0
 pullPolicy: Always
 
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: 'db-creds'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.cassandraExternalSecret) . }}'
+    login: '{{ .Values.config.cassandraUsername }}'
+    password: '{{ .Values.config.cassandraPassword }}'
+
 # application configuration
 config:
   cassandraUsername: root
   cassandraPassword: Aa123456
+#  cassandraCredsExternalSecret: some secret
   cassandraJvmOpts: -Xmx2536m -Xms2536m
 
 # default number of instances
diff --git a/kubernetes/portal/components/portal-mariadb/requirements.yaml b/kubernetes/portal/components/portal-mariadb/requirements.yaml
index c5d7864b9d..7c92350367 100644
--- a/kubernetes/portal/components/portal-mariadb/requirements.yaml
+++ b/kubernetes/portal/components/portal-mariadb/requirements.yaml
@@ -16,3 +16,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
index 28fcee1551..390241fa1d 100644
--- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
+++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
@@ -2,21 +2,21 @@
 set -eo pipefail
 shopt -s nullglob
 
-# if command starts with an option, prepend mysqld
-if [ "${1:0:1}" = '-' ]; then
-	set -- mysqld "$@"
-fi
-
-# skip setup if they want an option that stops mysqld
-wantHelp=
-for arg; do
-	case "$arg" in
-		-'?'|--help|--print-defaults|-V|--version)
-			wantHelp=1
-			break
-			;;
-	esac
-done
+# logging functions
+mysql_log() {
+	local type="$1"; shift
+	printf '%s [%s] [Entrypoint]: %s\n' "$(date --rfc-3339=seconds)" "$type" "$*"
+}
+mysql_note() {
+	mysql_log Note "$@"
+}
+mysql_warn() {
+	mysql_log Warn "$@" >&2
+}
+mysql_error() {
+	mysql_log ERROR "$@" >&2
+	exit 1
+}
 
 # usage: file_env VAR [DEFAULT]
 #    ie: file_env 'XYZ_DB_PASSWORD' 'example'
@@ -27,8 +27,7 @@ file_env() {
 	local fileVar="${var}_FILE"
 	local def="${2:-}"
 	if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
-		echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
-		exit 1
+		mysql_error "Both $var and $fileVar are set (but are exclusive)"
 	fi
 	local val="$def"
 	if [ "${!var:-}" ]; then
@@ -40,157 +39,328 @@ file_env() {
 	unset "$fileVar"
 }
 
-_check_config() {
-	toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" )
+# check to see if this file is being run or sourced from another script
+_is_sourced() {
+	# https://unix.stackexchange.com/a/215279
+	[ "${#FUNCNAME[@]}" -ge 2 ] \
+		&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
+		&& [ "${FUNCNAME[1]}" = 'source' ]
+}
+
+# usage: docker_process_init_files [file [file [...]]]
+#    ie: docker_process_init_files /always-initdb.d/*
+# process initializer files, based on file extensions
+docker_process_init_files() {
+	# mysql here for backwards compatibility "${mysql[@]}"
+	mysql=( docker_process_sql )
+
+	echo
+	local f
+	for f; do
+		case "$f" in
+			*.sh)
+				# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
+				# https://github.com/docker-library/postgres/pull/452
+				if [ -x "$f" ]; then
+					mysql_note "$0: running $f"
+					"$f"
+				else
+					mysql_note "$0: sourcing $f"
+					. "$f"
+				fi
+				;;
+			*.sql)    mysql_note "$0: running $f"; docker_process_sql < "$f"; echo ;;
+			*.sql.gz) mysql_note "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
+			*.sql.xz) mysql_note "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;;
+			*)        mysql_warn "$0: ignoring $f" ;;
+		esac
+		echo
+	done
+}
+
+mysql_check_config() {
+	local toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) errors
 	if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
-		cat >&2 <<-EOM
-			ERROR: mysqld failed while attempting to check config
-			command was: "${toRun[*]}"
-			$errors
-		EOM
-		exit 1
+		mysql_error $'mysqld failed while attempting to check config\n\tcommand was: '"${toRun[*]}"$'\n\t'"$errors"
 	fi
 }
 
 # Fetch value from server config
 # We use mysqld --verbose --help instead of my_print_defaults because the
 # latter only show values present in config files, and not server defaults
-_get_config() {
+mysql_get_config() {
 	local conf="$1"; shift
 	"$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \
-		| awk '$1 == "'"$conf"'" && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
+		| awk -v conf="$conf" '$1 == conf && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
 	# match "datadir      /some/path with/spaces in/it here" but not "--xyz=abc\n     datadir (xyz)"
 }
 
-# allow the container to be started with `--user`
-if [ "$1" = 'mysqld' -a -z "$wantHelp" -a "$(id -u)" = '0' ]; then
-	_check_config "$@"
-	DATADIR="$(_get_config 'datadir' "$@")"
+# Do a temporary startup of the MySQL server, for init purposes
+docker_temp_server_start() {
+	"$@" --skip-networking --socket="${SOCKET}" &
+	mysql_note "Waiting for server startup"
+	local i
+	for i in {30..0}; do
+		# only use the root password if the database has already been initializaed
+		# so that it won't try to fill in a password file when it hasn't been set yet
+		extraArgs=()
+		if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
+			extraArgs+=( '--dont-use-mysql-root-password' )
+		fi
+		if docker_process_sql "${extraArgs[@]}" --database=mysql <<<'SELECT 1' &> /dev/null; then
+			break
+		fi
+		sleep 1
+	done
+	if [ "$i" = 0 ]; then
+		mysql_error "Unable to start server."
+	fi
+}
+
+# Stop the server. When using a local socket file mysqladmin will block until
+# the shutdown is complete.
+docker_temp_server_stop() {
+	if ! mysqladmin --defaults-extra-file=<( _mysql_passfile ) shutdown -uroot --socket="${SOCKET}"; then
+		mysql_error "Unable to shut down server."
+	fi
+}
+
+# Verify that the minimally required password settings are set for new databases.
+docker_verify_minimum_env() {
+	if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
+		mysql_error $'Database is uninitialized and password option is not specified\n\tYou need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD'
+	fi
+}
+
+# creates folders for the database
+# also ensures permission for user mysql of run as root
+docker_create_db_directories() {
+	local user; user="$(id -u)"
+
+	# TODO other directories that are used by default? like /var/lib/mysql-files
+	# see https://github.com/docker-library/mysql/issues/562
 	mkdir -p "$DATADIR"
-	find "$DATADIR" \! -user mysql -exec chown mysql '{}' +
-	exec gosu mysql "$BASH_SOURCE" "$@"
-fi
 
-if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then
-	# still need to check config, container may have started with --user
-	_check_config "$@"
+	if [ "$user" = "0" ]; then
+		# this will cause less disk access than `chown -R`
+		find "$DATADIR" \! -user mysql -exec chown mysql '{}' +
+	fi
+}
+
+# initializes the database directory
+docker_init_database_dir() {
+	mysql_note "Initializing database files"
+	installArgs=( --datadir="$DATADIR" --rpm )
+	if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then
+		# beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password
+		# see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3
+		# (this flag doesn't exist in 10.0 and below)
+		installArgs+=( --auth-root-authentication-method=normal )
+	fi
+	# "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
+	mysql_install_db "${installArgs[@]}" "${@:2}"
+	mysql_note "Database files initialized"
+}
+
+# Loads various settings that are used elsewhere in the script
+# This should be called after mysql_check_config, but before any other functions
+docker_setup_env() {
 	# Get config
-	DATADIR="$(_get_config 'datadir' "$@")"
-
-	if [ ! -d "$DATADIR/mysql" ]; then
-		file_env 'MYSQL_ROOT_PASSWORD'
-		if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
-			echo >&2 'error: database is uninitialized and password option is not specified '
-			echo >&2 '  You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD'
-			exit 1
-		fi
+	declare -g DATADIR SOCKET
+	DATADIR="$(mysql_get_config 'datadir' "$@")"
+	SOCKET="$(mysql_get_config 'socket' "$@")"
 
-		mkdir -p "$DATADIR"
+	# Initialize values that might be stored in a file
+	file_env 'MYSQL_ROOT_HOST' '%'
+	file_env 'MYSQL_DATABASE'
+	file_env 'MYSQL_USER'
+	file_env 'MYSQL_PASSWORD'
+	file_env 'MYSQL_ROOT_PASSWORD'
+	file_env 'PORTAL_DB_TABLES'
 
-		echo 'Initializing database'
-		installArgs=( --datadir="$DATADIR" --rpm )
-		if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then
-			# beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password
-			# see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3
-			# (this flag doesn't exist in 10.0 and below)
-			installArgs+=( --auth-root-authentication-method=normal )
-		fi
-		# "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
-		mysql_install_db "${installArgs[@]}" "${@:2}"
-		echo 'Database initialized'
-
-		SOCKET="$(_get_config 'socket' "$@")"
-		"$@" --skip-networking --socket="${SOCKET}" &
-		pid="$!"
-
-		mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" )
-
-		for i in {60..0}; do
-			if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then
-				break
-			fi
-			echo 'MySQL init process in progress...'
-			sleep 1
-		done
-		if [ "$i" = 0 ]; then
-			echo >&2 'MySQL init process failed.'
-			exit 1
-		fi
+	declare -g DATABASE_ALREADY_EXISTS
+	if [ -d "$DATADIR/mysql" ]; then
+		DATABASE_ALREADY_EXISTS='true'
+	fi
+}
 
-		if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
-			# sed is for https://bugs.mysql.com/bug.php?id=20545
-			mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql
-		fi
+# Execute sql script, passed via stdin
+# usage: docker_process_sql [--dont-use-mysql-root-password] [mysql-cli-args]
+#    ie: docker_process_sql --database=mydb <<<'INSERT ...'
+#    ie: docker_process_sql --dont-use-mysql-root-password --database=mydb <my-file.sql
+docker_process_sql() {
+	passfileArgs=()
+	if [ '--dont-use-mysql-root-password' = "$1" ]; then
+		passfileArgs+=( "$1" )
+		shift
+	fi
+	# args sent in can override this db, since they will be later in the command
+	if [ -n "$MYSQL_DATABASE" ]; then
+		set -- --database="$MYSQL_DATABASE" "$@"
+	fi
 
-		if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
-			export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)"
-			echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
-		fi
+	mysql --defaults-extra-file=<( _mysql_passfile "${passfileArgs[@]}") --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" "$@"
+}
 
-		rootCreate=
-		# default root to listen for connections from anywhere
-		file_env 'MYSQL_ROOT_HOST' '%'
-		if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then
-			# no, we don't care if read finds a terminating character in this heredoc
-			# https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
-			read -r -d '' rootCreate <<-EOSQL || true
-				CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
-				GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;
-			EOSQL
-		fi
+# Initializes database with timezone info and root password, plus optional extra db/user
+docker_setup_db() {
+	# Load timezone info into database
+	if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
+		{
+			# Aria in 10.4+ is slow due to "transactional" (crash safety)
+			# https://jira.mariadb.org/browse/MDEV-23326
+			# https://github.com/docker-library/mariadb/issues/262
+			local tztables=( time_zone time_zone_leap_second time_zone_name time_zone_transition time_zone_transition_type )
+			for table in "${tztables[@]}"; do
+				echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=0 */;"
+			done
 
-		"${mysql[@]}" <<-EOSQL
-			-- What's done in this file shouldn't be replicated
-			--  or products like mysql-fabric won't work
-			SET @@SESSION.SQL_LOG_BIN=0;
-			DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
-			SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
-			GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
-			${rootCreate}
-			DROP DATABASE IF EXISTS test ;
-			FLUSH PRIVILEGES ;
+			# sed is for https://bugs.mysql.com/bug.php?id=20545
+			mysql_tzinfo_to_sql /usr/share/zoneinfo \
+				| sed 's/Local time zone must be set--see zic manual page/FCTY/'
+
+			for table in "${tztables[@]}"; do
+				echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=1 */;"
+			done
+		} | docker_process_sql --dont-use-mysql-root-password --database=mysql
+		# tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is not set yet
+	fi
+	# Generate random root password
+	if [ -n "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
+		export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)"
+		mysql_note "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
+	fi
+	# Sets root password and creates root users for non-localhost hosts
+	local rootCreate=
+	# default root to listen for connections from anywhere
+	if [ -n "$MYSQL_ROOT_HOST" ] && [ "$MYSQL_ROOT_HOST" != 'localhost' ]; then
+		# no, we don't care if read finds a terminating character in this heredoc
+		# https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
+		read -r -d '' rootCreate <<-EOSQL || true
+			CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
+			GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;
 		EOSQL
+	fi
 
-		if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then
-			mysql+=( -p"${MYSQL_ROOT_PASSWORD}" )
-		fi
+	# tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is just now being set
+	docker_process_sql --dont-use-mysql-root-password --database=mysql <<-EOSQL
+		-- What's done in this file shouldn't be replicated
+		--  or products like mysql-fabric won't work
+		SET @@SESSION.SQL_LOG_BIN=0;
 
-		file_env 'MYSQL_DATABASE'
-		if [ "$MYSQL_DATABASE" ]; then
-			echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}"
-			mysql+=( "$MYSQL_DATABASE" )
-		fi
+		DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mariadb.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
+		SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
+		-- 10.1: https://github.com/MariaDB/server/blob/d925aec1c10cebf6c34825a7de50afe4e630aff4/scripts/mysql_secure_installation.sh#L347-L365
+		-- 10.5: https://github.com/MariaDB/server/blob/00c3a28820c67c37ebbca72691f4897b57f2eed5/scripts/mysql_secure_installation.sh#L351-L369
+		DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%' ;
 
-		file_env 'MYSQL_USER'
-		file_env 'MYSQL_PASSWORD'
-		if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then
-			echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}"
+		GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
+		FLUSH PRIVILEGES ;
+		${rootCreate}
+		DROP DATABASE IF EXISTS test ;
+	EOSQL
 
-			if [ "$MYSQL_DATABASE" ]; then
-				echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
-			fi
+	# Creates a custom database and user if specified
+	if [ -n "$MYSQL_DATABASE" ]; then
+		mysql_note "Creating database ${MYSQL_DATABASE}"
+		docker_process_sql --database=mysql <<<"CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;"
+	fi
+
+	if [ -n "$MYSQL_USER" ] && [ -n "$MYSQL_PASSWORD" ]; then
+		mysql_note "Creating user ${MYSQL_USER}"
+		docker_process_sql --database=mysql <<<"CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;"
+
+		if [ -n "$MYSQL_DATABASE" ]; then
+			mysql_note "Giving user ${MYSQL_USER} access to schema ${MYSQL_DATABASE}"
+			docker_process_sql --database=mysql <<<"GRANT ALL ON \`${MYSQL_DATABASE//_/\\_}\`.* TO '$MYSQL_USER'@'%' ;"
 		fi
 
-		echo
-		for f in /docker-entrypoint-initdb.d/*; do
-			case "$f" in
-				*.sh)     echo "$0: running $f"; . "$f" ;;
-				*.sql)    echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;;
-				*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;;
-				*)        echo "$0: ignoring $f" ;;
-			esac
-			echo
-		done
+		docker_process_sql --database=mysql <<<"FLUSH PRIVILEGES ;"
+	fi
+}
 
-		if ! kill -s TERM "$pid" || ! wait "$pid"; then
-			echo >&2 'MySQL init process failed.'
-			exit 1
+_mysql_passfile() {
+	# echo the password to the "file" the client uses
+	# the client command will use process substitution to create a file on the fly
+	# ie: --defaults-extra-file=<( _mysql_passfile )
+	if [ '--dont-use-mysql-root-password' != "$1" ] && [ -n "$MYSQL_ROOT_PASSWORD" ]; then
+		cat <<-EOF
+			[client]
+			password="${MYSQL_ROOT_PASSWORD}"
+		EOF
+	fi
+}
+
+# check arguments for an option that would cause mysqld to stop
+# return true if there is one
+_mysql_want_help() {
+	local arg
+	for arg; do
+		case "$arg" in
+			-'?'|--help|--print-defaults|-V|--version)
+				return 0
+				;;
+		esac
+	done
+	return 1
+}
+
+_main() {
+	# if command starts with an option, prepend mysqld
+	if [ "${1:0:1}" = '-' ]; then
+		set -- mysqld "$@"
+	fi
+
+	# skip setup if they aren't running mysqld or want an option that stops mysqld
+	if [ "$1" = 'mysqld' ] && ! _mysql_want_help "$@"; then
+		mysql_note "Entrypoint script for MySQL Server ${MARIADB_VERSION} started."
+
+		mysql_check_config "$@"
+		# Load various environment variables
+		docker_setup_env "$@"
+		docker_create_db_directories
+
+		# If container is started as root user, restart as dedicated mysql user
+		if [ "$(id -u)" = "0" ]; then
+			mysql_note "Switching to dedicated user 'mysql'"
+			exec gosu mysql "$BASH_SOURCE" "$@"
 		fi
 
-		echo
-		echo 'MySQL init process done. Ready for start up.'
-		echo
+		# there's no database, so it needs to be initialized
+		if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
+			docker_verify_minimum_env
+
+			# check dir permissions to reduce likelihood of half-initialized database
+			ls /docker-entrypoint-initdb.d/ > /dev/null
+
+			docker_init_database_dir "$@"
+
+			mysql_note "Starting temporary server"
+			docker_temp_server_start "$@"
+			mysql_note "Temporary server started."
+
+			docker_setup_db
+			docker_process_init_files /docker-entrypoint-initdb.d/*
+
+			for i in $(echo $PORTAL_DB_TABLES | sed "s/,/ /g")
+				do
+					echo "Granting portal user ALL PRIVILEGES for table $i"
+					echo "GRANT ALL ON \`$i\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
+				done
+
+			mysql_note "Stopping temporary server"
+			docker_temp_server_stop
+			mysql_note "Temporary server stopped"
+
+			echo
+			mysql_note "MySQL init process done. Ready for start up."
+			echo
+		fi
 	fi
-fi
+	exec "$@"
+}
 
-exec "$@"
\ No newline at end of file
+# If we are sourced from elsewhere, don't perform any further actions
+if ! _is_sourced; then
+	_main "$@"
+fi
diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql
index 7502e9322a..f9db78ba4d 100644
--- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql
+++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql
@@ -23,7 +23,7 @@ while the OOM K8s version has these service split up.
 */
 -- app_url is the FE, app_rest_endpoint is the BE
 --portal-sdk => TODO: doesn't open a node port yet
-update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
+update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8443/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
 --dmaap-bc => the dmaap-bc doesn't open a node port..
 update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl';
 --sdc-be => 8443:30204
@@ -74,7 +74,10 @@ update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS
 -- aai sparky
 update fn_app set app_username='aaiui', app_password='4LK69amiIFtuzcl6Gsv97Tt7MLhzo03aoOx7dTvdjKQ=', ueb_key='ueb_key_7' where app_id = 7;
 
-
+-- Disabled Policy APP
+UPDATE fn_app fa SET fa.enabled = 'N' WHERE app_name = 'Policy';
+-- Disabled AAIUI APP
+UPDATE fn_app fa SET fa.enabled = 'N' WHERE app_name = 'A&AI UI';
 /*
 Replace spaces with underscores for role names to match AAF role names
 */
diff --git a/kubernetes/portal/components/portal-mariadb/templates/configmap.yaml b/kubernetes/portal/components/portal-mariadb/templates/configmap.yaml
index 1602af81f9..eaa0cfb259 100644
--- a/kubernetes/portal/components/portal-mariadb/templates/configmap.yaml
+++ b/kubernetes/portal/components/portal-mariadb/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml b/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml
index bcd223c7e6..7e94c76896 100644
--- a/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml
+++ b/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -34,9 +36,16 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
+      initContainers:
+      - name: volume-permissions
+        image: {{ include "repositoryGenerator.image.busybox" . }}
+        command: ['sh', '-c', 'chmod -R 777 /var/lib/mysql']
+        volumeMounts:
+        - mountPath: /var/lib/mysql
+          name: mariadb-data
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
@@ -62,6 +71,18 @@ spec:
                 secretKeyRef:
                   name: {{ template "common.fullname" . }}
                   key: db-root-password
+            - name: MYSQL_USER
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "common.fullname" . }}
+                  key: backend-db-user
+            - name: MYSQL_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "common.fullname" . }}
+                  key: backend-db-password
+            - name: PORTAL_DB_TABLES
+              value: {{ .Values.config.backend_portal_tables }}
           volumeMounts:
           - mountPath: /var/lib/mysql
             name: mariadb-data
diff --git a/kubernetes/portal/components/portal-mariadb/templates/job.yaml b/kubernetes/portal/components/portal-mariadb/templates/job.yaml
index 812dc66a23..5a66bb96bd 100644
--- a/kubernetes/portal/components/portal-mariadb/templates/job.yaml
+++ b/kubernetes/portal/components/portal-mariadb/templates/job.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: batch/v1
 kind: Job
@@ -33,10 +35,10 @@ spec:
       restartPolicy: Never
       initContainers:
       - name: {{ include "common.name" . }}-init-readiness
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - {{ include "common.name" . }}
@@ -48,7 +50,7 @@ spec:
               fieldPath: metadata.namespace
       containers:
       - name: {{ include "common.name" . }}-job
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.mariadbInitImage }}"
+        image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.mariadbInitImage }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         env:
         - name: DB_HOST
@@ -61,7 +63,7 @@ spec:
         - name: SQL_SRC_DIR
           value: {{ .Values.config.sqlSourceDirectory }}
       - name: {{ include "common.name" . }}-oom-update-job
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.mariadbInitImage }}"
+        image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.mariadbInitImage }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         env:
         - name: DB_HOST
@@ -72,7 +74,9 @@ spec:
           value: "{{ .Values.service.internalPort }}"
         - name: DB_PASS
           valueFrom:
-            secretKeyRef: {name: {{ include "common.fullname" . }}, key: db-root-password}
+            secretKeyRef:
+              name: {{ include "common.fullname" . }}
+              key: db-root-password
         command:
         - /bin/sh
         - -x
diff --git a/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml b/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml
index ad1db77298..c0800e0275 100644
--- a/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml
+++ b/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Secret
@@ -26,3 +28,6 @@ metadata:
 type: Opaque
 data:
   db-root-password: {{ .Values.config.mariadbRootPassword | b64enc | quote }}
+stringData:
+  backend-db-user: {{ .Values.config.backendDbUser }}
+  backend-db-password: {{ .Values.config.backendDbPassword }}
diff --git a/kubernetes/portal/components/portal-mariadb/templates/service.yaml b/kubernetes/portal/components/portal-mariadb/templates/service.yaml
index aca4b063b8..7b9ef91900 100644
--- a/kubernetes/portal/components/portal-mariadb/templates/service.yaml
+++ b/kubernetes/portal/components/portal-mariadb/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/portal/components/portal-mariadb/values.yaml b/kubernetes/portal/components/portal-mariadb/values.yaml
index 08157f7b92..99dda390b4 100644
--- a/kubernetes/portal/components/portal-mariadb/values.yaml
+++ b/kubernetes/portal/components/portal-mariadb/values.yaml
@@ -19,22 +19,21 @@
 global: # global defaults
   nodePortPrefix: 302
   persistence: {}
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-
 
 # application image
-repository: nexus3.onap.org:10001
-image: onap/portal-db:3.2.3
+image: onap/portal-db:3.4.1
 pullPolicy: Always
-
-
-mariadbInitImage: "mariadb-client-init:3.0.0"
+mariadbInitImage: oomk8s/mariadb-client-init:3.0.0
 
 # application configuration
 config:
   mariadbUser: root
   mariadbRootPassword: Aa123456
+  backendDbUser: portal
+  backendDbPassword: portal
+  #backend_portal_tables is a comma delimited string listing back-end tables
+  #that backendDbUser needs access to, such as to portal and ecomp_sdk tables
+  backend_portal_tables: portal,ecomp_sdk
   #The directory where sql files are found in the projects gerrit repo.
   sqlSourceDirectory: portal/deliveries
   # sdc frontend assignment for port 9443
diff --git a/kubernetes/portal/components/portal-sdk/requirements.yaml b/kubernetes/portal/components/portal-sdk/requirements.yaml
index 00b92235f3..bfcaecb7aa 100644
--- a/kubernetes/portal/components/portal-sdk/requirements.yaml
+++ b/kubernetes/portal/components/portal-sdk/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
   - name: certInitializer
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/fusion.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/fusion.properties
index 5c24429cdb..895de10a4f 100644
--- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/fusion.properties
+++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/fusion.properties
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada, AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 # login settings
 login_method_backdoor       = backdoor
diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/key.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/key.properties
new file mode 100644
index 0000000000..a5160457ec
--- /dev/null
+++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/key.properties
@@ -0,0 +1,42 @@
+{{/*
+###
+# ============LICENSE_START==========================================
+# ONAP Portal SDK
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#             http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#             https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+#
+###
+*/}}
+
+# Properties read by the ECOMP Framework library (epsdk-fw)
+cipher.enc.key = ${CIPHER_ENC_KEY}
diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml
index 85e1eed648..2c2cd00f1c 100644
--- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml
+++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml
@@ -41,6 +41,8 @@
   <!--<jmxConfigurator /> -->

   <!--  specify the component name -->

   <property name="componentName" value="onapsdk"></property>

+  <!--  specify the application name -->

+  <property name="application_name" value="PortalSDK"></property>

   <!--  specify the base path of the log directory -->

   <property name="logDirPrefix" value="/var/log/onap"></property>

   <!-- The directories where logs are written -->

@@ -60,7 +62,7 @@
   <!-- 1610 Logging Fields Format Revisions -->

   <property name="auditLoggerPattern" value="%X{AuditLogBeginTimestamp}|%X{AuditLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />

   <property name="metricsLoggerPattern" value="%X{MetricsLogBeginTimestamp}|%X{MetricsLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVisualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />

-  <property name="errorLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ClassName}|%X{AlertSeverity}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />

+  <property name="errorLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ErrorCategory}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />

   <property name="defaultLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ClassName}| %msg%n" />

   <!-- use %class so library logging calls yield their class name -->

   <property name="applicationLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%class{36}| %msg%n" />

@@ -204,19 +206,20 @@
   <logger name="org.onap.eelf" level="info" additivity="false">

     <appender-ref ref="asyncEELF" />

   </logger>

-  <logger name="org.onap.eelf.audit" level="info" additivity="false">

+  <logger name="EELFAudit" level="info" additivity="false">

     <appender-ref ref="asyncEELFAudit" />

   </logger>

   <logger name="org.onap.eelf.debug" level="debug" additivity="false">

     <appender-ref ref="asyncEELFDebug" />

   </logger>

-  <logger name="org.onap.eelf.error" level="info" additivity="false">

+  <logger name="EELFError" level="info" additivity="false">

     <appender-ref ref="asyncEELFError" />

   </logger>

-  <logger name="org.onap.eelf.metrics" level="info" additivity="false">

+  <logger name="EELFMetrics" level="info" additivity="false">

     <appender-ref ref="asyncEELFMetrics" />

   </logger>

   <root level="DEBUG">

     <appender-ref ref="asyncEELF" />

+    <appender-ref ref="STDOUT" />

   </root>

 </configuration>

diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties
index 8881cc2f2d..3e215647e5 100644
--- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties
+++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada, AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 
 music.version = v2
@@ -27,9 +29,8 @@ music.serialize.compress = true
 
 #By default it's eventual
 music.atomic.get = false
-music.atomic.put = true
+music.atomic.put = false
 
 cassandra.host={{.Values.cassandra.service.name}}
-zookeeper.host={{.Values.zookeeper.service.name}}
-cassandra.user={{.Values.cassandra.config.cassandraUsername}}
-cassandra.password={{.Values.cassandra.config.cassandraPassword}}
+cassandra.user=${CASSA_USER}
+cassandra.password=${CASSA_PASSWORD}
diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/portal.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/portal.properties
index 2ccace545a..4bb51c1a8a 100755
--- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/portal.properties
+++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/portal.properties
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada, AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 
 # Properties read by ECOMP Framework library, ecompFW.jar
diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
index 2a2ec59d5c..aad5044fbf 100755
--- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
+++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada, AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 
 # Properties read by ECOMP Core library, ecompSDK-core.jar
@@ -40,8 +42,8 @@ decryption_key				  = AGLDdG4D04BKm2IxIWEr8o==
 
 db.driver = org.mariadb.jdbc.Driver
 db.connectionURL = jdbc:mariadb://portal-db:3306/ecomp_sdk
-db.userName = root
-db.password = Aa123456
+db.userName =${PORTAL_DB_USER}
+db.password =${PORTAL_DB_PASSWORD}
 db.min_pool_size = 5
 db.max_pool_size = 10
 hb.dialect = org.hibernate.dialect.MySQLDialect
@@ -90,4 +92,4 @@ remote_centralized_system_access = {{.Values.global.aafEnabled}}
 ext_central_access_user_name = aaf_admin@people.osaaf.org
 ext_central_access_password = demo123456!
 ext_central_access_url = {{.Values.aafURL}}
-ext_central_access_user_domain = @people.osaaf.org
\ No newline at end of file
+ext_central_access_user_domain = @people.osaaf.org
diff --git a/kubernetes/portal/components/portal-sdk/templates/configmap.yaml b/kubernetes/portal/components/portal-sdk/templates/configmap.yaml
index 5ad9910c56..30d2009c3e 100644
--- a/kubernetes/portal/components/portal-sdk/templates/configmap.yaml
+++ b/kubernetes/portal/components/portal-sdk/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018, 2020 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml
index ed04d358f8..95247b3dd2 100644
--- a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml
+++ b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018,2020 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -36,10 +38,10 @@ spec:
     spec:
       initContainers:
       - name: {{ include "common.name" . }}-readiness
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - "portal-db"
@@ -49,10 +51,46 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+      - name: {{ include "common.name" . }}-portalsdk-config
+        image: {{ include "repositoryGenerator.image.envsubst" . }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+        - sh
+        args:
+        - "-c"
+        - |
+          cd /config-input && \
+          for PFILE in `ls -1 *.xml`
+          do
+            cp ${PFILE} /config
+            chmod 0755 /config/${PFILE}
+          done
+          cd /config-input && \
+          for PFILE in `ls -1 *.properties`
+          do
+            envsubst <${PFILE} >/config/${PFILE}
+            chmod 0755 /config/${PFILE}
+          done
+        env:
+          - name: CASSA_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }}
+          - name: CASSA_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }}
+          - name: CIPHER_ENC_KEY
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }}
+          - name: PORTAL_DB_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }}
+          - name: PORTAL_DB_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }}
+        volumeMounts:
+        - mountPath: /config-input
+          name: properties-onapportalsdk-scrubbed
+        - mountPath: /config
+          name: properties-onapportalsdk
 {{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
       - name: {{ include "common.name" . }}
-        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command: ["bash","-c"]
         {{- if .Values.global.aafEnabled }}
@@ -100,6 +138,9 @@ spec:
           mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/portal.properties"
           subPath: portal.properties
         - name: properties-onapportalsdk
+          mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/key.properties"
+          subPath: key.properties
+        - name: properties-onapportalsdk
           mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/music.properties"
           subPath: music.properties
         - name: properties-onapportalsdk
@@ -120,7 +161,7 @@ spec:
 {{ toYaml .Values.affinity | indent 10 }}
       {{- end }}
       - name: filebeat-onap
-        image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+        image: {{ include "repositoryGenerator.image.logging" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - mountPath: /usr/share/filebeat/filebeat.yml
@@ -135,6 +176,9 @@ spec:
           hostPath:
             path: /etc/localtime
         - name: properties-onapportalsdk
+          emptyDir:
+            medium: Memory
+        - name: properties-onapportalsdk-scrubbed
           configMap:
             name: {{ include "common.fullname" . }}-onapportalsdk
             defaultMode: 0755
diff --git a/kubernetes/portal/components/portal-sdk/templates/secrets.yaml b/kubernetes/portal/components/portal-sdk/templates/secrets.yaml
index 61fc2f8037..06a17b4009 100644
--- a/kubernetes/portal/components/portal-sdk/templates/secrets.yaml
+++ b/kubernetes/portal/components/portal-sdk/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/portal/components/portal-sdk/templates/service.yaml b/kubernetes/portal/components/portal-sdk/templates/service.yaml
index 36d00ccfe2..f3007a4c46 100644
--- a/kubernetes/portal/components/portal-sdk/templates/service.yaml
+++ b/kubernetes/portal/components/portal-sdk/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/portal/components/portal-sdk/values.yaml b/kubernetes/portal/components/portal-sdk/values.yaml
index 47c0189c40..11ce5a6e42 100644
--- a/kubernetes/portal/components/portal-sdk/values.yaml
+++ b/kubernetes/portal/components/portal-sdk/values.yaml
@@ -20,23 +20,47 @@ global:
   env:
     tomcatDir: "/usr/local/tomcat"
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
   persistence: {}
   #AAF service
   aafEnabled: true
 
+################################################################
+# Secrets metaconfig
+#################################################################
+
+secrets:
+  - uid: portal-cass
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.cassandra.config.cassandraExternalSecret) . }}'
+    login: '{{ .Values.cassandra.config.cassandraUsername }}'
+    password: '{{ .Values.cassandra.config.cassandraPassword }}'
+    passwordPolicy: required
+  - uid: portal-backend-db
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}'
+    login: '{{ .Values.mariadb.config.backendUserName }}'
+    password: '{{ .Values.mariadb.config.backendPassword }}'
+    passwordPolicy: required
+  - uid: cipher-enc-key
+    type: password
+    externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}'
+    password: '{{ .Values.config.cipherEncKey }}'
+    passwordPolicy: required
+
 #################################################################
 # Application configuration defaults.
 #################################################################
 
 # application image
-repository: nexus3.onap.org:10001
-image: onap/portal-sdk:3.2.0
+image: onap/portal-sdk:3.4.2
 pullPolicy: Always
 
+# application configuration
+config:
+  # cipherEncKeyExternalSecret: some secret
+  cipherEncKey: AGLDdG4D04BKm2IxIWEr8o==
+
+
 #AAF local config
 aafURL: https://aaf-service:8100/authz/
 certInitializer:
@@ -92,6 +116,10 @@ service:
 mariadb:
   service:
     name: portal-db
+  config:
+    # backendDbExternalSecret: some secret
+    backendUserName: portal
+    backendPassword: portal
 widget:
   service:
     name: portal-widget
@@ -99,11 +127,9 @@ cassandra:
   service:
     name: portal-cassandra
   config:
+    # cassandraExternalSecret: some secret
     cassandraUsername: root
     cassandraPassword: Aa123456
-zookeeper:
-  service:
-    name: portal-zookeeper
 messageRouter:
   service:
     name: message-router
diff --git a/kubernetes/portal/components/portal-widget/requirements.yaml b/kubernetes/portal/components/portal-widget/requirements.yaml
index c5d7864b9d..7c92350367 100644
--- a/kubernetes/portal/components/portal-widget/requirements.yaml
+++ b/kubernetes/portal/components/portal-widget/requirements.yaml
@@ -16,3 +16,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.properties b/kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.properties
index a53dd2e283..f5a900e8ce 100644
--- a/kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.properties
+++ b/kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.properties
@@ -7,27 +7,26 @@ microservice.widget.location=/tmp
 

 ## App DB Properties

 spring.datasource.url=jdbc:mysql://portal-db:3306/portal

-spring.datasource.username=root

-spring.datasource.password=Aa123456

+spring.datasource.username=${PORTAL_DB_USER}

+spring.datasource.password=${PORTAL_DB_PASSWORD}

 spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQLDialect

 spring.database.driver.classname=org.mariadb.jdbc.Driver

 spring.jpa.show-sql=false

 spring.jpa.properties.hibernate.format_sql=false

 

 ## Basic Authentication Properties

-security.user.name=widget_user

-security.user.password=ENC(IjywcRnI9+nuVEh9+OFFiRWAjBT1n718)

+security.user.name=${WIDGET_USER}

+security.user.password=${WIDGET_PASSWORD}

 

 initialization.default.widgets=true

 initialization.widgetData.url=http://portal-app:{{.Values.global.portalPort}}/ONAPPORTAL/commonWidgets

 

 ## Account Basic Authentication Properties

-account.user.name=portal

-account.user.password=6APqvG4AU2rfLgCvMdySwQ==

+account.user.name=${ACC_USER}

+account.user.password=${ACC_PASSWORD}

 

 ## Certificate Properties

 #server.ssl.key-store=classpath:widget-keystore.p12

 #server.ssl.key-store-password=ENC(DiIYnAMab4u7rEW2yKhF9zBL00uU55q8)

 #server.ssl.keyStoreType=PKCS12

 #server.ssl.keyAlias=widget-microservice

-

diff --git a/kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.yml b/kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.yml
index 087c93f5ce..f3da66f882 100644
--- a/kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.yml
+++ b/kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.yml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada, AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,7 +12,8 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 jasypt:
   encryptor:
-    password: EncryptionKey
+    password: ${JASYPT_ENC_KEY}
diff --git a/kubernetes/portal/components/portal-widget/templates/configmap.yaml b/kubernetes/portal/components/portal-widget/templates/configmap.yaml
index 4ac5f6d4ea..58acd42a69 100644
--- a/kubernetes/portal/components/portal-widget/templates/configmap.yaml
+++ b/kubernetes/portal/components/portal-widget/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/portal/components/portal-widget/templates/deployment.yaml b/kubernetes/portal/components/portal-widget/templates/deployment.yaml
index 798f7c5f24..246257651a 100644
--- a/kubernetes/portal/components/portal-widget/templates/deployment.yaml
+++ b/kubernetes/portal/components/portal-widget/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -36,10 +38,10 @@ spec:
     spec:
       initContainers:
       - name: {{ include "common.name" . }}-readiness
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - "portal-db"
@@ -49,9 +51,43 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+      - name: {{ include "common.name" . }}-portal-widget-config
+        image: {{ include "repositoryGenerator.image.envsubst" . }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+        - sh
+        args:
+        - "-c"
+        - |
+          cd /config-input && \
+          for PFILE in `ls -1 *.*`
+          do
+            envsubst <${PFILE} >/config/${PFILE}
+            chmod 0755 /config/${PFILE}
+          done
+        env:
+          - name: PORTAL_DB_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }}
+          - name: PORTAL_DB_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }}
+          - name: WIDGET_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-widget" "key" "login") | indent 12 }}
+          - name: WIDGET_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-widget" "key" "password") | indent 12 }}
+          - name: ACC_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-account" "key" "login") | indent 12 }}
+          - name: ACC_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-account" "key" "password") | indent 12 }}
+          - name: JASYPT_ENC_KEY
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "jasypt-enc-key" "key" "password") | indent 12 }}
+        volumeMounts:
+        - mountPath: /config-input
+          name: properties-onapwidgetms-scrubbed
+        - mountPath: /config
+          name: properties-onapwidgetms
       containers:
       - name: {{ include "common.name" . }}
-        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
           - /start-wms.sh
@@ -94,6 +130,9 @@ spec:
           hostPath:
             path: /etc/localtime
         - name: properties-onapwidgetms
+          emptyDir:
+            medium: Memory
+        - name: properties-onapwidgetms-scrubbed
           configMap:
             name: {{ include "common.fullname" . }}-onapwidgetms
             defaultMode: 0755
diff --git a/kubernetes/portal/components/portal-widget/templates/secret.yaml b/kubernetes/portal/components/portal-widget/templates/secret.yaml
new file mode 100644
index 0000000000..9a3f011e80
--- /dev/null
+++ b/kubernetes/portal/components/portal-widget/templates/secret.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/portal/components/portal-widget/templates/service.yaml b/kubernetes/portal/components/portal-widget/templates/service.yaml
index 58da55fdba..5197841189 100644
--- a/kubernetes/portal/components/portal-widget/templates/service.yaml
+++ b/kubernetes/portal/components/portal-widget/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/portal/components/portal-widget/values.yaml b/kubernetes/portal/components/portal-widget/values.yaml
index 079847c7e7..f86ff85f75 100644
--- a/kubernetes/portal/components/portal-widget/values.yaml
+++ b/kubernetes/portal/components/portal-widget/values.yaml
@@ -18,18 +18,51 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  ubuntuInit: ubuntu-init:1.0.0
+
+################################################################
+# Secrets metaconfig
+#################################################################
+
+secrets:
+  - uid: portal-backend-db
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}'
+    login: '{{ .Values.mariadb.config.backendUserName }}'
+    password: '{{ .Values.mariadb.config.backendPassword }}'
+    passwordPolicy: required
+  - uid: portal-widget
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.widgetCredsExternalSecret) . }}'
+    login: '{{ .Values.config.widgetUsername }}'
+    password: '{{ .Values.config.widgetPassword }}'
+    passwordPolicy: required
+  - uid: portal-account
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.accountCredsExternalSecret) . }}'
+    login: '{{ .Values.config.accountUsername }}'
+    password: '{{ .Values.config.accountPassword }}'
+    passwordPolicy: required
+  - uid: jasypt-enc-key
+    type: password
+    externalSecret: '{{ .Values.config.jasyptEncKeyExternalSecret}}'
+    password: '{{ .Values.config.jasyptEncKey }}'
+    passwordPolicy: required
+
+config:
+  widgetUsername: widget_user
+  widgetPassword: widget_pass
+# widgetCredsExternalSecret: some secret
+  accountUsername: portal
+  accountPassword: portal
+# accountCredsExternalSecret: some secret
+  jasyptEncKey: EncryptionKey
+  # jasyptEncKeyExternalSecret: some secret
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
-image: onap/portal-wms:3.2.3
+image: onap/portal-wms:3.4.2
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -57,6 +90,10 @@ readiness:
 mariadb:
   service:
     name: portal-db
+  config:
+    # backendDbExternalSecret: some secret
+    backendUserName: portal
+    backendPassword: portal
 
 service:
   type: ClusterIP
diff --git a/kubernetes/portal/components/portal-zookeeper/Chart.yaml b/kubernetes/portal/components/portal-zookeeper/Chart.yaml
deleted file mode 100644
index 8a81b5763f..0000000000
--- a/kubernetes/portal/components/portal-zookeeper/Chart.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: Zookeeper for ONAP Portal
-name: portal-zookeeper
-version: 6.0.0
diff --git a/kubernetes/portal/components/portal-zookeeper/templates/NOTES.txt b/kubernetes/portal/components/portal-zookeeper/templates/NOTES.txt
deleted file mode 100644
index ee7a285cc0..0000000000
--- a/kubernetes/portal/components/portal-zookeeper/templates/NOTES.txt
+++ /dev/null
@@ -1,33 +0,0 @@
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/portal/components/portal-zookeeper/templates/deployment.yaml b/kubernetes/portal/components/portal-zookeeper/templates/deployment.yaml
deleted file mode 100644
index fbde3c32e1..0000000000
--- a/kubernetes/portal/components/portal-zookeeper/templates/deployment.yaml
+++ /dev/null
@@ -1,74 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-spec:
-  selector:
-    matchLabels:
-      app: {{ include "common.name" . }}
-  replicas: {{ .Values.replicaCount }}
-  template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
-    spec:
-      containers:
-        - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          ports:
-          - containerPort: {{ .Values.service.internalPort }}
-          {{- if eq .Values.liveness.enabled true }}
-          livenessProbe:
-            tcpSocket:
-              port: {{ .Values.service.internalPort }}
-            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
-            periodSeconds: {{ .Values.liveness.periodSeconds }}
-          {{end -}}
-          readinessProbe:
-            tcpSocket:
-              port: {{ .Values.service.internalPort }}
-            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
-            periodSeconds: {{ .Values.readiness.periodSeconds }}
-          volumeMounts:
-          - mountPath: /etc/localtime
-            name: localtime
-            readOnly: true
-          resources:
-{{ include "common.resources" . | indent 12 }}
-        {{- if .Values.nodeSelector }}
-        nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
-        {{- end -}}
-        {{- if .Values.affinity }}
-        affinity:
-{{ toYaml .Values.affinity | indent 10 }}
-        {{- end }}
-      volumes:
-        - name: localtime
-          hostPath:
-            path: /etc/localtime
-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/portal/components/portal-zookeeper/templates/service.yaml b/kubernetes/portal/components/portal-zookeeper/templates/service.yaml
deleted file mode 100644
index aca4b063b8..0000000000
--- a/kubernetes/portal/components/portal-zookeeper/templates/service.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "common.servicename" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    {{if eq .Values.service.type "NodePort" -}}
-    - port: {{ .Values.service.internalPort }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.externalPort }}
-    {{- else -}}
-    - port: {{ .Values.service.externalPort }}
-      targetPort: {{ .Values.service.internalPort }}
-    {{- end}}
-      name: {{ .Values.service.portName }}
-  selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
diff --git a/kubernetes/portal/components/portal-zookeeper/values.yaml b/kubernetes/portal/components/portal-zookeeper/values.yaml
deleted file mode 100644
index 6037d246cf..0000000000
--- a/kubernetes/portal/components/portal-zookeeper/values.yaml
+++ /dev/null
@@ -1,77 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Default values for mariadb.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-global: # global defaults
-  nodePortPrefix: 302
-  persistence: {}
-
-
-# application image
-repository: nexus3.onap.org:10001
-image: zookeeper:3.4
-pullPolicy: Always
-
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
-  initialDelaySeconds: 10
-  periodSeconds: 10
-  # necessary to disable liveness probe when setting breakpoints
-  # in debugger so K8s doesn't restart unresponsive container
-  enabled: true
-
-readiness:
-  initialDelaySeconds: 10
-  periodSeconds: 10
-
-service:
-  type: ClusterIP
-  name: portal-zookeeper
-  portName: portal-zk
-  externalPort: 2181
-  internalPort: 2181
-
-ingress:
-  enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
-  small:
-    limits:
-      cpu: 100m
-      memory: 200Mi
-    requests:
-      cpu: 1m
-      memory: 80Mi
-  large:
-    limits:
-      cpu: 1
-      memory: 1Gi
-    requests:
-      cpu: 500m
-      memory: 600Mi
-  unlimited: {}
diff --git a/kubernetes/portal/requirements.yaml b/kubernetes/portal/requirements.yaml
index f89bbd6a2b..969a326ba5 100644
--- a/kubernetes/portal/requirements.yaml
+++ b/kubernetes/portal/requirements.yaml
@@ -32,6 +32,3 @@ dependencies:
   - name: portal-widget
     version: ~6.x-0
     repository: 'file://components/portal-widget'
-  - name: portal-zookeeper
-    version: ~6.x-0
-    repository: 'file://components/portal-zookeeper'
diff --git a/kubernetes/portal/resources/config/log/filebeat/filebeat.yml b/kubernetes/portal/resources/config/log/filebeat/filebeat.yml
index 400b8df6b9..56ed10a50c 100644
--- a/kubernetes/portal/resources/config/log/filebeat/filebeat.yml
+++ b/kubernetes/portal/resources/config/log/filebeat/filebeat.yml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada, AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 filebeat.prospectors:
 #it is mandatory, in our case it's log
diff --git a/kubernetes/portal/templates/configmap.yaml b/kubernetes/portal/templates/configmap.yaml
index e1a534c695..a474a6c3d3 100644
--- a/kubernetes/portal/templates/configmap.yaml
+++ b/kubernetes/portal/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/portal/templates/secrets.yaml b/kubernetes/portal/templates/secrets.yaml
new file mode 100644
index 0000000000..34932b713d
--- /dev/null
+++ b/kubernetes/portal/templates/secrets.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/portal/values.yaml b/kubernetes/portal/values.yaml
index 1015c86654..0d4b023b12 100644
--- a/kubernetes/portal/values.yaml
+++ b/kubernetes/portal/values.yaml
@@ -21,14 +21,42 @@ global:
   portalFEPort: "30225"
   # application's front end hostname.  Must be resolvable on the client side environment
   portalHostName: "portal.api.simpledemo.onap.org"
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: portal-cass
+    name: &dbSecretName '{{ include "common.release" . }}-portal-cass-creds'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.casandraCredsExternalSecret) . }}'
+    login: '{{ .Values.config.cassandraUsername }}'
+    password: '{{ .Values.config.cassandraPassword }}'
+  - uid: portal-backend-db
+    name: &backendDbSecretName '{{ include "common.release" . }}-portal-backend-creds'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}'
+    login: '{{ .Values.mariadb.config.backendUserName }}'
+    password: '{{ .Values.mariadb.config.backendPassword }}'
+    passwordPolicy: required
+
 config:
   logstashServiceName: log-ls
   logstashPort: 5044
+  cassandraUsername: root
+  cassandraPassword: Aa123456
+# casandraCredsExternalSecret: some secret
+
 portal-mariadb:
   nameOverride: portal-db
 mariadb:
   service:
     name: portal-db
+  config:
+#   backendDbExternalSecret: some secret
+    backendUserName: portal
+    backendPassword: portal
+
 widget:
   service:
     name: portal-widget
@@ -36,13 +64,23 @@ cassandra:
   service:
     name: portal-cassandra
   config:
-    cassandraUsername: root
-    cassandraPassword: Aa123456
-zookeeper:
-  service:
-    name: portal-zookeeper
+    cassandraExternalSecret: *dbSecretName
+portal-app:
+  mariadb:
+    config:
+      backendDbExternalSecret: *backendDbSecretName
+  cassandra:
+    config:
+      cassandraExternalSecret: *dbSecretName
+portal-sdk:
+  mariadb:
+    config:
+      backendDbExternalSecret: *backendDbSecretName
+  cassandra:
+    config:
+      cassandraExternalSecret: *dbSecretName
 messageRouter:
   service:
     name: message-router
 ingress:
-  enabled: false
\ No newline at end of file
+  enabled: false
diff --git a/kubernetes/readiness/.gitignore b/kubernetes/readiness/.gitignore
deleted file mode 100644
index 90cb66eacd..0000000000
--- a/kubernetes/readiness/.gitignore
+++ /dev/null
@@ -1,15 +0,0 @@
-# Eclipse
-.classpath
-.factorypath
-.project
-.pydevproject
-.settings/
-
-# IntelliJ
-.idea/*
-*.iml
-
-# Mac OS
-*DS_Store*
-
-/target
\ No newline at end of file
diff --git a/kubernetes/readiness/dep-health-init.yaml b/kubernetes/readiness/dep-health-init.yaml
deleted file mode 100644
index 5b97852da0..0000000000
--- a/kubernetes/readiness/dep-health-init.yaml
+++ /dev/null
@@ -1,47 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  labels:
-    app: healthy
-    version: 1.0.0
-  name: healthy
-spec:
-  selector:
-    matchLabels:
-      app: healthy
-      version: 1.0.0
-  template:
-    metadata:
-      labels:
-        app: healthy
-        version: 1.0.0
-      name: healthy
-    spec:
-      containers:
-      - args:
-        - --container-name
-        - hbase
-        command:
-        - /root/ready.py
-        image: oomk8s/readiness-check:2.0.0
-        imagePullPolicy: Always
-        name: healthy
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
diff --git a/kubernetes/readiness/pom.xml b/kubernetes/readiness/pom.xml
deleted file mode 100644
index af834ff4c2..0000000000
--- a/kubernetes/readiness/pom.xml
+++ /dev/null
@@ -1,109 +0,0 @@
-<!--
-
-    ============LICENSE_START=======================================================
-    org.onap.aai
-    ================================================================================
-    Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
-    ================================================================================
-    Licensed under the Apache License, Version 2.0 (the "License");
-    you may not use this file except in compliance with the License.
-    You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-    Unless required by applicable law or agreed to in writing, software
-    distributed under the License is distributed on an "AS IS" BASIS,
-    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-    See the License for the specific language governing permissions and
-    limitations under the License.
-    ============LICENSE_END=========================================================
-
--->
-<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-    <parent>
-        <groupId>org.onap.oparent</groupId>
-        <artifactId>oparent</artifactId>
-        <version>2.0.0</version>
-    </parent>
-
-    <groupId>org.onap.oom.readiness.check</groupId>
-    <artifactId>readiness-check-docker</artifactId>
-    <version>2.2.1-SNAPSHOT</version>
-    <packaging>pom</packaging>
-    <name>oom-readiness-check-image</name>
-    <description>Contains dockerfiles and scrtipts for readiness-ckeck image.</description>
-
-    <properties>
-        <docker.fabric.version>0.31.0</docker.fabric.version>
-        <oom.docker.namespace>onap</oom.docker.namespace>
-    </properties>
-
-    <build>
-        <plugins>
-            <plugin>
-                <groupId>io.fabric8</groupId>
-                <artifactId>docker-maven-plugin</artifactId>
-                <version>${docker.fabric.version}</version>
-                <configuration>
-                    <verbose>true</verbose>
-                    <apiVersion>1.23</apiVersion>
-                    <images>
-                        <image>
-                            <name>${docker.push.registry}/${oom.docker.namespace}/readiness-check:%l</name>
-                            <build>
-                                <filter>@</filter>
-                                <assembly>
-                                    <mode>dir</mode>
-                                    <inline xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2" xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http://maven.apache.org/xsd/assembly-1.1.2.xsd">
-                                        <fileSets>
-                                            <fileSet>
-                                                <directory>${project.basedir}/src/main/scripts</directory>
-                                                <outputDirectory>/</outputDirectory>
-                                                <includes>
-                                                    <include>**/*</include>
-                                                </includes>
-                                            </fileSet>
-                                        </fileSets>
-                                    </inline>
-                                </assembly>
-                                <tags>
-                                    <tag>latest</tag>
-                                    <tag>latest-${project.version}</tag>
-                                </tags>
-                                <cleanup>try</cleanup>
-                                <dockerFileDir>${project.basedir}/src/main/docker</dockerFileDir>
-                            </build>
-                        </image>
-                    </images>
-                </configuration>
-                <executions>
-                    <execution>
-                        <id>clean-images</id>
-                        <phase>pre-clean</phase>
-                        <goals>
-                            <goal>remove</goal>
-                        </goals>
-                        <configuration>
-                            <removeAll>true</removeAll>
-                        </configuration>
-                    </execution>
-                    <execution>
-                        <id>generate-images</id>
-                        <phase>package</phase>
-                        <goals>
-                            <goal>build</goal>
-                        </goals>
-                    </execution>
-                    <execution>
-                        <id>push-images</id>
-                        <phase>deploy</phase>
-                        <goals>
-                            <goal>push</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
-        </plugins>
-    </build>
-</project>
\ No newline at end of file
diff --git a/kubernetes/readiness/src/main/docker/Dockerfile b/kubernetes/readiness/src/main/docker/Dockerfile
deleted file mode 100644
index 638e8efd67..0000000000
--- a/kubernetes/readiness/src/main/docker/Dockerfile
+++ /dev/null
@@ -1,17 +0,0 @@
-FROM python:3-alpine3.9
-
-ENV no_proxy "localhost,127.0.0.1,.cluster.local,$KUBERNETES_SERVICE_HOST"
-# Setup Corporate proxy
-ENV https_proxy ${HTTPS_PROXY}
-ENV http_proxy ${HTTP_PROXY}
-
-RUN pip install requests pyyaml kubernetes
-
-ENV CERT="/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
-ENV TOKEN="/var/run/secrets/kubernetes.io/serviceaccount/token"
-
-COPY maven/ /root/
-RUN chmod -R a+x /root/
-
-ENTRYPOINT ["/root/ready.py"]
-CMD [""]
\ No newline at end of file
diff --git a/kubernetes/readiness/src/main/scripts/job_complete.py b/kubernetes/readiness/src/main/scripts/job_complete.py
deleted file mode 100644
index a9570c5951..0000000000
--- a/kubernetes/readiness/src/main/scripts/job_complete.py
+++ /dev/null
@@ -1,108 +0,0 @@
-#!/usr/bin/env python
-import getopt
-import logging
-import os
-import sys
-import time
-import random
-
-from kubernetes import client
-
-# extract env variables.
-namespace = os.environ['NAMESPACE']
-cert = os.environ['CERT']
-host = os.environ['KUBERNETES_SERVICE_HOST']
-token_path = os.environ['TOKEN']
-
-with open(token_path, 'r') as token_file:
-    token = token_file.read().replace('\n', '')
-
-# setup logging
-log = logging.getLogger(__name__)
-handler = logging.StreamHandler(sys.stdout)
-formatter = logging.Formatter('%(asctime)s - %(levelname)s - %(message)s')
-handler.setFormatter(formatter)
-handler.setLevel(logging.INFO)
-log.addHandler(handler)
-log.setLevel(logging.INFO)
-
-configuration = client.Configuration()
-configuration.host = "https://" + host
-configuration.ssl_ca_cert = cert
-configuration.api_key['authorization'] = token
-configuration.api_key_prefix['authorization'] = 'Bearer'
-batchV1Api = client.BatchV1Api(client.ApiClient(configuration))
-
-
-def is_job_complete(job_name):
-    complete = False
-    log.info("Checking if " + job_name + "  is complete")
-    response = ""
-    try:
-        response = batchV1Api.read_namespaced_job_status(job_name, namespace)
-        if response.status.succeeded == 1:
-            job_status_type = response.status.conditions[0].type
-            if job_status_type == "Complete":
-                complete = True
-            else:
-                log.info(job_name + " is not complete")
-        else:
-            log.info(job_name + " has not succeeded yet")
-        return complete
-    except Exception as e:
-        log.error("Exception when calling read_namespaced_job_status: %s\n" % e)
-
-
-DEF_TIMEOUT = 10
-DESCRIPTION = "Kubernetes container job complete check utility"
-USAGE = "Usage: job_complete.py [-t <timeout>] -j <job_name> " \
-        "[-j <job_name> ...]\n" \
-        "where\n" \
-        "<timeout> - wait for container job complete timeout in min, " \
-        "default is " + str(DEF_TIMEOUT) + "\n" \
-        "<job_name> - name of the job to wait for\n"
-
-
-def main(argv):
-    # args are a list of job names
-    job_names = []
-    timeout = DEF_TIMEOUT
-    try:
-        opts, args = getopt.getopt(argv, "hj:t:", ["job-name=",
-                                                   "timeout=",
-                                                   "help"])
-        for opt, arg in opts:
-            if opt in ("-h", "--help"):
-                print("%s\n\n%s" % (DESCRIPTION, USAGE))
-                sys.exit()
-            elif opt in ("-j", "--job-name"):
-                job_names.append(arg)
-            elif opt in ("-t", "--timeout"):
-                timeout = float(arg)
-    except (getopt.GetoptError, ValueError) as e:
-        print("Error parsing input parameters: %s\n" % e)
-        print(USAGE)
-        sys.exit(2)
-    if job_names.__len__() == 0:
-        print("Missing required input parameter(s)\n")
-        print(USAGE)
-        sys.exit(2)
-
-    for job_name in job_names:
-        timeout = time.time() + timeout * 60
-        while True:
-            complete = is_job_complete(job_name)
-            if complete is True:
-                break
-            elif time.time() > timeout:
-                log.warning("timed out waiting for '" + job_name +
-                            "' to be completed")
-                exit(1)
-            else:
-                # spread in time potentially parallel execution in multiple
-                # containers
-                time.sleep(random.randint(5, 11))
-
-
-if __name__ == "__main__":
-    main(sys.argv[1:])
diff --git a/kubernetes/readiness/src/main/scripts/ready.py b/kubernetes/readiness/src/main/scripts/ready.py
deleted file mode 100644
index b932b04284..0000000000
--- a/kubernetes/readiness/src/main/scripts/ready.py
+++ /dev/null
@@ -1,203 +0,0 @@
-#!/usr/bin/env python
-import getopt
-import logging
-import os
-import sys
-import time
-import random
-
-from kubernetes import client
-
-# extract env variables.
-namespace = os.environ['NAMESPACE']
-cert = os.environ['CERT']
-host = os.environ['KUBERNETES_SERVICE_HOST']
-token_path = os.environ['TOKEN']
-
-with open(token_path, 'r') as token_file:
-    token = token_file.read().replace('\n', '')
-
-# setup logging
-log = logging.getLogger(__name__)
-handler = logging.StreamHandler(sys.stdout)
-formatter = logging.Formatter('%(asctime)s - %(levelname)s - %(message)s')
-handler.setFormatter(formatter)
-handler.setLevel(logging.INFO)
-log.addHandler(handler)
-log.setLevel(logging.INFO)
-
-configuration = client.Configuration()
-configuration.host = "https://" + host
-configuration.ssl_ca_cert = cert
-configuration.api_key['authorization'] = token
-configuration.api_key_prefix['authorization'] = 'Bearer'
-coreV1Api = client.CoreV1Api(client.ApiClient(configuration))
-api_instance = client.ExtensionsV1beta1Api(client.ApiClient(configuration))
-api = client.AppsV1beta1Api(client.ApiClient(configuration))
-batchV1Api = client.BatchV1Api(client.ApiClient(configuration))
-
-
-def is_job_complete(job_name):
-    complete = False
-    log.info("Checking if " + job_name + "  is complete")
-    try:
-        response = batchV1Api.read_namespaced_job_status(job_name, namespace)
-        if response.status.succeeded == 1:
-            job_status_type = response.status.conditions[0].type
-            if job_status_type == "Complete":
-                complete = True
-                log.info(job_name + " is complete")
-            else:
-                log.info(job_name + " is not complete")
-        else:
-            log.info(job_name + " has not succeeded yet")
-        return complete
-    except Exception as e:
-        log.error("Exception when calling read_namespaced_job_status: %s\n" % e)
-
-
-def wait_for_statefulset_complete(statefulset_name):
-    try:
-        response = api.read_namespaced_stateful_set(statefulset_name, namespace)
-        s = response.status
-        if (s.replicas == response.spec.replicas and
-                s.ready_replicas == response.spec.replicas and
-                s.observed_generation == response.metadata.generation):
-            log.info("Statefulset " + statefulset_name + "  is ready")
-            return True
-        else:
-            log.info("Statefulset " + statefulset_name + "  is not ready")
-        return False
-    except Exception as e:
-        log.error("Exception when waiting for Statefulset status: %s\n" % e)
-
-
-def wait_for_deployment_complete(deployment_name):
-    try:
-        response = api.read_namespaced_deployment(deployment_name, namespace)
-        s = response.status
-        if (s.unavailable_replicas is None and
-                ( s.updated_replicas is None or s.updated_replicas == response.spec.replicas ) and
-                s.replicas == response.spec.replicas and
-                s.ready_replicas == response.spec.replicas and
-                s.observed_generation == response.metadata.generation):
-            log.info("Deployment " + deployment_name + "  is ready")
-            return True
-        else:
-            log.info("Deployment " + deployment_name + "  is not ready")
-        return False
-    except Exception as e:
-        log.error("Exception when waiting for deployment status: %s\n" % e)
-
-
-def wait_for_daemonset_complete(daemonset_name):
-    try:
-        response = api_instance.read_namespaced_daemon_set(daemonset_name, namespace)
-        s = response.status
-        if s.desired_number_scheduled == s.number_ready:
-            log.info("DaemonSet: " + str(s.number_ready) + "/" + str(s.desired_number_scheduled) + " nodes ready --> " + daemonset_name + " is ready")
-            return True
-        else:
-            log.info("DaemonSet: " + str(s.number_ready) + "/" + str(s.desired_number_scheduled) + " nodes ready --> " + daemonset_name + " is not ready")
-            return False
-    except Exception as e:
-        log.error("Exception when waiting for DaemonSet status: %s\n" % e)
-
-
-def is_ready(container_name):
-    ready = False
-    log.info("Checking if " + container_name + "  is ready")
-    try:
-        response = coreV1Api.list_namespaced_pod(namespace=namespace,
-                                                 watch=False)
-        for i in response.items:
-            # container_statuses can be None, which is non-iterable.
-            if i.status.container_statuses is None:
-                continue
-            for s in i.status.container_statuses:
-                if s.name == container_name:
-                    name = read_name(i)
-                    if i.metadata.owner_references[0].kind == "StatefulSet":
-                        ready = wait_for_statefulset_complete(name)
-                    elif i.metadata.owner_references[0].kind == "ReplicaSet":
-                        deployment_name = get_deployment_name(name)
-                        ready = wait_for_deployment_complete(deployment_name)
-                    elif i.metadata.owner_references[0].kind == "Job":
-                        ready = is_job_complete(name)
-                    elif i.metadata.owner_references[0].kind == "DaemonSet":
-                        ready = wait_for_daemonset_complete(i.metadata.owner_references[0].name)
-
-                    return ready
-
-                else:
-                    continue
-        return ready
-    except Exception as e:
-        log.error("Exception when calling list_namespaced_pod: %s\n" % e)
-
-
-def read_name(item):
-    return item.metadata.owner_references[0].name
-
-
-def get_deployment_name(replicaset):
-    api_response = api_instance.read_namespaced_replica_set_status(replicaset,
-                                                                   namespace)
-    deployment_name = read_name(api_response)
-    return deployment_name
-
-
-DEF_TIMEOUT = 10
-DESCRIPTION = "Kubernetes container readiness check utility"
-USAGE = "Usage: ready.py [-t <timeout>] -c <container_name> " \
-        "[-c <container_name> ...]\n" \
-        "where\n" \
-        "<timeout> - wait for container readiness timeout in min, " \
-        "default is " + str(DEF_TIMEOUT) + "\n" \
-        "<container_name> - name of the container to wait for\n"
-
-
-def main(argv):
-    # args are a list of container names
-    container_names = []
-    timeout = DEF_TIMEOUT
-    try:
-        opts, args = getopt.getopt(argv, "hc:t:", ["container-name=",
-                                                   "timeout=",
-                                                   "help"])
-        for opt, arg in opts:
-            if opt in ("-h", "--help"):
-                print("%s\n\n%s" % (DESCRIPTION, USAGE))
-                sys.exit()
-            elif opt in ("-c", "--container-name"):
-                container_names.append(arg)
-            elif opt in ("-t", "--timeout"):
-                timeout = float(arg)
-    except (getopt.GetoptError, ValueError) as e:
-        print("Error parsing input parameters: %s\n" % e)
-        print(USAGE)
-        sys.exit(2)
-    if container_names.__len__() == 0:
-        print("Missing required input parameter(s)\n")
-        print(USAGE)
-        sys.exit(2)
-
-    for container_name in container_names:
-        timeout = time.time() + timeout * 60
-        while True:
-            ready = is_ready(container_name)
-            if ready is True:
-                break
-            elif time.time() > timeout:
-                log.warning("timed out waiting for '" + container_name +
-                            "' to be ready")
-                exit(1)
-            else:
-                # spread in time potentially parallel execution in multiple
-                # containers
-                time.sleep(random.randint(5, 11))
-
-
-if __name__ == "__main__":
-    main(sys.argv[1:])
-
diff --git a/kubernetes/robot b/kubernetes/robot
-Subproject ad58ed92bd7c5cc7d51c09b405a99fd360ff526
+Subproject 37ac984e35503182f7fc1b771cefa16bf0c8420
diff --git a/kubernetes/sdc/.helmignore b/kubernetes/sdc/.helmignore
index daebc7da77..7ddbad7ef4 100644
--- a/kubernetes/sdc/.helmignore
+++ b/kubernetes/sdc/.helmignore
@@ -1,21 +1,22 @@
-# Patterns to ignore when building packages.

-# This supports shell glob matching, relative path matching, and

-# negation (prefixed with !). Only one pattern per line.

-.DS_Store

-# Common VCS dirs

-.git/

-.gitignore

-.bzr/

-.bzrignore

-.hg/

-.hgignore

-.svn/

-# Common backup files

-*.swp

-*.bak

-*.tmp

-*~

-# Various IDEs

-.project

-.idea/

-*.tmproj

+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+components/
diff --git a/kubernetes/sdc/Makefile b/kubernetes/sdc/Makefile
new file mode 100644
index 0000000000..8737bd208e
--- /dev/null
+++ b/kubernetes/sdc/Makefile
@@ -0,0 +1,58 @@
+# Copyright © 2020 Samsung Electronics, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+	@if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/sdc/charts/sdc-dcae-be/Chart.yaml b/kubernetes/sdc/charts/sdc-dcae-be/Chart.yaml
deleted file mode 100644
index ca6e48d03d..0000000000
--- a/kubernetes/sdc/charts/sdc-dcae-be/Chart.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP SDC DCAE Backend client of TOSCALAB and SDC
-name: sdc-dcae-be
-version: 6.0.0
diff --git a/kubernetes/sdc/charts/sdc-dcae-be/resources/config/logging/logback.xml b/kubernetes/sdc/charts/sdc-dcae-be/resources/config/logging/logback.xml
deleted file mode 100644
index 8d1e5cd4ea..0000000000
--- a/kubernetes/sdc/charts/sdc-dcae-be/resources/config/logging/logback.xml
+++ /dev/null
@@ -1,205 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>

-<!--

-================================================================================

-Copyright (C) 2018 AT&T Intellectual Property

-================================================================================

-Licensed under the Apache License, Version 2.0 (the "License");

-you may not use this file except in compliance with the License.

-You may obtain a copy of the License at

-

-     http://www.apache.org/licenses/LICENSE-2.0

-

-Unless required by applicable law or agreed to in writing, software

-distributed under the License is distributed on an "AS IS" BASIS,

-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

-See the License for the specific language governing permissions and

-limitations under the License.

-================================================================================

--->

-

-<configuration scan="true" scanPeriod="3 seconds">

-    <property name="logDir" value="/var/log/onap" />

-    <property name="componentName" scope="system" value="sdc"></property>

-    <property name="subComponentName" scope="system" value="dcae-be"></property>

-    <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />

-    <property file="${config.home}/dcae-be/configuration.yaml" />

-    <property name="enable-all-log" scope="context" value="false" />

-    <!--  log file names -->

-    <property name="errorLogName" value="error" />

-    <property name="metricsLogName" value="metrics" />

-    <property name="auditLogName" value="audit" />

-    <property name="debugLogName" value="debug" />

-    <property name="transactionLogName" value="transaction" />

-    <property name="allLogName" value="all" />

-    <property name="queueSize" value="256" />

-    <property name="maxFileSize" value="50MB" />

-    <property name="maxHistory" value="30" />

-    <property name="totalSizeCap" value="10GB" />

-    <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />

-    <!-- All log -->

-    <if condition='property("enable-all-log").equalsIgnoreCase("true")'>

-        <then>

-            <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ALL_ROLLING">

-                <file>${logDirectory}/${allLogName}.log</file>

-                <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">

-                    <fileNamePattern>${logDirectory}/${allLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>

-                    <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">

-                        <maxFileSize>${maxFileSize}</maxFileSize>

-                    </timeBasedFileNamingAndTriggeringPolicy>

-                    <maxHistory>${maxHistory}</maxHistory>

-                    <totalSizeCap>${totalSizeCap}</totalSizeCap>

-                </rollingPolicy>

-                <encoder>

-                    <pattern>${pattern}</pattern>

-                </encoder>

-            </appender>

-            <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL">

-                <appender-ref ref="ALL_ROLLING" />

-            </appender>

-        </then>

-    </if>

-    <!-- Error log -->

-    <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ERROR_ROLLING">

-        <file>${logDirectory}/${errorLogName}.log</file>

-        <!-- Audit messages filter - deny audit messages -->

-        <filter class="ch.qos.logback.core.filter.EvaluatorFilter">

-            <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">

-                <marker>AUDIT_MARKER</marker>

-            </evaluator>

-            <onMismatch>NEUTRAL</onMismatch>

-            <onMatch>DENY</onMatch>

-        </filter>

-        <!-- Transaction messages filter - deny Transaction messages -->

-        <filter class="ch.qos.logback.core.filter.EvaluatorFilter">

-            <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">

-                <marker>TRANSACTION_MARKER</marker>

-            </evaluator>

-            <onMismatch>NEUTRAL</onMismatch>

-            <onMatch>DENY</onMatch>

-        </filter>

-        <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->

-        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">

-            <level>INFO</level>

-        </filter>

-        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">

-            <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>

-            <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">

-                <maxFileSize>${maxFileSize}</maxFileSize>

-            </timeBasedFileNamingAndTriggeringPolicy>

-            <maxHistory>${maxHistory}</maxHistory>

-            <totalSizeCap>${totalSizeCap}</totalSizeCap>

-        </rollingPolicy>

-        <encoder>

-            <pattern>${pattern}</pattern>

-        </encoder>

-    </appender>

-    <!-- Debug log -->

-    <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="DEBUG_ROLLING">

-        <file>${logDirectory}/${debugLogName}.log</file>

-        <!-- No need to deny audit messages - they are INFO only, will be denied

-                        anyway -->

-        <!-- Transaction messages filter - deny Transaction messages, there are

-                        some DEBUG level messages among them -->

-        <filter class="ch.qos.logback.core.filter.EvaluatorFilter">

-            <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">

-                <marker>TRANSACTION_MARKER</marker>

-            </evaluator>

-            <onMismatch>NEUTRAL</onMismatch>

-            <onMatch>DENY</onMatch>

-        </filter>

-        <!-- accept DEBUG and TRACE level -->

-        <filter class="ch.qos.logback.core.filter.EvaluatorFilter">

-            <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">

-                <expression>e.level.toInt() &lt;= DEBUG.toInt()</expression>

-            </evaluator>

-            <OnMismatch>DENY</OnMismatch>

-            <OnMatch>NEUTRAL</OnMatch>

-        </filter>

-        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">

-            <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>

-            <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">

-                <maxFileSize>${maxFileSize}</maxFileSize>

-            </timeBasedFileNamingAndTriggeringPolicy>

-            <maxHistory>${maxHistory}</maxHistory>

-            <totalSizeCap>${totalSizeCap}</totalSizeCap>

-        </rollingPolicy>

-        <encoder>

-            <pattern>${pattern}</pattern>

-        </encoder>

-    </appender>

-    <!-- Audit log -->

-    <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="AUDIT_ROLLING">

-        <file>${logDirectory}/${auditLogName}.log</file>

-        <!-- Audit messages filter - accept audit messages -->

-        <filter class="ch.qos.logback.core.filter.EvaluatorFilter">

-            <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">

-                <marker>AUDIT_MARKER</marker>

-            </evaluator>

-            <onMismatch>DENY</onMismatch>

-            <onMatch>ACCEPT</onMatch>

-        </filter>

-        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">

-            <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>

-            <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">

-                <maxFileSize>${maxFileSize}</maxFileSize>

-            </timeBasedFileNamingAndTriggeringPolicy>

-            <maxHistory>${maxHistory}</maxHistory>

-            <totalSizeCap>${totalSizeCap}</totalSizeCap>

-        </rollingPolicy>

-        <encoder>

-            <pattern>${pattern}</pattern>

-        </encoder>

-    </appender>

-    <!-- SdncTransaction log -->

-    <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="TRANSACTION_ROLLING">

-        <file>${logDirectory}/${transactionLogName}.log</file>

-        <!-- Transaction messages filter - accept audit messages -->

-        <filter class="ch.qos.logback.core.filter.EvaluatorFilter">

-            <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">

-                <marker>TRANSACTION_MARKER</marker>

-            </evaluator>

-            <onMismatch>DENY</onMismatch>

-            <onMatch>ACCEPT</onMatch>

-        </filter>

-        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">

-            <fileNamePattern>${logDirectory}/${transactionLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>

-            <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">

-                <maxFileSize>${maxFileSize}</maxFileSize>

-            </timeBasedFileNamingAndTriggeringPolicy>

-            <maxHistory>${maxHistory}</maxHistory>

-            <totalSizeCap>${totalSizeCap}</totalSizeCap>

-        </rollingPolicy>

-        <encoder>

-            <pattern>${pattern}</pattern>

-        </encoder>

-    </appender>

-    <!-- Asynchronicity Configurations -->

-    <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG">

-        <queueSize>${queueSize}</queueSize>

-        <appender-ref ref="DEBUG_ROLLING" />

-    </appender>

-    <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION">

-        <queueSize>${queueSize}</queueSize>

-        <appender-ref ref="TRANSACTION_ROLLING" />

-    </appender>

-    <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR">

-        <queueSize>${queueSize}</queueSize>

-        <appender-ref ref="ERROR_ROLLING" />

-    </appender>

-    <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT">

-        <queueSize>${queueSize}</queueSize>

-        <appender-ref ref="AUDIT_ROLLING" />

-    </appender>

-    <root level="INFO">

-        <appender-ref ref="ASYNC_ERROR" />

-        <appender-ref ref="ASYNC_DEBUG" />

-        <appender-ref ref="ASYNC_AUDIT" />

-        <appender-ref ref="ASYNC_TRANSACTION" />

-        <if condition='property("enable-all-log").equalsIgnoreCase("true")'>

-            <then>

-                <appender-ref ref="ALL_ROLLING" />

-            </then>

-        </if>

-    </root>

-    <logger level="INFO" name="org.openecomp.sdc" />

-</configuration>

diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/NOTES.txt b/kubernetes/sdc/charts/sdc-dcae-be/templates/NOTES.txt
deleted file mode 100644
index 41f9706fec..0000000000
--- a/kubernetes/sdc/charts/sdc-dcae-be/templates/NOTES.txt
+++ /dev/null
@@ -1,33 +0,0 @@
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/configmap.yaml b/kubernetes/sdc/charts/sdc-dcae-be/templates/configmap.yaml
deleted file mode 100644
index 5c6af2085a..0000000000
--- a/kubernetes/sdc/charts/sdc-dcae-be/templates/configmap.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-logging-configmap
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml
deleted file mode 100644
index a6196bca38..0000000000
--- a/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml
+++ /dev/null
@@ -1,187 +0,0 @@
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-spec:
-  selector:
-    matchLabels:
-      app: {{ include "common.name" . }}
-  replicas: {{ .Values.replicaCount }}
-  template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
-    spec:
-      initContainers:
-      - name: {{ include "common.name" . }}-readiness
-        command:
-        - /root/ready.py
-        args:
-        - --container-name
-        - "sdc-be"
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-      - name: {{ include "common.name" . }}-job-completion
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
-        command:
-        - /root/job_complete.py
-        args:
-        - --job-name
-        - {{ include "common.release" . }}-sdc-be-config-backend
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-      - name: {{ include "common.name" . }}-update-config
-        image: "{{ .Values.global.envsubstImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        command:
-          - sh
-        args:
-          - -c
-          - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
-        env:
-          - name: KEYSTORE_PASS
-            valueFrom:
-              secretKeyRef:
-                name: {{ include "common.release" . }}-sdc-cs-secrets
-                key: keystore_password
-          - name: TRUSTSTORE_PASS
-            valueFrom:
-              secretKeyRef:
-                name: {{ include "common.release" . }}-sdc-cs-secrets
-                key: truststore_password
-        volumeMounts:
-          - name: {{ include "common.fullname" . }}-environments
-            mountPath: /config-input/
-          - name: sdc-environments-output
-            mountPath: /config-output/
-      containers:
-        - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          ports:
-          - containerPort: {{ .Values.service.internalPort }}
-          - containerPort: {{ .Values.service.internalPort2 }}
-          {{ if eq .Values.liveness.enabled true }}
-          livenessProbe:
-            tcpSocket:
-              port: {{ .Values.service.internalPort2 }}
-            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
-            periodSeconds: {{ .Values.liveness.periodSeconds }}
-          {{ end }}
-          readinessProbe:
-            httpGet:
-              path: /dcae/conf/composition
-              port: {{ .Values.service.internalPort2 }}
-              scheme: HTTPS
-            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
-            periodSeconds: {{ .Values.readiness.periodSeconds }}
-          env:
-          - name: ENVNAME
-            value: {{ .Values.global.env.name }}
-          - name: JAVA_OPTIONS
-            value: {{ .Values.config.javaOptions }}
-          - name: HOST_IP
-            valueFrom:
-              fieldRef:
-                fieldPath: status.podIP
-          volumeMounts:
-          - name: sdc-environments-output
-            mountPath: /var/lib/jetty/chef-solo/environments/
-          - name: sdc-cert
-            mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12
-            subPath: org.onap.sdc.p12
-          - name: sdc-cert
-            mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks
-            subPath: org.onap.sdc.trust.jks
-          - name: {{ include "common.fullname" . }}-localtime
-            mountPath: /etc/localtime
-            readOnly: true
-          - name: {{ include "common.fullname" . }}-logs
-            mountPath: /var/lib/jetty/logs
-          - name: {{ include "common.fullname" . }}-logback
-            mountPath: /tmp/logback.xml
-            subPath: logback.xml
-          lifecycle:
-            postStart:
-              exec:
-                command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/dcae-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
-          resources:
-{{ include "common.resources" . | indent 12 }}
-        {{- if .Values.nodeSelector }}
-        nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
-        {{- end -}}
-        {{- if .Values.affinity }}
-        affinity:
-{{ toYaml .Values.affinity | indent 10 }}
-        {{- end }}
-
-        # side car containers
-        - name: {{ include "common.name" . }}-filebeat-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          volumeMounts:
-          - name: {{ include "common.fullname" . }}-filebeat-conf
-            mountPath: /usr/share/filebeat/filebeat.yml
-            subPath: filebeat.yml
-          - name: {{ include "common.fullname" . }}-logs
-            mountPath: /var/log/onap
-          - name: {{ include "common.fullname" . }}-data-filebeat
-            mountPath: /usr/share/filebeat/data
-      volumes:
-      - name: {{ include "common.fullname" . }}-localtime
-        hostPath:
-          path: /etc/localtime
-      - name: sdc-cert
-        secret:
-          secretName: sdc-cert
-      - name: {{ include "common.fullname" . }}-filebeat-conf
-        configMap:
-          name: {{ include "common.release" . }}-sdc-filebeat-configmap
-      - name: {{ include "common.fullname" . }}-data-filebeat
-        emptyDir: {}
-      - name: {{ include "common.fullname" . }}-logback
-        configMap:
-          name : {{ include "common.fullname" . }}-logging-configmap
-      - name: {{ include "common.fullname" . }}-environments
-        configMap:
-          name: {{ include "common.release" . }}-sdc-environments-configmap
-          defaultMode: 0755
-      - name: sdc-environments-output
-        emptyDir: { medium: "Memory" }
-      - name: {{ include "common.fullname" . }}-logs
-        emptyDir: {}
-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-dcae-be/templates/job.yaml
deleted file mode 100644
index 9df959abd4..0000000000
--- a/kubernetes/sdc/charts/sdc-dcae-be/templates/job.yaml
+++ /dev/null
@@ -1,70 +0,0 @@
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: {{ include "common.fullname" . }}-tools
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}-job
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-spec:
-  backoffLimit: 20
-  template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}-job
-        release: {{ include "common.release" . }}
-    spec:
-      restartPolicy: Never
-      initContainers:
-      - name: {{ include "common.name" . }}-init-readiness
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        command:
-        - /root/ready.py
-        args:
-        - --container-name
-        - {{ include "common.name" . }}
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-      containers:
-      - name: {{ include "common.name" . }}-job
-        image: {{ include "common.repository" . }}/{{ .Values.backendInitImage }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        volumeMounts:
-        - name: {{ include "common.fullname" . }}-environments
-          mountPath: /var/lib/jetty/chef-solo/environments
-        env:
-        - name: ENVNAME
-          value: {{ .Values.global.env.name }}
-        - name: HOST_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-      volumes:
-      - name: {{ include "common.fullname" . }}-environments
-        configMap:
-          name: {{ include "common.release" . }}-sdc-environments-configmap
-          defaultMode: 0755
-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
-      restartPolicy: Never
diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/service.yaml b/kubernetes/sdc/charts/sdc-dcae-be/templates/service.yaml
deleted file mode 100644
index 71edaf5734..0000000000
--- a/kubernetes/sdc/charts/sdc-dcae-be/templates/service.yaml
+++ /dev/null
@@ -1,56 +0,0 @@
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "common.servicename" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    msb.onap.org/service-info: '[
-      {
-          "serviceName": "sdc-dcae-be",
-          "version": "v1",
-          "url": "/dcae",
-          "protocol": "REST",
-          "port": "{{ .Values.service.internalPort2 }}",
-          "visualRange": "1"
-      }
-    ]'
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    {{if eq .Values.service.type "NodePort" -}}
-    - port: {{ .Values.service.internalPort }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
-      name: {{ .Values.service.portName }}
-    - port: {{ .Values.service.internalPort2 }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
-      name: {{ .Values.service.portName2 }}
-    {{- else -}}
-    - port: {{ .Values.service.externalPort }}
-      targetPort: {{ .Values.service.internalPort }}
-      name: {{ .Values.service.portName }}
-    - port: {{ .Values.service.externalPort2 }}
-      targetPort: {{ .Values.service.internalPort2 }}
-      name: {{ .Values.service.portName2 }}
-    {{- end}}
-  selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
diff --git a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml
deleted file mode 100644
index 0dfed6ae14..0000000000
--- a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml
+++ /dev/null
@@ -1,97 +0,0 @@
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
-  nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/dcae-be:1.3.4
-pullPolicy: Always
-backendInitImage: onap/dcae-tools:1.3.4
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-config:
-  javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-be/logback-spring.xml
-  cassandraSslEnabled: "false"
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
-  initialDelaySeconds: 240
-  periodSeconds: 10
-  # necessary to disable liveness probe when setting breakpoints
-  # in debugger so K8s doesn't restart unresponsive container
-  enabled: false
-
-readiness:
-  initialDelaySeconds: 240
-  periodSeconds: 10
-
-service:
-  type: ClusterIP
-  name: sdc-dcae-be
-  portName: sdc-dcae-be-8082
-  externalPort: 8082
-  internalPort: 8082
-  portName2: sdc-dcae-be-8444
-  externalPort2: 8444
-  internalPort2: 8444
-
-ingress:
-  enabled: false
-  service:
-    - baseaddr: "sdc.dcae.plugin"
-      name: "sdc-dcae-be"
-      port: 8282
-  config:
-    ssl: "none"
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
-  small:
-    limits:
-      cpu: 1
-      memory: 4Gi
-    requests:
-      cpu: 10m
-      memory: 1Gi
-  large:
-    limits:
-      cpu: 2
-      memory: 8Gi
-    requests:
-      cpu: 20m
-      memory: 2Gi
-  unlimited: {}
diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/Chart.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/Chart.yaml
deleted file mode 100644
index ae38135e2e..0000000000
--- a/kubernetes/sdc/charts/sdc-dcae-dt/Chart.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description:  ONAP DCAE desiner composition tool for creating customized templates
-name: sdc-dcae-dt
-version: 6.0.0
diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/resources/config/logging/logback.xml b/kubernetes/sdc/charts/sdc-dcae-dt/resources/config/logging/logback.xml
deleted file mode 100644
index 89fd30159c..0000000000
--- a/kubernetes/sdc/charts/sdc-dcae-dt/resources/config/logging/logback.xml
+++ /dev/null
@@ -1,205 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>

-<!--

-================================================================================

-Copyright (C) 2018 AT&T Intellectual Property

-================================================================================

-Licensed under the Apache License, Version 2.0 (the "License");

-you may not use this file except in compliance with the License.

-You may obtain a copy of the License at

-

-   http://www.apache.org/licenses/LICENSE-2.0

-

-Unless required by applicable law or agreed to in writing, software

-distributed under the License is distributed on an "AS IS" BASIS,

-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

-See the License for the specific language governing permissions and

-limitations under the License.

-================================================================================

--->

-

-<configuration scan="true" scanPeriod="3 seconds">

-    <property name="logDir" value="/var/log/onap" />

-    <property name="componentName" scope="system" value="sdc"></property>

-    <property name="subComponentName" scope="system" value="dcae-dt"></property>

-    <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />

-    <property file="${config.home}/dcae-dt/configuration.yaml" />

-    <property name="enable-all-log" scope="context" value="false" />

-    <!--  log file names -->

-    <property name="errorLogName" value="error" />

-    <property name="metricsLogName" value="metrics" />

-    <property name="auditLogName" value="audit" />

-    <property name="debugLogName" value="debug" />

-    <property name="transactionLogName" value="transaction" />

-    <property name="allLogName" value="all" />

-    <property name="queueSize" value="256" />

-    <property name="maxFileSize" value="50MB" />

-    <property name="maxHistory" value="30" />

-    <property name="totalSizeCap" value="10GB" />

-    <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />

-    <!-- All log -->

-    <if condition='property("enable-all-log").equalsIgnoreCase("true")'>

-        <then>

-            <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ALL_ROLLING">

-                <file>${logDirectory}/${allLogName}.log</file>

-                <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">

-                    <fileNamePattern>${logDirectory}/${allLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>

-                    <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">

-                        <maxFileSize>${maxFileSize}</maxFileSize>

-                    </timeBasedFileNamingAndTriggeringPolicy>

-                    <maxHistory>${maxHistory}</maxHistory>

-                    <totalSizeCap>${totalSizeCap}</totalSizeCap>

-                </rollingPolicy>

-                <encoder>

-                    <pattern>${pattern}</pattern>

-                </encoder>

-            </appender>

-            <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL">

-                <appender-ref ref="ALL_ROLLING" />

-            </appender>

-        </then>

-    </if>

-    <!-- Error log -->

-    <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ERROR_ROLLING">

-        <file>${logDirectory}/${errorLogName}.log</file>

-        <!-- Audit messages filter - deny audit messages -->

-        <filter class="ch.qos.logback.core.filter.EvaluatorFilter">

-            <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">

-                <marker>AUDIT_MARKER</marker>

-            </evaluator>

-            <onMismatch>NEUTRAL</onMismatch>

-            <onMatch>DENY</onMatch>

-        </filter>

-        <!-- Transaction messages filter - deny Transaction messages -->

-        <filter class="ch.qos.logback.core.filter.EvaluatorFilter">

-            <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">

-                <marker>TRANSACTION_MARKER</marker>

-            </evaluator>

-            <onMismatch>NEUTRAL</onMismatch>

-            <onMatch>DENY</onMatch>

-        </filter>

-        <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->

-        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">

-            <level>INFO</level>

-        </filter>

-        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">

-            <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>

-            <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">

-                <maxFileSize>${maxFileSize}</maxFileSize>

-            </timeBasedFileNamingAndTriggeringPolicy>

-            <maxHistory>${maxHistory}</maxHistory>

-            <totalSizeCap>${totalSizeCap}</totalSizeCap>

-        </rollingPolicy>

-        <encoder>

-            <pattern>${pattern}</pattern>

-        </encoder>

-    </appender>

-    <!-- Debug log -->

-    <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="DEBUG_ROLLING">

-        <file>${logDirectory}/${debugLogName}.log</file>

-        <!-- No need to deny audit messages - they are INFO only, will be denied

-                        anyway -->

-        <!-- Transaction messages filter - deny Transaction messages, there are

-                        some DEBUG level messages among them -->

-        <filter class="ch.qos.logback.core.filter.EvaluatorFilter">

-            <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">

-                <marker>TRANSACTION_MARKER</marker>

-            </evaluator>

-            <onMismatch>NEUTRAL</onMismatch>

-            <onMatch>DENY</onMatch>

-        </filter>

-        <!-- accept DEBUG and TRACE level -->

-        <filter class="ch.qos.logback.core.filter.EvaluatorFilter">

-            <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">

-                <expression>e.level.toInt() &lt;= DEBUG.toInt()</expression>

-            </evaluator>

-            <OnMismatch>DENY</OnMismatch>

-            <OnMatch>NEUTRAL</OnMatch>

-        </filter>

-        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">

-            <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>

-            <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">

-                <maxFileSize>${maxFileSize}</maxFileSize>

-            </timeBasedFileNamingAndTriggeringPolicy>

-            <maxHistory>${maxHistory}</maxHistory>

-            <totalSizeCap>${totalSizeCap}</totalSizeCap>

-        </rollingPolicy>

-        <encoder>

-            <pattern>${pattern}</pattern>

-        </encoder>

-    </appender>

-    <!-- Audit log -->

-    <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="AUDIT_ROLLING">

-        <file>${logDirectory}/${auditLogName}.log</file>

-        <!-- Audit messages filter - accept audit messages -->

-        <filter class="ch.qos.logback.core.filter.EvaluatorFilter">

-            <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">

-                <marker>AUDIT_MARKER</marker>

-            </evaluator>

-            <onMismatch>DENY</onMismatch>

-            <onMatch>ACCEPT</onMatch>

-        </filter>

-        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">

-            <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>

-            <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">

-                <maxFileSize>${maxFileSize}</maxFileSize>

-            </timeBasedFileNamingAndTriggeringPolicy>

-            <maxHistory>${maxHistory}</maxHistory>

-            <totalSizeCap>${totalSizeCap}</totalSizeCap>

-        </rollingPolicy>

-        <encoder>

-            <pattern>${pattern}</pattern>

-        </encoder>

-    </appender>

-    <!-- SdncTransaction log -->

-    <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="TRANSACTION_ROLLING">

-        <file>${logDirectory}/${transactionLogName}.log</file>

-        <!-- Transaction messages filter - accept audit messages -->

-        <filter class="ch.qos.logback.core.filter.EvaluatorFilter">

-            <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">

-                <marker>TRANSACTION_MARKER</marker>

-            </evaluator>

-            <onMismatch>DENY</onMismatch>

-            <onMatch>ACCEPT</onMatch>

-        </filter>

-        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">

-            <fileNamePattern>${logDirectory}/${transactionLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>

-            <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">

-                <maxFileSize>${maxFileSize}</maxFileSize>

-            </timeBasedFileNamingAndTriggeringPolicy>

-            <maxHistory>${maxHistory}</maxHistory>

-            <totalSizeCap>${totalSizeCap}</totalSizeCap>

-        </rollingPolicy>

-        <encoder>

-            <pattern>${pattern}</pattern>

-        </encoder>

-    </appender>

-    <!-- Asynchronicity Configurations -->

-    <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG">

-        <queueSize>${queueSize}</queueSize>

-        <appender-ref ref="DEBUG_ROLLING" />

-    </appender>

-    <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION">

-        <queueSize>${queueSize}</queueSize>

-        <appender-ref ref="TRANSACTION_ROLLING" />

-    </appender>

-    <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR">

-        <queueSize>${queueSize}</queueSize>

-        <appender-ref ref="ERROR_ROLLING" />

-    </appender>

-    <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT">

-        <queueSize>${queueSize}</queueSize>

-        <appender-ref ref="AUDIT_ROLLING" />

-    </appender>

-    <root level="INFO">

-        <appender-ref ref="ASYNC_ERROR" />

-        <appender-ref ref="ASYNC_DEBUG" />

-        <appender-ref ref="ASYNC_AUDIT" />

-        <appender-ref ref="ASYNC_TRANSACTION" />

-        <if condition='property("enable-all-log").equalsIgnoreCase("true")'>

-            <then>

-                <appender-ref ref="ALL_ROLLING" />

-            </then>

-        </if>

-    </root>

-    <logger level="INFO" name="org.openecomp.sdc" />

-</configuration>

diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/NOTES.txt b/kubernetes/sdc/charts/sdc-dcae-dt/templates/NOTES.txt
deleted file mode 100644
index 0063bb6c80..0000000000
--- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/NOTES.txt
+++ /dev/null
@@ -1,33 +0,0 @@
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.fullname" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/configmap.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/templates/configmap.yaml
deleted file mode 100644
index 257803fd91..0000000000
--- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/configmap.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-logging-configmap
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml
deleted file mode 100644
index 8f3e98ce61..0000000000
--- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml
+++ /dev/null
@@ -1,182 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-spec:
-  selector:
-    matchLabels:
-      app: {{ include "common.name" . }}
-  replicas: {{ .Values.replicaCount }}
-  template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
-    spec:
-      initContainers:
-      - name: {{ include "common.name" . }}-readiness
-        command:
-        - /root/ready.py
-        args:
-        - --container-name
-        - sdc-dcae-be
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-      - name: {{ include "common.name" . }}-job-completion
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
-        command:
-        - /root/job_complete.py
-        args:
-        - --job-name
-        - {{ include "common.release" . }}-sdc-dcae-be-tools
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-      - name: {{ include "common.name" . }}-update-config
-        image: "{{ .Values.global.envsubstImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        command:
-          - sh
-        args:
-          - -c
-          - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
-        env:
-          - name: KEYSTORE_PASS
-            valueFrom:
-              secretKeyRef:
-                name: {{ include "common.release" . }}-sdc-cs-secrets
-                key: keystore_password
-          - name: TRUSTSTORE_PASS
-            valueFrom:
-              secretKeyRef:
-                name: {{ include "common.release" . }}-sdc-cs-secrets
-                key: truststore_password
-        volumeMounts:
-          - name: {{ include "common.fullname" . }}-environments
-            mountPath: /config-input/
-          - name: sdc-environments-output
-            mountPath: /config-output/
-      containers:
-        - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          ports:
-          - containerPort: {{ .Values.service.internalPort }}
-          {{ if eq .Values.liveness.enabled true }}
-          livenessProbe:
-            tcpSocket:
-              port: {{ .Values.service.internalPort }}
-            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
-            periodSeconds: {{ .Values.liveness.periodSeconds }}
-          {{ end }}
-          readinessProbe:
-            httpGet:
-              path: /dcae/healthCheckOld
-              port: {{ .Values.service.internalPort }}
-              scheme: HTTPS
-            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
-            periodSeconds: {{ .Values.readiness.periodSeconds }}
-          env:
-          - name: ENVNAME
-            value: {{ .Values.global.env.name }}
-          - name: JAVA_OPTIONS
-            value: {{ .Values.config.javaOptions }}
-          - name: HOST_IP
-            valueFrom:
-              fieldRef:
-                fieldPath: status.podIP
-          volumeMounts:
-          - name: sdc-environments-output
-            mountPath: /var/lib/jetty/chef-solo/environments/
-          - name: sdc-cert
-            mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.p12
-            subPath: org.onap.sdc.p12
-          - name: sdc-cert
-            mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.trust.jks
-            subPath: org.onap.sdc.trust.jks
-          - name: {{ include "common.fullname" . }}-localtime
-            mountPath: /etc/localtime
-            readOnly: true
-          - name: {{ include "common.fullname" . }}-logs
-            mountPath: /var/lib/jetty/logs
-          - name: {{ include "common.fullname" . }}-logback
-            mountPath: /tmp/logback.xml
-            subPath: logback.xml
-          resources:
-{{ include "common.resources" . | indent 12 }}
-        {{- if .Values.nodeSelector }}
-        nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
-        {{- end -}}
-        {{- if .Values.affinity }}
-        affinity:
-{{ toYaml .Values.affinity | indent 10 }}
-        {{- end }}
-
-        # side car containers
-        - name: {{ include "common.name" . }}-filebeat-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          volumeMounts:
-          - name: {{ include "common.fullname" . }}-filebeat-conf
-            mountPath: /usr/share/filebeat/filebeat.yml
-            subPath: filebeat.yml
-          - name: {{ include "common.fullname" . }}-logs
-            mountPath: /var/log/onap
-          - name: {{ include "common.fullname" . }}-data-filebeat
-            mountPath: /usr/share/filebeat/data
-      volumes:
-        - name: {{ include "common.fullname" . }}-localtime
-          hostPath:
-            path: /etc/localtime
-        - name: sdc-cert
-          secret:
-            secretName: sdc-cert
-        - name: {{ include "common.fullname" . }}-filebeat-conf
-          configMap:
-            name: {{ include "common.release" . }}-sdc-filebeat-configmap
-        - name: {{ include "common.fullname" . }}-data-filebeat
-          emptyDir: {}
-        - name: {{ include "common.fullname" . }}-logback
-          configMap:
-            name : {{ include "common.fullname" . }}-logging-configmap
-        - name: {{ include "common.fullname" . }}-environments
-          configMap:
-            name: {{ include "common.release" . }}-sdc-environments-configmap
-            defaultMode: 0755
-        - name: sdc-environments-output
-          emptyDir: { medium: "Memory" }
-        - name: {{ include "common.fullname" . }}-logs
-          emptyDir: {}
-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/service.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/templates/service.yaml
deleted file mode 100644
index 88445c1d56..0000000000
--- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/service.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "common.servicename" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    msb.onap.org/service-info: '[
-      {
-          "serviceName": "sdc-dcae-dt",
-          "version": "v1",
-          "url": "/dcae",
-          "protocol": "UI",
-          "port": "{{ .Values.service.internalPort }}",
-          "visualRange": "0|1"
-      }
-    ]'
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    {{if eq .Values.service.type "NodePort" -}}
-    - port: {{ .Values.service.internalPort }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
-      name: {{ .Values.service.portName }}
-    {{- else -}}
-    - port: {{ .Values.service.externalPort }}
-      targetPort: {{ .Values.service.internalPort }}
-      name: {{ .Values.service.portName }}
-    {{- end}}
-  selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml
deleted file mode 100644
index 6dbec2bc24..0000000000
--- a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml
+++ /dev/null
@@ -1,86 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
-  nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/dcae-dt:1.3.4
-pullPolicy: IfNotPresent
-config:
-  javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-dt/logback-spring.xml
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
-  initialDelaySeconds: 10
-  periodSeconds: 10
-  enabled: false
-
-readiness:
-  initialDelaySeconds: 10
-  periodSeconds: 10
-
-service:
-  type: NodePort
-  name: sdc-dcae-dt
-  portName: dcae-dt
-  nodePort: "66"
-  internalPort: 9446
-
-ingress:
-  enabled: false
-  service:
-    - baseaddr: "dcaedt"
-      name: "sdc-dcae-dt"
-      port: 9446
-  config:
-    ssl: "redirect"
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
-  small:
-    limits:
-      cpu: 1
-      memory: 4Gi
-    requests:
-      cpu: 10m
-      memory: 1Gi
-  large:
-    limits:
-      cpu: 2
-      memory: 8Gi
-    requests:
-      cpu: 20m
-      memory: 2Gi
-  unlimited: {}
diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/Chart.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/Chart.yaml
deleted file mode 100644
index 7eb7782cac..0000000000
--- a/kubernetes/sdc/charts/sdc-dcae-fe/Chart.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-# Copyright © 2013 Amdocs, AT&T,Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP SDC DCAE UI for service monitoring and MC create and configure
-name: sdc-dcae-fe
-version: 6.0.0
diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/resources/config/logging/logback.xml b/kubernetes/sdc/charts/sdc-dcae-fe/resources/config/logging/logback.xml
deleted file mode 100644
index 8dbf347dc7..0000000000
--- a/kubernetes/sdc/charts/sdc-dcae-fe/resources/config/logging/logback.xml
+++ /dev/null
@@ -1,204 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>

-<!--

-================================================================================

-Copyright (C) 2018 AT&T Intellectual Property

-================================================================================

-Licensed under the Apache License, Version 2.0 (the "License");

-you may not use this file except in compliance with the License.

-You may obtain a copy of the License at

-

-     http://www.apache.org/licenses/LICENSE-2.0

-

-Unless required by applicable law or agreed to in writing, software

-distributed under the License is distributed on an "AS IS" BASIS,

-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

-See the License for the specific language governing permissions and

-limitations under the License.

-================================================================================

--->

-<configuration scan="true" scanPeriod="3 seconds">

-    <property name="logDir" value="/var/log/onap" />

-    <property name="componentName" scope="system" value="sdc"></property>

-    <property name="subComponentName" scope="system" value="dcae-fe"></property>

-    <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />

-    <property file="${config.home}/dcae-fe/configuration.yaml" />

-    <property name="enable-all-log" scope="context" value="false" />

-    <!--  log file names -->

-    <property name="errorLogName" value="error" />

-    <property name="metricsLogName" value="metrics" />

-    <property name="auditLogName" value="audit" />

-    <property name="debugLogName" value="debug" />

-    <property name="transactionLogName" value="transaction" />

-    <property name="allLogName" value="all" />

-    <property name="queueSize" value="256" />

-    <property name="maxFileSize" value="50MB" />

-    <property name="maxHistory" value="30" />

-    <property name="totalSizeCap" value="10GB" />

-    <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />

-    <!-- All log -->

-    <if condition='property("enable-all-log").equalsIgnoreCase("true")'>

-        <then>

-            <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ALL_ROLLING">

-                <file>${logDirectory}/${allLogName}.log</file>

-                <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">

-                    <fileNamePattern>${logDirectory}/${allLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>

-                    <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">

-                        <maxFileSize>${maxFileSize}</maxFileSize>

-                    </timeBasedFileNamingAndTriggeringPolicy>

-                    <maxHistory>${maxHistory}</maxHistory>

-                    <totalSizeCap>${totalSizeCap}</totalSizeCap>

-                </rollingPolicy>

-                <encoder>

-                    <pattern>${pattern}</pattern>

-                </encoder>

-            </appender>

-            <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL">

-                <appender-ref ref="ALL_ROLLING" />

-            </appender>

-        </then>

-    </if>

-    <!-- Error log -->

-    <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ERROR_ROLLING">

-        <file>${logDirectory}/${errorLogName}.log</file>

-        <!-- Audit messages filter - deny audit messages -->

-        <filter class="ch.qos.logback.core.filter.EvaluatorFilter">

-            <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">

-                <marker>AUDIT_MARKER</marker>

-            </evaluator>

-            <onMismatch>NEUTRAL</onMismatch>

-            <onMatch>DENY</onMatch>

-        </filter>

-        <!-- Transaction messages filter - deny Transaction messages -->

-        <filter class="ch.qos.logback.core.filter.EvaluatorFilter">

-            <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">

-                <marker>TRANSACTION_MARKER</marker>

-            </evaluator>

-            <onMismatch>NEUTRAL</onMismatch>

-            <onMatch>DENY</onMatch>

-        </filter>

-        <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->

-        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">

-            <level>INFO</level>

-        </filter>

-        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">

-            <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>

-            <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">

-                <maxFileSize>${maxFileSize}</maxFileSize>

-            </timeBasedFileNamingAndTriggeringPolicy>

-            <maxHistory>${maxHistory}</maxHistory>

-            <totalSizeCap>${totalSizeCap}</totalSizeCap>

-        </rollingPolicy>

-        <encoder>

-            <pattern>${pattern}</pattern>

-        </encoder>

-    </appender>

-    <!-- Debug log -->

-    <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="DEBUG_ROLLING">

-        <file>${logDirectory}/${debugLogName}.log</file>

-        <!-- No need to deny audit messages - they are INFO only, will be denied

-                        anyway -->

-        <!-- Transaction messages filter - deny Transaction messages, there are

-                        some DEBUG level messages among them -->

-        <filter class="ch.qos.logback.core.filter.EvaluatorFilter">

-            <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">

-                <marker>TRANSACTION_MARKER</marker>

-            </evaluator>

-            <onMismatch>NEUTRAL</onMismatch>

-            <onMatch>DENY</onMatch>

-        </filter>

-        <!-- accept DEBUG and TRACE level -->

-        <filter class="ch.qos.logback.core.filter.EvaluatorFilter">

-            <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">

-                <expression>e.level.toInt() &lt;= DEBUG.toInt()</expression>

-            </evaluator>

-            <OnMismatch>DENY</OnMismatch>

-            <OnMatch>NEUTRAL</OnMatch>

-        </filter>

-        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">

-            <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>

-            <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">

-                <maxFileSize>${maxFileSize}</maxFileSize>

-            </timeBasedFileNamingAndTriggeringPolicy>

-            <maxHistory>${maxHistory}</maxHistory>

-            <totalSizeCap>${totalSizeCap}</totalSizeCap>

-        </rollingPolicy>

-        <encoder>

-            <pattern>${pattern}</pattern>

-        </encoder>

-    </appender>

-    <!-- Audit log -->

-    <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="AUDIT_ROLLING">

-        <file>${logDirectory}/${auditLogName}.log</file>

-        <!-- Audit messages filter - accept audit messages -->

-        <filter class="ch.qos.logback.core.filter.EvaluatorFilter">

-            <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">

-                <marker>AUDIT_MARKER</marker>

-            </evaluator>

-            <onMismatch>DENY</onMismatch>

-            <onMatch>ACCEPT</onMatch>

-        </filter>

-        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">

-            <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>

-            <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">

-                <maxFileSize>${maxFileSize}</maxFileSize>

-            </timeBasedFileNamingAndTriggeringPolicy>

-            <maxHistory>${maxHistory}</maxHistory>

-            <totalSizeCap>${totalSizeCap}</totalSizeCap>

-        </rollingPolicy>

-        <encoder>

-            <pattern>${pattern}</pattern>

-        </encoder>

-    </appender>

-    <!-- SdncTransaction log -->

-    <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="TRANSACTION_ROLLING">

-        <file>${logDirectory}/${transactionLogName}.log</file>

-        <!-- Transaction messages filter - accept audit messages -->

-        <filter class="ch.qos.logback.core.filter.EvaluatorFilter">

-            <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">

-                <marker>TRANSACTION_MARKER</marker>

-            </evaluator>

-            <onMismatch>DENY</onMismatch>

-            <onMatch>ACCEPT</onMatch>

-        </filter>

-        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">

-            <fileNamePattern>${logDirectory}/${transactionLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>

-            <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">

-                <maxFileSize>${maxFileSize}</maxFileSize>

-            </timeBasedFileNamingAndTriggeringPolicy>

-            <maxHistory>${maxHistory}</maxHistory>

-            <totalSizeCap>${totalSizeCap}</totalSizeCap>

-        </rollingPolicy>

-        <encoder>

-            <pattern>${pattern}</pattern>

-        </encoder>

-    </appender>

-    <!-- Asynchronicity Configurations -->

-    <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG">

-        <queueSize>${queueSize}</queueSize>

-        <appender-ref ref="DEBUG_ROLLING" />

-    </appender>

-    <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION">

-        <queueSize>${queueSize}</queueSize>

-        <appender-ref ref="TRANSACTION_ROLLING" />

-    </appender>

-    <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR">

-        <queueSize>${queueSize}</queueSize>

-        <appender-ref ref="ERROR_ROLLING" />

-    </appender>

-    <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT">

-        <queueSize>${queueSize}</queueSize>

-        <appender-ref ref="AUDIT_ROLLING" />

-    </appender>

-    <root level="INFO">

-        <appender-ref ref="ASYNC_ERROR" />

-        <appender-ref ref="ASYNC_DEBUG" />

-        <appender-ref ref="ASYNC_AUDIT" />

-        <appender-ref ref="ASYNC_TRANSACTION" />

-        <if condition='property("enable-all-log").equalsIgnoreCase("true")'>

-            <then>

-                <appender-ref ref="ALL_ROLLING" />

-            </then>

-        </if>

-    </root>

-    <logger level="INFO" name="org.openecomp.sdc" />

-</configuration>

diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/NOTES.txt b/kubernetes/sdc/charts/sdc-dcae-fe/templates/NOTES.txt
deleted file mode 100644
index 0063bb6c80..0000000000
--- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/NOTES.txt
+++ /dev/null
@@ -1,33 +0,0 @@
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.fullname" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/configmap.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/templates/configmap.yaml
deleted file mode 100644
index 257803fd91..0000000000
--- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/configmap.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-logging-configmap
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml
deleted file mode 100644
index a2278b6df8..0000000000
--- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml
+++ /dev/null
@@ -1,186 +0,0 @@
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-spec:
-  selector:
-    matchLabels:
-      app: {{ include "common.name" . }}
-  replicas: {{ .Values.replicaCount }}
-  template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
-    spec:
-      initContainers:
-      - name: {{ include "common.name" . }}-readiness
-        command:
-        - /root/ready.py
-        args:
-        - --container-name
-        - sdc-dcae-be
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-      - name: {{ include "common.name" . }}-job-completion
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
-        command:
-        - /root/job_complete.py
-        args:
-        - --job-name
-        - {{ include "common.release" . }}-sdc-dcae-be-tools
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-      - name: {{ include "common.name" . }}-update-config
-        image: "{{ .Values.global.envsubstImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        command:
-          - sh
-        args:
-          - -c
-          - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
-        env:
-          - name: KEYSTORE_PASS
-            valueFrom:
-              secretKeyRef:
-                name: {{ include "common.release" . }}-sdc-cs-secrets
-                key: keystore_password
-          - name: TRUSTSTORE_PASS
-            valueFrom:
-              secretKeyRef:
-                name: {{ include "common.release" . }}-sdc-cs-secrets
-                key: truststore_password
-        volumeMounts:
-          - name: {{ include "common.fullname" . }}-environments
-            mountPath: /config-input/
-          - name: sdc-environments-output
-            mountPath: /config-output/
-      containers:
-        - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          ports:
-          - containerPort: {{ .Values.service.internalPort }}
-          {{ if eq .Values.liveness.enabled true }}
-          livenessProbe:
-            tcpSocket:
-              port: {{ .Values.service.internalPort }}
-            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
-            periodSeconds: {{ .Values.liveness.periodSeconds }}
-          {{ end }}
-          readinessProbe:
-            httpGet:
-              path: /dcaed/healthCheck
-              port: {{ .Values.service.internalPort }}
-              scheme: HTTPS
-            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
-            periodSeconds: {{ .Values.readiness.periodSeconds }}
-          env:
-          - name: ENVNAME
-            value: {{ .Values.global.env.name }}
-          - name: JAVA_OPTIONS
-            value: {{ .Values.config.javaOptions }}
-          - name: HOST_IP
-            valueFrom:
-              fieldRef:
-                fieldPath: status.podIP
-          volumeMounts:
-          - name: sdc-environments-output
-            mountPath: /var/lib/jetty/chef-solo/environments/
-          - name: sdc-cert
-            mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12
-            subPath: org.onap.sdc.p12
-          - name: sdc-cert
-            mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks
-            subPath: org.onap.sdc.trust.jks
-          - name: {{ include "common.fullname" . }}-localtime
-            mountPath: /etc/localtime
-            readOnly: true
-          - name: {{ include "common.fullname" . }}-logs
-            mountPath: /var/lib/jetty/logs
-          - name: {{ include "common.fullname" . }}-logback
-            mountPath: /tmp/logback.xml
-            subPath: logback.xml
-          lifecycle:
-            postStart:
-              exec:
-                command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/dcae-fe/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
-          resources:
-{{ include "common.resources" . | indent 12 }}
-        {{- if .Values.nodeSelector }}
-        nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
-        {{- end -}}
-        {{- if .Values.affinity }}
-        affinity:
-{{ toYaml .Values.affinity | indent 10 }}
-        {{- end }}
-
-        # side car containers
-        - name: {{ include "common.name" . }}-filebeat-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          volumeMounts:
-          - name: {{ include "common.fullname" . }}-filebeat-conf
-            mountPath: /usr/share/filebeat/filebeat.yml
-            subPath: filebeat.yml
-          - name: {{ include "common.fullname" . }}-logs
-            mountPath: /var/log/onap
-          - name: {{ include "common.fullname" . }}-data-filebeat
-            mountPath: /usr/share/filebeat/data
-      volumes:
-        - name: {{ include "common.fullname" . }}-localtime
-          hostPath:
-            path: /etc/localtime
-        - name: sdc-cert
-          secret:
-            secretName: sdc-cert
-        - name: {{ include "common.fullname" . }}-filebeat-conf
-          configMap:
-            name: {{ include "common.release" . }}-sdc-filebeat-configmap
-        - name: {{ include "common.fullname" . }}-data-filebeat
-          emptyDir: {}
-        - name: {{ include "common.fullname" . }}-logback
-          configMap:
-            name : {{ include "common.fullname" . }}-logging-configmap
-        - name: {{ include "common.fullname" . }}-environments
-          configMap:
-            name: {{ include "common.release" . }}-sdc-environments-configmap
-            defaultMode: 0755
-        - name: sdc-environments-output
-          emptyDir: { medium: "Memory" }
-        - name: {{ include "common.fullname" . }}-logs
-          emptyDir: {}
-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/service.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/templates/service.yaml
deleted file mode 100644
index e1f541b6b1..0000000000
--- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/service.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "common.servicename" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    msb.onap.org/service-info: '[
-      {
-          "serviceName": "dcae-gui",
-          "version": "v1",
-          "url": "/dcae",
-          "protocol": "UI",
-          "port": "{{ .Values.service.internalPort }}",
-          "visualRange": "0|1"
-      }
-    ]'
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    {{if eq .Values.service.type "NodePort" -}}
-    - port: {{ .Values.service.internalPort }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
-      name: {{ .Values.service.portName }}
-    {{- else -}}
-    - port: {{ .Values.service.externalPort }}
-      targetPort: {{ .Values.service.internalPort }}
-      name: {{ .Values.service.portName }}
-    {{- end}}
-  selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml
deleted file mode 100644
index eae409a431..0000000000
--- a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml
+++ /dev/null
@@ -1,90 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
-  nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/dcae-fe:1.3.4
-pullPolicy: Always
-config:
-  javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-fe/logback-spring.xml
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
-  initialDelaySeconds: 10
-  periodSeconds: 10
-  # necessary to disable liveness probe when setting breakpoints
-  # in debugger so K8s doesn't restart unresponsive container
-  enabled: false
-
-readiness:
-  initialDelaySeconds: 10
-  periodSeconds: 10
-
-service:
-  #Example service definition with external, internal and node ports.
-  #Services may use any combination of ports depending on the 'type' of
-  #service being defined.
-  type: NodePort
-  name: sdc-dcae-fe
-  portName: dcae-fe
-  nodePort: "64"
-  internalPort: 9444
-
-ingress:
-  enabled: false
-  service:
-    - baseaddr: "dcaedt"
-      name: "sdc-dcae-fe"
-      port: 9444
-  config:
-    ssl: "redirect"
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
-  small:
-    limits:
-      cpu: 1
-      memory: 4Gi
-    requests:
-      cpu: 10m
-      memory: 1Gi
-  large:
-    limits:
-      cpu: 2
-      memory: 8Gi
-    requests:
-      cpu: 20m
-      memory: 2Gi
-  unlimited: {}
diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/Chart.yaml b/kubernetes/sdc/charts/sdc-dcae-tosca-lab/Chart.yaml
deleted file mode 100644
index f851518a4e..0000000000
--- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/Chart.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP Tosca model for component monitoring and descriptors deployment
-name: sdc-dcae-tosca-lab
-version: 6.0.0
diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/NOTES.txt b/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/NOTES.txt
deleted file mode 100644
index 41f9706fec..0000000000
--- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/NOTES.txt
+++ /dev/null
@@ -1,33 +0,0 @@
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/deployment.yaml
deleted file mode 100644
index 75b486138b..0000000000
--- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/deployment.yaml
+++ /dev/null
@@ -1,127 +0,0 @@
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-spec:
-  selector:
-    matchLabels:
-      app: {{ include "common.name" . }}
-  replicas: {{ .Values.replicaCount }}
-  template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
-    spec:
-      initContainers:
-      - name: {{ include "common.name" . }}-readiness
-        command:
-        - /root/ready.py
-        args:
-        - --container-name
-        - "sdc-dcae-be"
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
-      containers:
-        - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          ports:
-          - containerPort: {{ .Values.service.internalPort }}
-          - containerPort: {{ .Values.service.internalPort2 }}
-          {{ if eq .Values.liveness.enabled true }}
-          livenessProbe:
-            tcpSocket:
-              port: {{ .Values.service.internalPort2 }}
-            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
-            periodSeconds: {{ .Values.liveness.periodSeconds }}
-          {{ end }}
-          readinessProbe:
-            httpGet:
-              path: /healthcheck
-              port: {{ .Values.service.internalPort }}
-            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
-            periodSeconds: {{ .Values.readiness.periodSeconds }}
-          env:
-          - name: ENVNAME
-            value: {{ .Values.global.env.name }}
-          - name: JAVA_OPTIONS
-            value: {{ .Values.config.javaOptions }}
-          - name: HOST_IP
-            valueFrom:
-              fieldRef:
-                fieldPath: status.podIP
-          volumeMounts:
-          - name: {{ include "common.fullname" . }}-environments
-            mountPath: /var/lib/jetty/chef-solo/environments/
-          - name: {{ include "common.fullname" . }}-localtime
-            mountPath: /etc/localtime
-            readOnly: true
-          - name: {{ include "common.fullname" . }}-logs
-            mountPath: /var/log/onap
-          resources:
-{{ include "common.resources" . | indent 12 }}
-        {{- if .Values.nodeSelector }}
-        nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
-        {{- end -}}
-        {{- if .Values.affinity }}
-        affinity:
-{{ toYaml .Values.affinity | indent 10 }}
-        {{- end }}
-        # side car containers
-        - name: {{ include "common.name" . }}-filebeat-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          volumeMounts:
-          - name: {{ include "common.fullname" . }}-filebeat-conf
-            mountPath: /usr/share/filebeat/filebeat.yml
-            subPath: filebeat.yml
-          - name: {{ include "common.fullname" . }}-logs
-            mountPath: /var/log/onap
-          - name: {{ include "common.fullname" . }}-data-filebeat
-            mountPath: /usr/share/filebeat/data
-      volumes:
-      - name: {{ include "common.fullname" . }}-localtime
-        hostPath:
-          path: /etc/localtime
-      - name: {{ include "common.fullname" . }}-filebeat-conf
-        configMap:
-          name: {{ include "common.release" . }}-sdc-filebeat-configmap
-      - name: {{ include "common.fullname" . }}-data-filebeat
-        emptyDir: {}
-      - name: {{ include "common.fullname" . }}-environments
-        configMap:
-          name: {{ include "common.release" . }}-sdc-environments-configmap
-          defaultMode: 0755
-      - name:  {{ include "common.fullname" . }}-logs
-        emptyDir: {}
-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/service.yaml b/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/service.yaml
deleted file mode 100644
index 04661b9ea1..0000000000
--- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/service.yaml
+++ /dev/null
@@ -1,56 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "common.servicename" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    msb.onap.org/service-info: '[
-      {
-          "serviceName": "dcae-be",
-          "version": "v1",
-          "url": "/dcae",
-          "protocol": "REST",
-          "port": "{{ .Values.service.internalPort2 }}",
-          "visualRange": "1"
-      }
-    ]'
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    {{if eq .Values.service.type "NodePort" -}}
-    - port: {{ .Values.service.internalPort }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
-      name: {{ .Values.service.portName }}
-    - port: {{ .Values.service.internalPort2 }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
-      name: {{ .Values.service.portName2 }}
-    {{- else -}}
-    - port: {{ .Values.service.externalPort }}
-      targetPort: {{ .Values.service.internalPort }}
-      name: {{ .Values.service.portName }}
-    - port: {{ .Values.service.externalPort2 }}
-      targetPort: {{ .Values.service.internalPort2 }}
-      name: {{ .Values.service.portName2 }}
-    {{- end}}
-  selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
diff --git a/kubernetes/sdc/charts/sdc-fe/resources/config/plugins/plugins-configuration.yaml b/kubernetes/sdc/charts/sdc-fe/resources/config/plugins/plugins-configuration.yaml
deleted file mode 100644
index f9a3b17e03..0000000000
--- a/kubernetes/sdc/charts/sdc-fe/resources/config/plugins/plugins-configuration.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-pluginsList:
-   - pluginId: DCAED
-     pluginDiscoveryUrl: "{{ .Values.config.plugins.dcae_discovery_url }}"
-     pluginSourceUrl: "{{ .Values.config.plugins.dcae_source_url }}"
-     pluginStateUrl: "dcaed"
-     pluginDisplayOptions:
-        context:
-            displayName: "Monitoring"
-            displayContext: ["SERVICE"]
-            displayRoles: ["DESIGNER"]
-   - pluginId: DCAE-DS
-     pluginDiscoveryUrl: "{{ .Values.config.plugins.dcae_dt_discovery_url }}"
-     pluginSourceUrl: "{{ .Values.config.plugins.dcae_dt_source_url }}"
-     pluginStateUrl: "dcae-ds"
-     pluginDisplayOptions:
-       tab:
-           displayName: "DCAE-DS"
-           displayRoles: ["DESIGNER"]
-   - pluginId: WORKFLOW
-     pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url }}"
-     pluginSourceUrl: "{{ .Values.config.plugins.workflow_source_url }}"
-     pluginStateUrl: "workflowDesigner"
-     pluginDisplayOptions:
-        tab:
-            displayName: "WORKFLOW"
-            displayRoles: ["DESIGNER", "TESTER"]
-
-connectionTimeout: 1000
\ No newline at end of file
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/.helmignore b/kubernetes/sdc/charts/sdc-onboarding-be/.helmignore
deleted file mode 100644
index daebc7da77..0000000000
--- a/kubernetes/sdc/charts/sdc-onboarding-be/.helmignore
+++ /dev/null
@@ -1,21 +0,0 @@
-# Patterns to ignore when building packages.

-# This supports shell glob matching, relative path matching, and

-# negation (prefixed with !). Only one pattern per line.

-.DS_Store

-# Common VCS dirs

-.git/

-.gitignore

-.bzr/

-.bzrignore

-.hg/

-.hgignore

-.svn/

-# Common backup files

-*.swp

-*.bak

-*.tmp

-*~

-# Various IDEs

-.project

-.idea/

-*.tmproj

diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml
deleted file mode 100644
index cc9f38be6d..0000000000
--- a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml
+++ /dev/null
@@ -1,70 +0,0 @@
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# Modifications Copyright © 2018  ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ if .Values.initJob.enabled }}
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: {{ include "common.fullname" . }}-workflow-init
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}-job
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-spec:
-  backoffLimit: 20
-  template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}-job
-        release: {{ include "common.release" . }}
-    spec:
-      restartPolicy: Never
-      initContainers:
-      - name: {{ include "common.name" . }}-init-readiness
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        command:
-        - /root/job_complete.py
-        args:
-        - --job-name
-        - {{ include "common.release" . }}-sdc-cs-config-cassandra
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-      containers:
-      - name: {{ include "common.name" . }}-job
-        image: "{{ include "common.repository" . }}/{{ .Values.configInitImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        env:
-        - name: CS_HOST
-          value: "{{ .Values.global.cassandra.serviceName }}"
-        - name: CS_PORT
-          value: "{{ .Values.config.cassandraClientPort }}"
-        - name: CS_AUTHENTICATE
-          value: "{{ .Values.config.cassandraAuthenticationEnabled }}"
-        - name: CS_USER
-          valueFrom:
-            secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user}
-        - name: CS_PASSWORD
-          valueFrom:
-            secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}
-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
-{{ end }}
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/ingress.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/ingress.yaml
deleted file mode 100644
index 8f87c68f1e..0000000000
--- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/ingress.yaml
+++ /dev/null
@@ -1 +0,0 @@
-{{ include "common.ingress" . }}
diff --git a/kubernetes/sdc/components/Makefile b/kubernetes/sdc/components/Makefile
new file mode 100644
index 0000000000..577fd95b4c
--- /dev/null
+++ b/kubernetes/sdc/components/Makefile
@@ -0,0 +1,56 @@
+# Copyright © 2020 Samsung Electronics, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+	@if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/portal/components/portal-zookeeper/.helmignore b/kubernetes/sdc/components/sdc-be/.helmignore
index daebc7da77..daebc7da77 100644
--- a/kubernetes/portal/components/portal-zookeeper/.helmignore
+++ b/kubernetes/sdc/components/sdc-be/.helmignore
diff --git a/kubernetes/sdc/charts/sdc-be/Chart.yaml b/kubernetes/sdc/components/sdc-be/Chart.yaml
index 3189bebf01..3189bebf01 100644
--- a/kubernetes/sdc/charts/sdc-be/Chart.yaml
+++ b/kubernetes/sdc/components/sdc-be/Chart.yaml
diff --git a/kubernetes/sdc/components/sdc-be/requirements.yaml b/kubernetes/sdc/components/sdc-be/requirements.yaml
new file mode 100644
index 0000000000..4bbe175a80
--- /dev/null
+++ b/kubernetes/sdc/components/sdc-be/requirements.yaml
@@ -0,0 +1,26 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2018 Ericsson. All rights reserved.
+#   Modifications Copyright © 2020 AT&T. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+dependencies:
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/sdc/charts/sdc-be/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-be/resources/config/logging/logback.xml
index 0f044d7646..0f044d7646 100644
--- a/kubernetes/sdc/charts/sdc-be/resources/config/logging/logback.xml
+++ b/kubernetes/sdc/components/sdc-be/resources/config/logging/logback.xml
diff --git a/kubernetes/sdc/charts/sdc-be/templates/NOTES.txt b/kubernetes/sdc/components/sdc-be/templates/NOTES.txt
index 3a5553b84f..3a5553b84f 100644
--- a/kubernetes/sdc/charts/sdc-be/templates/NOTES.txt
+++ b/kubernetes/sdc/components/sdc-be/templates/NOTES.txt
diff --git a/kubernetes/sdc/charts/sdc-be/templates/configmap.yaml b/kubernetes/sdc/components/sdc-be/templates/configmap.yaml
index ea5009914a..aa632f33f4 100644
--- a/kubernetes/sdc/charts/sdc-be/templates/configmap.yaml
+++ b/kubernetes/sdc/components/sdc-be/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T, ZTE
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml
index 84f6d0b51d..44439869cc 100644
--- a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, AT&T, Bell Canada
 # Modifications Copyright © 2018 ZTE
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -22,10 +24,10 @@ spec:
   template:
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
-      initContainers:
+      initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
       - name: {{ include "common.name" . }}-readiness
         command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - "sdc-onboarding-be"
@@ -35,13 +37,20 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
       - name: {{ include "common.name" . }}-job-completion
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
         command:
-        - /root/job_complete.py
+        - /app/ready.py
         args:
         - --job-name
         - {{ include "common.release" . }}-sdc-onboarding-be-cassandra-init
@@ -51,34 +60,60 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
+      {{- if .Values.global.aafEnabled }}
       - name: {{ include "common.name" . }}-update-config
-        image: "{{ .Values.global.envsubstImage }}"
+        image: {{ include "repositoryGenerator.image.envsubst" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
         - sh
         args:
-        - -c
-        - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
-        env:
-        - name: KEYSTORE_PASS
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-sdc-cs-secrets
-              key: keystore_password
-        - name: TRUSTSTORE_PASS
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-sdc-cs-secrets
-              key: truststore_password
-        volumeMounts:
+        - "-c"
+        - |
+          export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+          export KEYSTORE_PASS=$cadi_keystore_password_p12
+          export KEYMANAGER_PASS=$cadi_keystore_password_p12
+          export TRUSTSTORE_PASS=$cadi_truststore_password
+          cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output
+          cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output
+          cd /config-input && \
+          for PFILE in `find . -not -type d | grep -v -F ..`
+          do
+            envsubst <${PFILE} >/config-output/${PFILE}
+            chmod 0755 /config-output/${PFILE}
+          done
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
+        volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
         - name: {{ include "common.fullname" . }}-environments
           mountPath: /config-input/
         - name: sdc-environments-output
           mountPath: /config-output/
+      {{- end }}
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          {{- if .Values.global.aafEnabled }}
+          command:
+          - sh
+          args:
+          - "-c"
+          - |
+            sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh
+            ${JETTY_BASE}/startup.sh
+          {{- end }}
           ports: {{ include "common.containerPorts" . | nindent 10  }}
           {{ if eq .Values.liveness.enabled true }}
           livenessProbe:
@@ -100,7 +135,7 @@ spec:
           resources: {{ include "common.resources" . | nindent 12 }}
           env:
           - name: ENVNAME
-            value: {{ .Values.global.env.name }}
+            value: {{ .Values.env.name }}
           - name: JAVA_OPTIONS
             value: {{ .Values.config.javaOptions }}
           - name: cassandra_ssl_enabled
@@ -112,10 +147,10 @@ spec:
           volumeMounts:
           - name: sdc-environments-output
             mountPath: /var/lib/jetty/chef-solo/environments/
-          - name: sdc-cert
+          - name: sdc-environments-output
             mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12
             subPath: org.onap.sdc.p12
-          - name: sdc-cert
+          - name: sdc-environments-output
             mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks
             subPath: org.onap.sdc.trust.jks
           - name: {{ include "common.fullname" . }}-localtime
@@ -132,7 +167,7 @@ spec:
                 command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/catalog-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
         # side car containers
         - name: {{ include "common.name" . }}-filebeat-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-filebeat-conf
@@ -142,13 +177,17 @@ spec:
             mountPath: /var/log/onap
           - name: {{ include "common.fullname" . }}-data-filebeat
             mountPath: /usr/share/filebeat/data
-      volumes:
+          resources:
+            limits:
+              cpu: 100m
+              memory: 100Mi
+            requests:
+              cpu: 3m
+              memory: 20Mi
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
       - name: {{ include "common.fullname" . }}-localtime
         hostPath:
           path: /etc/localtime
-      - name: sdc-cert
-        secret:
-          secretName: sdc-cert
       - name: {{ include "common.fullname" . }}-filebeat-conf
         configMap:
           name: {{ include "common.release" . }}-sdc-filebeat-configmap
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/ingress.yaml b/kubernetes/sdc/components/sdc-be/templates/ingress.yaml
index 8f87c68f1e..8f87c68f1e 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/ingress.yaml
+++ b/kubernetes/sdc/components/sdc-be/templates/ingress.yaml
diff --git a/kubernetes/sdc/charts/sdc-be/templates/job.yaml b/kubernetes/sdc/components/sdc-be/templates/job.yaml
index a4b44a1a54..b9db3f93c8 100644
--- a/kubernetes/sdc/charts/sdc-be/templates/job.yaml
+++ b/kubernetes/sdc/components/sdc-be/templates/job.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, AT&T, Bell Canada
 # Modifications Copyright © 2018 ZTE
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: batch/v1
 kind: Job
@@ -32,35 +34,51 @@ spec:
       restartPolicy: Never
       initContainers:
       - name: {{ include "common.name" . }}-init-readiness
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - sdc-be
+        - "-t"
+        - "35"
         env:
         - name: NAMESPACE
           valueFrom:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
       containers:
       - name: {{ include "common.name" . }}-job
-        image: "{{ include "common.repository" . }}/{{ .Values.backendInitImage }}"
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.backendInitImage }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - name: {{ include "common.fullname" . }}-environments
-          mountPath: /home/sdc/chef-solo/environments/
+          mountPath: /home/onap/chef-solo/environments/
         - name: sdc-logs
           mountPath: /var/lib/jetty/logs
         env:
         - name: ENVNAME
-          value: {{ .Values.global.env.name }}
+          value: {{ .Values.env.name }}
         - name: HOST_IP
           valueFrom:
             fieldRef:
               fieldPath: status.podIP
+        resources:
+          limits:
+            cpu: 800m
+            memory: 1024Mi
+          requests:
+            cpu: 200m
+            memory: 200Mi
       volumes:
         - name: {{ include "common.fullname" . }}-environments
           configMap:
diff --git a/kubernetes/sdc/charts/sdc-be/templates/service.yaml b/kubernetes/sdc/components/sdc-be/templates/service.yaml
index a0d0f5b438..fd6a25408d 100644
--- a/kubernetes/sdc/charts/sdc-be/templates/service.yaml
+++ b/kubernetes/sdc/components/sdc-be/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T, ZTE
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.service" . }}
diff --git a/kubernetes/sdc/charts/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml
index efe9cb0cf0..e9f83b6978 100644
--- a/kubernetes/sdc/charts/sdc-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-be/values.yaml
@@ -18,23 +18,58 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
+  aafEnabled: true
+  cassandra:
+    #This flag allows SDC to instantiate its own cluster, serviceName
+    #should be sdc-cs if this flag is enabled
+    localCluster: false
+    #The cassandra service name to connect to (default: shared cassandra service)
+    serviceName: cassandra
+    #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled
+    #to match with its own cluster replica
+    replicaCount: 3
+    clusterName: cassandra
+    dataCenter: Pod
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
-image: onap/sdc-backend:1.6.7
-backendInitImage: onap/sdc-backend-init:1.6.7
+image: onap/sdc-backend-all-plugins:1.7.3
+backendInitImage: onap/sdc-backend-init:1.7.3
+
 pullPolicy: Always
 
 # flag to enable debugging - application support required
 debugEnabled: false
 
+#environment file
+env:
+  name: AUTO
+
+certInitializer:
+  nameOverride: sdc-be-cert-init
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  fqdn: sdc
+  fqi: sdc@sdc.onap.org
+  public_fqdn: sdc.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  addconfig: true
+  keystoreFile: "org.onap.sdc.p12"
+  truststoreFile: "org.onap.sdc.trust.jks"
+  permission_user: 352070
+  permission_group: 35953
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh local showpass
+    {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+
+#################################################################
+# SDC Config part
+#################################################################
 config:
   javaOptions: "-Xmx1536m -Xms1536m"
   cassandraSslEnabled: "false"
@@ -66,12 +101,13 @@ service:
   name: sdc-be
   both_tls_and_plain: true
   msb:
-    - port: 8080
+    - port: 8443
       url: "/sdc/v1"
       version: "v1"
       protocol: "REST"
       visualRange: "1"
       serviceName: sdc
+      enable_ssl: true
     - port: 8080
       url: "/sdc/v1"
       version: "v1"
@@ -102,15 +138,15 @@ resources:
   small:
     limits:
       cpu: 1
-      memory: 4Gi
+      memory: 2Gi
     requests:
-      cpu: 10m
+      cpu: 100m
       memory: 1Gi
   large:
     limits:
       cpu: 2
-      memory: 8Gi
+      memory: 4Gi
     requests:
-      cpu: 20m
+      cpu: 200m
       memory: 2Gi
   unlimited: {}
diff --git a/kubernetes/sdc/charts/sdc-be/.helmignore b/kubernetes/sdc/components/sdc-cs/.helmignore
index daebc7da77..daebc7da77 100644
--- a/kubernetes/sdc/charts/sdc-be/.helmignore
+++ b/kubernetes/sdc/components/sdc-cs/.helmignore
diff --git a/kubernetes/sdc/charts/sdc-cs/Chart.yaml b/kubernetes/sdc/components/sdc-cs/Chart.yaml
index 973ca4512e..973ca4512e 100644
--- a/kubernetes/sdc/charts/sdc-cs/Chart.yaml
+++ b/kubernetes/sdc/components/sdc-cs/Chart.yaml
diff --git a/kubernetes/sdc/components/sdc-cs/requirements.yaml b/kubernetes/sdc/components/sdc-cs/requirements.yaml
new file mode 100644
index 0000000000..a37208c8b7
--- /dev/null
+++ b/kubernetes/sdc/components/sdc-cs/requirements.yaml
@@ -0,0 +1,26 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2018 Ericsson. All rights reserved.
+#   Modifications Copyright © 2020 AT&T. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/sdc/charts/sdc-cs/templates/NOTES.txt b/kubernetes/sdc/components/sdc-cs/templates/NOTES.txt
index 3a5553b84f..3a5553b84f 100644
--- a/kubernetes/sdc/charts/sdc-cs/templates/NOTES.txt
+++ b/kubernetes/sdc/components/sdc-cs/templates/NOTES.txt
diff --git a/kubernetes/sdc/charts/sdc-cs/templates/job.yaml b/kubernetes/sdc/components/sdc-cs/templates/job.yaml
index 4e4aad46fc..bb218bbfae 100644
--- a/kubernetes/sdc/charts/sdc-cs/templates/job.yaml
+++ b/kubernetes/sdc/components/sdc-cs/templates/job.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, AT&T, Bell Canada
 # Modifications Copyright © 2018  ZTE
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: batch/v1
 kind: Job
@@ -34,10 +36,10 @@ spec:
       restartPolicy: Never
       initContainers:
       - name: {{ include "common.name" . }}-init-readiness
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         {{- if .Values.global.cassandra.localCluster }}
@@ -45,15 +47,24 @@ spec:
         {{- else }}
         - cassandra
         {{- end }}
+        - "-t"
+        - "15"
         env:
         - name: NAMESPACE
           valueFrom:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
       containers:
       - name: {{ include "common.name" . }}-job
-        image: "{{ include "common.repository" . }}/{{ .Values.cassandraInitImage }}"
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.cassandraInitImage }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - name: {{ include "common.fullname" . }}-environments
@@ -62,7 +73,7 @@ spec:
           mountPath: /home/sdc/chef-solo/cache
         env:
         - name: ENVNAME
-          value: {{ .Values.global.env.name }}
+          value: {{ .Values.env.name }}
         - name: RELEASE
           value: {{ .Values.config.release }}
         - name: SDC_USER
@@ -78,6 +89,13 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: status.podIP
+        resources:
+          limits:
+            cpu: 800m
+            memory: 1024Mi
+          requests:
+            cpu: 200m
+            memory: 300Mi
       volumes:
       - name: {{ include "common.fullname" . }}-environments
         configMap:
diff --git a/kubernetes/sdc/charts/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml
index 927dd98887..efe6dcddea 100644
--- a/kubernetes/sdc/charts/sdc-cs/values.yaml
+++ b/kubernetes/sdc/components/sdc-cs/values.yaml
@@ -18,18 +18,28 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
+  readinessImage: onap/oom/readiness:3.0.1
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
+  cassandra:
+    #This flag allows SDC to instantiate its own cluster, serviceName
+    #should be sdc-cs if this flag is enabled
+    localCluster: false
+    #The cassandra service name to connect to (default: shared cassandra service)
+    serviceName: cassandra
+    #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled
+    #to match with its own cluster replica
+    replicaCount: 3
+    clusterName: cassandra
+    dataCenter: Pod
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.6.7
-cassandraInitImage: onap/sdc-cassandra-init:1.6.7
+image: onap/sdc-cassandra:1.7.3
+cassandraInitImage: onap/sdc-cassandra-init:1.7.3
 
 pullPolicy: Always
 
@@ -38,6 +48,10 @@ config:
   maxHeapSize: "1536M"
   heapNewSize: "512M"
 
+#environment file
+env:
+  name: AUTO
+
 # default number of instances
 replicaCount: 1
 
@@ -90,23 +104,3 @@ persistence:
 
 ingress:
   enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
-  small:
-    limits:
-      cpu: 1
-      memory: 4Gi
-    requests:
-      cpu: 10m
-      memory: 1Gi
-  large:
-    limits:
-      cpu: 2
-      memory: 8Gi
-    requests:
-      cpu: 20m
-      memory: 2Gi
-  unlimited: {}
diff --git a/kubernetes/sdc/charts/sdc-cs/.helmignore b/kubernetes/sdc/components/sdc-fe/.helmignore
index daebc7da77..daebc7da77 100644
--- a/kubernetes/sdc/charts/sdc-cs/.helmignore
+++ b/kubernetes/sdc/components/sdc-fe/.helmignore
diff --git a/kubernetes/sdc/charts/sdc-fe/Chart.yaml b/kubernetes/sdc/components/sdc-fe/Chart.yaml
index 4794092b6c..4794092b6c 100644
--- a/kubernetes/sdc/charts/sdc-fe/Chart.yaml
+++ b/kubernetes/sdc/components/sdc-fe/Chart.yaml
diff --git a/kubernetes/sdc/components/sdc-fe/requirements.yaml b/kubernetes/sdc/components/sdc-fe/requirements.yaml
new file mode 100644
index 0000000000..4bbe175a80
--- /dev/null
+++ b/kubernetes/sdc/components/sdc-fe/requirements.yaml
@@ -0,0 +1,26 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2018 Ericsson. All rights reserved.
+#   Modifications Copyright © 2020 AT&T. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+dependencies:
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/sdc/charts/sdc-fe/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-fe/resources/config/logging/logback.xml
index 1000982b6e..1000982b6e 100644
--- a/kubernetes/sdc/charts/sdc-fe/resources/config/logging/logback.xml
+++ b/kubernetes/sdc/components/sdc-fe/resources/config/logging/logback.xml
diff --git a/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml b/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml
new file mode 100644
index 0000000000..9dc317b2b5
--- /dev/null
+++ b/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml
@@ -0,0 +1,11 @@
+pluginsList:
+   - pluginId: WORKFLOW
+     pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url }}"
+     pluginSourceUrl: "{{ .Values.config.plugins.workflow_source_url }}"
+     pluginStateUrl: "workflowDesigner"
+     pluginDisplayOptions:
+        tab:
+            displayName: "WORKFLOW"
+            displayRoles: ["DESIGNER", "TESTER"]
+
+connectionTimeout: 1000
\ No newline at end of file
diff --git a/kubernetes/sdc/charts/sdc-fe/templates/NOTES.txt b/kubernetes/sdc/components/sdc-fe/templates/NOTES.txt
index 6319bfb6a3..6319bfb6a3 100644
--- a/kubernetes/sdc/charts/sdc-fe/templates/NOTES.txt
+++ b/kubernetes/sdc/components/sdc-fe/templates/NOTES.txt
diff --git a/kubernetes/sdc/charts/sdc-fe/templates/configmap.yaml b/kubernetes/sdc/components/sdc-fe/templates/configmap.yaml
index ba24fd705b..2ac85aead6 100644
--- a/kubernetes/sdc/charts/sdc-fe/templates/configmap.yaml
+++ b/kubernetes/sdc/components/sdc-fe/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T, ZTE
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml
index ccfbc7064b..45c7bc85b6 100644
--- a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T, ZTE
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -34,49 +36,77 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
-      initContainers:
+      initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
       - name: {{ include "common.name" . }}-job-completion
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
         command:
-        - /root/job_complete.py
+        - /app/ready.py
         args:
         - --job-name
         - {{ include "common.release" . }}-sdc-be-config-backend
+        - "-t"
+        - "35"
         env:
         - name: NAMESPACE
           valueFrom:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
+      {{- if .Values.global.aafEnabled }}
       - name: {{ include "common.name" . }}-update-config
-        image: "{{ .Values.global.envsubstImage }}"
+        image: {{ include "repositoryGenerator.image.envsubst" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
-          - sh
+        - sh
         args:
-          - -c
-          - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
-        env:
-          - name: KEYSTORE_PASS
-            valueFrom:
-              secretKeyRef:
-                name: {{ include "common.release" . }}-sdc-cs-secrets
-                key: keystore_password
-          - name: TRUSTSTORE_PASS
-            valueFrom:
-              secretKeyRef:
-                name: {{ include "common.release" . }}-sdc-cs-secrets
-                key: truststore_password
-        volumeMounts:
+        - "-c"
+        - |
+          export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+          export KEYSTORE_PASS=$cadi_keystore_password_p12
+          export KEYMANAGER_PASS=$cadi_keystore_password_p12
+          export TRUSTSTORE_PASS=$cadi_truststore_password
+          cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output
+          cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output
+          cd /config-input && \
+          for PFILE in `find . -not -type d | grep -v -F ..`
+          do
+            envsubst <${PFILE} >/config-output/${PFILE}
+            chmod 0755 /config-output/${PFILE}
+          done
+        volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
           - name: {{ include "common.fullname" . }}-environments
             mountPath: /config-input/
           - name: sdc-environments-output
             mountPath: /config-output/
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
+      {{- end }}
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          {{- if .Values.global.aafEnabled }}
+          command:
+          - sh
+          args:
+          - "-c"
+          - |
+            sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh
+            ${JETTY_BASE}/startup.sh
+          {{- end }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
           - containerPort: {{ .Values.service.internalPort2 }}
@@ -94,11 +124,10 @@ spec:
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
             timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
-          resources:
-{{ include "common.resources" . | indent 12 }}
+          resources: {{ include "common.resources" . | nindent 12 }}
           env:
           - name: ENVNAME
-            value: {{ .Values.global.env.name }}
+            value: {{ .Values.env.name }}
           - name: HOST_IP
             valueFrom:
               fieldRef:
@@ -108,10 +137,10 @@ spec:
           volumeMounts:
           - name: sdc-environments-output
             mountPath: /var/lib/jetty/chef-solo/environments/
-          - name: sdc-cert
+          - name: sdc-environments-output
             mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12
             subPath: org.onap.sdc.p12
-          - name: sdc-cert
+          - name: sdc-environments-output
             mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks
             subPath: org.onap.sdc.trust.jks
           - name: {{ include "common.fullname" . }}-localtime
@@ -131,7 +160,7 @@ spec:
                 command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/catalog-fe/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
         # side car containers
         - name: {{ include "common.name" . }}-filebeat-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-filebeat-conf
@@ -141,13 +170,17 @@ spec:
             mountPath: /var/log/onap
           - name: {{ include "common.fullname" . }}-data-filebeat
             mountPath: /usr/share/filebeat/data
-      volumes:
+          resources:
+            limits:
+              cpu: 100m
+              memory: 100Mi
+            requests:
+              cpu: 3m
+              memory: 20Mi
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: {{ include "common.fullname" . }}-localtime
           hostPath:
             path: /etc/localtime
-        - name: sdc-cert
-          secret:
-            secretName: sdc-cert
         - name: {{ include "common.fullname" . }}-filebeat-conf
           configMap:
             name: {{ include "common.release" . }}-sdc-filebeat-configmap
diff --git a/kubernetes/sdc/charts/sdc-be/templates/ingress.yaml b/kubernetes/sdc/components/sdc-fe/templates/ingress.yaml
index 8f87c68f1e..8f87c68f1e 100644
--- a/kubernetes/sdc/charts/sdc-be/templates/ingress.yaml
+++ b/kubernetes/sdc/components/sdc-fe/templates/ingress.yaml
diff --git a/kubernetes/sdc/charts/sdc-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-fe/templates/service.yaml
index 2133990b60..db8b59c2ce 100644
--- a/kubernetes/sdc/charts/sdc-fe/templates/service.yaml
+++ b/kubernetes/sdc/components/sdc-fe/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T, ZTE
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
@@ -37,7 +39,7 @@ metadata:
 spec:
   type: {{ .Values.service.type }}
   ports:
-    {{ if not .Values.global.security.disableHttp }}
+    {{ if not .Values.security.disableHttp }}
     # setting http port only if enabled
     {{if eq .Values.service.type "NodePort" -}}
     - port: {{ .Values.service.internalPort }}
diff --git a/kubernetes/sdc/charts/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml
index ff1890ca66..0db5a390c8 100644
--- a/kubernetes/sdc/charts/sdc-fe/values.yaml
+++ b/kubernetes/sdc/components/sdc-fe/values.yaml
@@ -18,17 +18,37 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
+  aafEnabled: true
+
+#################################################################
+# AAF Part
+#################################################################
+certInitializer:
+  nameOverride: sdc-fe-cert-init
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  fqdn: sdc
+  fqi: sdc@sdc.onap.org
+  public_fqdn: sdc.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  addconfig: true
+  keystoreFile: "org.onap.sdc.p12"
+  truststoreFile: "org.onap.sdc.trust.jks"
+  permission_user: 352070
+  permission_group: 35953
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh local showpass
+    {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
-image: onap/sdc-frontend:1.6.7
+image: onap/sdc-frontend:1.7.3
+
 pullPolicy: Always
 
 config:
@@ -41,6 +61,13 @@ config:
     workflow_discovery_url: "https://sdc-wfd-fe:8443/workflows"
     workflow_source_url: "https://sdc.workflow.plugin.simpledemo.onap.org:30256/workflows/"
 
+#environment file
+env:
+  name: AUTO
+
+security:
+  disableHttp: true
+
 # default number of instances
 replicaCount: 1
 
@@ -93,16 +120,16 @@ flavor: small
 resources:
   small:
     limits:
-      cpu: 1
-      memory: 4Gi
+      cpu: 500m
+      memory: 2Gi
     requests:
-      cpu: 10m
+      cpu: 40m
       memory: 1Gi
   large:
     limits:
-      cpu: 2
-      memory: 8Gi
+      cpu: 1
+      memory: 4Gi
     requests:
-      cpu: 20m
+      cpu: 80m
       memory: 2Gi
   unlimited: {}
diff --git a/kubernetes/sdc/charts/sdc-fe/.helmignore b/kubernetes/sdc/components/sdc-onboarding-be/.helmignore
index daebc7da77..daebc7da77 100644
--- a/kubernetes/sdc/charts/sdc-fe/.helmignore
+++ b/kubernetes/sdc/components/sdc-onboarding-be/.helmignore
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/Chart.yaml b/kubernetes/sdc/components/sdc-onboarding-be/Chart.yaml
index dadcc730d0..dadcc730d0 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/Chart.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/Chart.yaml
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/requirements.yaml b/kubernetes/sdc/components/sdc-onboarding-be/requirements.yaml
new file mode 100644
index 0000000000..5b3c7a6575
--- /dev/null
+++ b/kubernetes/sdc/components/sdc-onboarding-be/requirements.yaml
@@ -0,0 +1,26 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2018 Ericsson. All rights reserved.
+#   Modifications Copyright © 2020 AT&T. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+dependencies:
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-onboarding-be/resources/config/logging/logback.xml
index 515076fe30..515076fe30 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/resources/config/logging/logback.xml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/resources/config/logging/logback.xml
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/NOTES.txt b/kubernetes/sdc/components/sdc-onboarding-be/templates/NOTES.txt
index edfb08642a..edfb08642a 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/NOTES.txt
+++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/NOTES.txt
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/configmap.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/configmap.yaml
index ea5009914a..aa632f33f4 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/configmap.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T, ZTE
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml
index db9876fcb4..5c530fea72 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, AT&T, Bell Canada
 # Modifications Copyright © 2018  ZTE
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -34,12 +36,12 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
-      initContainers:
+      initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
       - name: {{ include "common.name" . }}-job-completion
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
         command:
-        - /root/job_complete.py
+        - /app/ready.py
         args:
         - --job-name
         - {{ include "common.release" . }}-sdc-onboarding-be-cassandra-init
@@ -49,36 +51,54 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
+      {{- if .Values.global.aafEnabled }}
       - name: {{ include "common.name" . }}-update-config
-        image: "{{ .Values.global.envsubstImage }}"
+        image: {{ include "repositoryGenerator.image.envsubst" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
-          - sh
+        - sh
         args:
-          - -c
-          - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
-        env:
-          - name: KEYSTORE_PASS
-            valueFrom:
-              secretKeyRef:
-                name: {{ include "common.release" . }}-sdc-cs-secrets
-                key: keystore_password
-          - name: TRUSTSTORE_PASS
-            valueFrom:
-              secretKeyRef:
-                name: {{ include "common.release" . }}-sdc-cs-secrets
-                key: truststore_password
-        volumeMounts:
+        - "-c"
+        - |
+          export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+          export KEYSTORE_PASS=$cadi_keystore_password_p12
+          export KEYMANAGER_PASS=$cadi_keystore_password_p12
+          export TRUSTSTORE_PASS=$cadi_truststore_password
+          cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output
+          cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output
+          cd /config-input && \
+          for PFILE in `find . -not -type d | grep -v -F ..`
+          do
+            envsubst <${PFILE} >/config-output/${PFILE}
+            chmod 0755 /config-output/${PFILE}
+          done
+        volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
           - name: {{ include "common.fullname" . }}-environments
             mountPath: /config-input/
           - name: sdc-environments-output
             mountPath: /config-output/
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
+      {{- end }}
       - name: volume-permissions
         image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
-          - /bin/sh
-          - -c
+          - sh
+        args:
+          - "-c"
           - |
             chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert
         securityContext:
@@ -86,9 +106,16 @@ spec:
         volumeMounts:
           - name: {{ include "common.fullname" . }}-cert-storage
             mountPath: "/onboard/cert"
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
@@ -109,15 +136,14 @@ spec:
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
             timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
-          resources:
-{{ include "common.resources" . | indent 12 }}
+          resources: {{ include "common.resources" . | nindent 12 }}
           env:
           - name: ENVNAME
-            value: {{ .Values.global.env.name }}
+            value: {{ .Values.env.name }}
           - name: JAVA_OPTIONS
             value: {{ .Values.config.javaOptions }}
           - name: SDC_CLUSTER_NAME
-            value: "SDC-CS-{{ .Values.global.env.name }}"
+            value: "SDC-CS-{{ .Values.env.name }}"
           - name: cassandra_ssl_enabled
             value: {{ .Values.config.cassandraSslEnabled | quote }}
           - name: HOST_IP
@@ -135,10 +161,10 @@ spec:
           volumeMounts:
           - name: sdc-environments-output
             mountPath: /var/lib/jetty/chef-solo/environments/
-          - name: sdc-cert
+          - name: sdc-environments-output
             mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12
             subPath: org.onap.sdc.p12
-          - name: sdc-cert
+          - name: sdc-environments-output
             mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks
             subPath: org.onap.sdc.trust.jks
           - name: {{ include "common.fullname" . }}-localtime
@@ -146,18 +172,18 @@ spec:
             readOnly: true
           - name: {{ include "common.fullname" . }}-logs
             mountPath: /var/log/onap
+          - name: {{ include "common.fullname" . }}-cert-storage
+            mountPath: "{{ .Values.cert.certDir }}"
           - name: {{ include "common.fullname" . }}-logback
             mountPath: /tmp/logback.xml
             subPath: logback.xml
-          - name: {{ include "common.fullname" . }}-cert-storage
-            mountPath: "{{ .Values.cert.certDir }}"
           lifecycle:
             postStart:
               exec:
                 command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/onboarding-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
         # side car containers
         - name: {{ include "common.name" . }}-filebeat-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-filebeat-conf
@@ -167,13 +193,17 @@ spec:
             mountPath: /var/log/onap
           - name: {{ include "common.fullname" . }}-data-filebeat
             mountPath: /usr/share/filebeat/data
-      volumes:
+          resources:
+            limits:
+              cpu: 100m
+              memory: 100Mi
+            requests:
+              cpu: 3m
+              memory: 20Mi
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
       - name: {{ include "common.fullname" . }}-localtime
         hostPath:
           path: /etc/localtime
-      - name: sdc-cert
-        secret:
-          secretName: sdc-cert
       - name: {{ include "common.fullname" . }}-filebeat-conf
         configMap:
           name: {{ include "common.release" . }}-sdc-filebeat-configmap
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/job.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml
index 0e5e63b772..c8edb29a28 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/job.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, AT&T, Bell Canada
 # Modifications Copyright © 2018  ZTE
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: batch/v1
 kind: Job
@@ -34,29 +36,38 @@ spec:
       restartPolicy: Never
       initContainers:
       - name: {{ include "common.name" . }}-job-completion
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
         command:
-        - /root/job_complete.py
+        - /app/ready.py
         args:
         - --job-name
         - {{ include "common.release" . }}-sdc-cs-config-cassandra
+        - "-t"
+        - "20"
         env:
         - name: NAMESPACE
           valueFrom:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
       containers:
       - name: {{ include "common.name" . }}-job
-        image: "{{ include "common.repository" . }}/{{ .Values.onboardingInitImage }}"
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.onboardingInitImage }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - name: {{ include "common.fullname" . }}-environments
           mountPath: /home/sdc/chef-solo/environments/
         env:
         - name: ENVNAME
-          value: {{ .Values.global.env.name }}
+          value: {{ .Values.env.name }}
         - name: HOST_IP
           valueFrom:
             fieldRef:
@@ -72,6 +83,13 @@ spec:
             secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: cs_password}
         - name: CS_HOST_IP
           value: "{{ .Values.global.cassandra.serviceName }}"
+        resources:
+          limits:
+            cpu: 800m
+            memory: 1024Mi
+          requests:
+            cpu: 200m
+            memory: 200Mi
       volumes:
       - name: {{ include "common.fullname" . }}-environments
         configMap:
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/pv.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/pv.yaml
index bc110c3b0f..bc110c3b0f 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/pv.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/pv.yaml
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/pvc.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/pvc.yaml
index 006d736b63..006d736b63 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/pvc.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/pvc.yaml
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/service.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml
index ad6650aa86..2ee87eeb33 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/service.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T, ZTE
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
index bdd99953bd..553ec72260 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
@@ -18,18 +18,49 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
+  aafEnabled: true
+  persistence: {}
+  cassandra:
+    #This flag allows SDC to instantiate its own cluster, serviceName
+    #should be sdc-cs if this flag is enabled
+    localCluster: false
+    #The cassandra service name to connect to (default: shared cassandra service)
+    serviceName: cassandra
+    #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled
+    #to match with its own cluster replica
+    replicaCount: 3
+    clusterName: cassandra
+    dataCenter: Pod
+
+#################################################################
+# AAF Part
+#################################################################
+certInitializer:
+  nameOverride: sdc-onboarding-be-cert-init
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  fqdn: sdc
+  fqi: sdc@sdc.onap.org
+  public_fqdn: sdc.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  addconfig: true
+  keystoreFile: "org.onap.sdc.p12"
+  truststoreFile: "org.onap.sdc.trust.jks"
+  permission_user: 352070
+  permission_group: 35953
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh local showpass
+    {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
-image: onap/sdc-onboard-backend:1.6.7
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.7
+image: onap/sdc-onboard-backend:1.7.3
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.7.3
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -39,6 +70,10 @@ config:
   javaOptions: "-Xmx1g -Xms1g"
   cassandraSslEnabled: "false"
 
+#environment file
+env:
+  name: AUTO
+
 # default number of instances
 replicaCount: 1
 
@@ -116,16 +151,16 @@ flavor: small
 resources:
   small:
     limits:
-      cpu: 1
-      memory: 4Gi
+      cpu: 500m
+      memory: 2Gi
     requests:
-      cpu: 10m
+      cpu: 40m
       memory: 1Gi
   large:
     limits:
-      cpu: 2
-      memory: 8Gi
+      cpu: 1
+      memory: 4Gi
     requests:
-      cpu: 20m
+      cpu: 80m
       memory: 2Gi
   unlimited: {}
diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/.helmignore b/kubernetes/sdc/components/sdc-wfd-be/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/pomba/charts/pomba-sdncctxbuilder/.helmignore
+++ b/kubernetes/sdc/components/sdc-wfd-be/.helmignore
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/Chart.yaml b/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml
index 7201db2fee..7201db2fee 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/Chart.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml
diff --git a/kubernetes/sdc/components/sdc-wfd-be/requirements.yaml b/kubernetes/sdc/components/sdc-wfd-be/requirements.yaml
new file mode 100644
index 0000000000..4bbe175a80
--- /dev/null
+++ b/kubernetes/sdc/components/sdc-wfd-be/requirements.yaml
@@ -0,0 +1,26 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2018 Ericsson. All rights reserved.
+#   Modifications Copyright © 2020 AT&T. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+dependencies:
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/NOTES.txt b/kubernetes/sdc/components/sdc-wfd-be/templates/NOTES.txt
index a3c79b12a4..a3c79b12a4 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/templates/NOTES.txt
+++ b/kubernetes/sdc/components/sdc-wfd-be/templates/NOTES.txt
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/_helper.tpl b/kubernetes/sdc/components/sdc-wfd-be/templates/_helper.tpl
index 298a2cd673..298a2cd673 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/templates/_helper.tpl
+++ b/kubernetes/sdc/components/sdc-wfd-be/templates/_helper.tpl
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml
index 135b1f8207..9defb8e1ce 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, AT&T, Bell Canada
 # Modifications Copyright © 2018  ZTE
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -34,13 +36,13 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
-      initContainers:
+      initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
       {{- if .Values.initJob.enabled }}
       - name: {{ include "common.name" . }}-job-completion
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
         command:
-        - /root/job_complete.py
+        - /app/ready.py
         args:
         - --job-name
         - {{ include "common.fullname" . }}-workflow-init
@@ -50,11 +52,32 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
       {{ end }}
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          {{- if .Values.global.aafEnabled }}
+          command:
+          - sh
+          args:
+          - "-c"
+          - |
+            export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+            export SERVER_SSL_KEY_PASSWORD=$cadi_keystore_password_p12
+            export KEYMANAGER_PASS=$cadi_keystore_password_p12
+            export SERVER_SSL_TRUST_PASSWORD=$cadi_truststore_password
+            export SERVER_SSL_KEYSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}
+            export SERVER_SSL_TRUSTSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}
+            ./startup.sh
+          {{- end }}
           ports:
           - containerPort: {{ template "wfd-be.internalPort" . }}
           # disable liveness probe when breakpoints set in debugger
@@ -106,28 +129,10 @@ spec:
             value: "{{ .Values.config.serverSSLEnabled }}"
           - name: SERVER_SSL_KEYSTORE_TYPE
             value: "{{ .Values.config.serverSSLKeyStoreType }}"
-          - name: SERVER_SSL_KEYSTORE_PATH
-            value: "{{ .Values.config.serverSSLKeyStorePath }}"
-          - name: SERVER_SSL_KEY_PASSWORD
-            valueFrom:
-              secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: keystore_password}
           - name: SERVER_SSL_TRUSTSTORE_TYPE
             value: "{{ .Values.config.serverSSLTrustStoreType }}"
-          - name: SERVER_SSL_TRUSTSTORE_PATH
-            value: "{{ .Values.config.serverSSLTrustStorePath }}"
-          - name: SERVER_SSL_TRUST_PASSWORD
-            valueFrom:
-              secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: truststore_password}
-          volumeMounts:
-          - name: sdc-cert
-            mountPath: /keystore
-            subPath: org.onap.sdc.p12
-          - name: sdc-cert
-            mountPath: /truststore
-            subPath: org.onap.sdc.trust.jks
-      volumes:
-        - name: sdc-cert
-          secret:
-            secretName: sdc-cert
+          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+          resources: {{ include "common.resources" . | nindent 12 }}
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/ingress.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml
index 8f87c68f1e..8f87c68f1e 100644
--- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/ingress.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml
diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml
new file mode 100644
index 0000000000..f7b0cfa04b
--- /dev/null
+++ b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml
@@ -0,0 +1,82 @@
+{{/*
+# Copyright © 2017 Amdocs, AT&T, Bell Canada
+# Modifications Copyright © 2018  ZTE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ if .Values.initJob.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "common.fullname" . }}-workflow-init
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}-job
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  backoffLimit: 20
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}-job
+        release: {{ include "common.release" . }}
+    spec:
+      restartPolicy: Never
+      initContainers:
+        - name: {{ include "common.name" . }}-init-readiness
+          image: {{ include "repositoryGenerator.image.readiness" . }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          command:
+          - /app/ready.py
+          args:
+          - --job-name
+          - {{ include "common.release" . }}-sdc-cs-config-cassandra
+          - "-t"
+          - "20"
+          env:
+          - name: NAMESPACE
+            valueFrom:
+              fieldRef:
+                apiVersion: v1
+                fieldPath: metadata.namespace
+          resources:
+            limits:
+              cpu: 100m
+              memory: 100Mi
+            requests:
+              cpu: 3m
+              memory: 20Mi
+      containers:
+        - name: {{ include "common.name" . }}-job
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.configInitImage }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          env:
+          - name: CS_HOST
+            value: "{{ .Values.global.cassandra.serviceName }}"
+          - name: CS_PORT
+            value: "{{ .Values.config.cassandraClientPort }}"
+          - name: CS_AUTHENTICATE
+            value: "{{ .Values.config.cassandraAuthenticationEnabled }}"
+          - name: CS_USER
+            valueFrom:
+              secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user}
+          - name: CS_PASSWORD
+            valueFrom:
+              secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}
+          resources: {{ include "common.resources" . | nindent 12 }}
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ end }}
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/service.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml
index d9ea066ab3..2af5e2ba26 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/templates/service.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T, ZTE
@@ -13,6 +14,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/components/sdc-wfd-be/values.yaml
index 8bab2c84ea..4aebe7ab9a 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/values.yaml
@@ -18,18 +18,48 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
+  aafEnabled: true
+  cassandra:
+    #This flag allows SDC to instantiate its own cluster, serviceName
+    #should be sdc-cs if this flag is enabled
+    localCluster: false
+    #The cassandra service name to connect to (default: shared cassandra service)
+    serviceName: cassandra
+    #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled
+    #to match with its own cluster replica
+    replicaCount: 3
+    clusterName: cassandra
+    dataCenter: Pod
+
+#################################################################
+# AAF Part
+#################################################################
+certInitializer:
+  nameOverride: sdc-wfd-be-cert-init
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  fqdn: sdc
+  fqi: sdc@sdc.onap.org
+  public_fqdn: sdc.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  addconfig: true
+  keystoreFile: "org.onap.sdc.p12"
+  truststoreFile: "org.onap.sdc.trust.jks"
+  permission_user: 352070
+  permission_group: 35953
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh local showpass
+    {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
-image: onap/workflow-backend:1.6.4
-configInitImage: onap/workflow-init:1.6.4
+image: onap/sdc-workflow-backend:1.7.0
+configInitImage: onap/sdc-workflow-init:1.7.0
 pullPolicy: Always
 
 initJob:
@@ -39,22 +69,19 @@ config:
   javaOptions: "-Xmx1536m -Xms1536m"
   cassandraAuthenticationEnabled: true
   cassandraClientPort: 9042
-
   sdcProtocol: HTTPS
   sdcEndpoint: sdc-be:8443
   sdcExternalUser: workflow
-
   serverSSLEnabled: true
-
   serverSSLKeyStoreType: jks
-  serverSSLKeyStorePath: /home/sdc/etc/keystore
-
   serverSSLTrustStoreType: jks
-  serverSSLTrustStorePath: /home/sdc/etc/truststore
-
   cassandraSSLEnabled: false
   cassandraTrustStorePath: /home/sdc/etc/truststore
 
+# environment file
+env:
+  name: AUTO
+
 # default number of instances
 replicaCount: 1
 
@@ -83,7 +110,6 @@ service:
   externalPort2: 8443
   nodePort: "57" # only one node port. set to http or https port depending on isHttpsEnabled property
 
-
 ingress:
   enabled: false
   service:
@@ -92,22 +118,23 @@ ingress:
       port: 8443
   config:
     ssl: "redirect"
-    
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  #
-  # Example:
-  # Configure resource requests and limits
-  # ref: http://kubernetes.io/docs/user-guide/compute-resources/
-  # Minimum memory for development is 2 CPU cores and 4GB memory
-  # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-#  limits:
-#    cpu: 2
-#    memory: 4Gi
-#  requests:
-#    cpu: 2
-#    memory: 4Gi
+
+# Resource Limit flavor -By Default using small
+# Segregation for Different environment (Small and Large)
+flavor: small
+resources:
+  small:
+    limits:
+      cpu: 500m
+      memory: 2Gi
+    requests:
+      cpu: 40m
+      memory: 1Gi
+  large:
+    limits:
+      cpu: 1
+      memory: 4Gi
+    requests:
+      cpu: 80m
+      memory: 2Gi
+  unlimited: {}
diff --git a/kubernetes/pomba/charts/pomba-search-data/.helmignore b/kubernetes/sdc/components/sdc-wfd-fe/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/pomba/charts/pomba-search-data/.helmignore
+++ b/kubernetes/sdc/components/sdc-wfd-fe/.helmignore
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/Chart.yaml b/kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml
index d5ef0a4db7..d5ef0a4db7 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/Chart.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml b/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml
new file mode 100644
index 0000000000..4bbe175a80
--- /dev/null
+++ b/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml
@@ -0,0 +1,26 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2018 Ericsson. All rights reserved.
+#   Modifications Copyright © 2020 AT&T. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+dependencies:
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/NOTES.txt b/kubernetes/sdc/components/sdc-wfd-fe/templates/NOTES.txt
index a3c79b12a4..a3c79b12a4 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/NOTES.txt
+++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/NOTES.txt
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/_helper.tpl b/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl
index 546bab7ddf..546bab7ddf 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/_helper.tpl
+++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml
index 57d849cafe..7a8cf8fb34 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -33,10 +35,10 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
-      initContainers:
+      initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
       - name: {{ include "common.name" . }}-readiness
         command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - "sdc-wfd-be"
@@ -46,12 +48,55 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
+      {{- if .Values.global.aafEnabled }}
+      - name: {{ include "common.fullname" . }}-move-cert
+        command:
+          - /bin/sh
+        args:
+          - -c
+          - |
+            cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /sdc-certs/{{ .Values.certInitializer.keystoreFile }}
+            cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /sdc-certs/{{ .Values.certInitializer.truststoreFile }}
+            cp {{ .Values.certInitializer.credsPath }}/mycreds.prop /sdc-certs/mycreds.prop
+        image: {{ include "repositoryGenerator.image.busybox" . }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+          - name: sdc-certs
+            mountPath: /sdc-certs
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
+      {{- end }}
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          {{- if .Values.global.aafEnabled }}
+          command:
+          - sh
+          args:
+          - "-c"
+          - |
+            export $(grep '^c' /sdc-certs/mycreds.prop | xargs -0)
+            export KEYSTORE_PASS=$cadi_keystore_password_p12
+            export TRUSTSTORE_PASS=$cadi_truststore_password
+            export KEYSTORE_PATH=/etc/{{ .Values.certInitializer.keystoreFile }}
+            export TRUSTSTORE_PATH=/etc/{{ .Values.certInitializer.truststoreFile }}
+            ./startup.sh
+          {{- end }}
           ports:
           - containerPort: {{ template "wfd-fe.internalPort" . }}
           {{ if .Values.liveness.enabled }}
@@ -68,7 +113,7 @@ spec:
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           env:
           - name: ENVNAME
-            value: {{ .Values.global.env.name }}
+            value: {{ .Values.env.name }}
           - name: JAVA_OPTIONS
             value: {{ .Values.config.javaOptions }}
           - name: BACKEND
@@ -76,16 +121,6 @@ spec:
           - name: IS_HTTPS
             value: "{{ .Values.config.isHttpsEnabled}}"
             {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }}
-          - name: KEYSTORE_PASS
-            valueFrom:
-              secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: keystore_password}
-          - name: TRUSTSTORE_PASS
-            valueFrom:
-              secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: truststore_password}
-          - name: TRUSTSTORE_PATH
-            value: "{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}"
-          - name: KEYSTORE_PATH
-            value: "{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}"
           - name: TRUST_ALL
             value: "{{ .Values.config.isTrustAll}}"
             {{ end }}
@@ -93,14 +128,18 @@ spec:
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
             readOnly: true
-          - name: sdc-cert
-            mountPath: /var/lib/jetty/etc/org.onap.sdc.p12
-            subPath: org.onap.sdc.p12
-          - name: sdc-cert
-            mountPath: /var/lib/jetty/etc/org.onap.sdc.trust.jks
-            subPath: org.onap.sdc.trust.jks
-          resources:
-{{ include "common.resources" . | indent 12 }}
+          {{- if .Values.global.aafEnabled }}
+          - name: sdc-certs
+            mountPath: /sdc-certs/mycreds.prop
+            subPath: mycreds.prop
+          - name: sdc-certs
+            mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.keystoreFile }}
+            subPath: {{ .Values.certInitializer.keystoreFile }}
+          - name: sdc-certs
+            mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.truststoreFile }}
+            subPath: {{ .Values.certInitializer.truststoreFile }}
+          {{ end }}
+          resources: {{ include "common.resources" . | nindent 12 }}
         {{- if .Values.nodeSelector }}
         nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 10 }}
@@ -111,7 +150,7 @@ spec:
         {{- end }}
         # side car containers
         - name: {{ include "common.name" . }}-filebeat-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-filebeat-conf
@@ -121,13 +160,22 @@ spec:
             mountPath: /var/log/onap
           - name: {{ include "common.fullname" . }}-data-filebeat
             mountPath: /usr/share/filebeat/data
-      volumes:
+          resources:
+            limits:
+              cpu: 100m
+              memory: 100Mi
+            requests:
+              cpu: 3m
+              memory: 20Mi
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: {{ include "common.fullname" . }}-localtime
           hostPath:
             path: /etc/localtime
-        - name: sdc-cert
-          secret:
-            secretName: sdc-cert
+        {{- if .Values.global.aafEnabled }}
+        - name: sdc-certs
+          emptyDir:
+            medium: "Memory"
+        {{- end }}
         - name: {{ include "common.fullname" . }}-filebeat-conf
           configMap:
             name: {{ include "common.release" . }}-sdc-filebeat-configmap
diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/ingress.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/ingress.yaml
index 8f87c68f1e..8f87c68f1e 100644
--- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/ingress.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/ingress.yaml
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml
index 96e1c0aee4..bc838ac22f 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 ZTE
 # Modifications Copyright © 2018 AT&T, Amdocs, Bell Canada
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml
index 359c33ab61..ff8aebf6b2 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml
@@ -18,17 +18,36 @@
 global:
   nodePortPrefix: 302
   nodePortPrefixExt: 304
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
+  aafEnabled: true
+
+#################################################################
+# AAF Part
+#################################################################
+certInitializer:
+  nameOverride: sdc-wfd-fe-cert-init
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  fqdn: sdc
+  fqi: sdc@sdc.onap.org
+  public_fqdn: sdc.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  addconfig: true
+  keystoreFile: "org.onap.sdc.p12"
+  truststoreFile: "org.onap.sdc.trust.jks"
+  permission_user: 352070
+  permission_group: 35953
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh local showpass
+    {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
-image: onap/workflow-frontend:1.6.4
+image: onap/sdc-workflow-frontend:1.7.0
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -41,11 +60,13 @@ config:
   # following flag decides whether to check the certificate on the outgoing proxy request or whether to trust all parties
   isTrustAll: true
 # https relevant settings. Change in case you have other trust files then default ones.
+
+#environment file
+env:
+  name: AUTO
+
 security:
   isDefaultStore: false
-  truststoreFilename: "org.onap.sdc.trust.jks"
-  keystoreFilename: "org.onap.sdc.p12"
-  storePath: "etc"
 
 # default number of instances
 replicaCount: 1
@@ -89,21 +110,22 @@ ingress:
     nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
     nginx.ingress.kubernetes.io/rewrite-target: "/workflows/"
 
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  #
-  # Example:
-  # Configure resource requests and limits
-  # ref: http://kubernetes.io/docs/user-guide/compute-resources/
-  # Minimum memory for development is 2 CPU cores and 4GB memory
-  # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-#  limits:
-#    cpu: 2
-#    memory: 4Gi
-#  requests:
-#    cpu: 2
-#    memory: 4Gi
+# Resource Limit flavor -By Default using small
+# Segregation for Different environment (Small and Large)
+flavor: small
+resources:
+  small:
+    limits:
+      cpu: 500m
+      memory: 2Gi
+    requests:
+      cpu: 40m
+      memory: 1Gi
+  large:
+    limits:
+      cpu: 1
+      memory: 4Gi
+    requests:
+      cpu: 80m
+      memory: 2Gi
+  unlimited: {}
diff --git a/kubernetes/sdc/requirements.yaml b/kubernetes/sdc/requirements.yaml
index 2ce7b9dc24..1b7cd0ebb1 100644
--- a/kubernetes/sdc/requirements.yaml
+++ b/kubernetes/sdc/requirements.yaml
@@ -14,15 +14,23 @@
 # limitations under the License.
 
 dependencies:
-  - name: common
+  - name: sdc-be
     version: ~6.x-0
-    repository: '@local'
-
-  - name: cassandra
+    repository: 'file://components/sdc-be'
+  - name: sdc-cs
     version: ~6.x-0
-    # local reference to common chart, as it is
-    # a part of this chart's package and will not
-    # be published independently to a repo (at this point)
-    repository: '@local'
-    condition: global.cassandra.localCluster
-
+    repository: 'file://components/sdc-cs'
+  - name: sdc-fe
+    version: ~6.x-0
+    repository: 'file://components/sdc-fe'
+  - name: sdc-onboarding-be
+    version: ~6.x-0
+    repository: 'file://components/sdc-onboarding-be'
+  - name: sdc-wfd-be
+    version: ~6.x-0
+    repository: 'file://components/sdc-wfd-be'
+    condition: sdc-wfd.enabled
+  - name: sdc-wfd-fe
+    version: ~6.x-0
+    repository: 'file://components/sdc-wfd-fe'
+    condition: sdc-wfd.enabled
\ No newline at end of file
diff --git a/kubernetes/sdc/resources/cert/org.onap.sdc.p12 b/kubernetes/sdc/resources/cert/org.onap.sdc.p12
deleted file mode 100644
index 446856071b..0000000000
--- a/kubernetes/sdc/resources/cert/org.onap.sdc.p12
+++ /dev/null
diff --git a/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks b/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks
deleted file mode 100644
index e6686cc08c..0000000000
--- a/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks
+++ /dev/null
diff --git a/kubernetes/sdc/resources/config/environments/AUTO.json b/kubernetes/sdc/resources/config/environments/AUTO.json
index 2bd165b723..79428f73c6 100755
--- a/kubernetes/sdc/resources/config/environments/AUTO.json
+++ b/kubernetes/sdc/resources/config/environments/AUTO.json
@@ -1,6 +1,6 @@
 {
-    "name": "{{ .Values.global.env.name }}",
-    "description": "OpenSource-{{ .Values.global.env.name }}",
+    "name": "{{ .Values.env.name }}",
+    "description": "OpenSource-{{ .Values.env.name }}",
     "cookbook_versions": {
         "Deploy-SDandC": "= 1.0.0"
     },
@@ -12,9 +12,6 @@
         "CS_VIP": "{{.Values.global.cassandra.serviceName}}.{{include "common.namespace" .}}",
         "BE_VIP": "sdc-be.{{include "common.namespace" .}}",
         "ONBOARDING_BE_VIP": "sdc-onboarding-be.{{include "common.namespace" .}}",
-        "DCAE_BE_VIP": "sdc-dcae-be.{{include "common.namespace" .}}",
-        "DCAE_FE_VIP": "sdc-dcae-fe.{{include "common.namespace" .}}",
-        "DCAE_TOSCA_LAB_VIP": "sdc-dcae-tosca-lab.{{include "common.namespace" .}}",
         "FE_VIP": "sdc-fe.{{include "common.namespace" .}}",
         "interfaces": {
             "application": "eth0",
@@ -107,7 +104,8 @@
       },
       "jetty": {
          "keystore_pwd": "${KEYSTORE_PASS}",
-         "truststore_pwd": "${TRUSTSTORE_PASS}"
+         "truststore_pwd": "${TRUSTSTORE_PASS}",
+         "keymanager_pwd": "${KEYMANAGER_PASS}"
       }
     }
 }
diff --git a/kubernetes/sdc/resources/config/log/filebeat/filebeat.yml b/kubernetes/sdc/resources/config/log/filebeat/filebeat.yml
index 3f75cdff73..59350f0097 100644
--- a/kubernetes/sdc/resources/config/log/filebeat/filebeat.yml
+++ b/kubernetes/sdc/resources/config/log/filebeat/filebeat.yml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada, AT&T, ZTE
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 filebeat.prospectors:
 #it is mandatory, in our case it's log
diff --git a/kubernetes/sdc/templates/configmap.yaml b/kubernetes/sdc/templates/configmap.yaml
index 5231e5f198..fbb0b4216c 100644
--- a/kubernetes/sdc/templates/configmap.yaml
+++ b/kubernetes/sdc/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, AT&T, Bell Canada
 # Modifications Copyright © 2018 ZTE
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/sdc/templates/secrets.yaml b/kubernetes/sdc/templates/secrets.yaml
index 6187104ce6..af6378d88b 100644
--- a/kubernetes/sdc/templates/secrets.yaml
+++ b/kubernetes/sdc/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, AT&T, Bell Canada
 # Modifications Copyright © 2018 ZTE
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Secret
@@ -36,17 +38,3 @@ data:
   keystore_password: "{{ .Values.global.secrets.keystore_password }}"
   # workflow
   wf_external_user_password: "{{ .Values.global.secrets.wf_external_user_password }}"
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: sdc-cert
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/cert/*").AsSecrets . | indent 2 }}
diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml
index 2694b5de80..fef7dab310 100644
--- a/kubernetes/sdc/values.yaml
+++ b/kubernetes/sdc/values.yaml
@@ -15,8 +15,6 @@
 
 global:
   persistence: {}
-  env:
-    name: AUTO
   secrets:
     sdc_user: YXNkY191c2Vy
     sdc_password: QWExMjM0JV4h
@@ -26,10 +24,7 @@ global:
     truststore_password: eitLRWo7dCssS05eaWltU2lTODllI3Aw
     keystore_password: PyhrUCFZdXIhWyohWTUhRV5mKFpLYzMx
     wf_external_user_password: S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==
-  ubuntuInitRepository: oomk8s
-  ubuntuInitImage: ubuntu-init:1.0.0
-  busyboxRepository: registry.hub.docker.com
-  busyboxImage: library/busybox:latest
+  aafEnabled: true
   cassandra:
    #This flag allows SDC to instantiate its own cluster, serviceName
    #should be sdc-cs if this flag is enabled
@@ -43,13 +38,17 @@ global:
    dataCenter: Pod
   security:
     disableHttp: true
-  envsubstImage: dibi/envsubst
+
+# Environment file
+env:
+  name: AUTO
+
 config:
   logstashServiceName: log-ls
   logstashPort: 5044
   environment:
     workflowUrl: 10.0.2.15
-    vnfRepoPort: 8702
+    vnfRepoPort: 8703
 
 #Used only if localCluster is enabled. Instantiates SDC's own cassandra cluster
 cassandra:
@@ -60,3 +59,7 @@ cassandra:
   persistence:
     mountSubPath: sdc/sdc-cs/CS
     enabled: true
+
+# dependency / sub-chart configuration
+sdc-wfd:
+  enabled: true
diff --git a/kubernetes/sdnc/.helmignore b/kubernetes/sdnc/.helmignore
index f0c1319444..7ddbad7ef4 100644
--- a/kubernetes/sdnc/.helmignore
+++ b/kubernetes/sdnc/.helmignore
@@ -19,3 +19,4 @@
 .project
 .idea/
 *.tmproj
+components/
diff --git a/kubernetes/sdnc/Makefile b/kubernetes/sdnc/Makefile
index e4b5dda95d..32b3b728d7 100644
--- a/kubernetes/sdnc/Makefile
+++ b/kubernetes/sdnc/Makefile
@@ -19,7 +19,9 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages
 SECRET_DIR := $(OUTPUT_DIR)/secrets
 
 EXCLUDES := dist resources templates charts
+HELM_BIN := helm
 HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
 
 .PHONY: $(EXCLUDES) $(HELM_CHARTS)
 
@@ -33,15 +35,19 @@ make-%:
 	@if [ -f $*/Makefile ]; then make -C $*; fi
 
 dep-%: make-%
-	@if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
 
 lint-%: dep-%
-	@if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
 
 package-%: lint-%
 	@mkdir -p $(PACKAGE_DIR)
-	@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
-	@helm repo index $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+	@if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
 
 clean:
 	@rm -f */requirements.lock
diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/requirements.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/requirements.yaml
deleted file mode 100644
index 6a61926e9e..0000000000
--- a/kubernetes/sdnc/charts/sdnc-ansible-server/requirements.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
-  - name: common
-    version: ~6.x-0
-    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/sdnc/charts/sdnc-portal/Chart.yaml b/kubernetes/sdnc/charts/sdnc-portal/Chart.yaml
deleted file mode 100644
index 15dd2dde29..0000000000
--- a/kubernetes/sdnc/charts/sdnc-portal/Chart.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: SDN-C Admin Portal
-name: sdnc-portal
-version: 6.0.0
\ No newline at end of file
diff --git a/kubernetes/sdnc/charts/sdnc-portal/requirements.yaml b/kubernetes/sdnc/charts/sdnc-portal/requirements.yaml
deleted file mode 100644
index 6a61926e9e..0000000000
--- a/kubernetes/sdnc/charts/sdnc-portal/requirements.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
-  - name: common
-    version: ~6.x-0
-    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/sdnc/charts/sdnc-portal/resources/config/admportal.json b/kubernetes/sdnc/charts/sdnc-portal/resources/config/admportal.json
deleted file mode 100644
index e845e96b7f..0000000000
--- a/kubernetes/sdnc/charts/sdnc-portal/resources/config/admportal.json
+++ /dev/null
@@ -1,68 +0,0 @@
-{
-  "MainMenu": "gamma",
-  "dbConnLimit": "100",
-  "home": "/opt/admportal",
-  "sslEnabled": "true",
-  "nonSslPort": "8543",
-  "ConexusNetworkPort": "{{.Values.service.internalPort}}",
-  "AppNetworkPort": "8543",
-  "clusterPort": "8443",
-  "serviceHomingServiceType": "SDN-ETHERNET-INTERNET",
-  "passwordKey": "QtfJMKggVk",
-  "preloadImportDirectory": "C:/data/csv",
-  "clusterPrefixURL": "/jolokia/read/org.opendaylight.controller:Category=Shards,name=member-",
-  "clusterMidURL": "-shard-",
-  "clusterSuffixURL": "-config,type=DistributedConfigDatastore",
-  "shards": [
-    "default",
-    "inventory",
-    "topology"
-  ],
-  "dbFabric": "false",
-  "ip-addresses": {
-    "lo": "127.0.0.1",
-    "eth0": "127.0.0.1",
-    "docker0": "172.17.0.1",
-    "virbr0": "192.168.122.1"
-  },
-  "svclogicPropertiesDb01": "{{.Values.config.configDir}}/svclogic.properties.sdnctldb01",
-  "databases": [
-    "{{include "common.mariadbService" $}}|sdnc-sdnctldb01.{{.Release.Namespace}}"
-  ],
-  "dbFabricServer": "localhost",
-  "dbFabricPort": "32275",
-  "dbFabricGroupId": "hagroup1",
-  "dbFabricUser": "${DB_FABRIC_USER}",
-  "dbFabricPassword": "${DB_FABRIC_PASSWORD",
-  "dbFabricDB": "{{.Values.config.dbFabricDB}}",
-  "dbUser": "${SDNC_DB_USER}",
-  "dbPassword": "${SDNC_DB_PASSWORD}",
-  "dbName": "{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}",
-  "odlProtocol": "http",
-  "odlHost": "sdnc.{{.Release.Namespace}}",
-  "odlConexusHost": "sdnc.{{.Release.Namespace}}",
-  "odlPort": "8181",
-  "odlConexusPort": "8181",
-  "odlUser": "${ODL_USER}",
-  "odlPasswd": "${ODL_PASSWORD}",
-  "ConexusNetwork_sslCert": "{{.Values.config.storesDir}}/org.onap.sdnc.p12",
-  "ConexusNetwork_sslKey": "${KEYSTORE_PASSWORD}",
-  "AppNetwork_sslCert": "",
-  "AppNetwork_sslKey": "",
-  "hostnameList": [
-    {
-      "hname": "localhost"
-    }
-  ],
-  "shard_list": [
-    {
-      "shard_name": "default"
-    },
-    {
-      "shard_name": "inventory"
-    },
-    {
-      "shard_name": "topology"
-    }
-  ]
-}
diff --git a/kubernetes/sdnc/charts/sdnc-portal/resources/config/dblib.properties b/kubernetes/sdnc/charts/sdnc-portal/resources/config/dblib.properties
deleted file mode 100644
index beb514e583..0000000000
--- a/kubernetes/sdnc/charts/sdnc-portal/resources/config/dblib.properties
+++ /dev/null
@@ -1,31 +0,0 @@
-###
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 ONAP Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-org.onap.ccsdk.sli.dbtype=jdbc
-org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database={{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
-org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD}
-org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
-org.onap.ccsdk.sli.jdbc.connection.timeout=50
-org.onap.ccsdk.sli.jdbc.request.timeout=100
-org.onap.ccsdk.sli.jdbc.limit.init=10
-org.onap.ccsdk.sli.jdbc.limit.min=10
-org.onap.ccsdk.sli.jdbc.limit.max=20
-org.onap.dblib.connection.recovery=false
diff --git a/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties b/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties
deleted file mode 100644
index a2570cd8a1..0000000000
--- a/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties
+++ /dev/null
@@ -1,5 +0,0 @@
-org.openecomp.sdnctl.sli.dbtype = jdbc
-org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb01:3306/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.openecomp.sdnctl.sli.jdbc.database = {{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.openecomp.sdnctl.sli.jdbc.user = ${SDNC_DB_USER}
-org.openecomp.sdnctl.sli.jdbc.password = ${SDNC_DB_PASSWORD}
diff --git a/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties.sdnctldb02 b/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties.sdnctldb02
deleted file mode 100644
index 267bc2085a..0000000000
--- a/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties.sdnctldb02
+++ /dev/null
@@ -1,5 +0,0 @@
-org.openecomp.sdnctl.sli.dbtype = jdbc
-org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb02:3306/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.openecomp.sdnctl.sli.jdbc.database = {{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.openecomp.sdnctl.sli.jdbc.user = ${SDNC_DB_USER}
-org.openecomp.sdnctl.sli.jdbc.password = ${SDNC_DB_PASSWORD}
diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml
deleted file mode 100644
index b0e85efdfd..0000000000
--- a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml
+++ /dev/null
@@ -1,152 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-spec:
-  selector:
-    matchLabels:
-      app: {{ include "common.name" . }}
-  replicas: {{ .Values.replicaCount }}
-  template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
-    spec:
-      initContainers:
-      - command:
-        - sh
-        args:
-        - -c
-        - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
-        env:
-        - name: SDNC_DB_USER
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
-        - name: SDNC_DB_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
-        - name: DB_FABRIC_USER
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "fabric-db-creds" "key" "login") | indent 10 }}
-        - name: DB_FABRIC_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "fabric-db-creds" "key" "password") | indent 10 }}
-        - name: ODL_USER
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
-        - name: ODL_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
-        - name: KEYSTORE_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 10 }}
-        volumeMounts:
-        - mountPath: /config-input
-          name: config-input
-        - mountPath: /config
-          name: properties
-        image: "{{ .Values.global.envsubstImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-update-config
-
-      - command:
-        - /root/ready.py
-        args:
-        - --container-name
-        - {{ include "common.mariadbService" . }}
-        - --container-name
-        - {{ .Values.config.sdncChartName }}
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-readiness
-      containers:
-        - name: {{ include "common.name" . }}
-          command: ["/bin/bash"]
-          args: ["-c", "cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh"]
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          ports:
-          - containerPort: {{ .Values.service.internalPort }}
-          # disable liveness probe when breakpoints set in debugger
-          # so K8s doesn't restart unresponsive container
-          {{ if .Values.liveness.enabled }}
-          livenessProbe:
-            tcpSocket:
-              port: {{ .Values.service.internalPort }}
-            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
-            periodSeconds: {{ .Values.liveness.periodSeconds }}
-          {{ end }}
-          readinessProbe:
-            tcpSocket:
-              port: {{ .Values.service.internalPort }}
-            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
-            periodSeconds: {{ .Values.readiness.periodSeconds }}
-          env:
-            - name: MYSQL_ROOT_PASSWORD
-              {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14 }}
-            - name: SDNC_CONFIG_DIR
-              value: "{{ .Values.config.configDir }}"
-          volumeMounts:
-          - mountPath: /etc/localtime
-            name: localtime
-            readOnly: true
-          - mountPath: {{ .Values.config.configDir }}/admportal.json
-            name: properties
-            subPath: admportal.json
-          - mountPath: {{ .Values.config.configDir }}/dblib.properties
-            name: properties
-            subPath: dblib.properties
-          - mountPath: {{ .Values.config.configDir }}/svclogic.properties
-            name: properties
-            subPath: svclogic.properties
-          - mountPath: {{ .Values.config.configDir }}/svclogic.properties.sdnctldb01
-            name: properties
-            subPath: svclogic.properties
-          - mountPath: {{ .Values.config.configDir }}/svclogic.properties.sdnctldb02
-            name: properties
-            subPath: svclogic.properties.sdnctldb02
-          resources:
-{{ include "common.resources" . | indent 12 }}
-        {{- if .Values.nodeSelector }}
-        nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
-        {{- end -}}
-        {{- if .Values.affinity }}
-        affinity:
-{{ toYaml .Values.affinity | indent 10 }}
-        {{- end }}
-      volumes:
-        - name: localtime
-          hostPath:
-            path: /etc/localtime
-        - name: config-input
-          configMap:
-            name: {{ include "common.fullname" . }}
-            defaultMode: 0644
-        - name: properties
-          emptyDir:
-            medium: Memory
-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/service.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/service.yaml
deleted file mode 100644
index 815035292b..0000000000
--- a/kubernetes/sdnc/charts/sdnc-portal/templates/service.yaml
+++ /dev/null
@@ -1,52 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "common.servicename" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    msb.onap.org/service-info: '[
-      {
-          "serviceName": "sdnc-portal",
-          "version": "v1",
-          "url": "/",
-          "protocol": "UI",
-          "port": "{{ .Values.service.externalPort }}",
-          "visualRange":"0|1"
-      }
-      ]'
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    {{if eq .Values.service.type "NodePort" -}}
-    - port: {{ .Values.service.externalPort }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
-      name: {{ .Values.service.portName }}
-    {{- else -}}
-    - port: {{ .Values.service.externalPort }}
-      targetPort: {{ .Values.service.internalPort }}
-      name: {{ .Values.service.portName }}
-    {{- end}}
-  selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
diff --git a/kubernetes/sdnc/charts/sdnc-portal/values.yaml b/kubernetes/sdnc/charts/sdnc-portal/values.yaml
deleted file mode 100644
index f2ce269505..0000000000
--- a/kubernetes/sdnc/charts/sdnc-portal/values.yaml
+++ /dev/null
@@ -1,162 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
-  nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  # envsusbt
-  envsubstImage: dibi/envsubst
-
-  mariadbGalera:
-    #This flag allows SO to instantiate its own mariadb-galera cluster
-    #If shared instance is used, this chart assumes that DB already exists
-    localCluster: false
-    service: mariadb-galera
-    internalPort: 3306
-    nameOverride: mariadb-galera
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
-  - uid: db-root-password
-    type: password
-    externalSecret: '{{ .Values.global.mariadbGalera.localCluster | ternary (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride"))) (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}'
-    password: '{{ index .Values "mariadb-galera" "config" "mariadbRootPassword" }}'
-    passwordPolicy: required
-  - uid: db-secret
-    name: &dbSecretName '{{ include "common.release" . }}-sdnc-portal-db-secret'
-    type: basicAuth
-    # This is a nasty trick that allows you override this secret using external one
-    # with the same field that is used to pass this to subchart
-    externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-portal-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
-    login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
-    password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
-    passwordPolicy: required
-  - uid: odl-creds
-    type: basicAuth
-    externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
-    login: '{{ .Values.config.odlUser }}'
-    password: '{{ .Values.config.odlPassword }}'
-    passwordPolicy: required
-  - uid: fabric-db-creds
-    type: basicAuth
-    externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
-    login: '{{ .Values.config.dbFabricUser }}'
-    password: '{{ .Values.config.dbFabricPassword }}'
-    passwordPolicy: required
-  - uid: keystore-password
-    type: password
-    externalSecret: '{{ tpl (default "" .Values.config.KeyStorePwdExternalSecret) . }}'
-    password: '{{ .Values.config.keystorePwd }}'
-    passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/admportal-sdnc-image:1.8.4
-config:
-  dbFabricDB: mysql
-  dbFabricUser: admin
-  dbFabricPassword: admin
-  # dbFabricDBCredsExternalSecret: some secret
-  sdncChartName: sdnc
-  configDir: /opt/onap/sdnc/data/properties
-  storesDir: /opt/onap/sdnc/data/stores
-  odlUser: admin
-  odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-  # odlCredsExternalSecret: some secret
-  keystorePwd: ff^G9D]yf&r}Ktum@BJ0YB?N
-  # keystorePwdExternalSecret: some secret
-
-mariadb-galera:
-  config:
-    userCredentialsExternalSecret: *dbSecretName
-    userName: sdnctl
-    userPassword: gamma
-    mysqlDatabase: sdnctl
-  nameOverride: sdnc-portal-galera
-  service:
-    name: sdnc-portal-galera
-    portName: sdnc-portal-galera
-    internalPort: 3306
-  replicaCount: 1
-  persistence:
-    enabled: true
-    mountSubPath: sdnc-portal/maria/data
-
-# default number of instances
-replicaCount: 0
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
-  initialDelaySeconds: 180
-  periodSeconds: 10
-  # necessary to disable liveness probe when setting breakpoints
-  # in debugger so K8s doesn't restart unresponsive container
-  enabled: true
-
-readiness:
-  initialDelaySeconds: 60
-  periodSeconds: 10
-
-service:
-  type: NodePort
-  name: sdnc-portal
-  portName: sdnc-portal
-  internalPort: 8443
-  externalPort: 8443
-  nodePort: "01"
-
-ingress:
-  enabled: false
-  service:
-    - baseaddr: "sdnc-portal.api"
-      name: "sdnc-portal"
-      port: 8443
-  config:
-    ssl: "redirect"
-
-#Resource limit flavor -By default using small
-flavor: small
-#segregation for different environment (small and large)
-
-resources:
-  small:
-    limits:
-      cpu: 1
-      memory: 1Gi
-    requests:
-      cpu: 0.5
-      memory: 500Mi
-  large:
-    limits:
-      cpu: 2
-      memory: 2Gi
-    requests:
-      cpu: 1
-      memory: 1Gi
-  unlimited: {}
diff --git a/kubernetes/sdnc/charts/ueb-listener/requirements.yaml b/kubernetes/sdnc/charts/ueb-listener/requirements.yaml
deleted file mode 100644
index f99477141f..0000000000
--- a/kubernetes/sdnc/charts/ueb-listener/requirements.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
-  - name: common
-    version: ~6.x-0
-    repository: '@local'
diff --git a/kubernetes/sdnc/components/Makefile b/kubernetes/sdnc/components/Makefile
index 4e737638a6..313cca8c27 100644
--- a/kubernetes/sdnc/components/Makefile
+++ b/kubernetes/sdnc/components/Makefile
@@ -19,7 +19,9 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages
 SECRET_DIR := $(OUTPUT_DIR)/secrets
 
 EXCLUDES :=
+HELM_BIN := helm
 HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
 
 .PHONY: $(EXCLUDES) $(HELM_CHARTS)
 
@@ -33,15 +35,19 @@ make-%:
 	@if [ -f $*/Makefile ]; then make -C $*; fi
 
 dep-%: make-%
-	@if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
 
 lint-%: dep-%
-	@if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
 
 package-%: lint-%
 	@mkdir -p $(PACKAGE_DIR)
-	@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
-	@helm repo index $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+	@if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
 
 clean:
 	@rm -f */requirements.lock
diff --git a/kubernetes/sdnc/charts/dmaap-listener/Chart.yaml b/kubernetes/sdnc/components/dmaap-listener/Chart.yaml
index 1ff1b22a11..1ff1b22a11 100644
--- a/kubernetes/sdnc/charts/dmaap-listener/Chart.yaml
+++ b/kubernetes/sdnc/components/dmaap-listener/Chart.yaml
diff --git a/kubernetes/pomba/charts/pomba-validation-service/requirements.yaml b/kubernetes/sdnc/components/dmaap-listener/requirements.yaml
index f99477141f..f99477141f 100644
--- a/kubernetes/pomba/charts/pomba-validation-service/requirements.yaml
+++ b/kubernetes/sdnc/components/dmaap-listener/requirements.yaml
diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/aai.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/aai.properties
index 6a4ca4ca16..6a4ca4ca16 100644
--- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/aai.properties
+++ b/kubernetes/sdnc/components/dmaap-listener/resources/config/aai.properties
diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dblib.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/dblib.properties
index beb514e583..846abc2381 100644
--- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dblib.properties
+++ b/kubernetes/sdnc/components/dmaap-listener/resources/config/dblib.properties
@@ -1,3 +1,4 @@
+{{/*
 ###
 # ============LICENSE_START=======================================================
 # Copyright (C) 2018 ONAP Intellectual Property. All rights reserved.
@@ -15,6 +16,7 @@
 # limitations under the License.
 # ============LICENSE_END=========================================================
 ###
+*/}}
 org.onap.ccsdk.sli.dbtype=jdbc
 org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
 org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dhcpalert.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/dhcpalert.properties
index d2b55fb131..d2b55fb131 100644
--- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dhcpalert.properties
+++ b/kubernetes/sdnc/components/dmaap-listener/resources/config/dhcpalert.properties
diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties
index 6d5afef190..6d5afef190 100644
--- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties
+++ b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties
diff --git a/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties
new file mode 100644
index 0000000000..f114a9c65b
--- /dev/null
+++ b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties
@@ -0,0 +1,35 @@
+TransportType=HTTPNOAUTH
+Latitude =50.000000
+Longitude =-100.000000
+Version =1.0
+ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events
+Environment =TEST
+Partner =
+routeOffer=MR1
+SubContextPath =/
+Protocol =http
+MethodType =GET
+username =UNUSED
+password =UNUSED
+contenttype =application/json
+authKey=UNUSED
+authDate=UNUSED
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+topic=RAN-Slice-Mgmt
+group=users
+id=sdnc1
+timeout=15000
+limit=1000
+filter=
+AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler
+AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler
+AFT_DME2_REQ_TRACE_ON=true
+AFT_ENVIRONMENT=AFTUAT
+AFT_DME2_EP_CONN_TIMEOUT=15000
+AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000
+AFT_DME2_EP_READ_TIMEOUT_MS=50000
+sessionstickinessrequired=NO
+DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
+sdnc.odl.user=${ODL_USER}
+sdnc.odl.password=${ODL_PASSWORD}
+sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties
index fcb56e08c3..fcb56e08c3 100644
--- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties
+++ b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties
diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties
index a03871d428..a03871d428 100644
--- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties
+++ b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties
diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/lcm.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/lcm.properties
index 15f32c4248..15f32c4248 100644
--- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/lcm.properties
+++ b/kubernetes/sdnc/components/dmaap-listener/resources/config/lcm.properties
diff --git a/kubernetes/sdnc/charts/dmaap-listener/templates/configmap.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/configmap.yaml
index c41c3ef0d6..c41c3ef0d6 100644
--- a/kubernetes/sdnc/charts/dmaap-listener/templates/configmap.yaml
+++ b/kubernetes/sdnc/components/dmaap-listener/templates/configmap.yaml
diff --git a/kubernetes/sdnc/charts/dmaap-listener/templates/deployment.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml
index adf2136e33..e3dfa869ee 100644
--- a/kubernetes/sdnc/charts/dmaap-listener/templates/deployment.yaml
+++ b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml
@@ -16,24 +16,15 @@
 
 apiVersion: apps/v1
 kind: Deployment
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
 spec:
   selector:
     matchLabels:
       app: {{ include "common.name" . }}
   replicas: {{ .Values.replicaCount }}
+  selector: {{- include "common.selectors" . | nindent 4 }}
   template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
+    metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
       initContainers:
       - command:
@@ -60,7 +51,7 @@ spec:
         name: {{ include "common.name" . }}-update-config
 
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - {{ include "common.mariadbService" . }}
@@ -74,7 +65,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       containers:
@@ -113,6 +104,9 @@ spec:
         - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-oofpcipoc.properties
           name: properties
           subPath: dmaap-consumer-oofpcipoc.properties
+        - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-RANSlice.properties
+          name: properties
+          subPath: dmaap-consumer-RANSlice.properties
         resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
diff --git a/kubernetes/so/charts/so-appc-orchestrator/templates/secret.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/secret.yaml
index bd7eb8ea40..34932b713d 100644
--- a/kubernetes/so/charts/so-appc-orchestrator/templates/secret.yaml
+++ b/kubernetes/sdnc/components/dmaap-listener/templates/secret.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/sdnc/charts/dmaap-listener/templates/service.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/service.yaml
index 728ba05046..728ba05046 100644
--- a/kubernetes/sdnc/charts/dmaap-listener/templates/service.yaml
+++ b/kubernetes/sdnc/components/dmaap-listener/templates/service.yaml
diff --git a/kubernetes/sdnc/charts/dmaap-listener/values.yaml b/kubernetes/sdnc/components/dmaap-listener/values.yaml
index 9fe8232532..0f3f18b6b2 100644
--- a/kubernetes/sdnc/charts/dmaap-listener/values.yaml
+++ b/kubernetes/sdnc/components/dmaap-listener/values.yaml
@@ -17,8 +17,7 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
+  readinessImage: onap/oom/readiness:3.0.1
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
   # envsusbt
@@ -56,7 +55,7 @@ secrets:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/sdnc-dmaap-listener-image:1.8.4
+image: onap/sdnc-dmaap-listener-image:2.0.4
 pullPolicy: Always
 
 # flag to enable debugging - application support required
diff --git a/kubernetes/sdc/charts/sdc-dcae-be/.helmignore b/kubernetes/sdnc/components/sdnc-ansible-server/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/sdc/charts/sdc-dcae-be/.helmignore
+++ b/kubernetes/sdnc/components/sdnc-ansible-server/.helmignore
diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/Chart.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/Chart.yaml
index a8408165bf..a8408165bf 100644
--- a/kubernetes/sdnc/charts/sdnc-ansible-server/Chart.yaml
+++ b/kubernetes/sdnc/components/sdnc-ansible-server/Chart.yaml
diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/requirements.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/requirements.yaml
index 6a61926e9e..6a61926e9e 100755..100644
--- a/kubernetes/pomba/charts/pomba-contextaggregator/requirements.yaml
+++ b/kubernetes/sdnc/components/sdnc-ansible-server/requirements.yaml
diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/resources/config/RestServer_config b/kubernetes/sdnc/components/sdnc-ansible-server/resources/config/RestServer_config
index 7dc5c19e12..ce20cc98fe 100644
--- a/kubernetes/sdnc/charts/sdnc-ansible-server/resources/config/RestServer_config
+++ b/kubernetes/sdnc/components/sdnc-ansible-server/resources/config/RestServer_config
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 AT&T, Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 # Host definition
 ip:     0.0.0.0
diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/configmap.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/templates/configmap.yaml
index c41c3ef0d6..c41c3ef0d6 100644
--- a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/configmap.yaml
+++ b/kubernetes/sdnc/components/sdnc-ansible-server/templates/configmap.yaml
diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml
index 16a12b34db..d6d05efbdd 100644
--- a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml
+++ b/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml
@@ -16,24 +16,15 @@
 
 apiVersion: apps/v1
 kind: Deployment
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
 spec:
   selector:
     matchLabels:
       app: {{ include "common.name" . }}
   replicas: {{ .Values.replicaCount }}
+  selector: {{- include "common.selectors" . | nindent 4 }}
   template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
+    metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
       initContainers:
       - command:
@@ -60,7 +51,7 @@ spec:
         name: {{ include "common.name" . }}-update-config
 
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - {{ .Values.config.sdncChartName }}
@@ -70,7 +61,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       containers:
diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/secret.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/templates/secret.yaml
index bd7eb8ea40..34932b713d 100644
--- a/kubernetes/so/charts/so-bpmn-infra/templates/secret.yaml
+++ b/kubernetes/sdnc/components/sdnc-ansible-server/templates/secret.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/appc/charts/appc-ansible-server/templates/service.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/templates/service.yaml
index 5a79d5b093..3543044eaf 100644
--- a/kubernetes/appc/charts/appc-ansible-server/templates/service.yaml
+++ b/kubernetes/sdnc/components/sdnc-ansible-server/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
@@ -29,5 +31,5 @@ spec:
       targetPort: {{ .Values.service.internalPort }}
       name: {{ .Values.service.name }}
   selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
\ No newline at end of file
+    app.kubernetes.io/name: {{ include "common.name" . }}
+    app.kubernetes.io/instance: {{ include "common.release" . }}
diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml
index fc93a6ea32..080ae9c15f 100644
--- a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml
+++ b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml
@@ -17,8 +17,7 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
+  readinessImage: onap/oom/readiness:3.0.1
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
   # envsusbt
@@ -56,7 +55,7 @@ secrets:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/sdnc-ansible-server-image:1.8.4
+image: onap/sdnc-ansible-server-image:2.0.4
 pullPolicy: Always
 
 # flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh
index fb24653129..5a53fa1ca2 100755
--- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
+{{/*
 
 # Copyright © 2018 Amdocs
 #
@@ -13,6 +14,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 debugLog(){
   if [ "$enableDebugLogging" == true ]; then
diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh
index 8dd84bd3ea..9c81069812 100755
--- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
+{{/*
 
 # Copyright © 2018 Amdocs
 #
@@ -13,6 +14,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 debugLog(){
   if [ "$enableDebugLogging" == true ]; then
diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh
index c93ba24bd7..7764d00cc2 100755
--- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
+{{/*
 
 # Copyright © 2018 Amdocs
 #
@@ -13,6 +14,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 if [ "${SDNC_IS_PRIMARY_CLUSTER:-true}" = "true" ];then
   id=sdnc01
diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.cluster b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.cluster
index bdfa1a440b..5e815477e4 100755
--- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.cluster
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.cluster
@@ -1,4 +1,5 @@
 #!/bin/bash
+{{/*
 
 # Copyright © 2018 Amdocs
 #
@@ -13,6 +14,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 # query ODL cluster state
 USERNAME="{{.Values.odl.jolokia.username}}"
diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.dnsswitch b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.dnsswitch
index 209352c4e3..b6fcf166fd 100755
--- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.dnsswitch
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.dnsswitch
@@ -1,4 +1,5 @@
 #! /bin/bash
+{{/*
 
 # Copyright © 2018 Amdocs
 #
@@ -17,6 +18,7 @@
 ####################################################################################################
 # sdncDnsSwitchWrapper.bash: Wrapper script to invoke SDNC DNS Switch for domain: sdnc.example.com #
 ####################################################################################################
+*/}}
 ssh -i {{.Values.coreDNS.sshKeyFile}} -o StrictHostKeyChecking=no {{.Values.coreDNS.sshUser}}@{{.Values.coreDNS.host}} "{{.Values.coreDNS.switchScript}} $SDNC_LOCAL_K8S_CLUSTER_MASTER {{.Values.config.deployment}}"
 
 exit $?
diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.failover b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.failover
index e78b7eeee3..d9133e8477 100755
--- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.failover
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.failover
@@ -1,4 +1,5 @@
 #!/bin/bash
+{{/*
 
 # Copyright © 2018 Amdocs
 #
@@ -13,6 +14,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 LOGFILE="/app/geo.log"
 enableDebugLogging=true
diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.monitor b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.monitor
index 0042ac368a..7eac9a3fd5 100755
--- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.monitor
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.monitor
@@ -1,4 +1,5 @@
 #!/usr/bin/env python2
+{{/*
 # encoding: utf-8
 
 # Copyright © 2018 Amdocs
@@ -14,6 +15,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 import sys
 import os
diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/switchVoting.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/switchVoting.sh
index f13196e7e8..091643f174 100755
--- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/switchVoting.sh
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/switchVoting.sh
@@ -1,3 +1,4 @@
+{{/*
 #/bin/sh
 
 # Copyright © 2018 Amdocs
@@ -13,6 +14,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 set -e
 primary=${SDNC_IS_PRIMARY_CLUSTER:-true}
diff --git a/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml b/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml
index c702012694..1853ab937e 100644
--- a/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml
+++ b/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml
@@ -16,28 +16,19 @@
 
 apiVersion: apps/v1
 kind: Deployment
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
 spec:
   selector:
     matchLabels:
       app: {{ include "common.name" . }}
   replicas: 1
+  selector: {{- include "common.selectors" . | nindent 4 }}
   template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
+    metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - sdnc
@@ -49,7 +40,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       containers:
diff --git a/kubernetes/sdnc/components/sdnc-prom/values.yaml b/kubernetes/sdnc/components/sdnc-prom/values.yaml
index 7216e81abf..9551bc4ffd 100644
--- a/kubernetes/sdnc/components/sdnc-prom/values.yaml
+++ b/kubernetes/sdnc/components/sdnc-prom/values.yaml
@@ -18,8 +18,7 @@
 global:
   nodePortPrefix: 302
   repository: nexus3.onap.org:10001
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
+  readinessImage: onap/oom/readiness:3.0.1
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
   persistence:
diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/.helmignore b/kubernetes/sdnc/components/sdnc-web/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/sdc/charts/sdc-dcae-fe/.helmignore
+++ b/kubernetes/sdnc/components/sdnc-web/.helmignore
diff --git a/kubernetes/pnda/Chart.yaml b/kubernetes/sdnc/components/sdnc-web/Chart.yaml
index 39310b35e1..869f7fc428 100644
--- a/kubernetes/pnda/Chart.yaml
+++ b/kubernetes/sdnc/components/sdnc-web/Chart.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
+# Copyright © 2020 highstreet technologies GmbH
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -13,6 +13,6 @@
 # limitations under the License.
 
 apiVersion: v1
-description: ONAP DCAE PNDA
-name: pnda
+description: SDN-C Web Server
+name: sdnc-web
 version: 6.0.0
diff --git a/kubernetes/sdnc/components/sdnc-web/requirements.yaml b/kubernetes/sdnc/components/sdnc-web/requirements.yaml
new file mode 100644
index 0000000000..dcb280d037
--- /dev/null
+++ b/kubernetes/sdnc/components/sdnc-web/requirements.yaml
@@ -0,0 +1,22 @@
+# Copyright © 2020 highstreet technologies GmbH
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml b/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml
new file mode 100644
index 0000000000..acaf1ae900
--- /dev/null
+++ b/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml
@@ -0,0 +1,108 @@
+{{/*
+# Copyright © 2020 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector: {{- include "common.selectors" . | nindent 4 }}
+  template:
+    metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+    spec:
+      initContainers: {{ include "common.certInitializer.initContainer" . | indent 6 }}
+      - name: {{ include "common.name" . }}-readiness
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+        - /app/ready.py
+        args:
+        - --container-name
+        - {{ .Values.config.sdncChartName }}
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+
+      containers:
+        - name: {{ include "common.name" . }}
+          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          ports: {{- include "common.containerPorts" . | indent 10 }}
+          # disable liveness probe when breakpoints set in debugger
+          # so K8s doesn't restart unresponsive container
+          {{ if .Values.liveness.enabled }}
+          livenessProbe:
+            tcpSocket:
+              port: {{ .Values.service.internalPort }}
+            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.liveness.periodSeconds }}
+          {{ end }}
+          readinessProbe:
+            tcpSocket:
+              port: {{ .Values.service.internalPort }}
+            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.readiness.periodSeconds }}
+          env:
+          - name: WEBPROTOCOL
+            value: {{ .Values.config.webProtocol }}
+          - name: WEBPORT
+            value: {{ .Values.config.webPort | quote }}
+          - name: SDNRPROTOCOL
+            value: {{ .Values.config.sdnrProtocol }}
+          - name: SDNRHOST
+            value: {{ .Values.config.sdnrHost }}.{{ include "common.namespace" . }}
+          - name: SDNRPORT
+            value: {{ .Values.config.sdnrPort | quote }}
+          - name: SSL_CERT_DIR
+            value: {{ .Values.config.sslCertDir }}
+          - name: SSL_CERTIFICATE
+            value: {{ .Values.config.sslCertiticate }}
+          - name: SSL_CERTIFICATE_KEY
+            value: {{ .Values.config.sslCertKey }}
+          {{ if .Values.config.transportpce.enabled }}
+          - name: TRPCEURL
+            value: {{ .Values.config.transportpce.transportpceUrl }}
+          {{ end }}
+          {{ if .Values.config.topologyserver.enabled }}
+          - name: TOPOURL
+            value: {{ .Values.config.topologyserver.topologyserverUrl }}
+          - name: TILEURL
+            value: {{ .Values.config.topologyserver.tileserverUrl }}
+          {{ end }}
+
+          volumeMounts:  {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+          - mountPath: /etc/localtime
+            name: localtime
+            readOnly: true
+
+          resources: {{ include "common.resources" . | nindent 12 }}
+        {{- if .Values.nodeSelector }}
+        nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
+        {{- end -}}
+        {{- if .Values.affinity }}
+        affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+        {{- end }}
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+      - name: localtime
+        hostPath:
+          path: /etc/localtime
+
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/requirements.yaml b/kubernetes/sdnc/components/sdnc-web/templates/service.yaml
index 6a61926e9e..216073eee6 100644
--- a/kubernetes/pomba/charts/pomba-elasticsearch/requirements.yaml
+++ b/kubernetes/sdnc/components/sdnc-web/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/* # Copyright © 2020 highstreet technologies GmbH
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,8 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
+{{- include "common.service" . -}}
 
-dependencies:
-  - name: common
-    version: ~6.x-0
-    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/sdnc/components/sdnc-web/values.yaml b/kubernetes/sdnc/components/sdnc-web/values.yaml
new file mode 100644
index 0000000000..136379a7a2
--- /dev/null
+++ b/kubernetes/sdnc/components/sdnc-web/values.yaml
@@ -0,0 +1,129 @@
+# Copyright © 2020 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+  aafEnabled: true
+  nodePortPrefix: 322
+  readinessImage: onap/oom/readiness:3.0.1
+  loggingRepository: docker.elastic.co
+  loggingImage: beats/filebeat:5.5.0
+  k8scluster: svc.cluster.local
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: "onap/sdnc-web-image:2.0.4"
+pullPolicy: Always
+
+config:
+  sdncChartName: sdnc
+  webProtocol: HTTPS
+  webPort: 8443
+  sdnrProtocol: https
+  sdnrHost: "sdnc"
+  sdnrPort: "8443"
+  sslCertDir: "/opt/app/osaaf/local/certs"
+  sslCertiticate: "cert.pem"
+  sslCertKey: "key.pem"
+  transportpce:
+    enabled: false
+    transportpceUrl: http://transportpce.transportpce:8181
+  topologyserver:
+    enabled: false
+    topologyserverUrl: http://toplogy-api-service.topology:3001
+    tileserverUrl: https://tile.openstreetmap.org
+
+
+#################################################################
+# aaf configuration defaults.
+#################################################################
+certInitializer:
+  nameOverride: sdnc-web-cert-initializer
+  fqdn: "sdnc"
+  app_ns: "org.osaaf.aaf"
+  fqi: "sdnc@sdnc.onap.org"
+  fqi_namespace: "org.onap.sdnc"
+  public_fqdn: "sdnc.onap.org"
+  aafDeployFqi: "deployer@people.osaaf.org"
+  aafDeployPass: demo123456!
+  cadi_latitude: "38.0"
+  cadi_longitude: "-72.0"
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: >
+    cd /opt/app/osaaf/local;
+    mkdir -p certs;
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+    keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password;
+    openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12;
+    cp {{ .Values.fqi_namespace }}.key certs/key.pem;
+    chmod -R 755 certs;
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 180
+  periodSeconds: 10
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: true
+
+readiness:
+  initialDelaySeconds: 60
+  periodSeconds: 10
+
+service:
+  name: sdnc-web
+  suffix: service
+  type: NodePort
+  sessionAffinity: ClientIP
+  # for liveness and readiness probe only
+  # internalPort:
+  internalPort: 8443
+  ports:
+  - name: "sdnc-web"
+    port: "8443"
+    nodePort: "05"
+
+#ingress:
+#  enabled: false
+
+#Resource limit flavor -By default using small
+flavor: small
+#segregation for different environment (small and large)
+resources:
+  small:
+    limits:
+      cpu: 1
+      memory: 1Gi
+    requests:
+      cpu: 0.5
+      memory: 500Mi
+  large:
+    limits:
+      cpu: 2
+      memory: 2Gi
+    requests:
+      cpu: 1
+      memory: 1Gi
+  unlimited: {}
diff --git a/kubernetes/sdnc/charts/ueb-listener/Chart.yaml b/kubernetes/sdnc/components/ueb-listener/Chart.yaml
index 3195ab670d..3195ab670d 100644
--- a/kubernetes/sdnc/charts/ueb-listener/Chart.yaml
+++ b/kubernetes/sdnc/components/ueb-listener/Chart.yaml
diff --git a/kubernetes/sdnc/charts/dmaap-listener/requirements.yaml b/kubernetes/sdnc/components/ueb-listener/requirements.yaml
index f99477141f..f99477141f 100644
--- a/kubernetes/sdnc/charts/dmaap-listener/requirements.yaml
+++ b/kubernetes/sdnc/components/ueb-listener/requirements.yaml
diff --git a/kubernetes/sdnc/charts/ueb-listener/resources/config/dblib.properties b/kubernetes/sdnc/components/ueb-listener/resources/config/dblib.properties
index b4e69d36f5..5d8c44998f 100644
--- a/kubernetes/sdnc/charts/ueb-listener/resources/config/dblib.properties
+++ b/kubernetes/sdnc/components/ueb-listener/resources/config/dblib.properties
@@ -1,3 +1,4 @@
+{{/*
 ###
 # ============LICENSE_START=======================================================
 # openECOMP : SDN-C
@@ -18,6 +19,7 @@
 # limitations under the License.
 # ============LICENSE_END=========================================================
 ###
+*/}}
 
 # dblib.properties
 org.onap.ccsdk.sli.dbtype=jdbc
diff --git a/kubernetes/sdnc/charts/ueb-listener/resources/config/ueb-listener.properties b/kubernetes/sdnc/components/ueb-listener/resources/config/ueb-listener.properties
index 946773b18b..946773b18b 100644
--- a/kubernetes/sdnc/charts/ueb-listener/resources/config/ueb-listener.properties
+++ b/kubernetes/sdnc/components/ueb-listener/resources/config/ueb-listener.properties
diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/configmap.yaml b/kubernetes/sdnc/components/ueb-listener/templates/configmap.yaml
index c41c3ef0d6..c41c3ef0d6 100644
--- a/kubernetes/sdnc/charts/sdnc-portal/templates/configmap.yaml
+++ b/kubernetes/sdnc/components/ueb-listener/templates/configmap.yaml
diff --git a/kubernetes/sdnc/charts/ueb-listener/templates/deployment.yaml b/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml
index 50fbede110..63a1f8ac18 100644
--- a/kubernetes/sdnc/charts/ueb-listener/templates/deployment.yaml
+++ b/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml
@@ -16,24 +16,15 @@
 
 apiVersion: apps/v1
 kind: Deployment
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
 spec:
   selector:
     matchLabels:
       app: {{ include "common.name" . }}
   replicas: {{ .Values.replicaCount }}
+  selector: {{- include "common.selectors" . | nindent 4 }}
   template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
+    metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
       initContainers:
       - command:
@@ -63,7 +54,7 @@ spec:
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-update-config
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - {{ include "common.mariadbService" . }}
@@ -79,7 +70,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       containers:
diff --git a/kubernetes/sdnc/components/ueb-listener/templates/secret.yaml b/kubernetes/sdnc/components/ueb-listener/templates/secret.yaml
new file mode 100644
index 0000000000..34932b713d
--- /dev/null
+++ b/kubernetes/sdnc/components/ueb-listener/templates/secret.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/sdnc/charts/ueb-listener/templates/service.yaml b/kubernetes/sdnc/components/ueb-listener/templates/service.yaml
index 728ba05046..728ba05046 100644
--- a/kubernetes/sdnc/charts/ueb-listener/templates/service.yaml
+++ b/kubernetes/sdnc/components/ueb-listener/templates/service.yaml
diff --git a/kubernetes/sdnc/charts/ueb-listener/values.yaml b/kubernetes/sdnc/components/ueb-listener/values.yaml
index d9baeab11c..2b0da14424 100644
--- a/kubernetes/sdnc/charts/ueb-listener/values.yaml
+++ b/kubernetes/sdnc/components/ueb-listener/values.yaml
@@ -17,8 +17,7 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
+  readinessImage: onap/oom/readiness:3.0.1
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
     # envsusbt
@@ -62,7 +61,7 @@ secrets:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/sdnc-ueb-listener-image:1.8.4
+image: onap/sdnc-ueb-listener-image:2.0.4
 pullPolicy: Always
 
 # flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml
index a283678bc5..fd57517e32 100644
--- a/kubernetes/sdnc/requirements.yaml
+++ b/kubernetes/sdnc/requirements.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Bell Canada,
+# Copyright © 2020 highstreet technologies GmbH
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -19,12 +20,17 @@ dependencies:
   - name: certInitializer
     version: ~6.x-0
     repository: '@local'
+  - name: logConfiguration
+    version: ~6.x-0
+    repository: '@local'
   - name: network-name-gen
     version: ~6.x-0
     repository: '@local'
+    condition: network-name-gen.enabled
   - name: dgbuilder
     version: ~6.x-0
     repository: '@local'
+    condition: dgbuilder.enabled
   - name: sdnc-prom
     version: ~6.x-0
     repository: '@local'
@@ -36,3 +42,24 @@ dependencies:
   - name: elasticsearch
     version: ~6.x-0
     repository: '@local'
+    condition: config.sdnr.enabled
+  # conditions for sdnc-subcharts
+  - name: dmaap-listener
+    version: ~6.x-0
+    repository: 'file://components/dmaap-listener/'
+    condition: sdnc.dmaap-listener.enabled,dmaap-listener.enabled
+  - name: ueb-listener
+    version: ~6.x-0
+    repository: 'file://components/ueb-listener/'
+    condition: sdnc.ueb-listener.enabled,ueb-listener.enabled
+  - name: sdnc-ansible-server
+    version: ~6.x-0
+    repository: 'file://components/sdnc-ansible-server/'
+    condition: sdnc.sdnc-ansible-server.enabled,sdnc-ansible-server.enabled
+  - name: sdnc-web
+    version: ~6.x-0
+    repository: 'file://components/sdnc-web/'
+    condition: sdnc.sdnc-web.enabled,sdnc-web.enabled
+
+
+
diff --git a/kubernetes/sdnc/resources/config/bin/installSdncDb.sh b/kubernetes/sdnc/resources/config/bin/installSdncDb.sh
index 754ff2c5cc..caf745c9d3 100755
--- a/kubernetes/sdnc/resources/config/bin/installSdncDb.sh
+++ b/kubernetes/sdnc/resources/config/bin/installSdncDb.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
+{{/*
 
 ###
 # ============LICENSE_START=======================================================
@@ -20,6 +21,7 @@
 # limitations under the License.
 # ============LICENSE_END=========================================================
 ###
+*/}}
 
 SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc}
 ETC_DIR=${ETC_DIR:-${SDNC_HOME}/data}
diff --git a/kubernetes/sdnc/resources/config/bin/startODL.sh b/kubernetes/sdnc/resources/config/bin/startODL.sh
deleted file mode 100755
index 6aa796a163..0000000000
--- a/kubernetes/sdnc/resources/config/bin/startODL.sh
+++ /dev/null
@@ -1,169 +0,0 @@
-#!/bin/bash
-
-###
-# ============LICENSE_START=======================================================
-# SDNC
-# ================================================================================
-# Copyright © 2020 Samsung Electronics
-# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-
-# Append features to karaf boot feature configuration
-# $1 additional feature to be added
-# $2 repositories to be added (optional)
-function addToFeatureBoot() {
-  CFG=$ODL_HOME/etc/org.apache.karaf.features.cfg
-  ORIG=$CFG.orig
-  if [ -n "$2" ] ; then
-    echo "Add repository: $2"
-    mv $CFG $ORIG
-    cat $ORIG | sed -e "\|featuresRepositories|s|$|,$2|" > $CFG
-  fi
-  echo "Add boot feature: $1"
-  mv $CFG $ORIG
-  cat $ORIG | sed -e "\|featuresBoot *=|s|$|,$1|" > $CFG
-}
-
-# Append features to karaf boot feature configuration
-# $1 search pattern
-# $2 replacement
-function replaceFeatureBoot() {
-  CFG=$ODL_HOME/etc/org.apache.karaf.features.cfg
-  ORIG=$CFG.orig
-  echo "Replace boot feature $1 with: $2"
-  sed -i "/featuresBoot/ s/$1/$2/g" $CFG
-}
-
-function install_sdnrwt_features() {
-  addToFeatureBoot "$SDNRWT_BOOTFEATURES" $SDNRWT_REPOSITORY
-}
-
-function enable_odl_cluster(){
-  if [ -z $SDNC_REPLICAS ]; then
-     echo "SDNC_REPLICAS is not configured in Env field"
-     exit
-  fi
-
-  #Be sure to remove feature odl-netconf-connector-all from list
-  replaceFeatureBoot "odl-netconf-connector-all,"
-
-  echo "Installing Opendaylight cluster features"
-  replaceFeatureBoot odl-netconf-topology odl-netconf-clustered-topology
-  replaceFeatureBoot odl-mdsal-all odl-mdsal-all,odl-mdsal-clustering
-  addToFeatureBoot odl-jolokia
-  #${ODL_HOME}/bin/client feature:install odl-mdsal-clustering
-  #${ODL_HOME}/bin/client feature:install odl-jolokia
-
-
-  echo "Update cluster information statically"
-  hm=$(hostname)
-  echo "Get current Hostname ${hm}"
-
-  node=($(echo ${hm} | sed 's/-[0-9]*$//g'))
-  node_index=($(echo ${hm} | awk -F"-" '{print $NF}'))
-  member_offset=1
-
-  if $GEO_ENABLED; then
-    echo "This is a Geo cluster"
-
-    if [ -z $IS_PRIMARY_CLUSTER ] || [ -z $MY_ODL_CLUSTER ] || [ -z $PEER_ODL_CLUSTER ]; then
-     echo "IS_PRIMARY_CLUSTER, MY_ODL_CLUSTER and PEER_ODL_CLUSTER must all be configured in Env field"
-     return
-    fi
-
-    if $IS_PRIMARY_CLUSTER; then
-       PRIMARY_NODE=${MY_ODL_CLUSTER}
-       SECONDARY_NODE=${PEER_ODL_CLUSTER}
-    else
-       PRIMARY_NODE=${PEER_ODL_CLUSTER}
-       SECONDARY_NODE=${MY_ODL_CLUSTER}
-       member_offset=4
-    fi
-
-    node_list="${PRIMARY_NODE} ${SECONDARY_NODE}"
-
-    /opt/onap/sdnc/bin/configure_geo_cluster.sh $((node_index+member_offset)) ${node_list}
-  else
-    echo "This is a local cluster"
-
-    node_list="${node}-0.{{.Values.service.name}}-cluster.{{.Release.Namespace}}";
-
-    for ((i=1;i<${SDNC_REPLICAS};i++));
-    do
-      node_list="${node_list} ${node}-$i.{{.Values.service.name}}-cluster.{{.Release.Namespace}}"
-    done
-
-    /opt/opendaylight/current/bin/configure_cluster.sh $((node_index+1)) ${node_list}
-  fi
-}
-
-
-# Install SDN-C platform components if not already installed and start container
-
-ODL_HOME=${ODL_HOME:-/opt/opendaylight/current}
-ODL_ADMIN_USERNAME=${ODL_ADMIN_USERNAME}
-ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD}
-SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc}
-SDNC_BIN=${SDNC_BIN:-/opt/onap/sdnc/bin}
-CCSDK_HOME=${CCSDK_HOME:-/opt/onap/ccsdk}
-ENABLE_ODL_CLUSTER=${ENABLE_ODL_CLUSTER:-false}
-GEO_ENABLED=${GEO_ENABLED:-false}
-SDNC_AAF_ENABLED=${SDNC_AAF_ENABLED:-false}
-SDNRWT=${SDNRWT:-false}
-SDNRWT_BOOTFEATURES=${SDNRWT_BOOTFEATURES:-sdnr-wt-feature-aggregator}
-export ODL_ADMIN_PASSWORD ODL_ADMIN_USERNAME
-
-echo "Settings:"
-echo "  ENABLE_ODL_CLUSTER=$ENABLE_ODL_CLUSTER"
-echo "  SDNC_REPLICAS=$SDNC_REPLICAS"
-echo "  SDNRWT=$SDNRWT"
-echo "  AAF_ENABLED=$SDNC_AAF_ENABLED"
-
-
-if $SDNC_AAF_ENABLED; then
-	export SDNC_AAF_STORE_DIR=/opt/app/osaaf/local
-	export SDNC_AAF_CONFIG_DIR=/opt/app/osaaf/local
-	export SDNC_KEYPASS=`cat /opt/app/osaaf/local/.pass`
-	export SDNC_KEYSTORE=org.onap.sdnc.p12
-	sed -i '/cadi_prop_files/d' $ODL_HOME/etc/system.properties
-	echo "cadi_prop_files=$SDNC_AAF_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties
-
-	sed -i '/org.ops4j.pax.web.ssl.keystore/d' $ODL_HOME/etc/custom.properties
-	sed -i '/org.ops4j.pax.web.ssl.password/d' $ODL_HOME/etc/custom.properties
-	sed -i '/org.ops4j.pax.web.ssl.keypassword/d' $ODL_HOME/etc/custom.properties
-	echo org.ops4j.pax.web.ssl.keystore=$SDNC_AAF_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties
-	echo org.ops4j.pax.web.ssl.password=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
-	echo org.ops4j.pax.web.ssl.keypassword=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
-fi
-
-if [ ! -f ${SDNC_HOME}/.installed ]
-then
-	echo "Installing SDN-C keyStore"
-	${SDNC_HOME}/bin/addSdncKeyStore.sh
-
-	if $ENABLE_ODL_CLUSTER ; then enable_odl_cluster ; fi
-
-	if $SDNRWT ; then install_sdnrwt_features ; fi
-
-        echo "Installed at `date`" > ${SDNC_HOME}/.installed
-fi
-
-cp /opt/opendaylight/current/certs/* /tmp
-
-nohup python ${SDNC_BIN}/installCerts.py &
-
-
-exec ${ODL_HOME}/bin/karaf server
diff --git a/kubernetes/sdnc/resources/config/conf/aaiclient.properties b/kubernetes/sdnc/resources/config/conf/aaiclient.properties
index 5d4473c978..7021990da0 100755
--- a/kubernetes/sdnc/resources/config/conf/aaiclient.properties
+++ b/kubernetes/sdnc/resources/config/conf/aaiclient.properties
@@ -1,3 +1,4 @@
+{{/*
 ###
 # ============LICENSE_START=======================================================
 # openECOMP : SDN-C
@@ -17,6 +18,7 @@
 # limitations under the License.
 # ============LICENSE_END=========================================================
 ###
+*/}}
 
 #
 # Configuration file for A&AI Client
@@ -78,4 +80,4 @@ org.onap.ccsdk.sli.adaptors.aai.path.vnf.image.query=/aai/v13/service-design-and
 org.onap.ccsdk.sli.adaptors.aai.param.format=filter=%s:%s
 org.onap.ccsdk.sli.adaptors.aai.param.vnf_type=vnf-type
 org.onap.ccsdk.sli.adaptors.aai.param.physical.location.id=physical-location-id
-org.onap.ccsdk.sli.adaptors.aai.param.service.type=service-type
\ No newline at end of file
+org.onap.ccsdk.sli.adaptors.aai.param.service.type=service-type
diff --git a/kubernetes/sdnc/resources/config/conf/blueprints-processor-adaptor.properties b/kubernetes/sdnc/resources/config/conf/blueprints-processor-adaptor.properties
index 224e84b3a7..4ce1851658 100644
--- a/kubernetes/sdnc/resources/config/conf/blueprints-processor-adaptor.properties
+++ b/kubernetes/sdnc/resources/config/conf/blueprints-processor-adaptor.properties
@@ -1,3 +1,4 @@
+{{/*
 ###
 # Copyright � 2017-2018 AT&T Intellectual Property.
 # Modifications Copyright � 2018 IBM.
@@ -17,6 +18,7 @@
 #
 # Configuration file for SDNC Controller Module
 #
+*/}}
 
 org.onap.ccsdk.features.blueprints.adaptors.envtype=solo
 
diff --git a/kubernetes/sdnc/resources/config/conf/dblib.properties b/kubernetes/sdnc/resources/config/conf/dblib.properties
index 1fb6fb8732..97daec079e 100644
--- a/kubernetes/sdnc/resources/config/conf/dblib.properties
+++ b/kubernetes/sdnc/resources/config/conf/dblib.properties
@@ -1,3 +1,4 @@
+{{/*
 ###
 # ============LICENSE_START=======================================================
 # Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
@@ -15,6 +16,7 @@
 # limitations under the License.
 # ============LICENSE_END=========================================================
 ###
+*/}}
 org.onap.ccsdk.sli.dbtype=jdbc
 org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
 org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{$.Values.config.dbSdnctlDatabase}}
diff --git a/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties b/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties
new file mode 100644
index 0000000000..a21ac0441c
--- /dev/null
+++ b/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties
@@ -0,0 +1,31 @@
+[general]
+dmaapEnabled={{.Values.config.sdnr.mountpointRegistrarEnabled | default "false"}}
+{{ if .Values.global.aafEnabled }}
+baseUrl=https://localhost:{{.Values.service.internalPort4}}
+{{- else }}
+baseUrl=http://localhost:{{.Values.service.internalPort}}
+{{- end }}
+sdnrUser=${ODL_ADMIN_USERNAME}
+sdnrPasswd=${ODL_ADMIN_PASSWORD}
+
+[fault]
+faultConsumerClass=org.onap.ccsdk.features.sdnr.wt.mountpointregistrar.impl.DMaaPFaultVESMsgConsumer
+TransportType=HTTPNOAUTH
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}}
+topic=unauthenticated.SEC_FAULT_OUTPUT
+contenttype=application/json
+group=myG
+id=C1
+timeout=50000
+limit=10000
+
+[pnfRegistration]
+pnfRegConsumerClass=org.onap.ccsdk.features.sdnr.wt.mountpointregistrar.impl.DMaaPPNFRegVESMsgConsumer
+TransportType=HTTPNOAUTH
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}}
+topic=unauthenticated.VES_PNFREG_OUTPUT
+contenttype=application/json
+group=myG
+id=C1
+timeout=50000
+limit=10000
diff --git a/kubernetes/sdnc/resources/config/conf/mountpoint-state-provider.properties b/kubernetes/sdnc/resources/config/conf/mountpoint-state-provider.properties
new file mode 100644
index 0000000000..34f3cf9a4b
--- /dev/null
+++ b/kubernetes/sdnc/resources/config/conf/mountpoint-state-provider.properties
@@ -0,0 +1,11 @@
+[general]
+dmaapEnabled={{.Values.config.sdnr.mountpointStateProviderEnabled | default "false"}}
+TransportType=HTTPNOAUTH
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}}
+topic=unauthenticated.SDNR_MOUNTPOINT_STATE_INFO
+contenttype=application/json
+timeout=20000
+limit=10000
+maxBatchSize=100
+maxAgeMs=250
+MessageSentThreadOccurance=50
diff --git a/kubernetes/sdnc/resources/config/conf/netbox.properties b/kubernetes/sdnc/resources/config/conf/netbox.properties
index a768041945..c94e06091a 100755
--- a/kubernetes/sdnc/resources/config/conf/netbox.properties
+++ b/kubernetes/sdnc/resources/config/conf/netbox.properties
@@ -1,3 +1,4 @@
+{{/*
 #
 # Copyright (C) 2018 AT&T, Bell Canada.
 #
@@ -13,6 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+*/}}
 
 # Configuration file for Netbox client
 org.onap.ccsdk.sli.adaptors.netbox.url=http://netbox-app.{{.Release.Namespace}}:8001
diff --git a/kubernetes/sdnc/resources/config/conf/setenv b/kubernetes/sdnc/resources/config/conf/setenv
index 7476e6849a..85af48ac1d 100644
--- a/kubernetes/sdnc/resources/config/conf/setenv
+++ b/kubernetes/sdnc/resources/config/conf/setenv
@@ -1,4 +1,5 @@
 #!/bin/sh
+{{/*
 #
 #    Licensed to the Apache Software Foundation (ASF) under one or more
 #    contributor license agreements.  See the NOTICE file distributed with
@@ -50,12 +51,13 @@
 # export KARAF_DEBUG # Enable debug mode
 # export KARAF_REDIRECT # Enable/set the std/err redirection when using bin/start
 # export KARAF_NOROOT # Prevent execution as root if set to true
+*/}}
 if [ "x$JAVA_MAX_MEM" = "x" ]; then
     export JAVA_MAX_MEM="2048m"
 fi
 
-EXTRA_JAVA_OPTS: "-XX:+UseG1GC -XX:MaxGCPauseMillis={{.Values.config.odl.javaOptions.maxGCPauseMillis}} \
- -XX:ParallelGCThreads={{.Values.config.odl.javaOptions.parallelGCThreads}} -XX:+ParallelRefProcEnabled \
- -XX:+UseStringDeduplication -XX:+PrintGC -XX:+PrintGCDateStamps -XX:+PrintGCDetails \
- -XX:+PrintGCTimeStamps -XX:+UseGCLogFileRotation \
- -XX:NumberOfGCLogFiles={{.Values.config.odl.javaOptions.numberGGLogFiles}} -Xloggc:/var/log/onap/sdnc/gc-%t.log"
+EXTRA_JAVA_OPTS=${EXTRA_JAVA_OPTS:-"-XX:+UseG1GC \
+ -XX:MaxGCPauseMillis={{.Values.config.odl.javaOptions.maxGCPauseMillis}} \
+ -XX:ParallelGCThreads={{.Values.config.odl.javaOptions.parallelGCThreads}} \
+ -XX:+ParallelRefProcEnabled \
+ -XX:+UseStringDeduplication {{.Values.config.odl.javaOptions.gcLogOptions}}"}
diff --git a/kubernetes/sdnc/resources/config/conf/svclogic.properties b/kubernetes/sdnc/resources/config/conf/svclogic.properties
index adbba660c5..298bbccb9a 100644
--- a/kubernetes/sdnc/resources/config/conf/svclogic.properties
+++ b/kubernetes/sdnc/resources/config/conf/svclogic.properties
@@ -1,3 +1,4 @@
+{{/*
 ###
 # ============LICENSE_START=======================================================
 # openECOMP : SDN-C
@@ -17,6 +18,7 @@
 # limitations under the License.
 # ============LICENSE_END=========================================================
 ###
+*/}}
 
 org.onap.ccsdk.sli.dbtype = jdbc
 org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{$.Values.config.dbSdnctlDatabase}}
diff --git a/kubernetes/sdnc/resources/config/log/org.ops4j.pax.logging.cfg b/kubernetes/sdnc/resources/config/log/org.ops4j.pax.logging.cfg
index a2daef1833..685a285021 100644
--- a/kubernetes/sdnc/resources/config/log/org.ops4j.pax.logging.cfg
+++ b/kubernetes/sdnc/resources/config/log/org.ops4j.pax.logging.cfg
@@ -1,3 +1,4 @@
+{{/*
 ################################################################################
 #
 #    Licensed to the Apache Software Foundation (ASF) under one or more
@@ -17,6 +18,7 @@
 #
 ################################################################################
 # Properties used as default values in MDC
+*/}}
 log4j2.property.ServiceName = INTERNAL
 log4j2.property.ErrorCode = 900
 log4j2.property.ErrorDesc = UnknownError
@@ -42,7 +44,7 @@ log4j2.rootLogger.appenderRef.Console.ref = Console
 log4j2.rootLogger.appenderRef.DebugFile.ref = DebugFile
 log4j2.rootLogger.appenderRef.ErrorFile.ref = ErrorFile
 log4j2.rootLogger.appenderRef.Console.filter.threshold.type = ThresholdFilter
-log4j2.rootLogger.appenderRef.Console.filter.threshold.level = ${karaf.log.console:-OFF}
+log4j2.rootLogger.appenderRef.Console.filter.threshold.level = ${env:KARAF_CONSOLE_LOG_LEVEL\:-OFF}
 
 log4j2.bundle.info = %X{bundle.id} - %.50X{bundle.name} - %X{bundle.version}
 # Veracode: Address Improper Output Neutralization for Logs CWE ID 117 flaw
@@ -113,7 +115,6 @@ log4j2.appender.error.strategy.max = ${maxBackupIndex}
 log4j2.appender.error.strategy.fileIndex = min
 log4j2.appender.error.filter.threshold.type = ThresholdFilter
 log4j2.appender.error.filter.threshold.level = WARN
-log4j2.appender.error.filter.threshold.match = ACCEPT
 
 log4j2.appender.metric.type = RollingRandomAccessFile
 log4j2.appender.metric.name = MetricFile
@@ -163,7 +164,7 @@ log4j2.appender.rr.strategy.max = 100
 log4j2.appender.rr.strategy.fileIndex = min
 
 log4j2.appender.security.type = RollingRandomAccessFile
-log4j2.appender.security.name = securityRollingFile
+log4j2.appender.security.name = SecurityFile
 log4j2.appender.security.fileName = ${logDirectory}/${securityLogName}.log
 log4j2.appender.security.filePattern = ${logDirectory}/${securityLogName}.log.%i
 log4j2.appender.security.append = true
@@ -177,7 +178,7 @@ log4j2.appender.security.policies.size.size = ${maxFileSize}
 log4j2.logger.security.name = org.apache.karaf.jaas.modules.audit
 log4j2.logger.security.level = INFO
 log4j2.logger.security.additivity = false
-log4j2.logger.security.appenderRef.AuditRollingFile.ref = AuditRollingFile
+log4j2.logger.security.appenderRef.SecurityFile.ref = SecurityFile
 
 log4j2.logger.audit.name = org.onap.logging.filter.base.AbstractAuditLogFilter
 log4j2.logger.audit.level = INFO
diff --git a/kubernetes/sdnc/resources/config/overrides/sdnc-versions.yaml b/kubernetes/sdnc/resources/config/overrides/sdnc-versions.yaml
index c664860218..a27bccc246 100644
--- a/kubernetes/sdnc/resources/config/overrides/sdnc-versions.yaml
+++ b/kubernetes/sdnc/resources/config/overrides/sdnc-versions.yaml
@@ -4,8 +4,6 @@ sdnc:
     image: onap/sdnc-ansible-server-image:1.7.0
   dmaap-listener:
     image: onap/sdnc-dmaap-listener-image:1.7.0
-  sdnc-portal:
-    image: onap/admportal-sdnc-image:1.7.0
   ueb-listener:
     image: onap/sdnc-ueb-listener-image:1.7.0
 cds:
diff --git a/kubernetes/sdnc/resources/env.yaml b/kubernetes/sdnc/resources/env.yaml
index 6e38ae99d6..f02f8aef16 100644
--- a/kubernetes/sdnc/resources/env.yaml
+++ b/kubernetes/sdnc/resources/env.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 SDNC_AAF_ENABLED: "{{ .Values.global.aafEnabled }}"
 SDNC_GEO_ENABLED: "{{ .Values.config.geoEnabled }}"
diff --git a/kubernetes/sdnc/resources/geo/bin/sdnc.cluster b/kubernetes/sdnc/resources/geo/bin/sdnc.cluster
index 87cdeffe89..bc285fb42d 100755
--- a/kubernetes/sdnc/resources/geo/bin/sdnc.cluster
+++ b/kubernetes/sdnc/resources/geo/bin/sdnc.cluster
@@ -1,4 +1,5 @@
 #!/bin/bash
+{{/*
 
 # Copyright © 2018 Amdocs
 #
@@ -13,6 +14,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 if ! [ "$(command -v jq)" ]; then
   echo "Error: jq is not installed."
diff --git a/kubernetes/sdnc/resources/geo/bin/sdnc.isPrimaryCluster b/kubernetes/sdnc/resources/geo/bin/sdnc.isPrimaryCluster
index 7a4f6a7dd0..ffd044854f 100755
--- a/kubernetes/sdnc/resources/geo/bin/sdnc.isPrimaryCluster
+++ b/kubernetes/sdnc/resources/geo/bin/sdnc.isPrimaryCluster
@@ -1,4 +1,5 @@
 #!/bin/bash
+{{/*
 
 # Copyright © 2018 Amdocs
 #
@@ -13,6 +14,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 dir=$( dirname $0 )
 
diff --git a/kubernetes/sdnc/resources/geo/bin/sdnc.makeActive b/kubernetes/sdnc/resources/geo/bin/sdnc.makeActive
index 76eca48af5..88f57b1ceb 100755
--- a/kubernetes/sdnc/resources/geo/bin/sdnc.makeActive
+++ b/kubernetes/sdnc/resources/geo/bin/sdnc.makeActive
@@ -1,4 +1,5 @@
 #!/bin/sh
+{{/*
 
 # Copyright © 2018 Amdocs
 #
@@ -13,6 +14,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 if [ $# -lt 1 ];then
   echo "Usage: makeactive <release> [namespace]"
diff --git a/kubernetes/sdnc/resources/geo/bin/sdnc.monitor b/kubernetes/sdnc/resources/geo/bin/sdnc.monitor
index b14bd7325d..3f9f4014b3 100755
--- a/kubernetes/sdnc/resources/geo/bin/sdnc.monitor
+++ b/kubernetes/sdnc/resources/geo/bin/sdnc.monitor
@@ -1,4 +1,5 @@
 #!/bin/sh
+{{/*
 
 # Copyright © 2018 Amdocs
 #
@@ -13,6 +14,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 if [ $# -lt 1 ];then
   echo "Usage: $(basename $0) [--debug] <release> [namespace]"
diff --git a/kubernetes/sdnc/resources/geo/bin/switchVoting.sh b/kubernetes/sdnc/resources/geo/bin/switchVoting.sh
index 7a1c193492..076f1ea35f 100755
--- a/kubernetes/sdnc/resources/geo/bin/switchVoting.sh
+++ b/kubernetes/sdnc/resources/geo/bin/switchVoting.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
+{{/*
 
 # Copyright © 2018 Amdocs
 #
@@ -13,6 +14,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 function usage()
 {
diff --git a/kubernetes/sdnc/templates/job.yaml b/kubernetes/sdnc/templates/job.yaml
index bce94f3008..e0f0e55252 100755
--- a/kubernetes/sdnc/templates/job.yaml
+++ b/kubernetes/sdnc/templates/job.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.dgbuilder.enabled -}}
 {{/*
 # Copyright © 2017 Amdocs, Bell Canada, AT&T
 #
@@ -81,7 +82,7 @@ spec:
 
       - name: {{ include "common.name" . }}-readiness
         command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - {{ include "common.mariadbService" . }}
@@ -91,7 +92,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
       containers:
       - name: {{ include "common.name" . }}
@@ -165,3 +166,4 @@ spec:
       restartPolicy: Never
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{- end -}}
diff --git a/kubernetes/sdnc/templates/sdnrdb-init-job.yaml b/kubernetes/sdnc/templates/sdnrdb-init-job.yaml
new file mode 100755
index 0000000000..7975b70ed2
--- /dev/null
+++ b/kubernetes/sdnc/templates/sdnrdb-init-job.yaml
@@ -0,0 +1,104 @@
+{{/*
+# Copyright © 2020 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.config.sdnr.enabled -}}
+apiVersion: batch/v1
+kind: Job
+metadata: {{- include "common.resourceMetadata" (dict "suffix" "sdnrdb-init-job" "dot" . ) | nindent 2 }}
+spec:
+  backoffLimit: 20
+  template:
+    metadata: {{ include "common.templateMetadata" . | indent 6}}
+    spec:
+      initContainers:
+      {{ include "common.certInitializer.initContainer" . | indent 6 }}
+      {{ if .Values.global.aafEnabled }}
+      - name: {{ include "common.name" . }}-chown
+        image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+        command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}"]
+        volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+      {{ end }}
+      - name: {{ include "common.name" . }}-readiness
+        command:
+        - /app/ready.py
+        args:
+        - --container-name
+        - {{.Values.elasticsearch.nameOverride}}-elasticsearch
+        - --container-name
+        - {{.Values.elasticsearch.nameOverride}}-nginx
+        - --container-name
+        - {{.Values.elasticsearch.nameOverride}}-master
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+      containers:
+      - name: {{ include "common.name" . }}-sdnrdb-init-job
+        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command: ["/bin/bash"]
+        args: ["-c", "{{ .Values.config.binDir }}/startODL.sh"]
+        env:
+          - name: SDNC_AAF_ENABLED
+            value: "{{ .Values.global.aafEnabled}}"
+          - name: SDNC_HOME
+            value: "{{.Values.config.sdncHome}}"
+          - name: ETC_DIR
+            value: "{{.Values.config.etcDir}}"
+          - name: BIN_DIR
+            value: "{{.Values.config.binDir}}"
+          ## start sdnrdb parameter
+          - name: SDNRINIT
+            value: "true"
+          - name: SDNRDBURL
+            {{ if .Values.global.aafEnabled -}}
+            value: "https://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}"
+            {{- else -}}
+            value: "http://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}"
+            {{- end }}
+          - name: SDNRDBPARAMETER
+            value: "-k"
+        volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+        resources: {{ include "common.resources" . | nindent 12 }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
+      {{- end -}}
+      {{- if .Values.affinity }}
+      affinity: {{ toYaml .Values.affinity | nindent 10 }}
+      {{- end }}
+      volumes:
+      - name: localtime
+        hostPath:
+          path: /etc/localtime
+      - name: docker-entrypoint-initdb-d
+        emptyDir: {}
+      - name: bin
+        configMap:
+          name: {{ include "common.fullname" . }}-bin
+          defaultMode: 0755
+      - name: properties
+        configMap:
+          name: {{ include "common.fullname" . }}-properties
+          defaultMode: 0644
+{{ include "common.certInitializer.volumes" . | nindent 6 }}
+      restartPolicy: Never
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+
+{{ end -}}
diff --git a/kubernetes/sdnc/templates/secrets.yaml b/kubernetes/sdnc/templates/secrets.yaml
index 34932b713d..916d47d753 100644
--- a/kubernetes/sdnc/templates/secrets.yaml
+++ b/kubernetes/sdnc/templates/secrets.yaml
@@ -13,5 +13,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 */}}
-
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/sdnc/templates/service.yaml b/kubernetes/sdnc/templates/service.yaml
index 741a15ae53..e3be4bc46a 100644
--- a/kubernetes/sdnc/templates/service.yaml
+++ b/kubernetes/sdnc/templates/service.yaml
@@ -1,5 +1,6 @@
 {{/*
 # Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 highstreet technologies GmbH
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -48,9 +49,12 @@ spec:
       targetPort: {{ .Values.service.internalPort4 }}
       {{ end }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
+  {{ if .Values.config.sdnr.enabled }}
+  sessionAffinity:  ClientIP
+  {{ end }}
   selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
+    app.kubernetes.io/name: {{ include "common.name" . }}
+    app.kubernetes.io/instance: {{ include "common.release" . }}
 ---
 apiVersion: v1
 kind: Service
@@ -77,8 +81,8 @@ spec:
       port: {{ .Values.service.externalPort2 }}
       targetPort: {{ .Values.service.internalPort2 }}
   selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
+    app.kubernetes.io/name: {{ include "common.name" . }}
+    app.kubernetes.io/instance: {{ include "common.release" . }}
 ---
 apiVersion: v1
 kind: Service
@@ -96,8 +100,8 @@ spec:
      port: {{ .Values.service.clusterPort }}
   clusterIP: None
   selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
+    app.kubernetes.io/name: {{ include "common.name" . }}
+    app.kubernetes.io/instance: {{ include "common.release" . }}
   sessionAffinity: None
   type: ClusterIP
 
diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index 437cb31a8e..98ad43ed60 100644
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -17,26 +17,17 @@
 
 apiVersion: apps/v1
 kind: StatefulSet
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
 spec:
   selector:
     matchLabels:
       app: {{ include "common.name" . }}
   serviceName: {{ include "common.servicename" . }}-cluster
   replicas: {{ .Values.replicaCount }}
+  selector: {{- include "common.selectors" . | nindent 4 }}
   podManagementPolicy: Parallel
   template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
+    metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
       initContainers:
       - command:
@@ -71,6 +62,11 @@ spec:
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
         - name: SDNC_DB_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+        - name: ODL_ADMIN_USERNAME
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
+        - name: ODL_ADMIN_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
+
         volumeMounts:
         - mountPath: /config-input
           name: config-input
@@ -79,27 +75,82 @@ spec:
         image: "{{ .Values.global.envsubstImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-update-config
-
+      {{ if .Values.dgbuilder.enabled -}}
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
+        {{ if or .Values.dgbuilder.enabled .Values.config.sdnr.enabled -}}
         - --container-name
         - {{ include "common.mariadbService" . }}
+        {{ end -}}
+        {{ if .Values.config.sdnr.enabled -}}
+        - --container-name
+        - {{ include "common.name" . }}-sdnrdb-init-job
+        {{ end -}}
         env:
         - name: NAMESPACE
           valueFrom:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
-
+        {{ end -}}
 {{ include "common.certInitializer.initContainer" . | indent 6 }}
 
+      {{ if .Values.global.cmpv2Enabled }}
+      - name: certs-init
+        image: "{{ .Values.global.repository }}/{{ .Values.global.platform.certServiceClient.image }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        env:
+          - name: REQUEST_URL
+            value: {{ .Values.global.platform.certServiceClient.envVariables.requestURL }}
+          - name: REQUEST_TIMEOUT
+            value: "30000"
+          - name: OUTPUT_PATH
+            value: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }}
+          - name: CA_NAME
+            value: {{ .Values.global.platform.certServiceClient.envVariables.caName }}
+          - name: COMMON_NAME
+            value: {{ .Values.global.platform.certServiceClient.envVariables.common_name }}
+          - name: ORGANIZATION
+            value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Organization }}
+          - name: ORGANIZATION_UNIT
+            value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2OrganizationalUnit }}
+          - name: LOCATION
+            value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Location }}
+          - name: STATE
+            value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2State }}
+          - name: COUNTRY
+            value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Country }}
+          - name: KEYSTORE_PATH
+            value: {{ .Values.global.platform.certServiceClient.envVariables.keystorePath }}
+          - name: KEYSTORE_PASSWORD
+            value: {{ .Values.global.platform.certServiceClient.envVariables.keystorePassword }}
+          - name: TRUSTSTORE_PATH
+            value: {{ .Values.global.platform.certServiceClient.envVariables.truststorePath }}
+          - name: TRUSTSTORE_PASSWORD
+            value: {{ .Values.global.platform.certServiceClient.envVariables.truststorePassword }}
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+          - mountPath: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }}
+            name: certs
+          - mountPath: {{ .Values.global.platform.certServiceClient.secret.mountPath }}
+            name: certservice-tls-volume
+      {{ end }}
+
       - name: {{ include "common.name" . }}-chown
-        image: "busybox"
-        command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }} ; chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}"]
+        image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+        command:
+        - sh
+        args:
+        - -c
+        - chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }}
+{{- if .Values.global.aafEnabled }}
+        - chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}
+{{- end }}
         volumeMounts:
 {{ include "common.certInitializer.volumeMount" . | indent 10 }}
           - mountPath: {{ .Values.persistence.mdsalPath }}
@@ -151,6 +202,26 @@ spec:
             value: {{ include "common.mariadbService" . }}
           - name: JAVA_HOME
             value: "{{ .Values.config.javaHome}}"
+          - name: JAVA_OPTS
+            value: "-Xms{{.Values.config.odl.javaOptions.minMemory}} -Xmx{{.Values.config.odl.javaOptions.maxMemory}}"
+          - name: KARAF_CONSOLE_LOG_LEVEL
+            value: "{{ include "common.log.level" . }}"
+          - name: SDNRWT
+            value: "{{ .Values.config.sdnr.enabled | default "false"}}"
+          {{- if eq .Values.config.sdnr.mode "web" }}
+          - name: SDNRDM
+            value: "true"
+          {{- end }}
+          - name: SDNRONLY
+            value: "{{ .Values.config.sdnr.sdnronly | default "false" }}"
+          - name: SDNRDBURL
+            {{- $prefix := ternary "https" "http" .Values.global.aafEnabled}}
+            value: "{{$prefix}}://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}"
+          {{- if .Values.config.sdnr.sdnrdbTrustAllCerts }}
+          - name: SDNRDBTRUSTALLCERTS
+            value: "true"
+          {{ end }}
+
           volumeMounts:
 {{ include "common.certInitializer.volumeMount" . | indent 10 }}
           - mountPath: /etc/localtime
@@ -159,9 +230,6 @@ spec:
           - mountPath: /opt/opendaylight/current/etc/org.ops4j.pax.logging.cfg
             name: sdnc-logging-cfg-config
             subPath: org.ops4j.pax.logging.cfg
-          - mountPath: {{ .Values.config.binDir }}/startODL.sh
-            name: bin
-            subPath: startODL.sh
           - mountPath: {{ .Values.config.binDir }}/installSdncDb.sh
             name: bin
             subPath: installSdncDb.sh
@@ -202,6 +270,16 @@ spec:
           - mountPath: {{ .Values.config.odl.binDir }}/setenv
             name: properties
             subPath: setenv
+          - mountPath: {{ .Values.config.odl.etcDir }}/mountpoint-registrar.properties
+            name: properties
+            subPath: mountpoint-registrar.properties
+          - mountPath: {{ .Values.config.odl.etcDir }}/mountpoint-state-provider.properties
+            name: properties
+            subPath: mountpoint-state-provider.properties
+          {{ if .Values.global.cmpv2Enabled }}
+          - mountPath: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }}
+            name: certs
+          {{- end }}
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -252,6 +330,14 @@ spec:
         - name: properties
           emptyDir:
             medium: Memory
+        {{ if .Values.global.cmpv2Enabled }}
+        - name: certs
+          emptyDir:
+            medium: Memory
+        - name: certservice-tls-volume
+          secret:
+            secretName: {{ .Values.global.platform.certServiceClient.secret.name }}
+        {{- end }}
   {{ if not .Values.persistence.enabled }}
         - name: {{ include "common.fullname" . }}-data
           emptyDir: {}
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index f16f3b1925..af5a6f4878 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2020 Samsung Electronics
+# Copyright © 2020 Samsung Electronics, highstreet technologies GmbH
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -20,8 +20,7 @@ global:
   nodePortPrefix: 302
   nodePortPrefixExt: 304
   repository: nexus3.onap.org:10001
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
+  readinessImage: onap/oom/readiness:3.0.1
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
   persistence:
@@ -36,6 +35,31 @@ global:
     service: mariadb-galera
     internalPort: 3306
     nameOverride: mariadb-galera
+  # Enabling CMPv2
+  cmpv2Enabled: true
+  platform:
+    certServiceClient:
+      image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
+      secret:
+        name: oom-cert-service-client-tls-secret
+        mountPath: /etc/onap/oom/certservice/certs/
+      envVariables:
+        # Certificate related
+        cert_path: /var/custom-certs
+        cmpv2Organization: "Linux-Foundation"
+        cmpv2OrganizationalUnit: "ONAP"
+        cmpv2Location: "San-Francisco"
+        cmpv2Country: "US"
+        # Client configuration related
+        caName: "RA"
+        common_name: "sdnc.simpledemo.onap.org"
+        requestURL: "https://oom-cert-service:8443/v1/certificate/"
+        requestTimeout: "30000"
+        keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks"
+        outputType: "P12"
+        keystorePassword: "secret"
+        truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
+        truststorePassword: "secret"
 
 #################################################################
 # Secrets metaconfig
@@ -105,15 +129,16 @@ secrets:
     login: '{{ .Values.config.scaleoutUser }}'
     password: '{{ .Values.config.scaleoutPassword }}'
     passwordPolicy: required
-
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application images
+
 repository: nexus3.onap.org:10001
 pullPolicy: Always
-image: onap/sdnc-image:1.8.4
-
+image: onap/sdnc-image:2.0.4
+busyboxRepository: docker.io
+busyboxImage: busybox:1.30
 
 # flag to enable debugging - application support required
 debugEnabled: false
@@ -161,13 +186,14 @@ config:
   logstashPort: 5044
   ansibleServiceName: sdnc-ansible-server
   ansiblePort: 8000
-  javaHome: /usr/lib/jvm/java-1.8-openjdk
+  javaHome: /opt/java/openjdk
 
   odl:
     etcDir: /opt/opendaylight/etc
     binDir: /opt/opendaylight/bin
+    gcLogDir: /opt/opendaylight/data/log
     salConfigDir: /opt/opendaylight/system/org/opendaylight/controller/sal-clustering-config
-    salConfigVersion: 1.8.2
+    salConfigVersion: 1.9.1
     akka:
       seedNodeTimeout: 15s
       circuitBreaker:
@@ -185,11 +211,30 @@ config:
     javaOptions:
       maxGCPauseMillis: 100
       parallelGCThreads : 3
-      numberGGLogFiles: 10
+      numberGCLogFiles: 10
+      minMemory: 512m
+      maxMemory: 2048m
+      gcLogOptions: ""
+      # Next line enables gc logging
+      # gcLogOptions: "-Xlog:gc=trace:file={{.Values.config.odl.gcLogDir}}/gc-%t.log}:time,level,tags:filecount={{.Values.config.odl.javaOptions.numberGCLogFiles}}"
+        # enables sdnr functionality
+  sdnr:
+    enabled: true
+    # mode: web - SDNC contains device manager only plus dedicated webserver service for ODLUX (default),
+    # mode: dm - SDNC contains sdnr device manager + ODLUX components
+    mode: dm
+    # sdnronly: true starts sdnc container with odl and sdnrwt features only
+    sdnronly: false
+    sdnrdbTrustAllCerts: true
+    mountpointRegistrarEnabled: false
+    mountpointStateProviderEnabled: false
+
+
 
 # dependency / sub-chart configuration
 certInitializer:
   nameOverride: sdnc-cert-initializer
+  truststoreMountpath: /opt/onap/sdnc/data/stores
   fqdn: "sdnc"
   app_ns: "org.osaaf.aaf"
   fqi: "sdnc@sdnc.onap.org"
@@ -204,6 +249,9 @@ certInitializer:
     cd /opt/app/osaaf/local;
     /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1
 
+# dependency / sub-chart configuration
+network-name-gen:
+  enabled: true
 mariadb-galera: &mariadbGalera
   nameOverride: sdnc-db
   config: &mariadbGaleraConfig
@@ -223,6 +271,7 @@ cds:
   enabled: false
 
 dmaap-listener:
+  enabled: true
   nameOverride: sdnc-dmaap-listener
   mariadb-galera:
     <<: *mariadbGalera
@@ -237,6 +286,7 @@ dmaap-listener:
     odlCredsExternalSecret: *odlCredsSecretName
 
 ueb-listener:
+  enabled: true
   mariadb-galera:
     <<: *mariadbGalera
     config:
@@ -249,18 +299,8 @@ ueb-listener:
     configDir: /opt/onap/sdnc/data/properties
     odlCredsExternalSecret: *odlCredsSecretName
 
-sdnc-portal:
-  mariadb-galera:
-    <<: *mariadbGalera
-    config:
-      <<: *mariadbGaleraConfig
-      mysqlDatabase: *sdncDbName
-  config:
-    sdncChartName: sdnc
-    configDir: /opt/onap/sdnc/data/properties
-    odlCredsExternalSecret: *odlCredsSecretName
-
 sdnc-ansible-server:
+  enabled: true
   config:
     restCredsExternalSecret: *ansibleSecretName
   mariadb-galera:
@@ -273,7 +313,10 @@ sdnc-ansible-server:
     internalPort: 8000
 
 dgbuilder:
+  enabled: true
   nameOverride: sdnc-dgbuilder
+  certInitializer:
+    nameOverride: sdnc-dgbuilder-cert-initializer
   config:
     db:
       dbName: *sdncDbName
@@ -294,21 +337,25 @@ dgbuilder:
       - baseaddr: "sdnc-dgbuilder"
         name: "sdnc-dgbuilder"
         port: 3000
+      - baseaddr: "sdnc-web-service"
+        name: "sdnc-web-service"
+        port: 8443
     config:
       ssl: "redirect"
 
+
+
 # local elasticsearch cluster
 localElasticCluster: true
 elasticsearch:
-  nameOverride: sdnrdb
+  nameOverride: &elasticSearchName sdnrdb
   name: sdnrdb-cluster
   certInitializer:
     fqdn: "sdnc"
     fqi_namespace: org.onap.sdnc
     fqi: "sdnc@sdnc.onap.org"
   service:
-    name: sdnrdb
-
+    name: *elasticSearchName
   master:
     replicaCount: 3
     # dedicatednode: "yes"
@@ -316,17 +363,11 @@ elasticsearch:
     # dedicatednode: "no"
     # handles master and data node functionality
     dedicatednode: "no"
-    nameOverride: sdnrdb
-
-  curator:
-    enabled: true
-    nameOverride: sdnrdb
-  data:
-    enabled: true
-    replicaCount: 1
-    nameOverride: sdnrdb
-
-
+    nameOverride: *elasticSearchName
+    cluster_name: *elasticSearchName
+# enable
+sdnc-web:
+  enabled: true
 # default number of instances
 replicaCount: 1
 
@@ -398,6 +439,22 @@ persistence:
   mountSubPath: sdnc/mdsal
   mdsalPath: /opt/opendaylight/current/daexim
 
+certpersistence:
+  enabled: true
+
+  ## A manually managed Persistent Volume and Claim
+  ## Requires persistence.enabled: true
+  ## If defined, PVC must be created manually before volume will be bound
+  # existingClaim:
+
+  volumeReclaimPolicy: Retain
+  accessMode: ReadWriteOnce
+  size: 50Mi
+  mountPath: /dockerdata-nfs
+  mountSubPath: sdnc/certs
+  certPath: /opt/app/osaaf
+  ##storageClass: "manual"
+
 ingress:
   enabled: false
   service:
diff --git a/kubernetes/sniro-emulator/requirements.yaml b/kubernetes/sniro-emulator/requirements.yaml
index e85005b9ae..a72069ff78 100644
--- a/kubernetes/sniro-emulator/requirements.yaml
+++ b/kubernetes/sniro-emulator/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
     # a part of this chart's package and will not
     # be published independently to a repo (at this point)
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/sniro-emulator/templates/deployment.yaml b/kubernetes/sniro-emulator/templates/deployment.yaml
index 2e76895278..0dff4eb7be 100644
--- a/kubernetes/sniro-emulator/templates/deployment.yaml
+++ b/kubernetes/sniro-emulator/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,8 +12,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "common.fullname" . }}
@@ -24,6 +26,10 @@ metadata:
     heritage: {{ .Release.Service }}
 spec:
   replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
+      release: {{ include "common.release" . }}
   template:
     metadata:
       labels:
@@ -32,7 +38,7 @@ spec:
     spec:
       containers:
       - name: {{ include "common.name" . }}
-        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         ports:
         - containerPort: {{ .Values.service.internalPort }}
diff --git a/kubernetes/sniro-emulator/templates/service.yaml b/kubernetes/sniro-emulator/templates/service.yaml
index c5954db506..9119071ab2 100644
--- a/kubernetes/sniro-emulator/templates/service.yaml
+++ b/kubernetes/sniro-emulator/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/sniro-emulator/values.yaml b/kubernetes/sniro-emulator/values.yaml
index e81481da2d..81ce818a8a 100644
--- a/kubernetes/sniro-emulator/values.yaml
+++ b/kubernetes/sniro-emulator/values.yaml
@@ -19,7 +19,6 @@ global: # global defaults
   nodePortPrefix: 302
 
 # application image
-repository: nexus3.onap.org:10001
 image: onap/sniroemulator:1.0.0
 pullPolicy: IfNotPresent
 
diff --git a/kubernetes/so/.helmignore b/kubernetes/so/.helmignore
index f0c1319444..7ddbad7ef4 100755
--- a/kubernetes/so/.helmignore
+++ b/kubernetes/so/.helmignore
@@ -19,3 +19,4 @@
 .project
 .idea/
 *.tmproj
+components/
diff --git a/kubernetes/so/Makefile b/kubernetes/so/Makefile
new file mode 100644
index 0000000000..4c79718d02
--- /dev/null
+++ b/kubernetes/so/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/so/charts/so-catalog-db-adapter/templates/secret.yaml b/kubernetes/so/charts/so-catalog-db-adapter/templates/secret.yaml
deleted file mode 100644
index bd7eb8ea40..0000000000
--- a/kubernetes/so/charts/so-catalog-db-adapter/templates/secret.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-db-secrets/Chart.yaml b/kubernetes/so/charts/so-db-secrets/Chart.yaml
deleted file mode 100755
index 1739d1fe36..0000000000
--- a/kubernetes/so/charts/so-db-secrets/Chart.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-description: A Helm chart for DB secrets
-name: so-db-secrets
-version: 6.0.0
\ No newline at end of file
diff --git a/kubernetes/so/charts/so-db-secrets/templates/secrets.yaml b/kubernetes/so/charts/so-db-secrets/templates/secrets.yaml
deleted file mode 100755
index d636fad4a7..0000000000
--- a/kubernetes/so/charts/so-db-secrets/templates/secrets.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.release" . }}-so-db-secrets
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-data:
-  mariadb.readwrite.host : {{ .Values.global.mariadbGalera.serviceName | b64enc | quote }}
-  mariadb.readwrite.port : {{ .Values.global.mariadbGalera.servicePort | b64enc | quote }}
-  mariadb.readwrite.rolename: {{ .Values.db_username | b64enc | quote }}
-  mariadb.readwrite.password: {{ .Values.db_password | b64enc | quote }}
-  mariadb.admin.rolename: {{ .Values.db_admin_username| b64enc | quote }}
-  mariadb.admin.password:  {{ .Values.db_admin_password | b64enc | quote }}
-type: Opaque
diff --git a/kubernetes/so/charts/so-db-secrets/values.yaml b/kubernetes/so/charts/so-db-secrets/values.yaml
deleted file mode 100644
index 63b6852d50..0000000000
--- a/kubernetes/so/charts/so-db-secrets/values.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-db_admin_username: so_admin
-db_admin_password: so_Admin123
-db_username: so_user
-db_password: so_User123
-
diff --git a/kubernetes/so/charts/so-monitoring/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-monitoring/resources/config/overrides/override.yaml
deleted file mode 100644
index c2e6ad06f3..0000000000
--- a/kubernetes/so/charts/so-monitoring/resources/config/overrides/override.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-server:
-  port: {{ index .Values.containerPort }}
-  tomcat:
-    max-threads: 50
-ssl-enable: false
-camunda:
-  rest:
-    api:
-      url: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine/engine/
-      engine: default
-      auth: Basic YXBpaEJwbW46cGFzc3dvcmQxJA==
-mso:
-  database:
-    rest:
-      api:
-        url: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/infraActiveRequests/
-        auth: Basic YnBlbDpwYXNzd29yZDEk
diff --git a/kubernetes/so/charts/so-monitoring/templates/ingress.yaml b/kubernetes/so/charts/so-monitoring/templates/ingress.yaml
deleted file mode 100644
index 8f87c68f1e..0000000000
--- a/kubernetes/so/charts/so-monitoring/templates/ingress.yaml
+++ /dev/null
@@ -1 +0,0 @@
-{{ include "common.ingress" . }}
diff --git a/kubernetes/so/charts/so-monitoring/templates/secret.yaml b/kubernetes/so/charts/so-monitoring/templates/secret.yaml
deleted file mode 100644
index bd7eb8ea40..0000000000
--- a/kubernetes/so/charts/so-monitoring/templates/secret.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-openstack-adapter/templates/secret.yaml b/kubernetes/so/charts/so-openstack-adapter/templates/secret.yaml
deleted file mode 100644
index bd7eb8ea40..0000000000
--- a/kubernetes/so/charts/so-openstack-adapter/templates/secret.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-request-db-adapter/templates/secret.yaml b/kubernetes/so/charts/so-request-db-adapter/templates/secret.yaml
deleted file mode 100644
index bd7eb8ea40..0000000000
--- a/kubernetes/so/charts/so-request-db-adapter/templates/secret.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-sdc-controller/templates/secret.yaml b/kubernetes/so/charts/so-sdc-controller/templates/secret.yaml
deleted file mode 100644
index bd7eb8ea40..0000000000
--- a/kubernetes/so/charts/so-sdc-controller/templates/secret.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-sdc-controller/templates/service.yaml b/kubernetes/so/charts/so-sdc-controller/templates/service.yaml
deleted file mode 100755
index 6711c3b2e7..0000000000
--- a/kubernetes/so/charts/so-sdc-controller/templates/service.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "common.servicename" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    {{if eq .Values.service.type "NodePort" -}}
-    - port: {{ .Values.service.internalPort }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
-      name: {{ .Values.service.portName }}
-    {{- else -}}
-    - port: {{ .Values.service.externalPort }}
-      targetPort: {{ .Values.service.internalPort }}
-      name: {{ .Values.service.portName }}
-    {{- end}}
-  selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/secret.yaml b/kubernetes/so/charts/so-sdnc-adapter/templates/secret.yaml
deleted file mode 100644
index bd7eb8ea40..0000000000
--- a/kubernetes/so/charts/so-sdnc-adapter/templates/secret.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/service.yaml b/kubernetes/so/charts/so-sdnc-adapter/templates/service.yaml
deleted file mode 100755
index 6711c3b2e7..0000000000
--- a/kubernetes/so/charts/so-sdnc-adapter/templates/service.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "common.servicename" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    {{if eq .Values.service.type "NodePort" -}}
-    - port: {{ .Values.service.internalPort }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
-      name: {{ .Values.service.portName }}
-    {{- else -}}
-    - port: {{ .Values.service.externalPort }}
-      targetPort: {{ .Values.service.internalPort }}
-      name: {{ .Values.service.portName }}
-    {{- end}}
-  selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
diff --git a/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks b/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks
deleted file mode 100644
index 31ea6ba650..0000000000
--- a/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks
+++ /dev/null
diff --git a/kubernetes/so/charts/so-secrets/templates/secrets.yaml b/kubernetes/so/charts/so-secrets/templates/secrets.yaml
deleted file mode 100644
index 5be2cc7c41..0000000000
--- a/kubernetes/so/charts/so-secrets/templates/secrets.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ .Release.Name }}-so-client-certs-secret
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-data:
-  trustStorePassword: {{ .Values.global.client.certs.trustStorePassword }}
-  keyStorePassword: {{ .Values.global.client.certs.keyStorePassword}}
-type: Opaque
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.release" . }}-so-truststore-secret
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/secret.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/secret.yaml
deleted file mode 100644
index bd7eb8ea40..0000000000
--- a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/secret.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-vfc-adapter/templates/secret.yaml b/kubernetes/so/charts/so-vfc-adapter/templates/secret.yaml
deleted file mode 100644
index bd7eb8ea40..0000000000
--- a/kubernetes/so/charts/so-vfc-adapter/templates/secret.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-vfc-adapter/templates/service.yaml b/kubernetes/so/charts/so-vfc-adapter/templates/service.yaml
deleted file mode 100755
index 5e29af8ab5..0000000000
--- a/kubernetes/so/charts/so-vfc-adapter/templates/service.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "common.servicename" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    {{if eq .Values.service.type "NodePort" -}}
-    - port: {{ .Values.service.internalPort }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
-      name: {{ .Values.service.portName }}
-    {{- else -}}
-    - port: {{ .Values.service.externalPort }}
-      targetPort: {{ .Values.service.internalPort }}
-      name: {{ .Values.service.portName }}
-    {{- end}}
-  selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
\ No newline at end of file
diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/ingress.yaml b/kubernetes/so/charts/so-vnfm-adapter/templates/ingress.yaml
deleted file mode 100644
index 8f87c68f1e..0000000000
--- a/kubernetes/so/charts/so-vnfm-adapter/templates/ingress.yaml
+++ /dev/null
@@ -1 +0,0 @@
-{{ include "common.ingress" . }}
diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/secret.yaml b/kubernetes/so/charts/so-vnfm-adapter/templates/secret.yaml
deleted file mode 100644
index bd7eb8ea40..0000000000
--- a/kubernetes/so/charts/so-vnfm-adapter/templates/secret.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/components/Makefile b/kubernetes/so/components/Makefile
new file mode 100644
index 0000000000..f2e7a1fb82
--- /dev/null
+++ b/kubernetes/so/components/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := soHelpers
+HELM_BIN := helm
+HELM_CHARTS := soHelpers $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/so/charts/so-appc-orchestrator/Chart.yaml b/kubernetes/so/components/so-appc-orchestrator/Chart.yaml
index ab2bad332a..ab2bad332a 100644
--- a/kubernetes/so/charts/so-appc-orchestrator/Chart.yaml
+++ b/kubernetes/so/components/so-appc-orchestrator/Chart.yaml
diff --git a/kubernetes/so/components/so-appc-orchestrator/requirements.yaml b/kubernetes/so/components/so-appc-orchestrator/requirements.yaml
new file mode 100755
index 0000000000..d25c12c663
--- /dev/null
+++ b/kubernetes/so/components/so-appc-orchestrator/requirements.yaml
@@ -0,0 +1,26 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+  - name: common
+    version: ~6.x-0
+    # local reference to common chart, as it is
+    # a part of this chart's package and will not
+    # be published independently to a repo (at this point)
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
+  - name: soHelpers
+    version: ~6.x-0
+    repository: 'file://../soHelpers'
diff --git a/kubernetes/so/charts/so-appc-orchestrator/resources/config/overrides/override.yaml b/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml
index c897f48e4a..661ed64b0e 100644
--- a/kubernetes/so/charts/so-appc-orchestrator/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 server:
   port: {{ index .Values.containerPort }}
@@ -19,11 +21,11 @@ server:
   ssl-enable: false
 mso:
   logPath: ./logs/soappcorch
-  auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.auth.rest.aafEncrypted "value2" .Values.mso.auth )}}
+  auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.auth.rest.aafEncrypted "value2" .Values.mso.auth )}}
   msoKey: {{ .Values.global.app.msoKey }}
   config:
-    {{ if eq .Values.global.security.aaf.enabled true }}
-    cadi: {{ include "cadi.keys" . | nindent 8}}
+    {{ if .Values.global.security.aaf.enabled }}
+    cadi: {{ include "so.cadi.keys" . | nindent 8}}
     {{- else }}
     cadi:
       aafId: {{ .Values.mso.basicUser }}
diff --git a/kubernetes/so/charts/so-appc-orchestrator/templates/configmap.yaml b/kubernetes/so/components/so-appc-orchestrator/templates/configmap.yaml
index 8c0ee290ce..6abb1673d5 100755
--- a/kubernetes/so/charts/so-appc-orchestrator/templates/configmap.yaml
+++ b/kubernetes/so/components/so-appc-orchestrator/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,12 +12,13 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 data:
   LOG_PATH: {{ index .Values.logPath }}
   APP: {{ index .Values.app }}
-  ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+  ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
 kind: ConfigMap
 metadata:
   name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/charts/so-appc-orchestrator/templates/deployment.yaml b/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml
index b9a39fe8c3..917c067681 100644
--- a/kubernetes/so/charts/so-appc-orchestrator/templates/deployment.yaml
+++ b/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -39,7 +41,7 @@ spec:
         env:
         - name: ACTUATOR_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 10 }}
-        image: {{ .Values.global.dockerHubRepository }}/{{ .Values.global.htpasswdImage }}
+        image: {{ include "repositoryGenerator.image.htpasswd" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - name: encoder
@@ -50,18 +52,28 @@ spec:
           - sh
         args:
           - -c
-          - export ACTUATOR_PASSWORD="$(cat /tmp/app/encoded)"; ./start-app.sh
-        image: {{ include "common.repository" . }}/{{ .Values.image }}
+          - |
+            export ACTUATOR_PASSWORD="$(cat /tmp/app/encoded)"
+            {{- if .Values.global.aafEnabled }}
+            export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+            export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+            {{- if .Values.global.security.aaf.enabled }}
+            export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
+            {{- end }}
+            {{- end }}
+            /app/start-app.sh
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         resources: {{ include "common.resources" . | nindent 12 }}
         env:
         - name: ACTUATOR_USERNAME
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 10 }}
+        {{ include "so.certificates.env" . | indent 8 | trim }}
         envFrom:
         - configMapRef:
             name: {{ include "common.fullname" . }}-configmap
         imagePullPolicy:  {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         ports: {{- include "common.containerPorts" . | nindent 10 }}
-        volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
+        volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
         - name: logs
           mountPath: /app/logs
         - name: encoder
@@ -69,7 +81,7 @@ spec:
         - name: config
           mountPath: /app/config
           readOnly: true
-{{ include "helpers.livenessProbe" .| indent 8 }}
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
       volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
       - name: logs
         emptyDir: {}
@@ -78,6 +90,6 @@ spec:
           medium: Memory
       - name: config
         configMap:
-            name: {{ include "common.fullname" . }}-app-configmap
+          name: {{ include "common.fullname" . }}-app-configmap
       imagePullSecrets:
         - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/so/components/so-appc-orchestrator/templates/secret.yaml b/kubernetes/so/components/so-appc-orchestrator/templates/secret.yaml
new file mode 100644
index 0000000000..34932b713d
--- /dev/null
+++ b/kubernetes/so/components/so-appc-orchestrator/templates/secret.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-appc-orchestrator/templates/service.yaml b/kubernetes/so/components/so-appc-orchestrator/templates/service.yaml
index fc3e2879ce..7f004cc050 100644
--- a/kubernetes/so/charts/so-appc-orchestrator/templates/service.yaml
+++ b/kubernetes/so/components/so-appc-orchestrator/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.service" . }}
diff --git a/kubernetes/so/charts/so-appc-orchestrator/values.yaml b/kubernetes/so/components/so-appc-orchestrator/values.yaml
index 1c0cd43c6f..310cb9f323 100644
--- a/kubernetes/so/charts/so-appc-orchestrator/values.yaml
+++ b/kubernetes/so/components/so-appc-orchestrator/values.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2020 AT&T USA
+# Copyright © 2020 Huawei
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -18,13 +19,13 @@
 global:
   nodePortPrefix: 302
   nodePortPrefixExt: 304
-  repository: nexus3.onap.org:10001
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
   persistence:
     mountPath: /dockerdata-nfs
-  htpasswdImage: xmartlabs/htpasswd
-  dockerHubRepository: docker.io
+  security:
+    aaf:
+      enabled: false
+  app:
+    msoKey: 07a7159d3bf51a0e53be7a8f89699be7
 #################################################################
 # Secrets metaconfig
 #################################################################
@@ -41,10 +42,6 @@ secrets:
     login: '{{ .Values.db.adminName }}'
     password: '{{ .Values.db.adminPassword }}'
     passwordPolicy: required
-  - uid: "so-onap-certs"
-    externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
-    type: generic
-    filePaths: '{{ .Values.secretsFilePaths }}'
   - uid: server-actuator-creds
     name: '{{ include "common.release" . }}-so-appc-actuator-creds'
     type: basicAuth
@@ -60,7 +57,6 @@ secrets:
 #################################################################
 # Application configuration defaults.
 #################################################################
-repository: nexus3.onap.org:10001
 image: onap/so/so-appc-orchestrator:1.6.4
 pullPolicy: Always
 
@@ -77,14 +73,14 @@ server:
     password: password1$
 replicaCount: 1
 minReadySeconds: 10
-containerPort: 8080
+containerPort: &containerPort 8080
 logPath: ./logs/soappcorch
 app: appc-orchestrator
 service:
   name: so-appc-orchestrator
   type: ClusterIP
   ports:
-  - port: 8080
+  - port: *containerPort
     name: http
 updateStrategy:
   type: RollingUpdate
@@ -92,6 +88,21 @@ updateStrategy:
   maxSurge: 1
 # Resource Limit flavor -By Default using small
 flavor: small
+
+
+#################################################################
+# soHelper part
+#################################################################
+
+soHelpers:
+  nameOverride: so-appc-cert-init
+  certInitializer:
+    nameOverride: so-appc-cert-init
+    credsPath: /opt/app/osaaf/local
+  cadi:
+    apiEnforcement: org.onap.so.openStackAdapterPerm
+  containerPort: *containerPort
+
 # Segregation for Different environment (Small and Large)
 resources:
   small:
@@ -123,3 +134,27 @@ ingress:
 nodeSelector: {}
 tolerations: []
 affinity: {}
+
+auth:
+  rest:
+    encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+
+mso:
+  auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
+  basicUser: poBpmn
+
+appc:
+  client:
+    topic:
+      read:
+        name: APPC-LCM-WRITE
+        timeout: 360000
+      write: APPC-LCM-READ
+      sdnc:
+        read: SDNC-LCM-WRITE
+        write: SDNC-LCM-READ
+    response:
+      timeout: 3600000
+    key: VIlbtVl6YLhNUrtU
+    secret: 64AG2hF4pYeG2pq7CT6XwUOT
+    service: ueb
diff --git a/kubernetes/so/charts/so-bpmn-infra/Chart.yaml b/kubernetes/so/components/so-bpmn-infra/Chart.yaml
index 17fa3459ad..faba23eb16 100755
--- a/kubernetes/so/charts/so-bpmn-infra/Chart.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/Chart.yaml
@@ -13,6 +13,6 @@
 # limitations under the License.
 apiVersion: v1
 appVersion: "1.0"
-description: A Helm chart for Kubernetes
+description: A Helm chart for SO Bpmn Infra
 name: so-bpmn-infra
-version: 6.0.0
\ No newline at end of file
+version: 6.0.0
diff --git a/kubernetes/so/components/so-bpmn-infra/requirements.yaml b/kubernetes/so/components/so-bpmn-infra/requirements.yaml
new file mode 100755
index 0000000000..82296bee1d
--- /dev/null
+++ b/kubernetes/so/components/so-bpmn-infra/requirements.yaml
@@ -0,0 +1,29 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+  - name: common
+    version: ~6.x-0
+    # local reference to common chart, as it is
+    # a part of this chart's package and will not
+    # be published independently to a repo (at this point)
+    repository: '@local'
+  - name: readinessCheck
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
+  - name: soHelpers
+    version: ~6.x-0
+    repository: 'file://../soHelpers'
diff --git a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml
index e57ea34f43..11128dd68c 100755
--- a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,8 +12,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 aai:
-  auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
+  auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
   dme2:
     timeout: '30000'
   endpoint: https://aai.{{ include "common.namespace" . }}:8443
@@ -56,7 +58,7 @@ mso:
     timeout: 60
   logPath: logs
   config:
-    cadi: {{ include "cadi.keys" . | nindent 8}}
+    cadi: {{ include "so.cadi.keys" . | nindent 8}}
   async:
     core-pool-size: 50
     max-pool-size: 50
@@ -66,7 +68,7 @@ mso:
       endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/CompleteMsoProcess
     requestDb:
       endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
-      auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.adapters.requestDb.auth )}}
+      auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.adapters.requestDb.auth )}}
     db:
       auth: {{ .Values.mso.adapters.db.auth }}
       password: {{ .Values.mso.adapters.db.password }}
@@ -92,7 +94,7 @@ mso:
     vnf:
       endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/VnfAdapter
       rest:
-        endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/v1/vnfs
+        endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/{{ .Values.vnf.api.version }}/vnfs
     volume-groups:
       rest:
         endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/v1/volume-groups
@@ -106,6 +108,11 @@ mso:
         endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
     nssmf:
       endpoint: http://so-nssmf-adapter.{{ include "common.namespace" . }}:8088
+    oof:
+      endpoint: http://so-oof-adapter.{{ include "common.namespace" . }}:8090/so/adapters/oof/v1
+      timeout: PT5M
+      callback:
+        endpoint: http://so-oof-adapter.{{ include "common.namespace" . }}:8090/so/adapters/oof/callback/v1
   bpmn:
     process:
       historyTimeToLive: '30'
@@ -116,7 +123,7 @@ mso:
       spring:
         endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
   db:
-    auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+    auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
   default:
     adapter:
       namespace: http://org.onap.mso
@@ -375,7 +382,7 @@ spring:
 so:
   vnfm:
     adapter:
-      url: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1/
+      url: http://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1/
       auth: {{ .Values.so.vnfm.adapter.auth }}
 org:
   onap:
diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml b/kubernetes/so/components/so-bpmn-infra/templates/configmap.yaml
index a2e27548ba..58ac6d9ab8 100755
--- a/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,11 +12,12 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 data:
   LOG_PATH: {{ index .Values.logPath }}
   APP: {{ index .Values.app }}
-  ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+  ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
 kind: ConfigMap
 metadata:
   name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml
index 3fc5ab2e48..3fee225c03 100755
--- a/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -37,37 +39,31 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
-      initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
-      - command:
-        - /root/job_complete.py
-        args:
-        - --job-name
-        - {{ include "common.release" . }}-so-mariadb-config-job
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-readiness
+      initContainers:
+      {{ include "so.certificate.container_importer" . | indent 6 | trim }}
+      {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
       containers:
       - name: {{ include "common.name" . }}
-        image: {{ include "common.repository" . }}/{{ .Values.image }}
-        resources:
-{{ include "common.resources" . | indent 12 }}
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+        resources: {{ include "common.resources" . | nindent 12 }}
+        {{- if .Values.global.aafEnabled }}
+        command:
+        - sh
+        args:
+        - -c
+        - |
+          export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+          export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+          {{- if .Values.global.security.aaf.enabled }}
+          export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
+          {{- end }}
+          /app/start-app.sh
+        {{- end }}
         env:
         - name: DB_HOST
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.readwrite.host
+          value: {{ include "common.mariadbService" . }}
         - name: DB_PORT
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.readwrite.port
+          value: {{ include "common.mariadbPort" . | quote }}
         - name: DB_USERNAME
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
         - name: DB_PASSWORD
@@ -76,27 +72,12 @@ spec:
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
         - name: DB_ADMIN_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
-        {{- if eq .Values.global.security.aaf.enabled true }}
-        - name: TRUSTSTORE
-          value: /app/org.onap.so.trust.jks
-        - name: TRUSTSTORE_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name}}-so-client-certs-secret
-              key: trustStorePassword
-        - name: KEYSTORE
-          value: /app/org.onap.so.jks
-        - name: KEYSTORE_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name}}-so-client-certs-secret
-              key: keyStorePassword
-        {{- end }}
+        {{ include "so.certificates.env" . | indent 8 | trim }}
         envFrom:
         - configMapRef:
             name: {{ include "common.fullname" . }}-configmap
         imagePullPolicy:  {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
+        volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
         - name: logs
           mountPath: /app/logs
         - name: config
@@ -104,14 +85,14 @@ spec:
           readOnly: true
         - name: {{ include "common.fullname" . }}-logs
           mountPath: /var/log/onap
-{{ include "helpers.livenessProbe" .| indent 8 }}
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
         ports:
         - containerPort: {{ index .Values.containerPort }}
           name: {{ .Values.service.portName }}
           protocol: TCP
       # Filebeat sidecar container
       - name: {{ include "common.name" . }}-filebeat-onap
-        image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+        image: {{ include "repositoryGenerator.image.logging" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - name: {{ include "common.fullname" . }}-filebeat-conf
diff --git a/kubernetes/so/components/so-bpmn-infra/templates/secret.yaml b/kubernetes/so/components/so-bpmn-infra/templates/secret.yaml
new file mode 100644
index 0000000000..34932b713d
--- /dev/null
+++ b/kubernetes/so/components/so-bpmn-infra/templates/secret.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/service.yaml b/kubernetes/so/components/so-bpmn-infra/templates/service.yaml
index 6711c3b2e7..6eb6f27e26 100755
--- a/kubernetes/so/charts/so-bpmn-infra/templates/service.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 kind: Service
 metadata:
diff --git a/kubernetes/so/charts/so-bpmn-infra/values.yaml b/kubernetes/so/components/so-bpmn-infra/values.yaml
index 775df5ecc0..63011474bf 100755
--- a/kubernetes/so/charts/so-bpmn-infra/values.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/values.yaml
@@ -1,5 +1,5 @@
 # Copyright © 2018 AT&T USA
-#
+# Copyright © 2020 Huawei
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -17,14 +17,24 @@
 global:
   nodePortPrefix: 302
   nodePortPrefixExt: 304
-  repository: nexus3.onap.org:10001
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
   persistence:
     mountPath: /dockerdata-nfs
   #This configuration specifies Service and port for SDNC OAM interface
   sdncOamService: sdnc-oam
   sdncOamPort: 8282
+  security:
+    aaf:
+      enabled: false
+  aaf:
+    auth:
+      encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+  mariadbGalera:
+    serviceName: mariadb-galera
+    servicePort: '3306'
+
+readinessCheck:
+  wait_for:
+    - so-mariadb-config
 
 #################################################################
 # Secrets metaconfig
@@ -44,10 +54,6 @@ secrets:
     login: '{{ .Values.db.adminName }}'
     password: '{{ .Values.db.adminPassword }}'
     passwordPolicy: required
-  - uid: "so-onap-certs"
-    externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
-    type: generic
-    filePaths: '{{ .Values.secretsFilePaths }}'
 
 #secretsFilePaths: |
 #  - 'my file 1'
@@ -56,8 +62,7 @@ secrets:
 #################################################################
 # Application configuration defaults.
 #################################################################
-repository: nexus3.onap.org:10001
-image: onap/so/bpmn-infra:1.6.4
+image: onap/so/bpmn-infra:1.7.10
 pullPolicy: Always
 
 db:
@@ -67,20 +72,67 @@ db:
   adminName: so_admin
   adminPassword: so_Admin123
   # adminCredsExternalSecret: some secret
+
+aai:
+  auth: 221187EFA3AD4E33600DE0488F287099934CE65C3D0697BCECC00BB58E784E07CD74A24581DC31DBC086FF63DF116378776E9BE3D1325885
+
+cds:
+  auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
+
+mso:
+  key: 07a7159d3bf51a0e53be7a8f89699be7
+  adapters:
+    requestDb:
+      auth: Basic YnBlbDpwYXNzd29yZDEk
+    db:
+      auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
+      password: wLg4sjrAFUS8rfVfdvTXeQ==
+    po:
+      auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
+  sdnc:
+    password: 1D78CFC35382B6938A989066A7A7EAEF4FE933D2919BABA99EB4763737F39876C333EE5F
+  sniro:
+    auth: test:testpwd
+  oof:
+    auth: test:testpwd
+so:
+  vnfm:
+    adapter:
+      auth: Basic dm5mbTpwYXNzd29yZDEk
+sniro:
+  endpoint: http://replaceme:28090/optimizationInstance/V1/create
+
+vnf:
+  api:
+    version: v2
+
 replicaCount: 1
 minReadySeconds: 10
-containerPort: 8081
+containerPort: &containerPort 8081
 logPath: ./logs/bpmn/
 app: so-bpmn-infra
 service:
-    type: ClusterIP
-    internalPort: 8081
-    externalPort: 8081
-    portName: so-bpmn-port
+  type: ClusterIP
+  internalPort: *containerPort
+  externalPort: 8081
+  portName: so-bpmn-port
 updateStrategy:
-    type: RollingUpdate
-    maxUnavailable: 1
-    maxSurge: 1
+  type: RollingUpdate
+  maxUnavailable: 1
+  maxSurge: 1
+
+#################################################################
+# soHelper part
+#################################################################
+soHelpers:
+  nameOverride: so-bpmn-cert-init
+  certInitializer:
+    nameOverride: so-bpmn-cert-init
+    credsPath: /opt/app/osaaf/local
+  cadi:
+    apiEnforcement: org.onap.so.bpmnPerm
+  containerPort: *containerPort
+
 # Resource Limit flavor -By Default using small
 flavor: large
 # Segregation for Different environment (Small and Large)
@@ -101,13 +153,13 @@ resources:
       cpu: 1000m
   unlimited: {}
 livenessProbe:
-    path: /manage/health
-    scheme: HTTP
-    initialDelaySeconds: 600
-    periodSeconds: 60
-    timeoutSeconds: 10
-    successThreshold: 1
-    failureThreshold: 3
+  path: /manage/health
+  scheme: HTTP
+  initialDelaySeconds: 600
+  periodSeconds: 60
+  timeoutSeconds: 10
+  successThreshold: 1
+  failureThreshold: 3
 ingress:
   enabled: false
 nodeSelector: {}
diff --git a/kubernetes/so/charts/so-catalog-db-adapter/Chart.yaml b/kubernetes/so/components/so-catalog-db-adapter/Chart.yaml
index 8c5a846df9..8c5a846df9 100755
--- a/kubernetes/so/charts/so-catalog-db-adapter/Chart.yaml
+++ b/kubernetes/so/components/so-catalog-db-adapter/Chart.yaml
diff --git a/kubernetes/so/components/so-catalog-db-adapter/requirements.yaml b/kubernetes/so/components/so-catalog-db-adapter/requirements.yaml
new file mode 100755
index 0000000000..82296bee1d
--- /dev/null
+++ b/kubernetes/so/components/so-catalog-db-adapter/requirements.yaml
@@ -0,0 +1,29 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+  - name: common
+    version: ~6.x-0
+    # local reference to common chart, as it is
+    # a part of this chart's package and will not
+    # be published independently to a repo (at this point)
+    repository: '@local'
+  - name: readinessCheck
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
+  - name: soHelpers
+    version: ~6.x-0
+    repository: 'file://../soHelpers'
diff --git a/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-catalog-db-adapter/resources/config/overrides/override.yaml
index fb83e4e26b..7aa5984403 100755
--- a/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-catalog-db-adapter/resources/config/overrides/override.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 server:
     port: {{ index .Values.containerPort }}
     tomcat:
@@ -20,13 +22,13 @@ mso:
   logPath: logs
   site-name: onapheat
   config:
-    cadi: {{ include "cadi.keys" . | nindent 8}}
+    cadi: {{ include "so.cadi.keys" . | nindent 8}}
   catalog:
     db:
       spring:
         endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
   db:
-    auth:  {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.db.auth )}}
+    auth:  {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.db.auth )}}
 spring:
   datasource:
     hikari:
diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/configmap.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/configmap.yaml
index b57205223e..6331656fce 100755
--- a/kubernetes/so/charts/so-vnfm-adapter/templates/configmap.yaml
+++ b/kubernetes/so/components/so-catalog-db-adapter/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,11 +12,12 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 data:
   LOG_PATH: {{ index .Values.logPath }}
   APP: {{ index .Values.app }}
-  ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+  ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
 kind: ConfigMap
 metadata:
   name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml
index 8d2e9738c1..75e6b1ee62 100755
--- a/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -37,37 +39,31 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
-      initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
-      - command:
-        - /root/job_complete.py
-        args:
-        - --job-name
-        - {{ include "common.release" . }}-so-mariadb-config-job
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-readiness
+      initContainers:
+      {{ include "so.certificate.container_importer" . | indent 6 | trim }}
+      {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
       containers:
       - name: {{ include "common.name" . }}
-        image: {{ include "common.repository" . }}/{{ .Values.image }}
-        resources:
-{{ include "common.resources" . | indent 12 }}
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+        resources: {{ include "common.resources" . | nindent 12 }}
+        {{- if .Values.global.aafEnabled }}
+        command:
+        - sh
+        args:
+        - -c
+        - |
+          export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+          export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+          {{- if .Values.global.security.aaf.enabled }}
+          export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
+          {{- end }}
+          /app/start-app.sh
+        {{- end }}
         env:
         - name: DB_HOST
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.readwrite.host
+          value: {{ include "common.mariadbService" . }}
         - name: DB_PORT
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.readwrite.port
+          value: {{ include "common.mariadbPort" . | quote }}
         - name: DB_USERNAME
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
         - name: DB_PASSWORD
@@ -76,33 +72,18 @@ spec:
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
         - name: DB_ADMIN_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
-         {{- if eq .Values.global.security.aaf.enabled true }}
-        - name: TRUSTSTORE
-          value: /app/org.onap.so.trust.jks
-        - name: TRUSTSTORE_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name}}-so-client-certs-secret
-              key: trustStorePassword
-        - name: KEYSTORE
-          value: /app/org.onap.so.jks
-        - name: KEYSTORE_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name}}-so-client-certs-secret
-              key: keyStorePassword
-        {{- end }}
+        {{ include "so.certificates.env" . | indent 8 | trim }}
         envFrom:
         - configMapRef:
             name: {{ include "common.fullname" . }}-configmap
         imagePullPolicy:  {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
+        volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
         - name: logs
           mountPath: /app/logs
         - name: config
           mountPath: /app/config
           readOnly: true
-{{ include "helpers.livenessProbe" .| indent 8 }}
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
         ports:
         - containerPort: {{ index .Values.containerPort }}
           name: {{ .Values.service.portName }}
diff --git a/kubernetes/so/components/so-catalog-db-adapter/templates/secret.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/secret.yaml
new file mode 100644
index 0000000000..34932b713d
--- /dev/null
+++ b/kubernetes/so/components/so-catalog-db-adapter/templates/secret.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-catalog-db-adapter/templates/service.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/service.yaml
index 6711c3b2e7..6eb6f27e26 100755
--- a/kubernetes/so/charts/so-catalog-db-adapter/templates/service.yaml
+++ b/kubernetes/so/components/so-catalog-db-adapter/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 kind: Service
 metadata:
diff --git a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml b/kubernetes/so/components/so-catalog-db-adapter/values.yaml
index 9aa9c98fbc..81a7c3fba1 100755
--- a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml
+++ b/kubernetes/so/components/so-catalog-db-adapter/values.yaml
@@ -1,5 +1,5 @@
 # Copyright © 2018 AT&T USA
-#
+# Copyright © 2020 Huawei
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -17,11 +17,23 @@
 global:
   nodePortPrefix: 302
   nodePortPrefixExt: 304
-  repository: nexus3.onap.org:10001
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
   persistence:
     mountPath: /dockerdata-nfs
+  security:
+    aaf:
+      enabled: false
+  aaf:
+    auth:
+      header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+  app:
+    msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+  mariadbGalera:
+    serviceName: mariadb-galera
+    servicePort: '3306'
+
+readinessCheck:
+  wait_for:
+    - so-mariadb-config
 
 #################################################################
 # Secrets metaconfig
@@ -41,10 +53,6 @@ secrets:
     login: '{{ .Values.db.adminName }}'
     password: '{{ .Values.db.adminPassword }}'
     passwordPolicy: required
-  - uid: "so-onap-certs"
-    externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
-    type: generic
-    filePaths: '{{ .Values.secretsFilePaths }}'
 
 #secretsFilePaths: |
 #  - 'my file 1'
@@ -53,8 +61,7 @@ secrets:
 #################################################################
 # Application configuration defaults.
 #################################################################
-repository: nexus3.onap.org:10001
-image: onap/so/catalog-db-adapter:1.6.4
+image: onap/so/catalog-db-adapter:1.7.10
 pullPolicy: Always
 
 db:
@@ -65,20 +72,38 @@ db:
   adminPassword: so_Admin123
   # adminCredsExternalSecret: some secret
 
+mso:
+  adapters:
+    db:
+      auth: Basic YnBlbDpwYXNzd29yZDEk
+
 replicaCount: 1
 minReadySeconds: 10
-containerPort: 8082
+containerPort: &containerPort 8082
 logPath: ./logs/catdb/
 app: catalog-db-adapter
 service:
     type: ClusterIP
-    internalPort: 8082
-    externalPort: 8082
+    internalPort: *containerPort
+    externalPort: *containerPort
     portName: so-catdb-port
 updateStrategy:
     type: RollingUpdate
     maxUnavailable: 1
     maxSurge: 1
+
+#################################################################
+# soHelper part
+#################################################################
+soHelpers:
+  nameOverride: so-catalogdb-cert-init
+  certInitializer:
+    nameOverride: so-catalogdb-cert-init
+    credsPath: /opt/app/osaaf/local
+  cadi:
+    apiEnforcement: org.onap.so.catalogDbAdapterPerm
+  containerPort: *containerPort
+
 # Resource Limit flavor -By Default using small
 flavor: small
 # Segregation for Different environment (Small and Large)
diff --git a/kubernetes/so/components/so-cnf-adapter/Chart.yaml b/kubernetes/so/components/so-cnf-adapter/Chart.yaml
new file mode 100755
index 0000000000..4b507c105a
--- /dev/null
+++ b/kubernetes/so/components/so-cnf-adapter/Chart.yaml
@@ -0,0 +1,20 @@
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+appVersion: "1.7.1"
+description: A Helm chart for Kubernetes
+name: so-cnf-adapter
+version: 6.0.0
+
diff --git a/kubernetes/so/components/so-cnf-adapter/requirements.yaml b/kubernetes/so/components/so-cnf-adapter/requirements.yaml
new file mode 100755
index 0000000000..ecba826c68
--- /dev/null
+++ b/kubernetes/so/components/so-cnf-adapter/requirements.yaml
@@ -0,0 +1,28 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    # local reference to common chart, as it is
+    # a part of this chart's package and will not
+    # be published independently to a repo (at this point)
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
+  - name: soHelpers
+    version: ~6.x-0
+    repository: 'file://../soHelpers'
+
diff --git a/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml
new file mode 100755
index 0000000000..c513589100
--- /dev/null
+++ b/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml
@@ -0,0 +1,50 @@
+{{/*
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+aai:
+  auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.server.aai.auth ) }}
+  endpoint: https://aai.{{ include "common.namespace" . }}:8443
+logging:
+  path: logs
+spring:
+  security:
+    usercredentials:
+      - username: ${ACTUATOR_USERNAME}
+        password: ${ACTUATOR_PASSWORD}
+        role: ACTUATOR
+server:
+  port: {{ index .Values.containerPort }}
+  tomcat:
+    max-threads: 50
+mso:
+  site-name: localSite
+  logPath: ./logs/cnf
+  msb-ip: msb-iag.{{ include "common.namespace" . }}
+  msb-port: 80
+#Actuator
+management:
+  endpoints:
+    web:
+      base-path: /manage
+      exposure:
+        include: "*"
+  metrics:
+    se-global-registry: false
+    export:
+      prometheus:
+        enabled: true # Whether exporting of metrics to Prometheus is enabled.
+        step: 1m # Step size (i.e. reporting frequency) to use.
+
diff --git a/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml b/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml
new file mode 100755
index 0000000000..c5ebec0b15
--- /dev/null
+++ b/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml
@@ -0,0 +1,30 @@
+{{/*
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "env") | nindent 2 }}
+data:
+  LOG_PATH: {{ index .Values.logPath }}
+  APP: {{ index .Values.app }}
+  ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+
diff --git a/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml
new file mode 100755
index 0000000000..3c131321f3
--- /dev/null
+++ b/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml
@@ -0,0 +1,132 @@
+{{/*
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+  selector: {{- include "common.selectors" . | nindent 4 }}
+  replicas: {{ index .Values.replicaCount }}
+  minReadySeconds: {{ index .Values.minReadySeconds }}
+  strategy:
+    type: {{ index .Values.updateStrategy.type }}
+    rollingUpdate:
+      maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+      maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+  template:
+    metadata:
+      labels: {{- include "common.labels" . | nindent 8 }}
+    spec:
+      initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
+        - name: {{ include "common.name" . }}-encrypter
+          command:
+            - sh
+          args:
+            - -c
+            - |
+              java Crypto "${AAI_USERNAME}:${AAI_PASSWORD}" "${MSO_KEY}" > /output/.aai_creds
+          env:
+            - name: AAI_USERNAME
+              {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aai-creds" "key" "login") | indent 14 }}
+            - name: AAI_PASSWORD
+              {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aai-creds" "key" "password") | indent 14 }}
+            - name: MSO_KEY
+              {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cnf-adapter-mso-key" "key" "password") | indent 14 }}
+          image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.global.soCryptoImage }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          volumeMounts:
+            - name: encoder
+              mountPath: /output
+        - name: {{ include "common.name" . }}-readiness
+          command:
+            - /app/ready.py
+          args:
+            - --job-name
+            - {{ include "common.release" . }}-so-mariadb-config-job
+          env:
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+          image: {{ include "repositoryGenerator.image.readiness" . }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+      containers:
+        - name: {{ include "common.name" . }}
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+          command:
+            - sh
+          args:
+            - -c
+            - |
+              export AAF_BASE64=$(echo -n "${AAF_USERNAME}:${AAF_PASSWORD}" | base64)
+              export AAF_AUTH=$(echo "Basic ${AAF_BASE64}")
+              export AAI_AUTH=$(cat /input/.aai_creds)
+              {{- if .Values.global.aafEnabled }}
+              export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+              export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+              {{- if .Values.global.security.aaf.enabled }}
+              export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+              {{- end }}
+              {{- end }}
+              ./start-app.sh
+          resources: {{ include "common.resources" . | nindent 12 }}
+          ports: {{- include "common.containerPorts" . | nindent 12  }}
+          env:
+            - name: AAF_USERNAME
+              {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aaf-creds" "key" "login") | indent 14 }}
+            - name: AAF_PASSWORD
+              {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aaf-creds" "key" "password") | indent 14 }}
+            - name: ACTUATOR_USERNAME
+              {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }}
+            - name: ACTUATOR_PASSWORD
+              {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }}
+            {{ include "so.certificates.env" . | indent 12 | trim }}
+          envFrom:
+            - configMapRef:
+                name: {{ include "common.fullname" . }}-env
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }}
+            - name: logs
+              mountPath: /app/logs
+            - name: config
+              mountPath: /app/config
+              readOnly: true
+              readOnly: true
+            - name: encoder
+              mountPath: /input
+          livenessProbe:
+            httpGet:
+              path: {{ index .Values.livenessProbe.path}}
+              port: {{ index .Values.containerPort }}
+              scheme: {{ index .Values.livenessProbe.scheme}}
+            initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
+            periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
+            timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
+            successThreshold: {{ index .Values.livenessProbe.successThreshold}}
+            failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+      volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
+        - name: logs
+          emptyDir: {}
+        - name: config
+          configMap:
+            name: {{ include "common.fullname" . }}
+        - name: encoder
+          emptyDir:
+            medium: Memory
+      imagePullSecrets:
+        - name: "{{ include "common.namespace" . }}-docker-registry-key"
+
diff --git a/kubernetes/so/components/so-cnf-adapter/templates/secret.yaml b/kubernetes/so/components/so-cnf-adapter/templates/secret.yaml
new file mode 100644
index 0000000000..dfeae804be
--- /dev/null
+++ b/kubernetes/so/components/so-cnf-adapter/templates/secret.yaml
@@ -0,0 +1,18 @@
+{{/*
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
+
diff --git a/kubernetes/so/components/so-cnf-adapter/templates/service.yaml b/kubernetes/so/components/so-cnf-adapter/templates/service.yaml
new file mode 100755
index 0000000000..0c34660a0e
--- /dev/null
+++ b/kubernetes/so/components/so-cnf-adapter/templates/service.yaml
@@ -0,0 +1,18 @@
+{{/*
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.service" . }}
+
diff --git a/kubernetes/so/components/so-cnf-adapter/values.yaml b/kubernetes/so/components/so-cnf-adapter/values.yaml
new file mode 100755
index 0000000000..0fdd4f2edf
--- /dev/null
+++ b/kubernetes/so/components/so-cnf-adapter/values.yaml
@@ -0,0 +1,161 @@
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+  nodePortPrefix: 302
+  nodePortPrefixExt: 304
+  soCryptoImage: sdesbure/so_crypto:latest
+  persistence:
+    mountPath: /dockerdata-nfs
+  security:
+    aaf:
+      enabled: false
+  aaf:
+    auth:
+      header: ${AAF_AUTH}
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: db-user-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+    login: '{{ .Values.db.userName }}'
+    password: '{{ .Values.db.userPassword }}'
+    passwordPolicy: required
+  - uid: db-admin-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+    login: '{{ .Values.db.adminName }}'
+    password: '{{ .Values.db.adminPassword }}'
+    passwordPolicy: required
+  - uid: server-actuator-creds
+    name: '{{ include "common.release" . }}-so-cnf-actuator-creds'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}'
+    login: '{{ .Values.server.actuator.username }}'
+    password: '{{ .Values.server.actuator.password }}'
+    passwordPolicy: required
+  - uid: so-aaf-creds
+    name: '{{ include "common.release" . }}-so-cnf-aaf-creds'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.server.aafCredsExternalSecret) . }}'
+    login: '{{ .Values.server.aaf.username }}'
+    password: '{{ .Values.server.aaf.password }}'
+    passwordPolicy: required
+  - uid: so-aai-creds
+    name: '{{ include "common.release" . }}-so-cnf-aai-creds'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.server.aaiCredsExternalSecret) . }}'
+    login: '{{ .Values.server.aai.username }}'
+    password: '{{ .Values.server.aai.password }}'
+    passwordPolicy: required
+  - uid: cnf-adapter-mso-key
+    name: '{{ include "common.release" . }}-so-cnf-mso-key'
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.mso.msoKeySecret) . }}'
+    password: '{{ .Values.mso.msoKey }}'
+#secretsFilePaths: |
+#  - 'my file 1'
+#  - '{{ include "templateThatGeneratesFileName" . }}'
+#################################################################
+# Application configuration defaults.
+#################################################################
+image: onap/so/mso-cnf-adapter:1.7.1
+pullPolicy: Always
+db:
+  userName: so_user
+  userPassword: so_User123
+  # userCredsExternalSecret: some secret
+  adminName: so_admin
+  adminPassword: so_Admin123
+  # adminCredsExternalSecret: some secret
+server:
+  aaf:
+    username: so@so.onap.org
+    password: demo123456
+  # aafCredsExternalSecret: some secret
+  aai:
+    username: aai@aai.onap.org
+    password: demo123456!
+    auth: ${AAI_AUTH}
+  # aaiCredsExternalSecret: some secret
+  actuator:
+    username: mso_admin
+    password: password1$
+  # actuatorCredsExternalSecret: some secret
+mso:
+  msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+  # msoKeySecret: some secret
+  adapters:
+    requestDb:
+      auth: ${REQUEST_AUTH}
+replicaCount: 1
+minReadySeconds: 10
+containerPort: &containerPort 8090
+logPath: ./logs/cnf/
+app: cnf-adapter
+service:
+  type: ClusterIP
+  ports:
+    - name: http-api
+      port: *containerPort
+updateStrategy:
+  type: RollingUpdate
+  maxUnavailable: 1
+  maxSurge: 1
+soHelpers:
+  nameOverride: so-cnf-cert-init
+  certInitializer:
+    nameOverride: so-cnf-cert-init
+    credsPath: /opt/app/osaaf/local
+  cadi:
+    apiEnforcement: org.onap.so.openStackAdapterPerm
+  containerPort: *containerPort
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+  small:
+    limits:
+      memory: 4Gi
+      cpu: 2000m
+    requests:
+      memory: 1Gi
+      cpu: 500m
+  large:
+    limits:
+      memory: 8Gi
+      cpu: 4000m
+    requests:
+      memory: 2Gi
+      cpu: 1000m
+  unlimited: {}
+livenessProbe:
+  path: /manage/health
+  port: 8090
+  scheme: HTTP
+  initialDelaySeconds: 600
+  periodSeconds: 60
+  timeoutSeconds: 10
+  successThreshold: 1
+  failureThreshold: 3
+ingress:
+  enabled: false
+nodeSelector: {}
+tolerations: []
+affinity: {}
+
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/Chart.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/Chart.yaml
new file mode 100644
index 0000000000..c4fb9a49d5
--- /dev/null
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP SO ETSI NFVO NS LCM
+name: so-etsi-nfvo-ns-lcm
+version: 6.0.0
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/requirements.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/requirements.yaml
new file mode 100755
index 0000000000..d25c12c663
--- /dev/null
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/requirements.yaml
@@ -0,0 +1,26 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+  - name: common
+    version: ~6.x-0
+    # local reference to common chart, as it is
+    # a part of this chart's package and will not
+    # be published independently to a repo (at this point)
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
+  - name: soHelpers
+    version: ~6.x-0
+    repository: 'file://../soHelpers'
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml
new file mode 100644
index 0000000000..20a4284c67
--- /dev/null
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml
@@ -0,0 +1,72 @@
+{{/*
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+aai:
+  auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
+  version: v19
+  endpoint: https://aai.{{ include "common.namespace" . }}:8443
+spring:
+  datasource:
+    hikari:
+      camunda:
+        jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/camundabpmn
+        username: ${DB_USERNAME}
+        password: ${DB_PASSWORD}
+        driver-class-name: org.mariadb.jdbc.Driver
+        pool-name: bpmn-pool
+        registerMbeans: true
+      nfvo:
+        jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/nfvo
+        username: ${DB_ADMIN_USERNAME}
+        password: ${DB_ADMIN_PASSWORD}
+        driver-class-name: org.mariadb.jdbc.Driver
+        pool-name: nfvo-pool
+        registerMbeans: true
+  security:
+    usercredentials:
+    - username: ${ETSI_NFVO_USERNAME}
+      password: ${ETSI_NFVO_PASSWORD}
+      role: ETSI-NFVO-Client
+server:
+  port: {{ .Values.containerPort }}
+  tomcat:
+    max-threads: 50
+mso:
+  key: {{ .Values.mso.key }}
+so:
+  adapters:
+    sol003-adapter:
+      url: http://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1
+      auth: {{ .Values.so.sol003.adapter.auth }}
+etsi-catalog-manager:
+  base:
+  {{- if .Values.global.msbEnabled }}
+    endpoint: https://msb-iag:443/api
+  http:
+    client:
+      ssl:
+        trust-store: file:${TRUSTSTORE}
+        trust-store-password: ${TRUSTSTORE_PASSWORD}
+  {{- else }}
+    endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api
+  {{- end }}
+camunda:
+  bpm:
+    history-level: full
+    job-execution:
+      max-pool-size: 30
+      core-pool-size: 3
+      deployment-aware: true
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/configmap.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/configmap.yaml
new file mode 100644
index 0000000000..add9a02cf6
--- /dev/null
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/configmap.yaml
@@ -0,0 +1,43 @@
+{{/*
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+  LOG_PATH: {{ index .Values.logPath }}
+  APP: {{ index .Values.app }}
+  ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-app-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml
new file mode 100644
index 0000000000..2cf23e23be
--- /dev/null
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml
@@ -0,0 +1,94 @@
+{{/*
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+  selector: {{- include "common.selectors" . | nindent 4 }}
+  replicas: {{ index .Values.replicaCount }}
+  minReadySeconds: {{ index .Values.minReadySeconds }}
+  strategy:
+    type: {{ index .Values.updateStrategy.type }}
+    rollingUpdate:
+      maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+      maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+  template:
+    metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+    spec:
+      initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
+      containers:
+        - name: {{ include "common.name" . }}
+          command:
+            - sh
+          args:
+            - -c
+            - |
+              export ETSI_NFVO_PASSWORD=`htpasswd -bnBC 10 "" $ETSI_NFVO_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
+              {{- if .Values.global.aafEnabled }}
+              export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+              export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+              {{- if .Values.global.security.aaf.enabled }}
+              export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
+              {{- end }}
+              {{- end }}
+              ./start-app.sh
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+          resources: {{ include "common.resources" . | nindent 12 }}
+          env:
+            - name: ETSI_NFVO_USERNAME
+              {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "login") | indent 14 }}
+            - name: ETSI_NFVO_PASSWORD_INPUT
+              {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "password") | indent 14 }}
+            - name: DB_HOST
+              value: {{ include "common.mariadbService" . }}
+            - name: DB_PORT
+              value: {{ include "common.mariadbPort" . | quote }}
+            - name: DB_USERNAME
+              {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }}
+            - name: DB_PASSWORD
+              {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 14 }}
+            - name: DB_ADMIN_USERNAME
+              {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }}
+            - name: DB_ADMIN_PASSWORD
+              {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }}
+            {{ include "so.certificates.env" . | indent 12 | trim }}
+          envFrom:
+            - configMapRef:
+                name: {{ include "common.fullname" . }}-configmap
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }}
+            - name: logs
+              mountPath: /app/logs
+            - name: config
+              mountPath: /app/config
+              readOnly: true
+          livenessProbe:
+            tcpSocket:
+              port: {{ index .Values.livenessProbe.port }}
+            initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
+            periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
+            successThreshold: {{ index .Values.livenessProbe.successThreshold}}
+            failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+          ports: {{ include "common.containerPorts" . | nindent 12  }}
+      volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
+        - name: logs
+          emptyDir: {}
+        - name: config
+          configMap:
+            name: {{ include "common.fullname" . }}-app-configmap
+      imagePullSecrets:
+        - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/ingress.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/ingress.yaml
index 0cd8cfbd36..56e02b30b0 100644
--- a/kubernetes/sdnc/charts/sdnc-portal/templates/ingress.yaml
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/ingress.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2020 Samsung, Orange
+{{/*
+# Copyright © 2020 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.ingress" . }}
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/secret.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/secret.yaml
new file mode 100644
index 0000000000..1b9306e883
--- /dev/null
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/secret.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/service.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/service.yaml
new file mode 100644
index 0000000000..4e6428b2ef
--- /dev/null
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/service.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.service" . }}
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml
new file mode 100644
index 0000000000..f5ad18faf6
--- /dev/null
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml
@@ -0,0 +1,163 @@
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+  nodePortPrefixExt: 304
+  persistence:
+    mountPath: /dockerdata-nfs
+  security:
+    aaf:
+      enabled: false
+  aaf:
+    auth:
+      header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+  mariadbGalera:
+    serviceName: mariadb-galera
+    servicePort: '3306'
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: etsi-nfvo-nslcm-creds
+    name: '{{ include "common.release" . }}-so-etsi-nfvo-nslcm-creds'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.etsi.nfvo.nslcm.credsExternalSecret) . }}'
+    login: '{{ .Values.etsi.nfvo.nslcm.username }}'
+    password: '{{ .Values.etsi.nfvo.nslcm.password }}'
+  - uid: db-user-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+    login: '{{ .Values.db.userName }}'
+    password: '{{ .Values.db.userPassword }}'
+    passwordPolicy: required
+  - uid: db-admin-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+    login: '{{ .Values.db.adminName }}'
+    password: '{{ .Values.db.adminPassword }}'
+    passwordPolicy: required
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+image: onap/so/so-etsi-nfvo-ns-lcm:1.7.7
+pullPolicy: Always
+
+aai:
+  auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+db:
+  userName: so_user
+  userPassword: so_User123
+  # userCredsExternalSecret: some secret
+  adminName: so_admin
+  adminPassword: so_Admin123
+  # adminCredsExternalSecret: some secret
+etsi:
+  nfvo:
+    nslcm:
+      username: so-etsi-nfvo-ns-lcm
+mso:
+  key: 07a7159d3bf51a0e53be7a8f89699be7
+so:
+  sol003:
+    adapter:
+      auth: Basic dm5mbTpwYXNzd29yZDEk
+
+replicaCount: 1
+minReadySeconds: 10
+containerPort: &containerPort 9095
+logPath: ./logs/so-etsi-nfvo-ns-lcm/
+app: so-etsi-nfvo-ns-lcm
+service:
+  type: ClusterIP
+  name: so-etsi-nfvo-ns-lcm
+  annotations:
+    service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true'
+    msb.onap.org/service-info: |
+      {{ if .Values.global.msbEnabled -}}[
+        {
+          "serviceName": "{{ include "common.servicename" . }}",
+          "version": "v1",
+          "url": "/so/so-etsi-nfvo-ns-lcm/v1",
+          "protocol": "REST",
+          "port": "{{ include "common.getPort" (dict "global" . "name" "http-api") }}",
+          "visualRange":"1"
+        }
+      ]{{ end }}
+  ports:
+    - name: http-api
+      port: *containerPort
+updateStrategy:
+  type: RollingUpdate
+  maxUnavailable: 1
+  maxSurge: 1
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+  nameOverride: so-nfvo-cert-init
+  certInitializer:
+    nameOverride: so-nfvo-cert-init
+    credsPath: /opt/app/osaaf/local
+  cadi:
+    apiEnforcement: org.onap.so.nfvoAdapterPerm
+  containerPort: *containerPort
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+  small:
+    limits:
+      memory: 4Gi
+      cpu: 2000m
+    requests:
+      memory: 1Gi
+      cpu: 500m
+  large:
+    limits:
+      memory: 8Gi
+      cpu: 4000m
+    requests:
+      memory: 2Gi
+      cpu: 1000m
+  unlimited: {}
+
+livenessProbe:
+  port: 9095
+  initialDelaySeconds: 600
+  periodSeconds: 60
+  timeoutSeconds: 10
+  successThreshold: 1
+  failureThreshold: 3
+
+ingress:
+  enabled: false
+  service:
+    - baseaddr: 'soetsinfvonslcm'
+      name: 'so-etsi-nfvo-ns-lcm'
+      port: 9095
+  config:
+    ssl: 'redirect'
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
diff --git a/kubernetes/so/charts/so-mariadb/Chart.yaml b/kubernetes/so/components/so-mariadb/Chart.yaml
index 2c6f0278b0..2c6f0278b0 100755
--- a/kubernetes/so/charts/so-mariadb/Chart.yaml
+++ b/kubernetes/so/components/so-mariadb/Chart.yaml
diff --git a/kubernetes/so/components/so-mariadb/requirements.yaml b/kubernetes/so/components/so-mariadb/requirements.yaml
new file mode 100755
index 0000000000..0dfef90cff
--- /dev/null
+++ b/kubernetes/so/components/so-mariadb/requirements.yaml
@@ -0,0 +1,26 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+  - name: common
+    version: ~6.x-0
+    # local reference to common chart, as it is
+    # a part of this chart's package and will not
+    # be published independently to a repo (at this point)
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
+  - name: readinessCheck
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh
index 08adb4a407..72963d9efc 100755
--- a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh
+++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh
@@ -1,4 +1,5 @@
 #!/bin/sh
+{{/*
 #
 # ============LICENSE_START==========================================
 # ===================================================================
@@ -20,6 +21,7 @@
 # ECOMP and OpenECOMP are trademarks
 # and service marks of AT&T Intellectual Property.
 #
+*/}}
 
 echo "Creating camundabpmn database . . ." 1>/tmp/mariadb-camundabpmn.log 2>&1
 
diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/02-create-requestdb.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/02-create-requestdb.sh
index 0f404466ca..4c2d668af7 100755
--- a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/02-create-requestdb.sh
+++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/02-create-requestdb.sh
@@ -1,4 +1,5 @@
 #!/bin/sh
+{{/*
 #
 # ============LICENSE_START==========================================
 # ===================================================================
@@ -20,6 +21,7 @@
 # ECOMP and OpenECOMP are trademarks
 # and service marks of AT&T Intellectual Property.
 #
+*/}}
 
 echo "Creating requestdb database . . ." 1>/tmp/mariadb-requestdb.log 2>&1
 
diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/03-create-catalogdb.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/03-create-catalogdb.sh
index 3115ec6199..dd374d440b 100755
--- a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/03-create-catalogdb.sh
+++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/03-create-catalogdb.sh
@@ -1,4 +1,5 @@
 #!/bin/sh
+{{/*
 #
 # ============LICENSE_START==========================================
 # ===================================================================
@@ -20,6 +21,7 @@
 # ECOMP and OpenECOMP are trademarks
 # and service marks of AT&T Intellectual Property.
 #
+*/}}
 
 echo "Creating catalogdb database . . ." 1>/tmp/mariadb-catalogdb.log 2>&1
 
diff --git a/kubernetes/policy/charts/drools/resources/configmaps/status.post.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-nfvo-db.sh
index e2d7381689..db6fd22eaf 100644..100755
--- a/kubernetes/policy/charts/drools/resources/configmaps/status.post.sh
+++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-nfvo-db.sh
@@ -1,8 +1,7 @@
-#!/bin/bash
+#!/bin/sh
+{{/*
 # ============LICENSE_START=======================================================
-# ONAP
-# ================================================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+#  Copyright (C) 2020 Nordix Foundation.
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,6 +14,26 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
 # ============LICENSE_END=========================================================
+*/}}
+
+echo "Creating nfvo database . . ." 1>/tmp/mariadb-nfvodb.log 2>&1
+
+prepare_password()
+{
+    echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+}
+
+NFVO_DB_PASSWORD=`prepare_password $NFVO_DB_PASSWORD`
+
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+CREATE DATABASE /*!32312 IF NOT EXISTS*/ nfvo /*!40100 DEFAULT CHARACTER SET latin1 */;
+DROP USER IF EXISTS '${NFVO_DB_USER}';
+CREATE USER '${NFVO_DB_USER}';
+GRANT ALL on nfvo.* to '${NFVO_DB_USER}' identified by '${NFVO_DB_PASSWORD}' with GRANT OPTION;
+FLUSH PRIVILEGES;
+EOF
 
-policy status
+echo "Created nfvo database . . ." 1>>/tmp/mariadb-nfvodb.log 2>&1
diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-so-user.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh
index c4048002cf..7b88055078 100755
--- a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-so-user.sh
+++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh
@@ -1,4 +1,5 @@
 #!/bin/sh
+{{/*
 #
 # ============LICENSE_START==========================================
 # ===================================================================
@@ -20,9 +21,17 @@
 # ECOMP and OpenECOMP are trademarks
 # and service marks of AT&T Intellectual Property.
 #
+*/}}
 
 echo "Creating so user . . ." 1>/tmp/mariadb-so-user.log 2>&1
 
+prepare_password()
+{
+	echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+}
+
+DB_PASSWORD=`prepare_password $DB_PASSWORD`
+
 mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
 DROP USER IF EXISTS '${DB_USER}';
 CREATE USER '${DB_USER}';
@@ -30,6 +39,7 @@ GRANT USAGE ON *.* TO '${DB_USER}'@'%' IDENTIFIED BY '${DB_PASSWORD}';
 GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON requestdb.* TO '${DB_USER}'@'%';
 GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON catalogdb.* TO '${DB_USER}'@'%';
 GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON camundabpmn.* TO '${DB_USER}'@'%';
+GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON nfvo.* TO '${DB_USER}'@'%';
 FLUSH PRIVILEGES;
 EOF
 
diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/05-create-so-admin.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh
index e9d7c6fefa..5296748c50 100755
--- a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/05-create-so-admin.sh
+++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh
@@ -1,4 +1,5 @@
 #!/bin/sh
+{{/*
 #
 # ============LICENSE_START==========================================
 # ===================================================================
@@ -20,9 +21,17 @@
 # ECOMP and OpenECOMP are trademarks
 # and service marks of AT&T Intellectual Property.
 #
+*/}}
 
 echo "Creating so admin user . . ." 1>/tmp/mariadb-so-admin.log 2>&1
 
+prepare_password()
+{
+	echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+}
+
+DB_ADMIN_PASSWORD=`prepare_password $DB_ADMIN_PASSWORD`
+
 mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
 DROP USER IF EXISTS '${DB_ADMIN}';
 CREATE USER '${DB_ADMIN}';
@@ -30,6 +39,7 @@ GRANT USAGE ON *.* TO '${DB_ADMIN}'@'%' IDENTIFIED BY '${DB_ADMIN_PASSWORD}';
 GRANT ALL PRIVILEGES ON camundabpmn.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
 GRANT ALL PRIVILEGES ON requestdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
 GRANT ALL PRIVILEGES ON catalogdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
+GRANT ALL PRIVILEGES ON nfvo.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
 FLUSH PRIVILEGES;
 EOF
 
diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.10.0.sql b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.10.0.sql
index 41377fb9eb..41377fb9eb 100644
--- a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.10.0.sql
+++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.10.0.sql
diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_identity_7.10.0.sql b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_identity_7.10.0.sql
index 35cb979781..35cb979781 100644
--- a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_identity_7.10.0.sql
+++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_identity_7.10.0.sql
diff --git a/kubernetes/so/charts/so-mariadb/templates/configmap.yaml b/kubernetes/so/components/so-mariadb/templates/configmap.yaml
index 842e562fd7..98fc2796f3 100644
--- a/kubernetes/so/charts/so-mariadb/templates/configmap.yaml
+++ b/kubernetes/so/components/so-mariadb/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 #   Copyright 2018 © Samsung Electronics Co., Ltd.
 #
 #   Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 #   See the License for the specific language governing permissions and
 #   limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/so/charts/so-mariadb/templates/job.yaml b/kubernetes/so/components/so-mariadb/templates/job.yaml
index ec589ea33e..0eeba7b61a 100644
--- a/kubernetes/so/charts/so-mariadb/templates/job.yaml
+++ b/kubernetes/so/components/so-mariadb/templates/job.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 {{- if .Values.global.migration.enabled }}
 apiVersion: batch/v1
 kind: Job
@@ -37,7 +39,7 @@ spec:
     spec:
       containers:
       - name: {{ include "common.fullname" . }}
-        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         env:
         - name: DB_HOST
@@ -51,7 +53,7 @@ spec:
         command:
         - /bin/bash
         - -c
-        - mysqldump -vv --user=${DB_USER} --password=${DB_PASS} --host=${DB_HOST} --port=${DB_PORT} --databases --single-transaction --quick --lock-tables=false catalogdb requestdb > /var/data/mariadb/backup-`date +%s`.sql
+        - mysqldump -vv --user=${DB_USER} --password=${DB_PASS} --host=${DB_HOST} --port=${DB_PORT} --databases --single-transaction --quick --lock-tables=false catalogdb requestdb nfvo > /var/data/mariadb/backup-`date +%s`.sql
         volumeMounts:
         - mountPath: /etc/localtime
           name: localtime
@@ -93,24 +95,10 @@ spec:
         release: {{ include "common.release" . }}
       name: {{ include "common.name" . }}
     spec:
-      initContainers:
-      - name: {{ include "common.name" . }}-readiness
-        command:
-        - /root/ready.py
-        args:
-        - --container-name
-        - {{ .Values.global.mariadbGalera.nameOverride }}
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+      initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
       containers:
-      - name: {{ include "common.name" . }}
-        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+      - name: {{ include "common.name" . }}-config
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
         - /bin/bash
@@ -125,15 +113,9 @@ spec:
           {{- end }}
         env:
         - name: DB_HOST
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.readwrite.host
+          value: {{ include "common.mariadbService" . }}
         - name: DB_PORT
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.readwrite.port
+          value: {{ include "common.mariadbPort" . | quote }}
         - name: MYSQL_ROOT_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 10 }}
         - name: DB_USER
@@ -156,6 +138,10 @@ spec:
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "login") | indent 10 }}
         - name: CATALOG_DB_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "password") | indent 10 }}
+        - name: NFVO_DB_USER
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nfvo-db-creds" "key" "login") | indent 10 }}
+        - name: NFVO_DB_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nfvo-db-creds" "key" "password") | indent 10 }}
         volumeMounts:
         - mountPath: /etc/localtime
           name: localtime
diff --git a/kubernetes/so/charts/so-mariadb/templates/pv.yaml b/kubernetes/so/components/so-mariadb/templates/pv.yaml
index 7d81805cda..7d81805cda 100644
--- a/kubernetes/so/charts/so-mariadb/templates/pv.yaml
+++ b/kubernetes/so/components/so-mariadb/templates/pv.yaml
diff --git a/kubernetes/so/charts/so-mariadb/templates/pvc.yaml b/kubernetes/so/components/so-mariadb/templates/pvc.yaml
index ad10f18f16..ad10f18f16 100644
--- a/kubernetes/so/charts/so-mariadb/templates/pvc.yaml
+++ b/kubernetes/so/components/so-mariadb/templates/pvc.yaml
diff --git a/kubernetes/so/charts/so-mariadb/templates/secrets.yaml b/kubernetes/so/components/so-mariadb/templates/secrets.yaml
index 7c7d4f9fe5..53d72faf39 100644
--- a/kubernetes/so/charts/so-mariadb/templates/secrets.yaml
+++ b/kubernetes/so/components/so-mariadb/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Copyright © 2020 Samsung Electronics
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-mariadb/values.yaml b/kubernetes/so/components/so-mariadb/values.yaml
index 5e7b2fef76..2dfd5b831f 100755
--- a/kubernetes/so/charts/so-mariadb/values.yaml
+++ b/kubernetes/so/components/so-mariadb/values.yaml
@@ -21,9 +21,22 @@ global:
   nodePortPrefix: 302
   nodePortPrefixExt: 304
   repository: nexus3.onap.org:10001
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  ubuntuInitRepository: registry.hub.docker.com
+  readinessImage: onap/oom/readiness:3.0.1
+  ubuntuInitRepository: docker.io
+  mariadbGalera:
+    nameOverride: &mariadbName mariadb-galera
+    serviceName: mariadb-galera
+    servicePort: "3306"
+  migration:
+    enabled: false
+    dbHost: mariadb-galera
+    dbPort: 3306
+    dbUser: root
+    dbPassword: secretpassword
+
+readinessCheck:
+  wait_for:
+    - *mariadbName
 
 #################################################################
 # Secrets metaconfig
@@ -71,8 +84,11 @@ secrets:
     externalSecret: '{{ tpl (default "" .Values.db.catalog.dbCredsExternalSecret) . }}'
     login: '{{ .Values.db.catalog.userName }}'
     password: '{{ .Values.db.catalog.password }}'
-
-
+  - uid: nfvo-db-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.db.nfvo.dbCredsExternalSecret) . }}'
+    login: '{{ .Values.db.nfvo.userName }}'
+    password: '{{ .Values.db.nfvo.password }}'
 
 #################################################################
 # Application configuration defaults.
@@ -108,6 +124,9 @@ db:
     userName: cataloguser
     password: catalog123
     # dbCredsExternalSecret: some secret
+  nfvo:
+    userName: nfvouser
+    # dbCredsExternalSecret: some secret
 
 # application configuration
 config:
diff --git a/kubernetes/so/charts/so-monitoring/Chart.yaml b/kubernetes/so/components/so-monitoring/Chart.yaml
index ede67ab54f..ede67ab54f 100644
--- a/kubernetes/so/charts/so-monitoring/Chart.yaml
+++ b/kubernetes/so/components/so-monitoring/Chart.yaml
diff --git a/kubernetes/so/components/so-monitoring/requirements.yaml b/kubernetes/so/components/so-monitoring/requirements.yaml
new file mode 100755
index 0000000000..b9be601082
--- /dev/null
+++ b/kubernetes/so/components/so-monitoring/requirements.yaml
@@ -0,0 +1,27 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+  - name: common
+    version: ~6.x-0
+    # local reference to common chart, as it is
+    # a part of this chart's package and will not
+    # be published independently to a repo (at this point)
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
+  - name: soHelpers
+    version: ~6.x-0
+    repository: 'file://../soHelpers'
diff --git a/kubernetes/so/components/so-monitoring/resources/config/overrides/override.yaml b/kubernetes/so/components/so-monitoring/resources/config/overrides/override.yaml
new file mode 100644
index 0000000000..cf54fa43f8
--- /dev/null
+++ b/kubernetes/so/components/so-monitoring/resources/config/overrides/override.yaml
@@ -0,0 +1,35 @@
+server:
+  port: {{ index .Values.containerPort }}
+  {{- if .Values.global.aafEnabled }}
+  ssl:
+    keyStore: ${KEYSTORE}
+    keyStorePassword: ${KEYSTORE_PASSWORD}
+    trustStore: ${TRUSTSTORE}
+    trustStorePassword: ${TRUSTSTORE_PASSWORD}
+  {{- end }}
+  tomcat:
+    max-threads: 50
+  {{- if not .Values.global.aafEnabled }}
+ssl-enable: false
+  {{- end }}
+camunda:
+  rest:
+    api:
+      url: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine/engine/
+      engine: default
+      auth: Basic YXBpaEJwbW46cGFzc3dvcmQxJA==
+mso:
+  database:
+    rest:
+      api:
+        url: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/infraActiveRequests/
+        auth: Basic YnBlbDpwYXNzd29yZDEk
+spring:
+  main:
+    allow-bean-definition-overriding: true
+  security:
+    usercredentials:
+      -
+        username: ${SO_MONITORING_USERNAME}
+        password: ${SO_MONITORING_PASSWORD}
+        role: GUI-Client
diff --git a/kubernetes/so/charts/so-monitoring/templates/configmap.yaml b/kubernetes/so/components/so-monitoring/templates/configmap.yaml
index a6d8b469f8..fb52e598ca 100644
--- a/kubernetes/so/charts/so-monitoring/templates/configmap.yaml
+++ b/kubernetes/so/components/so-monitoring/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2018 Ericsson. All rights reserved.
 #  ================================================================================
@@ -16,6 +17,7 @@
 #  SPDX-License-Identifier: Apache-2.0
 #  ============LICENSE_END=========================================================
 #  @author: gareth.roper@ericsson.com
+*/}}
 apiVersion: v1
 data:
   LOG_PATH: {{ index .Values.logPath }}
diff --git a/kubernetes/so/charts/so-monitoring/templates/deployment.yaml b/kubernetes/so/components/so-monitoring/templates/deployment.yaml
index 82ca53dcf8..dc80d426fc 100644
--- a/kubernetes/so/charts/so-monitoring/templates/deployment.yaml
+++ b/kubernetes/so/components/so-monitoring/templates/deployment.yaml
@@ -1,5 +1,7 @@
+{{/*
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2018 Ericsson. All rights reserved.
+#   Modifications Copyright © 2020 Nokia
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -16,6 +18,7 @@
 #  SPDX-License-Identifier: Apache-2.0
 #  ============LICENSE_END=========================================================
 #  @author: gareth.roper@ericsson.com
+*/}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -44,7 +47,7 @@ spec:
     spec:
       initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
       - name: so-chown
-        image: alpine:3.6
+        image: {{ include "repositoryGenerator.image.busybox" . }}
         volumeMounts:
         - name: logs
           mountPath: /app/logs
@@ -53,20 +56,28 @@ spec:
       restartPolicy: Always
       containers:
       - name: {{ include "common.name" . }}
-        image: {{ include "common.repository" . }}/{{ .Values.image }}
-        resources:
-{{ include "common.resources" . | indent 12 }}
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+        resources: {{ include "common.resources" . | nindent 12 }}
+        command:
+        - /bin/sh
+        args:
+        - -c
+        - |
+          export SO_MONITORING_PASSWORD=`htpasswd -bnBC 10 "" $SO_MON_PASS | tr -d ':\n' | sed 's/\$2y/\$2a/'`
+          {{- if .Values.global.aafEnabled }}
+          export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.cred.props | xargs -0)
+          export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+          export KEYSTORE=file://$cadi_keystore
+          export KEYSTORE_PASSWORD=$cadi_keystore_password_p12
+          export TRUSTSTORE=file://$cadi_truststore
+          export TRUSTSTORE_PASSWORD=$cadi_truststore_password
+          {{- end }}
+          /app/start-app.sh
         env:
         - name: DB_HOST
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.readwrite.host
+          value: {{ include "common.mariadbService" . }}
         - name: DB_PORT
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.readwrite.port
+          value: {{ include "common.mariadbPort" . | quote }}
         - name: DB_USERNAME
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
         - name: DB_PASSWORD
@@ -75,11 +86,16 @@ spec:
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
         - name: DB_ADMIN_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+        - name: SO_MONITORING_USERNAME
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 10 }}
+        - name: SO_MON_PASS
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 10 }}
+
         envFrom:
         - configMapRef:
             name: {{ include "common.fullname" . }}-configmap
         imagePullPolicy:  {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
+        volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
         - name: logs
           mountPath: /app/logs
         - name: config
diff --git a/kubernetes/sdc/charts/sdc-fe/templates/ingress.yaml b/kubernetes/so/components/so-monitoring/templates/ingress.yaml
index 8f87c68f1e..8f87c68f1e 100644
--- a/kubernetes/sdc/charts/sdc-fe/templates/ingress.yaml
+++ b/kubernetes/so/components/so-monitoring/templates/ingress.yaml
diff --git a/kubernetes/so/components/so-monitoring/templates/secret.yaml b/kubernetes/so/components/so-monitoring/templates/secret.yaml
new file mode 100644
index 0000000000..34932b713d
--- /dev/null
+++ b/kubernetes/so/components/so-monitoring/templates/secret.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-monitoring/templates/service.yaml b/kubernetes/so/components/so-monitoring/templates/service.yaml
index c4c2ae9d13..c4439784ca 100644
--- a/kubernetes/so/charts/so-monitoring/templates/service.yaml
+++ b/kubernetes/so/components/so-monitoring/templates/service.yaml
@@ -1,5 +1,7 @@
+{{/*
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2018 Ericsson. All rights reserved.
+#   Modifications © 2020 Nokia
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -16,6 +18,7 @@
 #  SPDX-License-Identifier: Apache-2.0
 #  ============LICENSE_END=========================================================
 #  @author: gareth.roper@ericsson.com
+*/}}
 apiVersion: v1
 kind: Service
 metadata:
@@ -27,9 +30,13 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 spec:
+  {{if .Values.global.aafEnabled -}}
   type: {{ .Values.service.type }}
+  {{- else -}}
+  type: ClusterIP
+  {{- end }}
   ports:
-    {{if eq .Values.service.type "NodePort" -}}
+    {{if and (eq .Values.service.type "NodePort") (.Values.global.aafEnabled) -}}
     - port: {{ .Values.service.internalPort }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
       name: {{ .Values.service.portName }}
diff --git a/kubernetes/so/charts/so-monitoring/values.yaml b/kubernetes/so/components/so-monitoring/values.yaml
index 27fba13521..31ad9d072c 100644
--- a/kubernetes/so/charts/so-monitoring/values.yaml
+++ b/kubernetes/so/components/so-monitoring/values.yaml
@@ -1,5 +1,7 @@
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2018 Ericsson. All rights reserved.
+#   Copyright (C) 2020 Huawei
+#   Modifications Copyright © 2020 Nokia
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -23,10 +25,21 @@ global:
   nodePortPrefix: 302
   nodePortPrefixExt: 304
   repository: nexus3.onap.org:10001
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
+  readinessImage: onap/oom/readiness:3.0.1
+  aafAgentImage: onap/aaf/aaf_agent:2.1.20
+  envsubstImage: dibi/envsubst
+  aafEnabled: true
   persistence:
     mountPath: /dockerdata-nfs
+  security:
+    aaf:
+      enabled: true
+  aaf:
+    auth:
+      header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+  mariadbGalera:
+    serviceName: mariadb-galera
+    servicePort: '3306'
 
 #################################################################
 # Secrets metaconfig
@@ -44,10 +57,11 @@ secrets:
     login: '{{ .Values.db.adminName }}'
     password: '{{ .Values.db.adminPassword }}'
     passwordPolicy: required
-  - uid: "so-onap-certs"
-    externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
-    type: generic
-    filePaths: '{{ .Values.secretsFilePaths }}'
+  - uid: app-user-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.server.monitoring.soMonitoringCredsExternalSecret) . }}'
+    login: '{{ .Values.server.monitoring.username }}'
+    password: '{{ .Values.server.monitoring.password }}'
 
 #secretsFilePaths: |
 #  - 'my file 1'
@@ -57,7 +71,7 @@ secrets:
 # Application configuration defaults.
 #################################################################
 repository: nexus3.onap.org:10001
-image: onap/so/so-monitoring:1.6.4
+image: onap/so/so-monitoring:1.7.7
 pullPolicy: Always
 
 db:
@@ -70,15 +84,34 @@ db:
 
 replicaCount: 1
 minReadySeconds: 10
-containerPort: 9091
+containerPort: &containerPort 9091
 logPath: app/logs/
 app: so-monitoring
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+  nameOverride: so-monitoring-cert-init
+  certInitializer:
+    nameOverride: so-monitoring-cert-init
+    credsPath: /opt/app/osaaf/local
+  cadi:
+    apiEnforcement: org.onap.so.monitoringPerm
+  containerPort: *containerPort
+
+server:
+  monitoring:
+    username: demo
+    # password: demo123456!
+    # soMonitoringCredsExternalSecret: some secret
+
 service:
 #Since this is a feature for monitoring the service type is changed to internal, users can change it to NodePort on need basis...
-    type: ClusterIP
+    type: NodePort
     nodePort: 24
-    internalPort: 9091
-    externalPort: 9091
+    internalPort: *containerPort
+    externalPort: *containerPort
     portName: so-monitor-port
 updateStrategy:
     type: RollingUpdate
diff --git a/kubernetes/so/charts/so-nssmf-adapter/Chart.yaml b/kubernetes/so/components/so-nssmf-adapter/Chart.yaml
index b3311d1c8c..b3311d1c8c 100755
--- a/kubernetes/so/charts/so-nssmf-adapter/Chart.yaml
+++ b/kubernetes/so/components/so-nssmf-adapter/Chart.yaml
diff --git a/kubernetes/so/components/so-nssmf-adapter/requirements.yaml b/kubernetes/so/components/so-nssmf-adapter/requirements.yaml
new file mode 100755
index 0000000000..82296bee1d
--- /dev/null
+++ b/kubernetes/so/components/so-nssmf-adapter/requirements.yaml
@@ -0,0 +1,29 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+  - name: common
+    version: ~6.x-0
+    # local reference to common chart, as it is
+    # a part of this chart's package and will not
+    # be published independently to a repo (at this point)
+    repository: '@local'
+  - name: readinessCheck
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
+  - name: soHelpers
+    version: ~6.x-0
+    repository: 'file://../soHelpers'
diff --git a/kubernetes/so/charts/so-nssmf-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-nssmf-adapter/resources/config/overrides/override.yaml
index 10741b75e7..eaa26637e6 100755
--- a/kubernetes/so/charts/so-nssmf-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-nssmf-adapter/resources/config/overrides/override.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Huawei Technologies Co., Ltd.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,8 +12,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 aai:
-  auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
+  auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
   endpoint: https://aai.{{ include "common.namespace" . }}:8443
 logging:
   path: logs
@@ -50,7 +52,7 @@ mso:
   adapters:
     requestDb:
       endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083
-      auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+      auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
 #Actuator
 management:
   endpoints:
diff --git a/kubernetes/so/charts/so-nssmf-adapter/templates/configmap.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/configmap.yaml
index 85d00fddf3..03a3df4163 100755
--- a/kubernetes/so/charts/so-nssmf-adapter/templates/configmap.yaml
+++ b/kubernetes/so/components/so-nssmf-adapter/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Huawei Technologies Co., Ltd.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,13 +12,14 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 kind: ConfigMap
 metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "env") | nindent 2 }}
 data:
   LOG_PATH: {{ index .Values.logPath }}
   APP: {{ index .Values.app }}
-  ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+  ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
 ---
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/so/charts/so-nssmf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml
index 8d1eaf8ea4..75d831eba6 100755
--- a/kubernetes/so/charts/so-nssmf-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Huawei Technologies Co., Ltd.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: apps/v1
 kind: Deployment
 metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
@@ -27,42 +29,34 @@ spec:
     metadata:
       labels: {{- include "common.labels" . | nindent 8 }}
     spec:
-      initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
-        - name: {{ include "common.name" . }}-readiness
-          command:
-            - /root/job_complete.py
-          args:
-            - --job-name
-            - {{ include "common.release" . }}-so-mariadb-config-job
-          env:
-            - name: NAMESPACE
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: metadata.namespace
-          image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+      initContainers:
+      {{ include "so.certificate.container_importer" . | indent 6 | trim }}
+      {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
       containers:
         - name: {{ include "common.name" . }}
           command:
             - sh
           args:
             - -c
-            - export BPEL_PASSWORD=`htpasswd -bnBC 10 "" $BPEL_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`; export ACTUATOR_PASSWORD=`htpasswd -bnBC 10 "" $ACTUATOR_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`; ./start-app.sh
-          image: {{ include "common.repository" . }}/{{ .Values.image }}
+            - |
+              export BPEL_PASSWORD=`htpasswd -bnBC 10 "" $BPEL_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
+              export ACTUATOR_PASSWORD=`htpasswd -bnBC 10 "" $ACTUATOR_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
+              {{- if .Values.global.aafEnabled }}
+              export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+              export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+              {{- if .Values.global.security.aaf.enabled }}
+              export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
+              {{- end }}
+              {{- end }}
+              ./start-app.sh
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           resources: {{ include "common.resources" . | nindent 12 }}
           ports: {{- include "common.containerPorts" . | nindent 12  }}
           env:
             - name: DB_HOST
-              valueFrom:
-                secretKeyRef:
-                  name: {{ include "common.release" . }}-so-db-secrets
-                  key: mariadb.readwrite.host
+              value: {{ include "common.mariadbService" . }}
             - name: DB_PORT
-              valueFrom:
-                secretKeyRef:
-                  name: {{ include "common.release" . }}-so-db-secrets
-                  key: mariadb.readwrite.port
+              value: {{ include "common.mariadbPort" . | quote }}
             - name: DB_USERNAME
               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }}
             - name: DB_PASSWORD
@@ -71,13 +65,6 @@ spec:
               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }}
             - name: DB_ADMIN_PASSWORD
               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }}
-            - name: TRUSTSTORE
-              value: {{ .Values.global.client.certs.truststore }}
-            - name: TRUSTSTORE_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Release.Name}}-so-client-certs-secret
-                  key: trustStorePassword
             - name: BPEL_USERNAME
               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-bpel-creds" "key" "login") | indent 14 }}
             - name: BPEL_PASSWORD_INPUT
@@ -86,28 +73,17 @@ spec:
               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }}
             - name: ACTUATOR_PASSWORD_INPUT
               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }}
-            {{- if eq .Values.global.security.aaf.enabled true }}
-            - name: KEYSTORE
-              value: {{ .Values.global.client.certs.keystore }}
-            - name: KEYSTORE_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Release.Name}}-so-client-certs-secret
-                  key: keyStorePassword
-            {{- end }}
+            {{ include "so.certificates.env" . | nindent 12 }}
           envFrom:
             - configMapRef:
                 name: {{ include "common.fullname" . }}-env
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 12 }}
+          volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }}
             - name: logs
               mountPath: /app/logs
             - name: config
               mountPath: /app/config
               readOnly: true
-            - name: {{ include "common.fullname" . }}-truststore
-              mountPath: /app/client
-              readOnly: true
           livenessProbe:
             httpGet:
               path: {{ index .Values.livenessProbe.path}}
@@ -124,8 +100,5 @@ spec:
         - name: config
           configMap:
             name: {{ include "common.fullname" . }}
-        - name:  {{ include "common.fullname" . }}-truststore
-          secret:
-            secretName: {{ include "common.release" . }}-so-truststore-secret
       imagePullSecrets:
         - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/so/charts/so-nssmf-adapter/templates/secret.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/secret.yaml
index a39363ffdd..cc40499c76 100644
--- a/kubernetes/so/charts/so-nssmf-adapter/templates/secret.yaml
+++ b/kubernetes/so/components/so-nssmf-adapter/templates/secret.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Huawei Technologies Co., Ltd.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-nssmf-adapter/templates/service.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/service.yaml
index cf08482ad2..665601d832 100755
--- a/kubernetes/so/charts/so-nssmf-adapter/templates/service.yaml
+++ b/kubernetes/so/components/so-nssmf-adapter/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Huawei Technologies Co., Ltd.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.service" . }}
diff --git a/kubernetes/so/charts/so-nssmf-adapter/values.yaml b/kubernetes/so/components/so-nssmf-adapter/values.yaml
index 43d757ea38..b5cfe4eb41 100755
--- a/kubernetes/so/charts/so-nssmf-adapter/values.yaml
+++ b/kubernetes/so/components/so-nssmf-adapter/values.yaml
@@ -17,11 +17,22 @@
 global:
   nodePortPrefix: 302
   nodePortPrefixExt: 304
-  repository: nexus3.onap.org:10001
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
   persistence:
     mountPath: /dockerdata-nfs
+  security:
+    aaf:
+      enabled: false
+  aaf:
+    auth:
+      header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+  mariadbGalera:
+    serviceName: mariadb-galera
+    servicePort: '3306'
+
+readinessCheck:
+  wait_for:
+    - so-mariadb-config
+
 
 #################################################################
 # Secrets metaconfig
@@ -41,10 +52,6 @@ secrets:
     login: '{{ .Values.db.adminName }}'
     password: '{{ .Values.db.adminPassword }}'
     passwordPolicy: required
-  - uid: "so-onap-certs"
-    externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
-    type: generic
-    filePaths: '{{ .Values.secretsFilePaths }}'
   - uid: server-bpel-creds
     name: '{{ include "common.release" . }}-so-server-bpel-creds'
     type: basicAuth
@@ -60,7 +67,6 @@ secrets:
     password: '{{ .Values.server.actuator.password }}'
     passwordPolicy: required
 
-
 #secretsFilePaths: |
 #  - 'my file 1'
 #  - '{{ include "templateThatGeneratesFileName" . }}'
@@ -68,8 +74,7 @@ secrets:
 #################################################################
 # Application configuration defaults.
 #################################################################
-repository: nexus3.onap.org:10001
-image: onap/so/nssmf-adapter:1.6.4
+image: onap/so/nssmf-adapter:1.7.10
 pullPolicy: Always
 
 db:
@@ -86,21 +91,37 @@ server:
   bpel:
     username: bpel
     password: password1$
+aai:
+  auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+mso:
+  adapters:
+    requestDb:
+      auth: Basic YnBlbDpwYXNzd29yZDEk
 
 replicaCount: 1
 minReadySeconds: 10
-containerPort: 8088
+containerPort: &containerPort 8088
 logPath: ./logs/nssmf/
 app: nssmf-adapter
 service:
   type: ClusterIP
   ports:
     - name: api
-      port: 8088
+      port: *containerPort
 updateStrategy:
     type: RollingUpdate
     maxUnavailable: 1
     maxSurge: 1
+
+soHelpers:
+  nameOverride: so-nssmf-cert-init
+  certInitializer:
+    nameOverride: so-nssmf-cert-init
+    credsPath: /opt/app/osaaf/local
+  cadi:
+    apiEnforcement: org.onap.so.nssmfAdapterPerm
+  containerPort: *containerPort
+
 # Resource Limit flavor -By Default using small
 flavor: small
 # Segregation for Different environment (Small and Large)
diff --git a/kubernetes/so/components/so-oof-adapter/Chart.yaml b/kubernetes/so/components/so-oof-adapter/Chart.yaml
new file mode 100755
index 0000000000..cce161a8cd
--- /dev/null
+++ b/kubernetes/so/components/so-oof-adapter/Chart.yaml
@@ -0,0 +1,19 @@
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: so-oof-adapter
+version: 6.0.0
diff --git a/kubernetes/so/components/so-oof-adapter/requirements.yaml b/kubernetes/so/components/so-oof-adapter/requirements.yaml
new file mode 100644
index 0000000000..3398a2d39d
--- /dev/null
+++ b/kubernetes/so/components/so-oof-adapter/requirements.yaml
@@ -0,0 +1,27 @@
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    # local reference to common chart, as it is
+    # a part of this chart's package and will not
+    # be published independently to a repo (at this point)
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
+  - name: soHelpers
+    version: ~6.x-0
+    repository: 'file://../soHelpers'
diff --git a/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml
new file mode 100755
index 0000000000..9aafd4f322
--- /dev/null
+++ b/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml
@@ -0,0 +1,58 @@
+{{/*
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+logging:
+  path: logs
+spring:
+  security:
+    usercredentials:
+      - username: ${BPEL_USERNAME}
+        password: ${BPEL_PASSWORD}
+        role: BPEL-Client
+      - username: ${ACTUATOR_USERNAME}
+        password: ${ACTUATOR_PASSWORD}
+        role: ACTUATOR
+server:
+  port: {{ index .Values.containerPort }}
+  tomcat:
+    max-threads: 50
+
+mso:
+  site-name: localSite
+  logPath: ./logs/oof
+  msb-ip: msb-iag.{{ include "common.namespace" . }}
+  msb-port: 80
+  msoKey: ${MSO_KEY}
+  camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081
+  camundaAuth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.camundaAuth )}}
+  workflow:
+    message:
+      endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
+  oof:
+    auth: ${OOF_LOGIN}:${OOF_PASSWORD}
+    endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698
+#Actuator
+management:
+  endpoints:
+    web:
+      base-path: /manage
+      exposure:
+        include: "*"
+  metrics:
+    se-global-registry: false
+    export:
+      prometheus:
+        enabled: true # Whether exporting of metrics to Prometheus is enabled.
+        step: 1m # Step size (i.e. reporting frequency) to use.
diff --git a/kubernetes/so/components/so-oof-adapter/templates/configmap.yaml b/kubernetes/so/components/so-oof-adapter/templates/configmap.yaml
new file mode 100755
index 0000000000..da5fda9c42
--- /dev/null
+++ b/kubernetes/so/components/so-oof-adapter/templates/configmap.yaml
@@ -0,0 +1,50 @@
+{{/*
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+  LOG_PATH: {{ index .Values.logPath }}
+  APP: {{ index .Values.app }}
+  ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-app-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-log
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
diff --git a/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml b/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml
new file mode 100755
index 0000000000..62ebfff99f
--- /dev/null
+++ b/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml
@@ -0,0 +1,103 @@
+{{/*
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+  selector: {{- include "common.selectors" . | nindent 4 }}
+  replicas: {{ index .Values.replicaCount }}
+  minReadySeconds: {{ index .Values.minReadySeconds }}
+  strategy:
+    type: {{ index .Values.updateStrategy.type }}
+    rollingUpdate:
+      maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+      maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+  template:
+    metadata:
+      labels: {{- include "common.labels" . | nindent 8 }}
+    spec:
+      initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
+      containers:
+      - name: {{ include "common.name" . }}
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+        resources:
+{{ include "common.resources" . | indent 10 }}
+        env:
+        - name: DB_HOST
+          value: {{ include "common.mariadbService" . }}
+        - name: DB_PORT
+          value: {{ include "common.mariadbPort" . | quote }}
+        - name: DB_USERNAME
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+        - name: DB_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+        - name: DB_ADMIN_USERNAME
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+        - name: DB_ADMIN_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+        - name: MSO_KEY
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-adapter-mso-key" "key" "password") | indent 10 }}
+        - name: OOF_LOGIN
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-auth" "key" "login") | indent 10 }}
+        - name: OOF_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-auth" "key" "password") | indent 10 }}
+        {{ include "so.certificates.env" . | indent 8 | trim }}
+        envFrom:
+        - configMapRef:
+            name: {{ include "common.fullname" . }}-configmap
+        imagePullPolicy:  {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+        - name: logs
+          mountPath: /app/logs
+        - name: config
+          mountPath: /app/config
+          readOnly: true
+        - name: {{ include "common.fullname" . }}-logs
+          mountPath: /var/log/onap
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
+        ports: {{- include "common.containerPorts" . | nindent 12  }}
+      # Filebeat sidecar container
+      - name: {{ include "common.name" . }}-filebeat-onap
+        image: {{ include "repositoryGenerator.image.logging" . }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        volumeMounts:
+        - name: {{ include "common.fullname" . }}-filebeat-conf
+          mountPath: /usr/share/filebeat/filebeat.yml
+          subPath: filebeat.yml
+        - name: {{ include "common.fullname" . }}-data-filebeat
+          mountPath: /usr/share/filebeat/data
+        - name: logs
+          mountPath: /var/log/onap/so
+        - name: {{ include "common.fullname" . }}-logs
+          mountPath: /var/log/onap
+      volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+      - name: logs
+        emptyDir: {}
+      - name: config
+        configMap:
+            name: {{ include "common.fullname" . }}-app-configmap
+      - name: {{ include "common.fullname" . }}-log-conf
+        configMap:
+          name: {{ include "common.fullname" . }}-log
+      - name: {{ include "common.fullname" . }}-filebeat-conf
+        configMap:
+          name: {{ .Release.Name }}-so-filebeat-configmap
+      - name: {{ include "common.fullname" . }}-data-filebeat
+        emptyDir: {}
+      - name:  {{ include "common.fullname" . }}-logs
+        emptyDir: {}
+      imagePullSecrets:
+        - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/so/components/so-oof-adapter/templates/secret.yaml b/kubernetes/so/components/so-oof-adapter/templates/secret.yaml
new file mode 100644
index 0000000000..31e0ab6a16
--- /dev/null
+++ b/kubernetes/so/components/so-oof-adapter/templates/secret.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/components/so-oof-adapter/templates/service.yaml b/kubernetes/so/components/so-oof-adapter/templates/service.yaml
new file mode 100755
index 0000000000..a4df54737c
--- /dev/null
+++ b/kubernetes/so/components/so-oof-adapter/templates/service.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.service" . }}
diff --git a/kubernetes/so/charts/so-openstack-adapter/values.yaml b/kubernetes/so/components/so-oof-adapter/values.yaml
index cf86817ff8..13a0f0f05e 100755
--- a/kubernetes/so/charts/so-openstack-adapter/values.yaml
+++ b/kubernetes/so/components/so-oof-adapter/values.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2018 AT&T USA
+# Copyright © 2020 Wipro Limited.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,21 +11,34 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+
 #################################################################
 # Global configuration defaults.
 #################################################################
 global:
   nodePortPrefix: 302
   nodePortPrefixExt: 304
-  repository: nexus3.onap.org:10001
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
   persistence:
     mountPath: /dockerdata-nfs
+  security:
+    aaf:
+      enabled: false
+  aaf:
+    auth:
+      header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+  mariadbGalera:
+    serviceName: mariadb-galera
+    servicePort: '3306'
 
-#################################################################
 # Secrets metaconfig
 #################################################################
+db:
+  userName: so_user
+  userPassword: so_User123
+  # userCredsExternalSecret: some secret
+  adminName: so_admin
+  adminPassword: so_Admin123
+  # adminCredsExternalSecret: some secret
 secrets:
   - uid: db-user-creds
     type: basicAuth
@@ -39,10 +52,17 @@ secrets:
     login: '{{ .Values.db.adminName }}'
     password: '{{ .Values.db.adminPassword }}'
     passwordPolicy: required
-  - uid: "so-onap-certs"
-    externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
-    type: generic
-    filePaths: '{{ .Values.secretsFilePaths }}'
+  - uid: oof-adapter-mso-key
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.mso.msoKeySecret) . }}'
+    password: '{{ .Values.mso.msoKey }}'
+  - uid: oof-auth
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.mso.oof.authSecret) . }}'
+    login: '{{ .Values.mso.oof.login }}'
+    password: '{{ .Values.mso.oof.password }}'
+    passwordPolicy: required
+
 
 #secretsFilePaths: |
 #  - 'my file 1'
@@ -51,32 +71,41 @@ secrets:
 #################################################################
 # Application configuration defaults.
 #################################################################
-image: onap/so/openstack-adapter:1.6.4
+image: onap/so/so-oof-adapter:1.7.4
 pullPolicy: Always
-repository: nexus3.onap.org:10001
 
-db:
-  userName: so_user
-  userPassword: so_User123
-  # userCredsExternalSecret: some secret
-  adminName: so_admin
-  adminPassword: so_Admin123
-  # adminCredsExternalSecret: some secret
+mso:
+  msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+  oof:
+    login: test
+    password: testpwd
 
 replicaCount: 1
+containerPort: &containerPort 8090
 minReadySeconds: 10
-containerPort: 8087
-logPath: ./logs/openstack/
-app: openstack-adapter
+containerPort: *containerPort
+logPath: ./logs/oof/
+app: so-oof-adapter
 service:
     type: ClusterIP
-    internalPort: 8087
-    externalPort: 8087
-    portName: so-optack-port
+    ports:
+      - name: api
+        port: *containerPort
 updateStrategy:
     type: RollingUpdate
     maxUnavailable: 1
     maxSurge: 1
+
+
+soHelpers:
+  nameOverride: so-oof-adapter-cert-init
+  certInitializer:
+    nameOverride: so-oof-adapter-cert-init
+    credsPath: /opt/app/osaaf/local
+  cadi:
+    apiEnforcement: org.onap.so.oofadapterPerm
+  containerPort: *containerPort
+
 # Resource Limit flavor -By Default using small
 flavor: small
 # Segregation for Different environment (Small and Large)
@@ -98,7 +127,7 @@ resources:
   unlimited: {}
 livenessProbe:
     path: /manage/health
-    port: 8087
+    port: *containerPort
     scheme: HTTP
     initialDelaySeconds: 600
     periodSeconds: 60
@@ -107,13 +136,6 @@ livenessProbe:
     failureThreshold: 3
 ingress:
   enabled: false
-config:
-  openStackUserName: "vnf_user"
-  openStackRegion: "RegionOne"
-  openStackKeyStoneUrl: "http://1.2.3.4:5000/v2.0"
-  openStackServiceTenantName: "service"
-  openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
-  openStackTenantId: "d570c718cbc545029f40e50b75eb13df"
 nodeSelector: {}
 tolerations: []
 affinity: {}
diff --git a/kubernetes/so/charts/so-openstack-adapter/Chart.yaml b/kubernetes/so/components/so-openstack-adapter/Chart.yaml
index cf257d3239..cf257d3239 100755
--- a/kubernetes/so/charts/so-openstack-adapter/Chart.yaml
+++ b/kubernetes/so/components/so-openstack-adapter/Chart.yaml
diff --git a/kubernetes/so/components/so-openstack-adapter/requirements.yaml b/kubernetes/so/components/so-openstack-adapter/requirements.yaml
new file mode 100755
index 0000000000..82296bee1d
--- /dev/null
+++ b/kubernetes/so/components/so-openstack-adapter/requirements.yaml
@@ -0,0 +1,29 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+  - name: common
+    version: ~6.x-0
+    # local reference to common chart, as it is
+    # a part of this chart's package and will not
+    # be published independently to a repo (at this point)
+    repository: '@local'
+  - name: readinessCheck
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
+  - name: soHelpers
+    version: ~6.x-0
+    repository: 'file://../soHelpers'
diff --git a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml
index dde3b3ee63..15f08bccc6 100755
--- a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,8 +12,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 aai:
-  auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
+  auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
   endpoint: https://aai.{{ include "common.namespace" . }}:8443
 server:
   port: {{ index .Values.containerPort }}
@@ -58,7 +60,7 @@ org:
         default_keystone_url_version: /v2.0
         default_keystone_reg_ex: "/[vV][0-9]"
         vnf:
-          bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}}
+          bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}}
           checkRequiredParameters: true
           addGetFilesOnVolumeReq: false
           sockettimeout: 30
@@ -69,7 +71,7 @@ org:
           valet_enabled: false
           fail_requests_on_valet_failure: false
         network:
-          bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}}
+          bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}}
           sockettimeout: 5
           connecttimeout: 5
           retrycount: 5
@@ -99,8 +101,8 @@ mso:
   adapters:
     requestDb:
       endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
-      auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}}
-  auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}}
+      auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}}
+  auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}}
   logPath: ./logs/openstack
   msb-ip: msb-iag
   msb-port: 443
@@ -110,7 +112,7 @@ mso:
   msoKey: {{ .Values.mso.msoKey }}
   config:
     {{ if eq .Values.global.security.aaf.enabled true }}
-    cadi: {{ include "cadi.keys" . | nindent 8}}
+    cadi: {{ include "so.cadi.keys" . | nindent 8}}
     {{- else }}
     cadi:
       aafId: {{ .Values.mso.basicUser }}
@@ -120,7 +122,7 @@ mso:
       spring:
         endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
   db:
-    auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}}
+    auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}}
   site-name: localDevEnv
   async:
     core-pool-size: 50
diff --git a/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml b/kubernetes/so/components/so-openstack-adapter/templates/configmap.yaml
index 104daae051..050aab9732 100755
--- a/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml
+++ b/kubernetes/so/components/so-openstack-adapter/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,11 +12,12 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 data:
   LOG_PATH: {{ index .Values.logPath }}
   APP: {{ index .Values.app }}
-  ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+  ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
 kind: ConfigMap
 metadata:
   name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml
index bac21cf10b..3fee225c03 100755
--- a/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -37,37 +39,31 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
-      initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
-      - command:
-        - /root/job_complete.py
-        args:
-        - --job-name
-        - {{ include "common.release" . }}-so-mariadb-config-job
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-readiness
+      initContainers:
+      {{ include "so.certificate.container_importer" . | indent 6 | trim }}
+      {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
       containers:
       - name: {{ include "common.name" . }}
-        image: {{ include "common.repository" . }}/{{ .Values.image }}
-        resources:
-{{ include "common.resources" . | indent 12 }}
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+        resources: {{ include "common.resources" . | nindent 12 }}
+        {{- if .Values.global.aafEnabled }}
+        command:
+        - sh
+        args:
+        - -c
+        - |
+          export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+          export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+          {{- if .Values.global.security.aaf.enabled }}
+          export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
+          {{- end }}
+          /app/start-app.sh
+        {{- end }}
         env:
         - name: DB_HOST
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.readwrite.host
+          value: {{ include "common.mariadbService" . }}
         - name: DB_PORT
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.readwrite.port
+          value: {{ include "common.mariadbPort" . | quote }}
         - name: DB_USERNAME
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
         - name: DB_PASSWORD
@@ -76,27 +72,12 @@ spec:
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
         - name: DB_ADMIN_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
-         {{- if eq .Values.global.security.aaf.enabled true }}
-        - name: TRUSTSTORE
-          value: /app/org.onap.so.trust.jks
-        - name: TRUSTSTORE_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name}}-so-client-certs-secret
-              key: trustStorePassword
-        - name: KEYSTORE
-          value: /app/org.onap.so.jks
-        - name: KEYSTORE_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name}}-so-client-certs-secret
-              key: keyStorePassword
-        {{- end }}
+        {{ include "so.certificates.env" . | indent 8 | trim }}
         envFrom:
         - configMapRef:
             name: {{ include "common.fullname" . }}-configmap
         imagePullPolicy:  {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
+        volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
         - name: logs
           mountPath: /app/logs
         - name: config
@@ -104,14 +85,14 @@ spec:
           readOnly: true
         - name: {{ include "common.fullname" . }}-logs
           mountPath: /var/log/onap
-{{ include "helpers.livenessProbe" .| indent 8 }}
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
         ports:
         - containerPort: {{ index .Values.containerPort }}
           name: {{ .Values.service.portName }}
           protocol: TCP
       # Filebeat sidecar container
       - name: {{ include "common.name" . }}-filebeat-onap
-        image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+        image: {{ include "repositoryGenerator.image.logging" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - name: {{ include "common.fullname" . }}-filebeat-conf
diff --git a/kubernetes/so/components/so-openstack-adapter/templates/secret.yaml b/kubernetes/so/components/so-openstack-adapter/templates/secret.yaml
new file mode 100644
index 0000000000..34932b713d
--- /dev/null
+++ b/kubernetes/so/components/so-openstack-adapter/templates/secret.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-openstack-adapter/templates/service.yaml b/kubernetes/so/components/so-openstack-adapter/templates/service.yaml
index 6711c3b2e7..6eb6f27e26 100755
--- a/kubernetes/so/charts/so-openstack-adapter/templates/service.yaml
+++ b/kubernetes/so/components/so-openstack-adapter/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 kind: Service
 metadata:
diff --git a/kubernetes/so/components/so-openstack-adapter/values.yaml b/kubernetes/so/components/so-openstack-adapter/values.yaml
new file mode 100755
index 0000000000..392f8472d4
--- /dev/null
+++ b/kubernetes/so/components/so-openstack-adapter/values.yaml
@@ -0,0 +1,154 @@
+# Copyright © 2018 AT&T USA
+# Copyright © 2020 Huawei
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+  nodePortPrefix: 302
+  nodePortPrefixExt: 304
+  persistence:
+    mountPath: /dockerdata-nfs
+  security:
+    aaf:
+      enabled: false
+  aaf:
+    auth:
+      encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+  mariadbGalera:
+    serviceName: mariadb-galera
+    servicePort: '3306'
+
+readinessCheck:
+  wait_for:
+    - so-mariadb-config
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: db-user-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+    login: '{{ .Values.db.userName }}'
+    password: '{{ .Values.db.userPassword }}'
+    passwordPolicy: required
+  - uid: db-admin-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+    login: '{{ .Values.db.adminName }}'
+    password: '{{ .Values.db.adminPassword }}'
+    passwordPolicy: required
+
+#secretsFilePaths: |
+#  - 'my file 1'
+#  - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+image: onap/so/openstack-adapter:1.7.10
+pullPolicy: Always
+
+db:
+  userName: so_user
+  userPassword: so_User123
+  # userCredsExternalSecret: some secret
+  adminName: so_admin
+  adminPassword: so_Admin123
+  # adminCredsExternalSecret: some secret
+
+aai:
+  auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+aaf:
+  auth:
+    encrypted: 7F182B0C05D58A23A1C4966B9CDC9E0B8BC5CD53BC8C7B4083D869F8D53E9BDC3EFD55C94B1D3F
+org:
+  onap:
+    so:
+      adapters:
+        bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E
+mso:
+  msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+  basicUser: poBpmn
+  auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
+  db:
+    auth: Basic YnBlbDpwYXNzd29yZDEk
+
+replicaCount: 1
+minReadySeconds: 10
+containerPort: &containerPort 8087
+logPath: ./logs/openstack/
+app: openstack-adapter
+service:
+    type: ClusterIP
+    internalPort: *containerPort
+    externalPort: *containerPort
+    portName: so-optack-port
+updateStrategy:
+    type: RollingUpdate
+    maxUnavailable: 1
+    maxSurge: 1
+
+#################################################################
+# soHelper part
+#################################################################
+soHelpers:
+  nameOverride: so-openstack-cert-init
+  certInitializer:
+    nameOverride: so-openstack-cert-init
+    credsPath: /opt/app/osaaf/local
+  cadi:
+    apiEnforcement: org.onap.so.openStackAdapterPerm
+  containerPort: *containerPort
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+  small:
+    limits:
+      memory: 4Gi
+      cpu: 2000m
+    requests:
+      memory: 1Gi
+      cpu: 500m
+  large:
+    limits:
+      memory: 8Gi
+      cpu: 4000m
+    requests:
+      memory: 2Gi
+      cpu: 1000m
+  unlimited: {}
+livenessProbe:
+    path: /manage/health
+    port: 8087
+    scheme: HTTP
+    initialDelaySeconds: 600
+    periodSeconds: 60
+    timeoutSeconds: 10
+    successThreshold: 1
+    failureThreshold: 3
+ingress:
+  enabled: false
+config:
+  openStackUserName: "vnf_user"
+  openStackRegion: "RegionOne"
+  openStackKeyStoneUrl: "http://1.2.3.4:5000/v2.0"
+  openStackServiceTenantName: "service"
+  openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
+  openStackTenantId: "d570c718cbc545029f40e50b75eb13df"
+nodeSelector: {}
+tolerations: []
+affinity: {}
diff --git a/kubernetes/so/charts/so-request-db-adapter/Chart.yaml b/kubernetes/so/components/so-request-db-adapter/Chart.yaml
index 499a8950e6..499a8950e6 100755
--- a/kubernetes/so/charts/so-request-db-adapter/Chart.yaml
+++ b/kubernetes/so/components/so-request-db-adapter/Chart.yaml
diff --git a/kubernetes/so/components/so-request-db-adapter/requirements.yaml b/kubernetes/so/components/so-request-db-adapter/requirements.yaml
new file mode 100755
index 0000000000..82296bee1d
--- /dev/null
+++ b/kubernetes/so/components/so-request-db-adapter/requirements.yaml
@@ -0,0 +1,29 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+  - name: common
+    version: ~6.x-0
+    # local reference to common chart, as it is
+    # a part of this chart's package and will not
+    # be published independently to a repo (at this point)
+    repository: '@local'
+  - name: readinessCheck
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
+  - name: soHelpers
+    version: ~6.x-0
+    repository: 'file://../soHelpers'
diff --git a/kubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-request-db-adapter/resources/config/overrides/override.yaml
index 8dde3b7f99..9b70ddcb5d 100755
--- a/kubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-request-db-adapter/resources/config/overrides/override.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -12,6 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # will be used as entry in DB to say SITE OFF/ON for healthcheck
+*/}}
 server:
     port: {{ index .Values.containerPort }}
     tomcat:
@@ -21,10 +23,10 @@ mso:
   logPath: logs
   site-name: localSite
   config:
-    cadi: {{- include "cadi.keys" . | nindent 8}}
+    cadi: {{- include "so.cadi.keys" . | nindent 8}}
   adapters:
     requestDb:
-      auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+      auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
       endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
 spring:
   datasource:
diff --git a/kubernetes/so/charts/so-vfc-adapter/templates/configmap.yaml b/kubernetes/so/components/so-request-db-adapter/templates/configmap.yaml
index b57205223e..6331656fce 100755
--- a/kubernetes/so/charts/so-vfc-adapter/templates/configmap.yaml
+++ b/kubernetes/so/components/so-request-db-adapter/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,11 +12,12 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 data:
   LOG_PATH: {{ index .Values.logPath }}
   APP: {{ index .Values.app }}
-  ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+  ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
 kind: ConfigMap
 metadata:
   name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml
index 8d2e9738c1..75e6b1ee62 100755
--- a/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -37,37 +39,31 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
-      initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
-      - command:
-        - /root/job_complete.py
-        args:
-        - --job-name
-        - {{ include "common.release" . }}-so-mariadb-config-job
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-readiness
+      initContainers:
+      {{ include "so.certificate.container_importer" . | indent 6 | trim }}
+      {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
       containers:
       - name: {{ include "common.name" . }}
-        image: {{ include "common.repository" . }}/{{ .Values.image }}
-        resources:
-{{ include "common.resources" . | indent 12 }}
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+        resources: {{ include "common.resources" . | nindent 12 }}
+        {{- if .Values.global.aafEnabled }}
+        command:
+        - sh
+        args:
+        - -c
+        - |
+          export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+          export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+          {{- if .Values.global.security.aaf.enabled }}
+          export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
+          {{- end }}
+          /app/start-app.sh
+        {{- end }}
         env:
         - name: DB_HOST
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.readwrite.host
+          value: {{ include "common.mariadbService" . }}
         - name: DB_PORT
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.readwrite.port
+          value: {{ include "common.mariadbPort" . | quote }}
         - name: DB_USERNAME
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
         - name: DB_PASSWORD
@@ -76,33 +72,18 @@ spec:
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
         - name: DB_ADMIN_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
-         {{- if eq .Values.global.security.aaf.enabled true }}
-        - name: TRUSTSTORE
-          value: /app/org.onap.so.trust.jks
-        - name: TRUSTSTORE_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name}}-so-client-certs-secret
-              key: trustStorePassword
-        - name: KEYSTORE
-          value: /app/org.onap.so.jks
-        - name: KEYSTORE_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name}}-so-client-certs-secret
-              key: keyStorePassword
-        {{- end }}
+        {{ include "so.certificates.env" . | indent 8 | trim }}
         envFrom:
         - configMapRef:
             name: {{ include "common.fullname" . }}-configmap
         imagePullPolicy:  {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
+        volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
         - name: logs
           mountPath: /app/logs
         - name: config
           mountPath: /app/config
           readOnly: true
-{{ include "helpers.livenessProbe" .| indent 8 }}
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
         ports:
         - containerPort: {{ index .Values.containerPort }}
           name: {{ .Values.service.portName }}
diff --git a/kubernetes/so/components/so-request-db-adapter/templates/secret.yaml b/kubernetes/so/components/so-request-db-adapter/templates/secret.yaml
new file mode 100644
index 0000000000..34932b713d
--- /dev/null
+++ b/kubernetes/so/components/so-request-db-adapter/templates/secret.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-request-db-adapter/templates/service.yaml b/kubernetes/so/components/so-request-db-adapter/templates/service.yaml
index 6711c3b2e7..6eb6f27e26 100755
--- a/kubernetes/so/charts/so-request-db-adapter/templates/service.yaml
+++ b/kubernetes/so/components/so-request-db-adapter/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 kind: Service
 metadata:
diff --git a/kubernetes/so/charts/so-request-db-adapter/values.yaml b/kubernetes/so/components/so-request-db-adapter/values.yaml
index 107b7cde0c..208cf64b6f 100755
--- a/kubernetes/so/charts/so-request-db-adapter/values.yaml
+++ b/kubernetes/so/components/so-request-db-adapter/values.yaml
@@ -1,5 +1,5 @@
 # Copyright © 2018 AT&T USA
-#
+# Copyright © 2020 Huawei
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -17,11 +17,21 @@
 global:
   nodePortPrefix: 302
   nodePortPrefixExt: 304
-  repository: nexus3.onap.org:10001
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
   persistence:
     mountPath: /dockerdata-nfs
+  security:
+    aaf:
+      enabled: false
+  aaf:
+    auth:
+      header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+  mariadbGalera:
+    serviceName: mariadb-galera
+    servicePort: '3306'
+
+readinessCheck:
+  wait_for:
+    - so-mariadb-config
 
 #################################################################
 # Secrets metaconfig
@@ -39,10 +49,6 @@ secrets:
     login: '{{ .Values.db.adminName }}'
     password: '{{ .Values.db.adminPassword }}'
     passwordPolicy: required
-  - uid: "so-onap-certs"
-    externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
-    type: generic
-    filePaths: '{{ .Values.secretsFilePaths }}'
 
 #secretsFilePaths: |
 #  - 'my file 1'
@@ -51,8 +57,7 @@ secrets:
 #################################################################
 # Application configuration defaults.
 #################################################################
-repository: nexus3.onap.org:10001
-image: onap/so/request-db-adapter:1.6.4
+image: onap/so/request-db-adapter:1.7.10
 pullPolicy: Always
 
 db:
@@ -63,20 +68,38 @@ db:
   adminPassword: so_Admin123
   # adminCredsExternalSecret: some secret
 
+mso:
+  adapters:
+    requestDb:
+      auth: Basic YnBlbDpwYXNzd29yZDEk
+
 replicaCount: 1
 minReadySeconds: 10
-containerPort: 8083
+containerPort: &containerPort 8083
 logPath: ./logs/reqdb/
 app: request-db-adapter
 service:
     type: ClusterIP
-    internalPort: 8083
-    externalPort: 8083
+    internalPort: *containerPort
+    externalPort: *containerPort
     portName: so-reqdb-port
 updateStrategy:
     type: RollingUpdate
     maxUnavailable: 1
     maxSurge: 1
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+  nameOverride: so-requestdb-cert-init
+  certInitializer:
+    nameOverride: so-requestdb-cert-init
+    credsPath: /opt/app/osaaf/local
+  cadi:
+    apiEnforcement: org.onap.so.requestDbAdapterPerm
+  containerPort: *containerPort
+
 # Resource Limit flavor -By Default using small
 flavor: small
 # Segregation for Different environment (Small and Large)
diff --git a/kubernetes/so/charts/so-sdc-controller/Chart.yaml b/kubernetes/so/components/so-sdc-controller/Chart.yaml
index 6151e1beae..6151e1beae 100755
--- a/kubernetes/so/charts/so-sdc-controller/Chart.yaml
+++ b/kubernetes/so/components/so-sdc-controller/Chart.yaml
diff --git a/kubernetes/so/components/so-sdc-controller/requirements.yaml b/kubernetes/so/components/so-sdc-controller/requirements.yaml
new file mode 100755
index 0000000000..82296bee1d
--- /dev/null
+++ b/kubernetes/so/components/so-sdc-controller/requirements.yaml
@@ -0,0 +1,29 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+  - name: common
+    version: ~6.x-0
+    # local reference to common chart, as it is
+    # a part of this chart's package and will not
+    # be published independently to a repo (at this point)
+    repository: '@local'
+  - name: readinessCheck
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
+  - name: soHelpers
+    version: ~6.x-0
+    repository: 'file://../soHelpers'
diff --git a/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml b/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml
index 8d02cc1f5c..b20e33a140 100755
--- a/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 aai:
   auth: {{.Values.aai.auth}}
 server:
@@ -47,19 +49,19 @@ mso:
   msoKey: {{ index .Values.mso.msoKey }}
   logPath: ./logs/sdc
   config:
-     cadi: {{ include "cadi.keys" . | nindent 8}}
+     cadi: {{ include "so.cadi.keys" . | nindent 8}}
   catalog:
     db:
       spring:
         endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
   db:
-    auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}}
+    auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}}
   site-name: onapheat
   camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/
   adapters:
     requestDb:
       endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
-      auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}}
+      auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}}
   aai:
     endpoint: https://aai.{{ include "common.namespace" . }}:8443
   asdc-connections:
diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml b/kubernetes/so/components/so-sdc-controller/templates/configmap.yaml
index 104daae051..050aab9732 100755
--- a/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml
+++ b/kubernetes/so/components/so-sdc-controller/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,11 +12,12 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 data:
   LOG_PATH: {{ index .Values.logPath }}
   APP: {{ index .Values.app }}
-  ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+  ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
 kind: ConfigMap
 metadata:
   name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml
index bac21cf10b..3fee225c03 100755
--- a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml
+++ b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -37,37 +39,31 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
-      initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
-      - command:
-        - /root/job_complete.py
-        args:
-        - --job-name
-        - {{ include "common.release" . }}-so-mariadb-config-job
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-readiness
+      initContainers:
+      {{ include "so.certificate.container_importer" . | indent 6 | trim }}
+      {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
       containers:
       - name: {{ include "common.name" . }}
-        image: {{ include "common.repository" . }}/{{ .Values.image }}
-        resources:
-{{ include "common.resources" . | indent 12 }}
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+        resources: {{ include "common.resources" . | nindent 12 }}
+        {{- if .Values.global.aafEnabled }}
+        command:
+        - sh
+        args:
+        - -c
+        - |
+          export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+          export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+          {{- if .Values.global.security.aaf.enabled }}
+          export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
+          {{- end }}
+          /app/start-app.sh
+        {{- end }}
         env:
         - name: DB_HOST
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.readwrite.host
+          value: {{ include "common.mariadbService" . }}
         - name: DB_PORT
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.readwrite.port
+          value: {{ include "common.mariadbPort" . | quote }}
         - name: DB_USERNAME
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
         - name: DB_PASSWORD
@@ -76,27 +72,12 @@ spec:
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
         - name: DB_ADMIN_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
-         {{- if eq .Values.global.security.aaf.enabled true }}
-        - name: TRUSTSTORE
-          value: /app/org.onap.so.trust.jks
-        - name: TRUSTSTORE_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name}}-so-client-certs-secret
-              key: trustStorePassword
-        - name: KEYSTORE
-          value: /app/org.onap.so.jks
-        - name: KEYSTORE_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name}}-so-client-certs-secret
-              key: keyStorePassword
-        {{- end }}
+        {{ include "so.certificates.env" . | indent 8 | trim }}
         envFrom:
         - configMapRef:
             name: {{ include "common.fullname" . }}-configmap
         imagePullPolicy:  {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
+        volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
         - name: logs
           mountPath: /app/logs
         - name: config
@@ -104,14 +85,14 @@ spec:
           readOnly: true
         - name: {{ include "common.fullname" . }}-logs
           mountPath: /var/log/onap
-{{ include "helpers.livenessProbe" .| indent 8 }}
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
         ports:
         - containerPort: {{ index .Values.containerPort }}
           name: {{ .Values.service.portName }}
           protocol: TCP
       # Filebeat sidecar container
       - name: {{ include "common.name" . }}-filebeat-onap
-        image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+        image: {{ include "repositoryGenerator.image.logging" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - name: {{ include "common.fullname" . }}-filebeat-conf
diff --git a/kubernetes/so/components/so-sdc-controller/templates/secret.yaml b/kubernetes/so/components/so-sdc-controller/templates/secret.yaml
new file mode 100644
index 0000000000..34932b713d
--- /dev/null
+++ b/kubernetes/so/components/so-sdc-controller/templates/secret.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/components/so-sdc-controller/templates/service.yaml b/kubernetes/so/components/so-sdc-controller/templates/service.yaml
new file mode 100755
index 0000000000..6eb6f27e26
--- /dev/null
+++ b/kubernetes/so/components/so-sdc-controller/templates/service.yaml
@@ -0,0 +1,40 @@
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.servicename" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    {{if eq .Values.service.type "NodePort" -}}
+    - port: {{ .Values.service.internalPort }}
+      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+      name: {{ .Values.service.portName }}
+    {{- else -}}
+    - port: {{ .Values.service.externalPort }}
+      targetPort: {{ .Values.service.internalPort }}
+      name: {{ .Values.service.portName }}
+    {{- end}}
+  selector:
+    app: {{ include "common.name" . }}
+    release: {{ include "common.release" . }}
diff --git a/kubernetes/so/charts/so-sdc-controller/values.yaml b/kubernetes/so/components/so-sdc-controller/values.yaml
index a477678c1b..6dd662e9b2 100755
--- a/kubernetes/so/charts/so-sdc-controller/values.yaml
+++ b/kubernetes/so/components/so-sdc-controller/values.yaml
@@ -1,5 +1,5 @@
 # Copyright © 2018 AT&T USA
-#
+# Copyright © 2020 Huawei
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -17,11 +17,21 @@
 global:
   nodePortPrefix: 302
   nodePortPrefixExt: 304
-  repository: nexus3.onap.org:10001
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
   persistence:
     mountPath: /dockerdata-nfs
+  security:
+    aaf:
+      enabled: false
+  aaf:
+    auth:
+      header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+  mariadbGalera:
+    serviceName: mariadb-galera
+    servicePort: '3306'
+
+readinessCheck:
+  wait_for:
+    - so-mariadb-config
 
 #################################################################
 # Secrets metaconfig
@@ -39,10 +49,6 @@ secrets:
     login: '{{ .Values.db.adminName }}'
     password: '{{ .Values.db.adminPassword }}'
     passwordPolicy: required
-  - uid: "so-onap-certs"
-    externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
-    type: generic
-    filePaths: '{{ .Values.secretsFilePaths }}'
 
 #secretsFilePaths: |
 #  - 'my file 1'
@@ -51,8 +57,7 @@ secrets:
 #################################################################
 # Application configuration defaults.
 #################################################################
-repository: nexus3.onap.org:10001
-image: onap/so/sdc-controller:1.6.4
+image: onap/so/sdc-controller:1.7.10
 pullPolicy: Always
 
 db:
@@ -63,20 +68,46 @@ db:
   adminPassword: so_Admin123
   # adminCredsExternalSecret: some secret
 
+aai:
+  auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+mso:
+  msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+  requestDb:
+    auth: Basic YnBlbDpwYXNzd29yZDEk
+  asdc:
+    config:
+      key: 566B754875657232314F5548556D3665
+  asdc-connections:
+    asdc-controller1:
+      password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+
 replicaCount: 1
 minReadySeconds: 10
-containerPort: 8085
+containerPort: &containerPort 8085
 logPath: ./logs/sdc/
 app: sdc-controller
 service:
     type: ClusterIP
-    internalPort: 8085
-    externalPort: 8085
+    internalPort: *containerPort
+    externalPort: *containerPort
     portName: so-sdc-port
 updateStrategy:
     type: RollingUpdate
     maxUnavailable: 1
     maxSurge: 1
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+  nameOverride: so-sdc-cert-init
+  certInitializer:
+    nameOverride: so-sdc-cert-init
+    credsPath: /opt/app/osaaf/local
+  cadi:
+    apiEnforcement: org.onap.so.sdcControllerPerm
+  containerPort: *containerPort
+
 # Resource Limit flavor -By Default using small
 flavor: small
 # Segregation for Different environment (Small and Large)
diff --git a/kubernetes/so/charts/so-sdnc-adapter/Chart.yaml b/kubernetes/so/components/so-sdnc-adapter/Chart.yaml
index 1ab7a2b0b4..1ab7a2b0b4 100755
--- a/kubernetes/so/charts/so-sdnc-adapter/Chart.yaml
+++ b/kubernetes/so/components/so-sdnc-adapter/Chart.yaml
diff --git a/kubernetes/so/components/so-sdnc-adapter/requirements.yaml b/kubernetes/so/components/so-sdnc-adapter/requirements.yaml
new file mode 100755
index 0000000000..d25c12c663
--- /dev/null
+++ b/kubernetes/so/components/so-sdnc-adapter/requirements.yaml
@@ -0,0 +1,26 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+  - name: common
+    version: ~6.x-0
+    # local reference to common chart, as it is
+    # a part of this chart's package and will not
+    # be published independently to a repo (at this point)
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
+  - name: soHelpers
+    version: ~6.x-0
+    repository: 'file://../soHelpers'
diff --git a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-sdnc-adapter/resources/config/overrides/override.yaml
index d363122a33..3c6e0ab305 100755
--- a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-sdnc-adapter/resources/config/overrides/override.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 server:
     port: {{ index .Values.containerPort }}
 mso:
@@ -20,13 +22,13 @@ mso:
         queue-capacity: 500
     logPath: ./logs/sdnc
     config:
-        cadi: {{ include "cadi.keys" . | nindent 14}}
+        cadi: {{ include "so.cadi.keys" . | nindent 14}}
     catalog:
         db:
           spring:
             endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
     db:
-      auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+      auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
     site-name: onapheat
 org:
     onap:
@@ -102,7 +104,7 @@ org:
                             changedelete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
                             delete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
                             rollback: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
-                    bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.bpelauth )}}
+                    bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.bpelauth )}}
                     bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/SDNCAdapterCallbackService
                     opticalservice:
                         optical-service-create:
@@ -146,7 +148,7 @@ org:
                     myurl: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/rest/SDNCNotify
                     rest:
                         bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
-                    sdncauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.sdncauth )}}
+                    sdncauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.sdncauth )}}
                     sdncconnecttime: 5000
                     sdncurl10: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/GENERIC-RESOURCE-API:'
                     sdncurl11: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/VNFTOPOLOGYAIC-API:'
diff --git a/kubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/configmap.yaml
index 21544798cf..050aab9732 100755
--- a/kubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml
+++ b/kubernetes/so/components/so-sdnc-adapter/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,11 +12,12 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 data:
   LOG_PATH: {{ index .Values.logPath }}
   APP: {{ index .Values.app }}
-  ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+  ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
 kind: ConfigMap
 metadata:
   name: {{ include "common.fullname" . }}-configmap
@@ -45,4 +47,4 @@ metadata:
   name: {{ include "common.fullname" . }}-log
   namespace: {{ include "common.namespace" . }}
 data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
\ No newline at end of file
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml
index d4bd389296..6f9d7f7b16 100755
--- a/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -40,20 +42,26 @@ spec:
       initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
       containers:
       - name: {{ include "common.name" . }}
-        image: {{ include "common.repository" . }}/{{ .Values.image }}
-        resources:
-{{ include "common.resources" . | indent 12 }}
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+        resources: {{ include "common.resources" . | nindent 12 }}
+        {{- if .Values.global.aafEnabled }}
+        command:
+        - sh
+        args:
+        - -c
+        - |
+          export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+          export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+          {{- if .Values.global.security.aaf.enabled }}
+          export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
+          {{- end }}
+          /app/start-app.sh
+        {{- end }}
         env:
         - name: DB_HOST
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.readwrite.host
+          value: {{ include "common.mariadbService" . }}
         - name: DB_PORT
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.readwrite.port
+          value: {{ include "common.mariadbPort" . | quote }}
         - name: DB_USERNAME
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
         - name: DB_PASSWORD
@@ -62,27 +70,12 @@ spec:
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
         - name: DB_ADMIN_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
-         {{- if eq .Values.global.security.aaf.enabled true }}
-        - name: TRUSTSTORE
-          value: /app/org.onap.so.trust.jks
-        - name: TRUSTSTORE_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name}}-so-client-certs-secret
-              key: trustStorePassword
-        - name: KEYSTORE
-          value: /app/org.onap.so.jks
-        - name: KEYSTORE_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name}}-so-client-certs-secret
-              key: keyStorePassword
-        {{- end }}
+        {{ include "so.certificates.env" . | indent 8 | trim }}
         envFrom:
         - configMapRef:
             name: {{ include "common.fullname" . }}-configmap
         imagePullPolicy:  {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
+        volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
         - name: logs
           mountPath: /app/logs
         - name: config
@@ -90,14 +83,14 @@ spec:
           readOnly: true
         - name: {{ include "common.fullname" . }}-logs
           mountPath: /var/log/onap
-{{ include "helpers.livenessProbe" .| indent 8 }}
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
         ports:
         - containerPort: {{ index .Values.containerPort }}
           name: {{ .Values.service.portName }}
           protocol: TCP
       # Filebeat sidecar container
       - name: {{ include "common.name" . }}-filebeat-onap
-        image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+        image: {{ include "repositoryGenerator.image.logging" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - name: {{ include "common.fullname" . }}-filebeat-conf
diff --git a/kubernetes/so/components/so-sdnc-adapter/templates/secret.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/secret.yaml
new file mode 100644
index 0000000000..34932b713d
--- /dev/null
+++ b/kubernetes/so/components/so-sdnc-adapter/templates/secret.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/components/so-sdnc-adapter/templates/service.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/service.yaml
new file mode 100755
index 0000000000..6eb6f27e26
--- /dev/null
+++ b/kubernetes/so/components/so-sdnc-adapter/templates/service.yaml
@@ -0,0 +1,40 @@
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.servicename" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    {{if eq .Values.service.type "NodePort" -}}
+    - port: {{ .Values.service.internalPort }}
+      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+      name: {{ .Values.service.portName }}
+    {{- else -}}
+    - port: {{ .Values.service.externalPort }}
+      targetPort: {{ .Values.service.internalPort }}
+      name: {{ .Values.service.portName }}
+    {{- end}}
+  selector:
+    app: {{ include "common.name" . }}
+    release: {{ include "common.release" . }}
diff --git a/kubernetes/so/charts/so-sdnc-adapter/values.yaml b/kubernetes/so/components/so-sdnc-adapter/values.yaml
index c4c0b3c300..be58ae6154 100755
--- a/kubernetes/so/charts/so-sdnc-adapter/values.yaml
+++ b/kubernetes/so/components/so-sdnc-adapter/values.yaml
@@ -1,5 +1,5 @@
 # Copyright © 2018 AT&T USA
-#
+# Copyright © 2020 Huawei
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -17,14 +17,20 @@
 global:
   nodePortPrefix: 302
   nodePortPrefixExt: 304
-  repository: nexus3.onap.org:10001
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
   persistence:
     mountPath: /dockerdata-nfs
   #This configuration specifies Service and port for SDNC OAM interface
   sdncOamService: sdnc-oam
   sdncOamPort: 8282
+  security:
+    aaf:
+      enabled: false
+  aaf:
+    auth:
+      header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+  mariadbGalera:
+    serviceName: mariadb-galera
+    servicePort: '3306'
 
 #################################################################
 # Secrets metaconfig
@@ -42,10 +48,6 @@ secrets:
     login: '{{ .Values.db.adminName }}'
     password: '{{ .Values.db.adminPassword }}'
     passwordPolicy: required
-  - uid: "so-onap-certs"
-    externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
-    type: generic
-    filePaths: '{{ .Values.secretsFilePaths }}'
 
 #secretsFilePaths: |
 #  - 'my file 1'
@@ -54,10 +56,23 @@ secrets:
 #################################################################
 # Application configuration defaults.
 #################################################################
-repository: nexus3.onap.org:10001
-image: onap/so/sdnc-adapter:1.6.4
+image: onap/so/sdnc-adapter:1.7.10
 pullPolicy: Always
 
+org:
+  onap:
+    so:
+      adapters:
+        sdnc:
+          bpelauth: 4C18603C5AE7E3A42A6CED95CDF9C0BA9B2109B3725747662E5D34E5FDF63DA9ADEBB08185098F14699195FDE9475100
+          sdncauth: ED07A7EE5F099FA53369C3DF2240AD68A00154676EEDBC6F8C16BAA83B1912941B8941ABD48683D2C1072DA7040659692DE936A59BBF42A038CF71DE67B4A375190071EC76EA657801B033C135
+          network:
+            encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7
+mso:
+  adapters:
+    requestDb:
+      auth: Basic YnBlbDpwYXNzd29yZDEk
+
 db:
   userName: so_user
   userPassword: so_User123
@@ -68,18 +83,32 @@ db:
 
 replicaCount: 1
 minReadySeconds: 10
-containerPort: 8086
+containerPort: &containerPort 8086
 logPath: ./logs/sdnc/
 app: sdnc-adapter
 service:
     type: ClusterIP
-    internalPort: 8086
-    externalPort: 8086
+    internalPort: *containerPort
+    externalPort: *containerPort
     portName: so-sdnc-port
 updateStrategy:
     type: RollingUpdate
     maxUnavailable: 1
     maxSurge: 1
+
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+  nameOverride: so-sdnc-cert-init
+  certInitializer:
+    nameOverride: so-sdnc-cert-init
+    credsPath: /opt/app/osaaf/local
+  cadi:
+    apiEnforcement: org.onap.so.sdncAdapterPerm
+  containerPort: *containerPort
+
 # Resource Limit flavor -By Default using small
 flavor: small
 # Segregation for Different environment (Small and Large)
diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/Chart.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/Chart.yaml
index b78051ff14..b78051ff14 100755
--- a/kubernetes/so/charts/so-ve-vnfm-adapter/Chart.yaml
+++ b/kubernetes/so/components/so-ve-vnfm-adapter/Chart.yaml
diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/requirements.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/requirements.yaml
new file mode 100755
index 0000000000..82296bee1d
--- /dev/null
+++ b/kubernetes/so/components/so-ve-vnfm-adapter/requirements.yaml
@@ -0,0 +1,29 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+  - name: common
+    version: ~6.x-0
+    # local reference to common chart, as it is
+    # a part of this chart's package and will not
+    # be published independently to a repo (at this point)
+    repository: '@local'
+  - name: readinessCheck
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
+  - name: soHelpers
+    version: ~6.x-0
+    repository: 'file://../soHelpers'
diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/resources/config/overrides/override.yaml
index 88d805d81e..f46219c6c9 100755
--- a/kubernetes/so/charts/so-ve-vnfm-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-ve-vnfm-adapter/resources/config/overrides/override.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Samsung# Copyright © 2020 Samsung
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,9 +12,10 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 server:
-  port: {{ (index .Values.service.ports 0).port }}
+  port: {{ include "common.getPort" (dict "global" . "name" "http") }}
 
 vevnfmadapter:
   endpoint: https://msb-iag:30283/api/{{ include "common.servicename" . }}/v1
diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/configmap.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/templates/configmap.yaml
index e940811883..d53c816374 100755
--- a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/configmap.yaml
+++ b/kubernetes/so/components/so-ve-vnfm-adapter/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Samsung
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml
index 380b52fda0..ac4f574bec 100755
--- a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Samsung
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,43 +12,29 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
 metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
 spec:
   selector: {{- include "common.selectors" . | nindent 4 }}
-  replicas: {{ index .Values.replicaCount }}
+  replicas: {{ .Values.replicaCount }}
   template:
     metadata:
       labels: {{- include "common.labels" . | nindent 8 }}
     spec:
-      initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
-        - name: {{ include "common.name" . }}-readiness
-          command:
-            - /root/ready.py
-          args:
-            - --container-name
-            - aai
-            - --container-name
-            - message-router
-          env:
-            - name: NAMESPACE
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: metadata.namespace
-          image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+      initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
+      {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
       containers:
         - name: {{ include "common.name" . }}
           envFrom:
             - configMapRef:
                 name: {{ include "common.fullname" . }}-configmap
-          image: {{ include "common.repository" . }}/{{ .Values.image }}
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           resources: {{ include "common.resources" . | nindent 12 }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 12 }}
+          volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }}
             - name: logs
               mountPath: /app/logs
             - name: config
@@ -55,11 +42,11 @@ spec:
               readOnly: true
           livenessProbe:
             tcpSocket:
-              port: {{ index .Values.livenessProbe.port }}
-            initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
-            periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
-            successThreshold: {{ index .Values.livenessProbe.successThreshold}}
-            failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+              port: {{ .Values.livenessProbe.port }}
+            initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds}}
+            periodSeconds: {{ .Values.livenessProbe.periodSeconds}}
+            successThreshold: {{ .Values.livenessProbe.successThreshold}}
+            failureThreshold: {{ .Values.livenessProbe.failureThreshold}}
           ports: {{- include "common.containerPorts" . | nindent 10 }}
       volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
         - name: logs
diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/templates/secret.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/templates/secret.yaml
new file mode 100644
index 0000000000..34932b713d
--- /dev/null
+++ b/kubernetes/so/components/so-ve-vnfm-adapter/templates/secret.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/service.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/templates/service.yaml
index f3ef1138b8..725967e1c8 100755
--- a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/service.yaml
+++ b/kubernetes/so/components/so-ve-vnfm-adapter/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Samsung
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.service" . }}
diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml
index 65e11b41c8..83ec78d857 100755
--- a/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml
+++ b/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml
@@ -15,24 +15,13 @@
 # Global configuration defaults.
 #################################################################
 global:
-  repository: nexus3.onap.org:10001
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
   persistence:
     mountPath: /dockerdata-nfs
 
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
-  - uid: "so-onap-certs"
-    externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
-    type: generic
-    filePaths: '{{ .Values.secretsFilePaths }}'
-
-#secretsFilePaths: |
-#  - 'my file 1'
-#  - '{{ include "templateThatGeneratesFileName" . }}'
+readinessCheck:
+  wait_for:
+    - aai
+    - message-router
 
 #################################################################
 # Application configuration defaults.
@@ -51,13 +40,23 @@ service:
           "version": "v1",
           "url": "/",
           "protocol": "REST",
-          "port": "{{ (index .Values.service.ports 0).port }}",
+          "port": "{{ include "common.getPort" (dict "global" . "name" "http") }}",
           "visualRange": "1"
         }
       ]{{ end }}
   ports:
     - name: http
       port: 9098
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+  nameOverride: so-vevnfm-cert-init
+  certInitializer:
+    nameOverride: so-vevnfm-cert-init
+    credsPath: /opt/app/osaaf/local
+
 flavor: small
 resources:
   small:
diff --git a/kubernetes/so/charts/so-vfc-adapter/Chart.yaml b/kubernetes/so/components/so-vfc-adapter/Chart.yaml
index 2ce175d9c1..2ce175d9c1 100755
--- a/kubernetes/so/charts/so-vfc-adapter/Chart.yaml
+++ b/kubernetes/so/components/so-vfc-adapter/Chart.yaml
diff --git a/kubernetes/so/components/so-vfc-adapter/requirements.yaml b/kubernetes/so/components/so-vfc-adapter/requirements.yaml
new file mode 100755
index 0000000000..82296bee1d
--- /dev/null
+++ b/kubernetes/so/components/so-vfc-adapter/requirements.yaml
@@ -0,0 +1,29 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+  - name: common
+    version: ~6.x-0
+    # local reference to common chart, as it is
+    # a part of this chart's package and will not
+    # be published independently to a repo (at this point)
+    repository: '@local'
+  - name: readinessCheck
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
+  - name: soHelpers
+    version: ~6.x-0
+    repository: 'file://../soHelpers'
diff --git a/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-vfc-adapter/resources/config/overrides/override.yaml
index dec34485bc..db5caf45fc 100755
--- a/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-vfc-adapter/resources/config/overrides/override.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 logging:
   path: logs
 spring:
@@ -38,13 +40,13 @@ mso:
   site-name: localSite
   logPath: ./logs/vfc
   config:
-    cadi: {{ include "cadi.keys" . | nindent 8}}
+    cadi: {{ include "so.cadi.keys" . | nindent 8}}
   msb-ip: msb-iag
   msb-port: 80
   adapters:
     requestDb:
       endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083
-      auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+      auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
 #Actuator
 management:
   security:
diff --git a/kubernetes/so/charts/so-request-db-adapter/templates/configmap.yaml b/kubernetes/so/components/so-vfc-adapter/templates/configmap.yaml
index b57205223e..6331656fce 100755
--- a/kubernetes/so/charts/so-request-db-adapter/templates/configmap.yaml
+++ b/kubernetes/so/components/so-vfc-adapter/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,11 +12,12 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 data:
   LOG_PATH: {{ index .Values.logPath }}
   APP: {{ index .Values.app }}
-  ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+  ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
 kind: ConfigMap
 metadata:
   name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml b/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml
index b817dcf1e9..7c10e7f8ed 100755
--- a/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -24,50 +26,44 @@ spec:
   selector:
     matchLabels:
       app: {{ include "common.name" . }}
-  replicas: {{ index .Values.replicaCount }}
-  minReadySeconds: {{ index .Values.minReadySeconds }}
+  replicas: {{ .Values.replicaCount }}
+  minReadySeconds: {{ .Values.minReadySeconds }}
   strategy:
-    type: {{ index .Values.updateStrategy.type }}
+    type: {{ .Values.updateStrategy.type }}
     rollingUpdate:
-      maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
-      maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+      maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+      maxSurge: {{ .Values.updateStrategy.maxSurge }}
   template:
     metadata:
       labels:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
-      initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
-      - command:
-        - /root/job_complete.py
-        args:
-        - --job-name
-        - {{ include "common.release" . }}-so-mariadb-config-job
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-readiness
+      initContainers:
+      {{ include "so.certificate.container_importer" . | indent 6 | trim }}
+      {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
       containers:
       - name: {{ include "common.name" . }}
-        image: {{ include "common.repository" . }}/{{ .Values.image }}
-        resources:
-{{ include "common.resources" . | indent 12 }}
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+        resources: {{ include "common.resources" . | nindent 12 }}
+        {{- if .Values.global.aafEnabled }}
+        command:
+        - sh
+        args:
+        - -c
+        - |
+          export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+          export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+          {{- if .Values.global.security.aaf.enabled }}
+          export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
+          {{- end }}
+          /app/start-app.sh
+        {{- end }}
         env:
         - name: DB_HOST
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.readwrite.host
+          value: {{ include "common.mariadbService" . }}
         - name: DB_PORT
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.readwrite.port
+          value: {{ include "common.mariadbPort" . | quote }}
         - name: DB_USERNAME
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
         - name: DB_PASSWORD
@@ -76,27 +72,12 @@ spec:
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
         - name: DB_ADMIN_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
-         {{- if eq .Values.global.security.aaf.enabled true }}
-        - name: TRUSTSTORE
-          value: /app/org.onap.so.trust.jks
-        - name: TRUSTSTORE_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name}}-so-client-certs-secret
-              key: trustStorePassword
-        - name: KEYSTORE
-          value: /app/org.onap.so.jks
-        - name: KEYSTORE_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name}}-so-client-certs-secret
-              key: keyStorePassword
-        {{- end }}
+        {{ include "so.certificates.env" . | indent 8 | trim }}
         envFrom:
         - configMapRef:
             name: {{ include "common.fullname" . }}-configmap
         imagePullPolicy:  {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
+        volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
         - name: logs
           mountPath: /app/logs
         - name: config
@@ -104,16 +85,16 @@ spec:
           readOnly: true
         livenessProbe:
           httpGet:
-            path: {{- index .Values.livenessProbe.path|indent 2}}
-            port: {{ index .Values.containerPort }}
-            scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
-          initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
-          periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
-          timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
-          successThreshold: {{ index .Values.livenessProbe.successThreshold}}
-          failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+            path: {{- .Values.livenessProbe.path|indent 2}}
+            port: {{ .Values.containerPort }}
+            scheme: {{- .Values.livenessProbe.scheme| indent 2}}
+          initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds}}
+          periodSeconds: {{ .Values.livenessProbe.periodSeconds}}
+          timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds}}
+          successThreshold: {{ .Values.livenessProbe.successThreshold}}
+          failureThreshold: {{ .Values.livenessProbe.failureThreshold}}
         ports:
-        - containerPort: {{ index .Values.containerPort }}
+        - containerPort: {{ .Values.containerPort }}
           name: {{ .Values.service.portName }}
           protocol: TCP
       volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
diff --git a/kubernetes/so/components/so-vfc-adapter/templates/secret.yaml b/kubernetes/so/components/so-vfc-adapter/templates/secret.yaml
new file mode 100644
index 0000000000..34932b713d
--- /dev/null
+++ b/kubernetes/so/components/so-vfc-adapter/templates/secret.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/components/so-vfc-adapter/templates/service.yaml b/kubernetes/so/components/so-vfc-adapter/templates/service.yaml
new file mode 100755
index 0000000000..2ecc66f233
--- /dev/null
+++ b/kubernetes/so/components/so-vfc-adapter/templates/service.yaml
@@ -0,0 +1,40 @@
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.servicename" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    {{if eq .Values.service.type "NodePort" -}}
+    - port: {{ .Values.service.internalPort }}
+      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+      name: {{ .Values.service.portName }}
+    {{- else -}}
+    - port: {{ .Values.service.externalPort }}
+      targetPort: {{ .Values.service.internalPort }}
+      name: {{ .Values.service.portName }}
+    {{- end}}
+  selector:
+    app: {{ include "common.name" . }}
+    release: {{ include "common.release" . }}
\ No newline at end of file
diff --git a/kubernetes/so/charts/so-vfc-adapter/values.yaml b/kubernetes/so/components/so-vfc-adapter/values.yaml
index 85aeef9b5c..698cbf4b63 100755
--- a/kubernetes/so/charts/so-vfc-adapter/values.yaml
+++ b/kubernetes/so/components/so-vfc-adapter/values.yaml
@@ -1,5 +1,5 @@
 # Copyright © 2018 AT&T USA
-#
+# Copyright © 2020 Huawei
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -17,11 +17,21 @@
 global:
   nodePortPrefix: 302
   nodePortPrefixExt: 304
-  repository: nexus3.onap.org:10001
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
   persistence:
     mountPath: /dockerdata-nfs
+  security:
+    aaf:
+      enabled: false
+  aaf:
+    auth:
+      header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+  mariadbGalera:
+    serviceName: mariadb-galera
+    servicePort: '3306'
+
+readinessCheck:
+  wait_for:
+    - so-mariadb-config
 
 #################################################################
 # Secrets metaconfig
@@ -39,10 +49,6 @@ secrets:
     login: '{{ .Values.db.adminName }}'
     password: '{{ .Values.db.adminPassword }}'
     passwordPolicy: required
-  - uid: "so-onap-certs"
-    externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
-    type: generic
-    filePaths: '{{ .Values.secretsFilePaths }}'
 
 #secretsFilePaths: |
 #  - 'my file 1'
@@ -51,8 +57,7 @@ secrets:
 #################################################################
 # Application configuration defaults.
 #################################################################
-repository: nexus3.onap.org:10001
-image: onap/so/vfc-adapter:1.6.4
+image: onap/so/vfc-adapter:1.7.10
 pullPolicy: Always
 
 db:
@@ -63,20 +68,39 @@ db:
   adminPassword: so_Admin123
   # adminCredsExternalSecret: some secret
 
+mso:
+  adapters:
+    requestDb:
+      auth: Basic YnBlbDpwYXNzd29yZDEk
+
 replicaCount: 1
 minReadySeconds: 10
-containerPort: 8084
+containerPort: &containerPort 8084
 logPath: ./logs/vfc/
 app: vfc-adapter
 service:
     type: ClusterIP
-    internalPort: 8084
-    externalPort: 8084
+    internalPort: *containerPort
+    externalPort: *containerPort
     portName: so-vfc-port
 updateStrategy:
     type: RollingUpdate
     maxUnavailable: 1
     maxSurge: 1
+
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+  nameOverride: so-vfc-cert-init
+  certInitializer:
+    nameOverride: so-vfc-cert-init
+    credsPath: /opt/app/osaaf/local
+  cadi:
+    apiEnforcement: org.onap.so.vfcAdapterPerm
+  containerPort: *containerPort
+
 # Resource Limit flavor -By Default using small
 flavor: small
 # Segregation for Different environment (Small and Large)
diff --git a/kubernetes/so/charts/so-vnfm-adapter/Chart.yaml b/kubernetes/so/components/so-vnfm-adapter/Chart.yaml
index 3ef796acd7..3ef796acd7 100755
--- a/kubernetes/so/charts/so-vnfm-adapter/Chart.yaml
+++ b/kubernetes/so/components/so-vnfm-adapter/Chart.yaml
diff --git a/kubernetes/so/components/so-vnfm-adapter/requirements.yaml b/kubernetes/so/components/so-vnfm-adapter/requirements.yaml
new file mode 100755
index 0000000000..d25c12c663
--- /dev/null
+++ b/kubernetes/so/components/so-vnfm-adapter/requirements.yaml
@@ -0,0 +1,26 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+  - name: common
+    version: ~6.x-0
+    # local reference to common chart, as it is
+    # a part of this chart's package and will not
+    # be published independently to a repo (at this point)
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
+  - name: soHelpers
+    version: ~6.x-0
+    repository: 'file://../soHelpers'
diff --git a/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-vnfm-adapter/resources/config/overrides/override.yaml
index 4128bc36ee..d780a76876 100755
--- a/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-vnfm-adapter/resources/config/overrides/override.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2019 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,8 +12,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 aai:
-  auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
+  auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
   version: v15
   endpoint: https://aai.{{ include "common.namespace" . }}:8443
 spring:
@@ -27,30 +29,22 @@ spring:
 server:
   port: {{ index .Values.containerPort }}
   ssl:
-    key-alias: so@so.onap.org
-    key--store-password: 'ywsqCy:EEo#j}HJHM7z^Rk[L'
-    key-store: classpath:so-vnfm-adapter.p12
-    key-store-type: PKCS12
-http:
-  client:
-    ssl:
-      trust-store: classpath:org.onap.so.trust.jks
-      trust-store-password: ',sx#.C*W)]wVgJC6ccFHI#:H'
+    enabled: false
 mso:
   key: {{ .Values.mso.key }}
   site-name: localSite
   logPath: ./logs/vnfm-adapter
   config:
-    cadi: {{ include "cadi.keys" . | nindent 8}}
+    cadi: {{ include "so.cadi.keys" . | nindent 8}}
   msb-ip: msb-iag
   msb-port: 80
 sdc:
-  username: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.username "value2" .Values.sdc.username )}}
-  password: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.password "value2" .Values.sdc.password )}}
+  username: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.username "value2" .Values.sdc.username )}}
+  password: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.password "value2" .Values.sdc.password )}}
   key: {{ .Values.sdc.key }}
   endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443
 vnfmadapter:
-  endpoint: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092
+  endpoint: http://so-vnfm-adapter.{{ include "common.namespace" . }}:9092
 etsi-catalog-manager:
   vnfpkgm:
   {{- if .Values.global.msbEnabled }}
@@ -58,7 +52,7 @@ etsi-catalog-manager:
   http:
     client:
       ssl:
-        trust-store: ${TRUSTSTORE}
+        trust-store: file:${TRUSTSTORE}
         trust-store-password: ${TRUSTSTORE_PASSWORD}
   {{- else }}
     endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api/vnfpkgm/v1
diff --git a/kubernetes/so/charts/so-catalog-db-adapter/templates/configmap.yaml b/kubernetes/so/components/so-vnfm-adapter/templates/configmap.yaml
index b57205223e..6331656fce 100755
--- a/kubernetes/so/charts/so-catalog-db-adapter/templates/configmap.yaml
+++ b/kubernetes/so/components/so-vnfm-adapter/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,11 +12,12 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 data:
   LOG_PATH: {{ index .Values.logPath }}
   APP: {{ index .Values.app }}
-  ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+  ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
 kind: ConfigMap
 metadata:
   name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml
index 2dbfa4ea4a..8abd9a9796 100755
--- a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2019 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -24,13 +26,13 @@ spec:
   selector:
     matchLabels:
       app: {{ include "common.name" . }}
-  replicas: {{ index .Values.replicaCount }}
-  minReadySeconds: {{ index .Values.minReadySeconds }}
+  replicas: {{ .Values.replicaCount }}
+  minReadySeconds: {{ .Values.minReadySeconds }}
   strategy:
-    type: {{ index .Values.updateStrategy.type }}
+    type: {{ .Values.updateStrategy.type }}
     rollingUpdate:
-      maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
-      maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+      maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+      maxSurge: {{ .Values.updateStrategy.maxSurge }}
   template:
     metadata:
       labels:
@@ -40,48 +42,41 @@ spec:
       initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
       containers:
       - name: {{ include "common.name" . }}
-        image: {{ include "common.repository" . }}/{{ .Values.image }}
-        resources:
-{{ include "common.resources" . | indent 12 }}
-        env:
-        - name: TRUSTSTORE
-          value: {{ .Values.global.client.certs.truststore }}
-        - name: TRUSTSTORE_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name}}-so-client-certs-secret
-              key: trustStorePassword
-        {{ if eq .Values.global.security.aaf.enabled true }}
-        - name: KEYSTORE
-          value: {{ .Values.global.client.certs.keystore }}
-        - name: KEYSTORE_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name}}-so-client-certs-secret
-              key: keyStorePassword
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+        resources: {{ include "common.resources" . | nindent 12 }}
+        {{- if .Values.global.aafEnabled }}
+        command:
+        - sh
+        args:
+        - -c
+        - |
+          export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+          export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+          export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
+          export KEYSTORE="{{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.p12"
+          /app/start-app.sh
         {{- end }}
+        env:
+        {{ include "so.certificates.env" . | indent 8 | trim }}
         envFrom:
         - configMapRef:
             name: {{ include "common.fullname" . }}-configmap
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
+        volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
         - name: logs
           mountPath: /app/logs
         - name: config
           mountPath: /app/config
           readOnly: true
-        - name: {{ include "common.fullname" . }}-truststore
-          mountPath: /app/client
-          readonly: true
         livenessProbe:
           tcpSocket:
-            port: {{ index .Values.livenessProbe.port }}
-          initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
-          periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
-          successThreshold: {{ index .Values.livenessProbe.successThreshold}}
-          failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+            port: {{ .Values.livenessProbe.port }}
+          initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds}}
+          periodSeconds: {{ .Values.livenessProbe.periodSeconds}}
+          successThreshold: {{ .Values.livenessProbe.successThreshold}}
+          failureThreshold: {{ .Values.livenessProbe.failureThreshold}}
         ports:
-        - containerPort: {{ index .Values.containerPort }}
+        - containerPort: {{ .Values.containerPort }}
           name: {{ .Values.service.portName }}
           protocol: TCP
       volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
@@ -90,8 +85,5 @@ spec:
       - name: config
         configMap:
             name: {{ include "common.fullname" . }}-app-configmap
-      - name:  {{ include "common.fullname" . }}-truststore
-        secret:
-          secretName: {{ include "common.release" . }}-so-truststore-secret
       imagePullSecrets:
         - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/ingress.yaml b/kubernetes/so/components/so-vnfm-adapter/templates/ingress.yaml
index 8f87c68f1e..8f87c68f1e 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/templates/ingress.yaml
+++ b/kubernetes/so/components/so-vnfm-adapter/templates/ingress.yaml
diff --git a/kubernetes/so/components/so-vnfm-adapter/templates/secret.yaml b/kubernetes/so/components/so-vnfm-adapter/templates/secret.yaml
new file mode 100644
index 0000000000..34932b713d
--- /dev/null
+++ b/kubernetes/so/components/so-vnfm-adapter/templates/secret.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/service.yaml b/kubernetes/so/components/so-vnfm-adapter/templates/service.yaml
index b445f7553b..5772a89a97 100755
--- a/kubernetes/so/charts/so-vnfm-adapter/templates/service.yaml
+++ b/kubernetes/so/components/so-vnfm-adapter/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2019 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 kind: Service
 metadata:
diff --git a/kubernetes/so/charts/so-vnfm-adapter/values.yaml b/kubernetes/so/components/so-vnfm-adapter/values.yaml
index 0454892119..6aebf31932 100755
--- a/kubernetes/so/charts/so-vnfm-adapter/values.yaml
+++ b/kubernetes/so/components/so-vnfm-adapter/values.yaml
@@ -1,5 +1,5 @@
 # Copyright © 2019 Nordix Foundation
-#
+# Copyright © 2020 Huawei
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -16,48 +16,62 @@
 #################################################################
 global:
   nodePortPrefixExt: 304
-  repository: nexus3.onap.org:10001
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
   persistence:
     mountPath: /dockerdata-nfs
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
-  - uid: "so-onap-certs"
-    externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
-    type: generic
-    filePaths: '{{ .Values.secretsFilePaths }}'
-
-#secretsFilePaths: |
-#  - 'my file 1'
-#  - '{{ include "templateThatGeneratesFileName" . }}'
-
+  security:
+    aaf:
+      enabled: false
+  aaf:
+    auth:
+      header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
 
 #################################################################
 # Application configuration defaults.
 #################################################################
-repository: nexus3.onap.org:10001
-image: onap/so/vnfm-adapter:1.6.4
+image: onap/so/vnfm-adapter:1.7.10
 pullPolicy: Always
 
+aaf:
+  auth:
+    username: so@so.onap.org
+    password: 8DB1C939BFC6A35C3832D0E52E452D0E05AE2537AF142CECD125FF827C05A972FDD0F4700547DA
+aai:
+  auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+mso:
+  key: 07a7159d3bf51a0e53be7a8f89699be7
+sdc:
+  username: mso
+  password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+  key: 566B754875657232314F5548556D3665
+
 replicaCount: 1
 minReadySeconds: 10
-containerPort: 9092
+containerPort: &containerPort 9092
 logPath: ./logs/vnfm-adapter/
 app: vnfm-adapter
 service:
     type: NodePort
-    internalPort: 9092
-    externalPort: 9092
+    internalPort: *containerPort
+    externalPort: *containerPort
     nodePort: "06"
     portName: so-vnfm-port
 updateStrategy:
     type: RollingUpdate
     maxUnavailable: 1
     maxSurge: 1
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+  nameOverride: so-vnfm-cert-init
+  certInitializer:
+    nameOverride: so-vnfm-cert-init
+    credsPath: /opt/app/osaaf/local
+  cadi:
+    apiEnforcement: org.onap.so.vnfmAdapterPerm
+  containerPort: *containerPort
+
 # Resource Limit flavor -By Default using small
 flavor: small
 # Segregation for Different environment (Small and Large)
diff --git a/kubernetes/so/charts/so-secrets/Chart.yaml b/kubernetes/so/components/soHelpers/Chart.yaml
index d96245d752..a91111a33a 100644..100755
--- a/kubernetes/so/charts/so-secrets/Chart.yaml
+++ b/kubernetes/so/components/soHelpers/Chart.yaml
@@ -12,6 +12,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 apiVersion: v1
-description: A Helm chart for so  secrets
-name: so-secrets
+description: A Helm chart for SO helpers
+name: soHelpers
 version: 6.0.0
diff --git a/kubernetes/oof/charts/oof-cmso/requirements.yaml b/kubernetes/so/components/soHelpers/requirements.yaml
index d95b2e76ae..aa972a525b 100644..100755
--- a/kubernetes/oof/charts/oof-cmso/requirements.yaml
+++ b/kubernetes/so/components/soHelpers/requirements.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2018 AT&T
+# Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,7 +11,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
 dependencies:
   - name: common
     version: ~6.x-0
@@ -19,6 +18,6 @@ dependencies:
     # a part of this chart's package and will not
     # be published independently to a repo (at this point)
     repository: '@local'
-  - name: mariadb-galera
+  - name: certInitializer
     version: ~6.x-0
     repository: '@local'
diff --git a/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl b/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl
new file mode 100644
index 0000000000..d16b4f7cf8
--- /dev/null
+++ b/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl
@@ -0,0 +1,21 @@
+{{- define "so.cadi.keys" -}}
+{{-   $dot := default . .dot -}}
+{{-   $initRoot := default $dot.Values.soHelpers .initRoot -}}
+cadiLoglevel: {{ $initRoot.cadi.logLevel }}
+cadiKeyFile: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.aaf.keyFile }}
+cadiTrustStore: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.aaf.trustore }}
+cadiTruststorePassword: ${TRUSTSTORE_PASSWORD}
+cadiLatitude: {{ $initRoot.cadi.latitude }}
+cadiLongitude: {{ $initRoot.cadi.longitude }}
+aafEnv: {{ $initRoot.cadi.aafEnv }}
+aafApiVersion: {{ $initRoot.cadi.aafApiVersion }}
+aafRootNs: {{ $initRoot.cadi.aafRootNs }}
+aafId: {{ $initRoot.cadi.aafId }}
+aafPassword: {{ $initRoot.cadi.aafPassword }}
+aafLocateUrl: {{ $initRoot.cadi.aafLocateUrl }}
+aafUrl: {{ $initRoot.cadi.aafUrl }}
+apiEnforcement: {{ $initRoot.cadi.apiEnforcement }}
+{{- if ($initRoot.cadi.noAuthn) }}
+noAuthn: {{ $initRoot.cadi.noAuthn }}
+{{- end }}
+{{- end }}
diff --git a/kubernetes/so/components/soHelpers/templates/_certificates.tpl b/kubernetes/so/components/soHelpers/templates/_certificates.tpl
new file mode 100644
index 0000000000..66497e1afa
--- /dev/null
+++ b/kubernetes/so/components/soHelpers/templates/_certificates.tpl
@@ -0,0 +1,62 @@
+{{- define "so.certificate.container_importer" -}}
+{{-   $dot := default . .dot -}}
+{{-   $initRoot := default $dot.Values.soHelpers .initRoot -}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+{{ include "common.certInitializer.initContainer" $subchartDot }}
+{{- if $dot.Values.global.aafEnabled }}
+- name: {{ include "common.name" $dot }}-msb-cert-importer
+  image: {{ include "repositoryGenerator.repository" $subchartDot }}/{{ $dot.Values.global.aafAgentImage }}
+  imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
+  command:
+  - "/bin/sh"
+  args:
+  - "-c"
+  - |
+    export $(grep '^c' {{ $subchartDot.Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+    keytool -import -trustcacerts -alias msb_root -file \
+      /certificates/msb-ca.crt -keystore \
+      "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \
+      -storepass $cadi_truststore_password -noprompt
+    keytool -importkeystore -srckeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks" \
+      -srcstorepass {{ $subchartDot.Values.certInitializer.trustStoreAllPass }} \
+      -destkeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \
+      -deststorepass $cadi_truststore_password -noprompt
+  volumeMounts:
+  {{ include "common.certInitializer.volumeMount" $subchartDot | indent 2 | trim }}
+  - name: {{ include "common.name" $dot }}-msb-certificate
+    mountPath: /certificates
+{{- end }}
+{{- end -}}
+
+{{- define "so.certificate.volumes" -}}
+{{-   $dot := default . .dot -}}
+{{-   $initRoot := default $dot.Values.soHelpers .initRoot -}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+{{ include "common.certInitializer.volumes" $subchartDot }}
+{{- if $dot.Values.global.aafEnabled }}
+- name: {{ include "common.name" $dot }}-msb-certificate
+  secret:
+    secretName: {{ include "common.secret.getSecretNameFast" (dict "global" $subchartDot "uid" "so-onap-certs") }}
+{{- end }}
+{{- end -}}
+
+{{- define "so.certificate.volumeMount" -}}
+{{-   $dot := default . .dot -}}
+{{-   $initRoot := default $dot.Values.soHelpers .initRoot -}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+{{ include "common.certInitializer.volumeMount" $subchartDot }}
+{{- end -}}
+
+{{- define "so.certificates.env" -}}
+{{-   $dot := default . .dot -}}
+{{-   $initRoot := default $dot.Values.soHelpers .initRoot -}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+{{-   if $dot.Values.global.aafEnabled }}
+- name: TRUSTSTORE
+  value: {{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}
+{{-     if $dot.Values.global.security.aaf.enabled }}
+- name: KEYSTORE
+  value: {{ $subchartDot.Values.certInitializer.credsPath }}/org.onap.so.p12
+{{-     end }}
+{{-   end }}
+{{- end -}}
diff --git a/kubernetes/so/components/soHelpers/templates/_livenessProbe.tpl b/kubernetes/so/components/soHelpers/templates/_livenessProbe.tpl
new file mode 100644
index 0000000000..cde94742c6
--- /dev/null
+++ b/kubernetes/so/components/soHelpers/templates/_livenessProbe.tpl
@@ -0,0 +1,20 @@
+{{- define "so.helpers.livenessProbe" -}}
+{{-   $dot := default . .dot -}}
+{{-   $initRoot := default $dot.Values.soHelpers .initRoot -}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+livenessProbe:
+  httpGet:
+    path: {{ $subchartDot.Values.livenessProbe.path }}
+    port: {{ $subchartDot.Values.containerPort }}
+    scheme: {{  $subchartDot.Values.livenessProbe.scheme }}
+    {{- if $subchartDot.Values.global.security.aaf.enabled }}
+    httpHeaders:
+    - name: Authorization
+      value: {{ $subchartDot.Values.global.aaf.auth.header }}
+    {{- end }}
+  initialDelaySeconds: {{ $subchartDot.Values.livenessProbe.initialDelaySeconds }}
+  periodSeconds: {{ $subchartDot.Values.livenessProbe.periodSeconds }}
+  timeoutSeconds: {{ $subchartDot.Values.livenessProbe.timeoutSeconds }}
+  successThreshold: {{ $subchartDot.Values.livenessProbe.successThreshold }}
+  failureThreshold: {{ $subchartDot.Values.livenessProbe.failureThreshold }}
+{{- end -}}
diff --git a/kubernetes/so/components/soHelpers/templates/_profileProperty.tpl b/kubernetes/so/components/soHelpers/templates/_profileProperty.tpl
new file mode 100644
index 0000000000..56910ebebd
--- /dev/null
+++ b/kubernetes/so/components/soHelpers/templates/_profileProperty.tpl
@@ -0,0 +1,3 @@
+{{- define "so.helpers.profileProperty" -}}
+  {{ if .condition }}{{ .value1 }}{{ else }}{{ .value2 }}{{ end }}
+{{- end -}}
diff --git a/kubernetes/so/components/soHelpers/values.yaml b/kubernetes/so/components/soHelpers/values.yaml
new file mode 100755
index 0000000000..a367272d9a
--- /dev/null
+++ b/kubernetes/so/components/soHelpers/values.yaml
@@ -0,0 +1,98 @@
+# Copyright © 2018 AT&T USA
+# Copyright © 2020 Huawei
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+  aafAgentImage: onap/aaf/aaf_agent:2.1.20
+  msbEnabled: true
+  security:
+    aaf:
+      enabled: false
+  app:
+    msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+  client:
+    certs:
+      truststore: /app/client/org.onap.so.trust.jks
+      keystore: /app/client/org.onap.so.jks
+      trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI
+      keyStorePassword: c280b25hcA==
+  certificates:
+    path: /etc/ssl/certs
+    share_path: /usr/local/share/ca-certificates/
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: 'so-onap-certs'
+    name: '{{ include "common.release" . }}-so-certs'
+    externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+    type: generic
+    filePaths:
+      - resources/config/certificates/msb-ca.crt
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: so
+  fqi: so@so.onap.org
+  public_fqdn: so.onap.org
+  cadi_longitude: '0.0'
+  cadi_latitude: '0.0'
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  trustStoreAllPass: changeit
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh local showpass
+    {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+
+aafConfig:
+  permission_user: 1000
+  permission_group: 999
+
+aaf:
+  trustore: org.onap.so.trust.jks
+  keyFile: org.onap.so.keyfile
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+livenessProbe:
+  path: /manage/health
+  scheme: HTTP
+  initialDelaySeconds: 600
+  periodSeconds: 60
+  timeoutSeconds: 10
+  successThreshold: 1
+  failureThreshold: 3
+
+cadi:
+  logLevel: DEBUG
+  latitude: 38.4329
+  longitude: -90.43248
+  aafEnv: IST
+  aafApiVersion: 2.1
+  aafRootNs: org.onap.so
+  aafLocateUrl: https://aaf-locate.onap:8095
+  aafUrl: https://aaf-locate.onap:8095/locate/org.osaaf.aaf.service:2.1
+  aafId: so@so.onap.org
+  aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+  apiEnforcement: org.onap.so.apihPerm
+  noAuthn: /manage/health
diff --git a/kubernetes/so/requirements.yaml b/kubernetes/so/requirements.yaml
index 4f4eac48cb..2b60a69589 100755
--- a/kubernetes/so/requirements.yaml
+++ b/kubernetes/so/requirements.yaml
@@ -18,7 +18,76 @@ dependencies:
     # a part of this chart's package and will not
     # be published independently to a repo (at this point)
     repository: '@local'
+  - name: readinessCheck
+    version: ~6.x-0
+    repository: '@local'
   - name: mariadb-galera
     version: ~6.x-0
     repository: '@local'
     condition: global.mariadbGalera.localCluster
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
+  - name: soHelpers
+    version: ~6.x-0
+    repository: 'file://components/soHelpers'
+  - name: so-appc-orchestrator
+    version: ~6.x-0
+    repository: 'file://components/so-appc-orchestrator'
+    condition: so-appc-orchestrator.enabled
+  - name: so-bpmn-infra
+    version: ~6.x-0
+    repository: 'file://components/so-bpmn-infra'
+  - name: so-catalog-db-adapter
+    version: ~6.x-0
+    repository: 'file://components/so-catalog-db-adapter'
+    condition: so-catalog-db-adapter.enabled
+  - name: so-cnf-adapter
+    version: ~6.x-0
+    repository: "file://components/so-cnf-adapter"
+    condition: so-cnf-adapter.enabled
+  - name: so-etsi-nfvo-ns-lcm
+    version: ~6.x-0
+    repository: 'file://components/so-etsi-nfvo-ns-lcm'
+    condition: so-etsi-nfvo-ns-lcm.enabled
+  - name: so-mariadb
+    version: ~6.x-0
+    repository: 'file://components/so-mariadb'
+  - name: so-monitoring
+    version: ~6.x-0
+    repository: 'file://components/so-monitoring'
+    condition: so-monitoring.enabled
+  - name: so-nssmf-adapter
+    version: ~6.x-0
+    repository: 'file://components/so-nssmf-adapter'
+    condition: so-nssmf-adapter.enabled
+  - name: so-oof-adapter
+    version: ~6.x-0
+    repository: 'file://components/so-oof-adapter'
+    condition: so-oof-adapter.enabled
+  - name: so-openstack-adapter
+    version: ~6.x-0
+    repository: 'file://components/so-openstack-adapter'
+    condition: so-openstack-adapter.enabled
+  - name: so-request-db-adapter
+    version: ~6.x-0
+    repository: 'file://components/so-request-db-adapter'
+  - name: so-sdc-controller
+    version: ~6.x-0
+    repository: 'file://components/so-sdc-controller'
+  - name: so-sdnc-adapter
+    version: ~6.x-0
+    repository: 'file://components/so-sdnc-adapter'
+    condition: so-sdnc-adapter.enabled
+  - name: so-ve-vnfm-adapter
+    version: ~6.x-0
+    repository: 'file://components/so-ve-vnfm-adapter'
+    condition: so-ve-vnfm-adapter.enabled
+  - name: so-vfc-adapter
+    version: ~6.x-0
+    repository: 'file://components/so-vfc-adapter'
+    condition: so-vfc-adapter.enabled
+  - name: so-vnfm-adapter
+    version: ~6.x-0
+    repository: 'file://components/so-vnfm-adapter'
+    condition: so-vnfm-adapter.enabled
diff --git a/kubernetes/so/resources/config/certificates/onap-ca.crt b/kubernetes/so/resources/config/certificates/onap-ca.crt
deleted file mode 100755
index e9a50d7ea0..0000000000
--- a/kubernetes/so/resources/config/certificates/onap-ca.crt
+++ /dev/null
@@ -1,31 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
diff --git a/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh b/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh
index 3280253743..52ba27ddca 100755
--- a/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh
+++ b/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh
@@ -1,9 +1,11 @@
 #!/bin/sh
+{{/*
 # Copyright 2015 AT&T Intellectual Properties
 ##############################################################################
 #       Script to initialize the chef-repo branch and.chef
 #
 ##############################################################################
+*/}}
 # Copy the certificates
 echo 'Copying the *.crt provided in /shared folder'
 cp --verbose /shared/*.crt /usr/local/share/ca-certificates
diff --git a/kubernetes/so/resources/config/overrides/override.yaml b/kubernetes/so/resources/config/overrides/override.yaml
index 6bd930d7b1..efb3fab558 100755
--- a/kubernetes/so/resources/config/overrides/override.yaml
+++ b/kubernetes/so/resources/config/overrides/override.yaml
@@ -1,28 +1,28 @@
 aai:
   endpoint: https://aai.{{ include "common.namespace" . }}:8443
-  auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
+  auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
 server:
     port: {{ index .Values.containerPort }}
     tomcat:
         max-threads: 50
 ssl-enable: false
 mso:
-  msoKey: {{ .Values.global.app.msoKey }}
+  msoKey: {{ .Values.mso.msoKey }}
   logPath: ./logs/apih
   site-name: {{ index .Values.global.app.siteName }}
   adapters:
     requestDb:
       endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
-      auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+      auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
   catalog:
     db:
       spring:
         endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
   db:
-    auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+    auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
   config:
     path: /src/main/resources/
-    cadi: {{ include "cadi.keys" . | nindent 10}}
+    cadi: {{ include "so.cadi.keys" . | nindent 10}}
   infra:
     default:
       alacarte:
@@ -34,14 +34,14 @@ mso:
           default:
             testApi: GR_API
   camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/
-  camundaAuth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.camundaAuth )}}
+  camundaAuth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.camundaAuth )}}
   async:
     core-pool-size: 50
     max-pool-size: 50
     queue-capacity: 500
   sdc:
     client:
-      auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.sdc.client.auth )}}
+      auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.sdc.client.auth )}}
     activate:
       instanceid: test
       userid: cs0008
@@ -52,7 +52,7 @@ mso:
         count: 3
   aai:
     endpoint: https://aai.{{ include "common.namespace" . }}:8443
-    auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
+    auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
 
   extApi:
     endpoint: http://nbi.onap:8080/nbi/api/v3
@@ -62,11 +62,11 @@ mso:
         username: testuser
         password: VjR5NDcxSzA=
         host: http://dmaap-bc.{{ include "common.namespace" . }}:8080
-        auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.so.operationalEnv.dmaap.auth )}}
+        auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.so.operationalEnv.dmaap.auth )}}
       publisher:
         topic: com.att.ecomp.mso.operationalEnvironmentEvent
   health:
-    auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.health.auth )}}
+    auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.health.auth )}}
     endpoints:
       - subsystem: apih
         uri: http://so-bpmn-infra:8081
@@ -124,4 +124,4 @@ org:
       cloud-owner: CloudOwner
       adapters:
         network:
-          encryptionKey: {{ .Values.global.app.msoKey }}
+          encryptionKey: {{ .Values.mso.msoKey }}
diff --git a/kubernetes/so/templates/_cadiValues.tpl b/kubernetes/so/templates/_cadiValues.tpl
deleted file mode 100644
index 426facc4b1..0000000000
--- a/kubernetes/so/templates/_cadiValues.tpl
+++ /dev/null
@@ -1,19 +0,0 @@
-{{- define "cadi.keys" -}}
-cadiLoglevel: DEBUG
-cadiKeyFile: /org.onap.so.keyfile
-cadiTrustStore: /app/org.onap.so.trust.jks
-cadiTruststorePassword: {{ .Values.global.app.cadi.cadiTruststorePassword }}
-cadiLatitude: {{ .Values.global.app.cadi.cadiLatitude }}
-cadiLongitude: {{ .Values.global.app.cadi.cadiLongitude }}
-aafEnv: {{ .Values.global.app.cadi.aafEnv }}
-aafApiVersion: 2.0
-aafRootNs: {{ .Values.global.app.cadi.aafRootNs }}
-aafId: {{ .Values.mso.config.cadi.aafId }}
-aafPassword: {{ .Values.mso.config.cadi.aafPassword }}
-aafLocateUrl: {{ .Values.global.app.cadi.aafLocateUrl }}
-aafUrl: {{ .Values.global.app.cadi.aafUrl }}
-apiEnforcement: {{ .Values.mso.config.cadi.apiEnforcement }}
-{{- if (.Values.global.app.cadi.noAuthn) }}
-noAuthn: {{ .Values.mso.config.cadi.noAuthn }}
-{{- end }}
-{{- end }}
diff --git a/kubernetes/so/templates/_certificates.tpl b/kubernetes/so/templates/_certificates.tpl
deleted file mode 100644
index 8bd25d27a1..0000000000
--- a/kubernetes/so/templates/_certificates.tpl
+++ /dev/null
@@ -1,32 +0,0 @@
-{{- define "so.certificate.container_importer" -}}
-- name: {{ include "common.name" . }}-certs-importer
-  image: "{{ include "common.repository" . }}/{{ .Values.global.soBaseImage }}"
-  imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-  command:
-  - "/bin/sh"
-  args:
-  - "-c"
-  - "update-ca-certificates --fresh && \
-    cp -r {{ .Values.global.certificates.path }}/* /certificates"
-  volumeMounts:
-  - name: {{ include "common.name" . }}-certificates
-    mountPath: /certificates
-  - name: {{ include "common.name" . }}-onap-certificates
-    mountPath: {{ .Values.global.certificates.share_path }}
-{{- end -}}
-
-{{- define "so.certificate.volume-mounts" -}}
-- name: {{ include "common.name" . }}-certificates
-  mountPath: {{ .Values.global.certificates.path }}
-- name: {{ include "common.name" . }}-onap-certificates
-  mountPath: {{ .Values.global.certificates.share_path }}
-{{- end -}}
-
-{{- define "so.certificate.volumes" -}}
-- name: {{ include "common.name" . }}-certificates
-  emptyDir:
-    medium: Memory
-- name: {{ include "common.name" . }}-onap-certificates
-  secret:
-    secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "so-onap-certs") }}
-{{- end -}}
diff --git a/kubernetes/so/templates/_livenessProbe.tpl b/kubernetes/so/templates/_livenessProbe.tpl
deleted file mode 100644
index 4181beb1f8..0000000000
--- a/kubernetes/so/templates/_livenessProbe.tpl
+++ /dev/null
@@ -1,17 +0,0 @@
-{{- define "helpers.livenessProbe" -}} 
-livenessProbe:
-  httpGet:
-    path: {{- index .Values.livenessProbe.path|indent 2}}
-    port: {{ index .Values.containerPort }}
-    scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
-    {{- if eq .Values.global.security.aaf.enabled true }}
-    httpHeaders:
-    - name: Authorization
-      value: {{ index .Values.global.aaf.auth.header }}
-    {{- end }}
-  initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
-  periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
-  timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
-  successThreshold: {{ index .Values.livenessProbe.successThreshold}}
-  failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
-{{- end -}}
diff --git a/kubernetes/so/templates/_profileProperty.tpl b/kubernetes/so/templates/_profileProperty.tpl
deleted file mode 100644
index 113bc343d0..0000000000
--- a/kubernetes/so/templates/_profileProperty.tpl
+++ /dev/null
@@ -1,3 +0,0 @@
-{{- define "helpers.profileProperty" -}}
-  {{ if eq .condition true }}{{.value1}}{{else}}{{.value2}} {{ end }}
-{{- end -}}
diff --git a/kubernetes/so/templates/configmap.yaml b/kubernetes/so/templates/configmap.yaml
index 6aa4b5f4f0..74daf41b7f 100755
--- a/kubernetes/so/templates/configmap.yaml
+++ b/kubernetes/so/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,11 +12,12 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 data:
   LOG_PATH: {{ index .Values.logPath }}
   APP: {{ index .Values.app }}
-  ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+  ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
 kind: ConfigMap
 metadata:
   name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/templates/deployment.yaml b/kubernetes/so/templates/deployment.yaml
index 32f46c23ba..3fee225c03 100755
--- a/kubernetes/so/templates/deployment.yaml
+++ b/kubernetes/so/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -37,38 +39,31 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
-      initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
-      - name: {{ include "common.name" . }}-readiness
-        command:
-        - /root/job_complete.py
-        args:
-        - --job-name
-        - {{ include "common.release" . }}-so-mariadb-config-job
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-readiness
+      initContainers:
+      {{ include "so.certificate.container_importer" . | indent 6 | trim }}
+      {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
       containers:
       - name: {{ include "common.name" . }}
-        image: {{ include "common.repository" . }}/{{ .Values.image }}
-        resources:
-{{ include "common.resources" . | indent 12 }}
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+        resources: {{ include "common.resources" . | nindent 12 }}
+        {{- if .Values.global.aafEnabled }}
+        command:
+        - sh
+        args:
+        - -c
+        - |
+          export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+          export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+          {{- if .Values.global.security.aaf.enabled }}
+          export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
+          {{- end }}
+          /app/start-app.sh
+        {{- end }}
         env:
         - name: DB_HOST
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.readwrite.host
+          value: {{ include "common.mariadbService" . }}
         - name: DB_PORT
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.readwrite.port
+          value: {{ include "common.mariadbPort" . | quote }}
         - name: DB_USERNAME
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
         - name: DB_PASSWORD
@@ -77,27 +72,12 @@ spec:
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
         - name: DB_ADMIN_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
-         {{- if eq .Values.global.security.aaf.enabled true }}
-        - name: TRUSTSTORE
-          value: /app/org.onap.so.trust.jks
-        - name: TRUSTSTORE_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name}}-so-client-certs-secret
-              key: trustStorePassword
-        - name: KEYSTORE
-          value: /app/org.onap.so.jks
-        - name: KEYSTORE_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name}}-so-client-certs-secret
-              key: keyStorePassword
-        {{- end }}
+        {{ include "so.certificates.env" . | indent 8 | trim }}
         envFrom:
         - configMapRef:
             name: {{ include "common.fullname" . }}-configmap
         imagePullPolicy:  {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
+        volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
         - name: logs
           mountPath: /app/logs
         - name: config
@@ -105,14 +85,14 @@ spec:
           readOnly: true
         - name: {{ include "common.fullname" . }}-logs
           mountPath: /var/log/onap
-{{ include "helpers.livenessProbe" .| indent 8 }}
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
         ports:
         - containerPort: {{ index .Values.containerPort }}
           name: {{ .Values.service.portName }}
           protocol: TCP
       # Filebeat sidecar container
       - name: {{ include "common.name" . }}-filebeat-onap
-        image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+        image: {{ include "repositoryGenerator.image.logging" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - name: {{ include "common.fullname" . }}-filebeat-conf
diff --git a/kubernetes/so/templates/secret.yaml b/kubernetes/so/templates/secret.yaml
index bdcecddfa3..5aa3ea3855 100644
--- a/kubernetes/so/templates/secret.yaml
+++ b/kubernetes/so/templates/secret.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020 Samsung Electronics
 # Modifications Copyright © 2020 Orange
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/templates/service.yaml b/kubernetes/so/templates/service.yaml
index 336b9f7028..2849edecc7 100755
--- a/kubernetes/so/templates/service.yaml
+++ b/kubernetes/so/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T USA
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 apiVersion: v1
 kind: Service
 metadata:
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index bc7ff5cb92..358b104367 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -1,5 +1,5 @@
 # Copyright © 2018 AT&T USA
-#
+# Copyright © 2020 Huawei
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -17,16 +17,13 @@
 global:
   nodePortPrefix: 302
   nodePortPrefixExt: 304
-  repository: nexus3.onap.org:10001
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  soBaseImage: onap/so/base-image:1.0
+  aafAgentImage: onap/aaf/aaf_agent:2.1.20
   mariadbGalera:
     nameOverride: mariadb-galera
     serviceName: mariadb-galera
-    servicePort: "3306"
+    servicePort: '3306'
+    service: mariadb-galera
+    internalPort: '3306'
     # mariadbRootPassword: secretpassword
     # rootPasswordExternalSecret: some secret
     #This flag allows SO to instantiate its own mariadb-galera cluster,
@@ -58,19 +55,7 @@ global:
     siteName: onapheat
     auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
     defaultCloudOwner: onap
-    cadi:
-      cadiLoglevel: DEBUG
-      cadiKeyFile: /app/client/org.onap.so.keyfile
-      cadiTrustStore: /app/client/org.onap.so.trust.jks
-      cadiTruststorePassword: enc:MFpuxKeYK6Eo6QXjDUjtOBbp0FthY7SB4mKSIJm_RWC
-      cadiLatitude: 38.4329
-      cadiLongitude: -90.43248
-      aafEnv: IST
-      aafApiVersion: 2.1
-      aafRootNs: org.onap.so
-      aafLocateUrl: https://aaf-locate.onap:8095
-      aafUrl: https://aaf-locate.onap:8095/locate/org.osaaf.aaf.service:2.1
-    msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+
   client:
     certs:
       truststore: /app/client/org.onap.so.trust.jks
@@ -81,6 +66,10 @@ global:
     path: /etc/ssl/certs
     share_path: /usr/local/share/ca-certificates/
 
+readinessCheck:
+  wait_for:
+    - so-mariadb-config
+
 #################################################################
 # Secrets metaconfig
 #################################################################
@@ -99,7 +88,7 @@ secrets:
     passwordPolicy: required
     annotations:
       helm.sh/hook: pre-upgrade,pre-install
-      helm.sh/hook-weight: "0"
+      helm.sh/hook-weight: '0'
       helm.sh/hook-delete-policy: before-hook-creation
   - uid: db-user-creds
     name: &dbUserCredsSecretName '{{ include "common.release" . }}-so-db-user-creds'
@@ -115,13 +104,57 @@ secrets:
     login: '{{ .Values.dbCreds.adminName }}'
     password: '{{ .Values.dbCreds.adminPassword }}'
     passwordPolicy: generate
-  - uid: "so-onap-certs"
+  - uid: 'so-onap-certs'
     name: &so-certs '{{ include "common.release" . }}-so-certs'
     externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
     type: generic
     filePaths:
-      - resources/config/certificates/onap-ca.crt
       - resources/config/certificates/msb-ca.crt
+  - uid: 'mso-key'
+    name: &mso-key '{{ include "common.release" . }}-mso-key'
+    type: password
+    password: '{{ .Values.mso.msoKey }}'
+  - uid: mso-oof-auth
+    name: &mso-oof-auth '{{ include "common.release" . }}-mso-oof-auth'
+    type: basicAuth
+    login: '{{ .Values.mso.oof.login }}'
+    password: '{{ .Values.mso.oof.password }}'
+    passwordPolicy: required
+  - uid: server-actuator-creds
+    name: &actuator-secrets '{{ include "common.release" . }}-so-server-actuator-creds'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}'
+    login: '{{ .Values.server.actuator.username }}'
+    password: '{{ .Values.server.actuator.password }}'
+    passwordPolicy: required
+  - uid: server-bpel-creds
+    name: &bpel-secrets '{{ include "common.release" . }}-so-server-bpel-creds'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.server.bpelCredsExternalSecret) . }}'
+    login: '{{ .Values.server.bpel.username }}'
+    password: '{{ .Values.server.bpel.password }}'
+    passwordPolicy: required
+  - uid: so-aaf-creds
+    name: &aaf-secrets '{{ include "common.release" . }}-so-server-aaf-creds'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.server.aafCredsExternalSecret) . }}'
+    login: '{{ .Values.server.aaf.username }}'
+    password: '{{ .Values.server.aaf.password }}'
+    passwordPolicy: required
+  - uid: so-aai-creds
+    name: &aai-secrets '{{ include "common.release" . }}-so-server-aai-creds'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.server.aaiCredsExternalSecret) . }}'
+    login: '{{ .Values.server.aai.username }}'
+    password: '{{ .Values.server.aai.password }}'
+    passwordPolicy: required
+
+aafConfig:
+  permission_user: 1000
+  permission_group: 999
+
+aaf:
+  trustore: org.onap.so.trust.jks
 
 #################################################################
 # Application configuration defaults.
@@ -136,24 +169,54 @@ dbCreds:
   userName: so_user
   adminName: so_admin
 
-repository: nexus3.onap.org:10001
-image: onap/so/api-handler-infra:1.6.4
+image: onap/so/api-handler-infra:1.7.10
+
+server:
+  aaf:
+    username: so@so.onap.org
+    password: demo123456
+  # aafCredsExternalSecret: some secret
+  aai:
+    username: aai@aai.onap.org
+    password: demo123456!
+  # aaiCredsExternalSecret: some secret
+  actuator:
+    username: mso_admin
+    password: password1$
+  # actuatorCredsExternalSecret: some secret
+  bpel:
+    username: bpel
+    password: password1$
+  # bpelCredsExternalSecret: some secret
+
 pullPolicy: Always
 replicaCount: 1
 minReadySeconds: 10
-containerPort: 8080
+containerPort: &containerPort 8080
 logPath: ./logs/apih/
 app: api-handler-infra
 service:
-    type: NodePort
-    nodePort: 77
-    internalPort: 8080
-    externalPort: 8080
-    portName: so-apih-port
+  type: NodePort
+  nodePort: 77
+  internalPort: *containerPort
+  externalPort: *containerPort
+  portName: so-apih-port
 updateStrategy:
-    type: RollingUpdate
-    maxUnavailable: 1
-    maxSurge: 1
+  type: RollingUpdate
+  maxUnavailable: 1
+  maxSurge: 1
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+  nameOverride: so-apih-cert-init
+  certInitializer:
+    nameOverride: so-apih-cert-init
+  credsPath: /opt/app/osaaf/local
+  certSecret: *so-certs
+  containerPort: *containerPort
+
 # Resource Limit flavor -By Default using small
 flavor: small
 # Segregation for Different environment (Small and Large)
@@ -175,14 +238,6 @@ resources:
       cpu: 1000m
       memory: 2Gi
   unlimited: {}
-livenessProbe:
-    path: /manage/health
-    scheme: HTTP
-    initialDelaySeconds: 600
-    periodSeconds: 60
-    timeoutSeconds: 10
-    successThreshold: 1
-    failureThreshold: 3
 
 nodeSelector: {}
 affinity: {}
@@ -211,28 +266,26 @@ mariadb-galera:
 ingress:
   enabled: false
   service:
-    - baseaddr: "so.api"
-      name: "so"
+    - baseaddr: 'so.api'
+      name: 'so'
       port: 8080
   config:
-    ssl: "none"
+    ssl: 'none'
 
 mso:
   adapters:
     requestDb:
       auth: Basic YnBlbDpwYXNzd29yZDEk
-  config:
-    cadi:
-      aafId: so@so.onap.org
-      aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
-      apiEnforcement: org.onap.so.apihPerm
-      noAuthn: /manage/health
   camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
+  msoKey: 07a7159d3bf51a0e53be7a8f89699be7
   sdc:
     client:
       auth: 878785F4F31BC9CFA5AB52A172008212D8845ED2DE08AD5E56AF114720A4E49768B8F95CDA2EB971765D28EDCDAA24
   aai:
     auth: 6E081E10B1CA43A843E303733A74D9B23B601A6E22A21C7EF2C7F15A42F81A1A4E85E65268C2661F71321052C7F3E55B96A8E1E951F8BF6F
+  oof:
+    login: test
+    password: testpwd
   so:
     operationalEnv:
       dmaap:
@@ -240,252 +293,95 @@ mso:
   health:
     auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ=
 
+so-appc-orchestrator:
+  enabled: false
+  server:
+    actuatorCredsExternalSecret: *actuator-secrets
+  db:
+    <<: *dbSecrets
+
 so-bpmn-infra:
-  certSecret: *so-certs
   db:
     <<: *dbSecrets
-  cds:
-    auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
-  aai:
-    auth: 221187EFA3AD4E33600DE0488F287099934CE65C3D0697BCECC00BB58E784E07CD74A24581DC31DBC086FF63DF116378776E9BE3D1325885
-  mso:
-    key: 07a7159d3bf51a0e53be7a8f89699be7
-    adapters:
-      requestDb:
-        auth: Basic YnBlbDpwYXNzd29yZDEk
-      db:
-        auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
-        password: wLg4sjrAFUS8rfVfdvTXeQ==
-      po:
-        auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
-    config:
-      cadi:
-        aafId: so@so.onap.org
-        aaafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
-        apiEnforcement: org.onap.so.bpmnPerm
-        noAuthn: /manage/health
-    sdnc:
-      password: 1D78CFC35382B6938A989066A7A7EAEF4FE933D2919BABA99EB4763737F39876C333EE5F
-    sniro:
-      auth: test:testpwd
-      endpoint: http://replaceme:28090/optimizationInstance/V1/create
-    oof:
-      auth: test:testpwd
-  so:
-    vnfm:
-      adapter:
-        auth: Basic dm5mbTpwYXNzd29yZDEk
 
 so-catalog-db-adapter:
-  certSecret: *so-certs
+  enabled: true
   db:
     <<: *dbSecrets
+
+so-cnf-adapter:
+  enabled: true
+  db:
+    <<: *dbSecrets
+  server:
+    aafCredsExternalSecret: *aaf-secrets
+    aaiCredsExternalSecret: *aai-secrets
+    actuatorCredsExternalSecret: *actuator-secrets
   mso:
-    config:
-      cadi:
-        aafId: so@so.onap.org
-        aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
-        apiEnforcement: org.onap.so.catalogDbAdapterPerm
-        noAuthn: /manage/health
-    adapters:
-      db:
-        auth: Basic YnBlbDpwYXNzd29yZDEk
+    msoKeySecret: *mso-key
+
+so-etsi-nfvo-ns-lcm:
+  enabled: true
+  db:
+    <<: *dbSecrets
+
+so-mariadb:
+  db:
+    rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
+    rootPasswordExternalSecret: '{{ ternary .Values.db.rootPasswordExternalSecretLocalDb (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}'
+    backupCredsExternalSecret: *dbBackupCredsSecretName
+    userCredsExternalSecret: *dbUserCredsSecretName
+    adminCredsExternalSecret: *dbAdminCredsSecretName
 
 so-monitoring:
-  certSecret: *so-certs
+  enabled: true
   db:
     <<: *dbSecrets
 
-so-openstack-adapter:
-  certSecret: *so-certs
+so-nssmf-adapter:
+  enabled: true
+  server:
+    actuatorCredsExternalSecret: *actuator-secrets
+    bpelCredsExternalSecret: *bpel-secrets
+  db:
+    <<: *dbSecrets
+
+so-oof-adapter:
+  enabled: true
   db:
     <<: *dbSecrets
-  aaf:
-    auth:
-      encrypted: 7F182B0C05D58A23A1C4966B9CDC9E0B8BC5CD53BC8C7B4083D869F8D53E9BDC3EFD55C94B1D3F
-  aai:
-    auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
-  org:
-    onap:
-      so:
-        adapters:
-          bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E
-          valet:
-            basic_auth: bXNvOkphY2tkYXdzIGxvdmUgbXkgYmlnIHNwaGlueCBvZiBxdWFydHouCg==
   mso:
-    msoKey: 07a7159d3bf51a0e53be7a8f89699be7
-    auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
-    basicUser: poBpmn
-    config:
-      cadi:
-        aafId: so@so.onap.org
-        aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
-        apiEnforcement: org.onap.so.openStackAdapterPerm
-        noAuthn: /manage/health
-    db:
-      auth: Basic YnBlbDpwYXNzd29yZDEk
+    msoKeySecret: *mso-key
+    camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
+    oof:
+      authSecret: *mso-oof-auth
+
+so-openstack-adapter:
+  enabled: true
+  db:
+    <<: *dbSecrets
 
 so-request-db-adapter:
-  certSecret: *so-certs
   db:
     <<: *dbSecrets
-  mso:
-    config:
-      cadi:
-        aafId: so@so.onap.org
-        aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
-        apiEnforcement: org.onap.so.requestDbAdapterPerm
-        noAuthn: /manage/health
-    adapters:
-      requestDb:
-        auth: Basic YnBlbDpwYXNzd29yZDEk
 
 so-sdc-controller:
-  certSecret: *so-certs
   db:
     <<: *dbSecrets
-  aai:
-    auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
-  mso:
-    msoKey: 07a7159d3bf51a0e53be7a8f89699be7
-    config:
-      cadi:
-        aafId: so@so.onap.org
-        aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
-        apiEnforcement: org.onap.so.sdcControllerPerm
-        noAuthn: /manage/health
-    asdc:
-      config:
-        key: 566B754875657232314F5548556D3665
-    requestDb:
-      auth: Basic YnBlbDpwYXNzd29yZDEk
-    asdc-connections:
-      asdc-controller1:
-        password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
 
 so-sdnc-adapter:
-  certSecret: *so-certs
+  enabled: true
   db:
     <<: *dbSecrets
-  org:
-    onap:
-      so:
-        adapters:
-          sdnc:
-            bpelauth: 4C18603C5AE7E3A42A6CED95CDF9C0BA9B2109B3725747662E5D34E5FDF63DA9ADEBB08185098F14699195FDE9475100
-            sdncauth: ED07A7EE5F099FA53369C3DF2240AD68A00154676EEDBC6F8C16BAA83B1912941B8941ABD48683D2C1072DA7040659692DE936A59BBF42A038CF71DE67B4A375190071EC76EA657801B033C135
-            network:
-                encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7
-  mso:
-    config:
-      cadi:
-        aafId: so@so.onap.org
-        aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
-        apiEnforcement: org.onap.so.sdncAdapterPerm
-        noAuthn: /manage/health
-    adapters:
-      requestDb:
-        auth: Basic YnBlbDpwYXNzd29yZDEk
-    rest:
-      aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
 
 so-ve-vnfm-adapter:
-  certSecret: *so-certs
+  enabled: false
 
 so-vfc-adapter:
-  certSecret: *so-certs
-  db:
-    <<: *dbSecrets
-  mso:
-    config:
-      cadi:
-        aafId: so@so.onap.org
-        aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
-        apiEnforcement: org.onap.so.vfcAdapterPerm
-        noAuthn: /manage/health
-    adapters:
-      requestDb:
-        auth: Basic YnBlbDpwYXNzd29yZDEk
-
-so-nssmf-adapter:
-  certSecret: *so-certs
+  enabled: true
   db:
     <<: *dbSecrets
-  aaf:
-    auth:
-      username: so@so.onap.org
-      password: 8DB1C939BFC6A35C3832D0E52E452D0E05AE2537AF142CECD125FF827C05A972FDD0F4700547DA
-  aai:
-    auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
-  mso:
-    key: 07a7159d3bf51a0e53be7a8f89699be7
-    config:
-      cadi:
-        aafId: so@so.onap.org
-        aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
-        apiEnforcement: org.onap.so.nssmfAdapterPerm
-        noAuthn: /manage/health
-    adapters:
-      requestDb:
-        auth: Basic YnBlbDpwYXNzd29yZDEk
 
 so-vnfm-adapter:
-  certSecret: *so-certs
-  aaf:
-    auth:
-      username: so@so.onap.org
-      password: 8DB1C939BFC6A35C3832D0E52E452D0E05AE2537AF142CECD125FF827C05A972FDD0F4700547DA
-  aai:
-    auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
-  sdc:
-    username: mso
-    password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
-    key: 566B754875657232314F5548556D3665
-  mso:
-    key: 07a7159d3bf51a0e53be7a8f89699be7
-    config:
-      cadi:
-        aafId: so@so.onap.org
-        aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
-        apiEnforcement: org.onap.so.vnfmAdapterPerm
-        noAuthn: /manage/health
+  enabled: true
 
-so-mariadb:
-  db:
-    rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
-    rootPasswordExternalSecret: '{{ ternary .Values.db.rootPasswordExternalSecretLocalDb (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}'
-    backupCredsExternalSecret: *dbBackupCredsSecretName
-    userCredsExternalSecret: *dbUserCredsSecretName
-    adminCredsExternalSecret: *dbAdminCredsSecretName
-so-appc-orchestrator:
-  certSecret: *so-certs
-  db:
-    <<: *dbSecrets
-  mso:
-    basicUser: poBpmn
-    auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
-    config:
-      cadi:
-        aafId: so@so.onap.org
-        aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
-        apiEnforcement: org.onap.so.openStackAdapterPerm
-        noAuthn: /manage/health
-  appc:
-    client:
-      topic:
-        read:
-          name: APPC-LCM-WRITE
-          timeout: 360000
-        write: APPC-LCM-READ
-        sdnc:
-          read: SDNC-LCM-WRITE
-          write: SDNC-LCM-READ
-      response:
-        timeout: 3600000
-      key: VIlbtVl6YLhNUrtU
-      secret: 64AG2hF4pYeG2pq7CT6XwUOT
-      service: ueb
-  auth:
-    rest:
-      aaf: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
-      aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
diff --git a/kubernetes/uui/charts/uui-server/templates/deployment.yaml b/kubernetes/uui/charts/uui-server/templates/deployment.yaml
index 38ab6a7161..ea6f7b7a23 100644
--- a/kubernetes/uui/charts/uui-server/templates/deployment.yaml
+++ b/kubernetes/uui/charts/uui-server/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 ZTE
 # Modifications Copyright © 2018 AT&T, Amdocs, Bell Canada
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -35,7 +37,7 @@ spec:
     spec:
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
diff --git a/kubernetes/uui/charts/uui-server/templates/service.yaml b/kubernetes/uui/charts/uui-server/templates/service.yaml
index 9c799cffec..157dac396d 100644
--- a/kubernetes/uui/charts/uui-server/templates/service.yaml
+++ b/kubernetes/uui/charts/uui-server/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/uui/charts/uui-server/values.yaml b/kubernetes/uui/charts/uui-server/values.yaml
index be34e3e57f..a43ae6eff0 100644
--- a/kubernetes/uui/charts/uui-server/values.yaml
+++ b/kubernetes/uui/charts/uui-server/values.yaml
@@ -17,7 +17,7 @@
 # Declare variables to be passed into your templates.
 global:
   uuiPortPrefix: 303
-  readinessRepository: oomk8s
+ 
 subChartsOnly:
   enabled: true
 
@@ -25,7 +25,7 @@ flavor: small
 
 # application image
 repository: nexus3.onap.org:10001
-image: onap/usecase-ui-server:3.0.4
+image: onap/usecase-ui-server:3.0.6
 pullPolicy: Always
 
 # application configuration
diff --git a/kubernetes/uui/requirements.yaml b/kubernetes/uui/requirements.yaml
index cf085205ab..8f74b745d3 100644
--- a/kubernetes/uui/requirements.yaml
+++ b/kubernetes/uui/requirements.yaml
@@ -18,4 +18,7 @@ dependencies:
     # local reference to common chart, as it is
     # a part of this chart's package and will not
     # be published independently to a repo (at this point)
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
     repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/uui/templates/deployment.yaml b/kubernetes/uui/templates/deployment.yaml
index d370dfcf05..8c523b2388 100644
--- a/kubernetes/uui/templates/deployment.yaml
+++ b/kubernetes/uui/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -35,7 +37,7 @@ spec:
     spec:
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command:
             - /bin/bash
diff --git a/kubernetes/uui/templates/service.yaml b/kubernetes/uui/templates/service.yaml
index e11f7fb287..222100d8c8 100644
--- a/kubernetes/uui/templates/service.yaml
+++ b/kubernetes/uui/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml
index 79b649c63d..1adb2565a0 100644
--- a/kubernetes/uui/values.yaml
+++ b/kubernetes/uui/values.yaml
@@ -17,15 +17,14 @@
 # Declare variables to be passed into your templates.
 global:
   uuiPortPrefix: 303
-  readinessRepository: oomk8s
+
 subChartsOnly:
   enabled: true
 
 flavor: small
 
 # application image
-repository: nexus3.onap.org:10001
-image: onap/usecase-ui:3.0.4
+image: onap/usecase-ui:3.0.6
 pullPolicy: Always
 
 # application configuration
diff --git a/kubernetes/vfc/Makefile b/kubernetes/vfc/Makefile
new file mode 100644
index 0000000000..4c79718d02
--- /dev/null
+++ b/kubernetes/vfc/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/vfc/charts/vfc-redis/.helmignore b/kubernetes/vfc/charts/vfc-redis/.helmignore
deleted file mode 100644
index f0c1319444..0000000000
--- a/kubernetes/vfc/charts/vfc-redis/.helmignore
+++ /dev/null
@@ -1,21 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
diff --git a/kubernetes/vfc/charts/vfc-redis/templates/service.yaml b/kubernetes/vfc/charts/vfc-redis/templates/service.yaml
deleted file mode 100644
index 5f73ac18ff..0000000000
--- a/kubernetes/vfc/charts/vfc-redis/templates/service.yaml
+++ /dev/null
@@ -1,49 +0,0 @@
-# Copyright (C) 2018 Verizon. All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "common.servicename" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    {{if eq .Values.service.type "NodePort" -}}
-    - port: {{ .Values.service.externalPort }}
-      targetPort: {{ .Values.service.internalPort }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
-      name: {{ .Values.service.portName }}
-    - port: {{ .Values.service.externalPort2 }}
-      targetPort: {{ .Values.service.internalPort2 }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
-      name: {{ .Values.service.portName }}2
-
-    {{- else -}}
-    - port: {{ .Values.service.externalPort }}
-      targetPort: {{ .Values.service.internalPort }}
-      name: {{ .Values.service.portName }}
-    - port: {{ .Values.service.externalPort2 }}
-      targetPort: {{ .Values.service.internalPort2 }}
-      name: {{ .Values.service.portName }}2
-
-    {{- end}}
-  selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
diff --git a/kubernetes/vfc/charts/vfc-vnflcm/.helmignore b/kubernetes/vfc/charts/vfc-vnflcm/.helmignore
deleted file mode 100644
index f0c1319444..0000000000
--- a/kubernetes/vfc/charts/vfc-vnflcm/.helmignore
+++ /dev/null
@@ -1,21 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
diff --git a/kubernetes/vfc/charts/vfc-vnflcm/templates/configmap.yaml b/kubernetes/vfc/charts/vfc-vnflcm/templates/configmap.yaml
deleted file mode 100644
index 1d0751a01b..0000000000
--- a/kubernetes/vfc/charts/vfc-vnflcm/templates/configmap.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-logging-configmap
-  namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/templates/configmap.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/templates/configmap.yaml
deleted file mode 100644
index 1d0751a01b..0000000000
--- a/kubernetes/vfc/charts/vfc-vnfmgr/templates/configmap.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-logging-configmap
-  namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
diff --git a/kubernetes/vfc/charts/vfc-vnfres/templates/configmap.yaml b/kubernetes/vfc/charts/vfc-vnfres/templates/configmap.yaml
deleted file mode 100644
index 1d0751a01b..0000000000
--- a/kubernetes/vfc/charts/vfc-vnfres/templates/configmap.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-logging-configmap
-  namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
diff --git a/kubernetes/vfc/charts/vfc-vnfres/templates/secrets.yaml b/kubernetes/vfc/charts/vfc-vnfres/templates/secrets.yaml
deleted file mode 100644
index b0cc27bd8d..0000000000
--- a/kubernetes/vfc/charts/vfc-vnfres/templates/secrets.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-# Copyright (c) 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/.helmignore b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/.helmignore
deleted file mode 100644
index f0c1319444..0000000000
--- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/.helmignore
+++ /dev/null
@@ -1,21 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/configmap.yaml b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/configmap.yaml
deleted file mode 100644
index 1d0751a01b..0000000000
--- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/configmap.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-logging-configmap
-  namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
diff --git a/kubernetes/vfc/components/Makefile b/kubernetes/vfc/components/Makefile
new file mode 100644
index 0000000000..bf267b7720
--- /dev/null
+++ b/kubernetes/vfc/components/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/.helmignore b/kubernetes/vfc/components/vfc-generic-vnfm-driver/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/.helmignore
+++ b/kubernetes/vfc/components/vfc-generic-vnfm-driver/.helmignore
diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/Chart.yaml b/kubernetes/vfc/components/vfc-generic-vnfm-driver/Chart.yaml
index 42e4691899..42e4691899 100644
--- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/Chart.yaml
+++ b/kubernetes/vfc/components/vfc-generic-vnfm-driver/Chart.yaml
diff --git a/kubernetes/vfc/components/vfc-generic-vnfm-driver/requirements.yaml b/kubernetes/vfc/components/vfc-generic-vnfm-driver/requirements.yaml
new file mode 100644
index 0000000000..fbe51550f0
--- /dev/null
+++ b/kubernetes/vfc/components/vfc-generic-vnfm-driver/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/resources/config/logging/log.yml b/kubernetes/vfc/components/vfc-generic-vnfm-driver/resources/config/logging/log.yml
index 123bb298ab..844f993df1 100644
--- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/resources/config/logging/log.yml
+++ b/kubernetes/vfc/components/vfc-generic-vnfm-driver/resources/config/logging/log.yml
@@ -11,6 +11,9 @@ loggers:
         level: "DEBUG"
         propagate: False
 handlers:
+    console:
+        class: "logging.StreamHandler"
+        formatter: "standard"
     gvnfmdriverlocal_handler:
         level: "DEBUG"
         class:
diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/configmap.yaml b/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/configmap.yaml
index 1d0751a01b..83f658f751 100644
--- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/configmap.yaml
+++ b/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/deployment.yaml
index ab4485864e..c910f4786f 100644
--- a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/deployment.yaml
+++ b/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -35,29 +37,12 @@ spec:
       annotations:
         sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
     spec:
-      initContainers:
-#Example init container for dependency checking
-#      - command:
-#        - /root/ready.py
-#        args:
-#        - --container-name
-#        - mariadb
-#        env:
-#        - name: NAMESPACE
-#          valueFrom:
-#            fieldRef:
-#              apiVersion: v1
-#              fieldPath: metadata.namespace
-#        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-#        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-#        name: {{ include "common.name" . }}-readiness
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
-          - containerPort: {{ .Values.service.internalPort2 }}
           # disable liveness probe when breakpoints set in debugger
           # so K8s doesn't restart unresponsive container
           {{ if .Values.liveness.enabled }}
@@ -73,12 +58,10 @@ spec:
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           env:
-            - name: MSB_PROTO
-              value: "{{ .Values.global.config.msbprotocol }}"
+            - name: MSB_HOST
+              value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
             - name: SSL_ENABLED
               value: "{{ .Values.global.config.ssl_enabled }}"
-            - name: MSB_ADDR
-              value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
             - name: REG_TO_MSB_WHEN_START
               value: "{{ .Values.global.config.reg_to_msb_when_start }}"
           volumeMounts:
@@ -88,8 +71,8 @@ spec:
           - name: {{ include "common.fullname" . }}-logs
             mountPath: /var/log/onap
           - name: {{ include "common.fullname" . }}-logconfig
-            mountPath: /opt/vfc/hwvnfmdriver/config/log4j.properties
-            subPath: log4j.properties
+            mountPath: /opt/vfc/gvnfmdriver/config/log.yml
+            subPath: log.yml
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -103,7 +86,7 @@ spec:
 
         # side car containers
         - name: {{ include "common.name" . }}-filebeat-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-filebeat-conf
diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/service.yaml b/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/service.yaml
index e5a244e9d8..df7fe3149a 100644
--- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/service.yaml
+++ b/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml b/kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml
index 8bc90fc79b..df5d830bf7 100644
--- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml
+++ b/kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml
@@ -17,10 +17,8 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
+  config:
+    ssl_enabled: false
 
 #################################################################
 # Application configuration defaults.
@@ -28,8 +26,7 @@ global:
 # application image
 flavor: small
 
-repository: nexus3.onap.org:10001
-image: onap/vfc/gvnfmdriver:1.3.9
+image: onap/vfc/gvnfmdriver:1.4.0
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/.helmignore b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/.helmignore
+++ b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/.helmignore
diff --git a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/Chart.yaml b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/Chart.yaml
index 6f5734f8f8..6f5734f8f8 100644
--- a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/Chart.yaml
+++ b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/Chart.yaml
diff --git a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/requirements.yaml b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/requirements.yaml
new file mode 100644
index 0000000000..fbe51550f0
--- /dev/null
+++ b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/resources/config/logging/log4j.properties b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/resources/config/logging/log4j.properties
index 635bcc51ea..e2036398fe 100644
--- a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/resources/config/logging/log4j.properties
+++ b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/resources/config/logging/log4j.properties
@@ -1,3 +1,4 @@
+{{/*
 ###############################################################################
 # Copyright 2016, Huawei Technologies Co., Ltd.
 #
@@ -13,6 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ###############################################################################
+*/}}
 log4j.rootLogger=INFO,root
 log4j.appender.root.Append=true
 
diff --git a/kubernetes/vfc/charts/vfc-nslcm/templates/configmap.yaml b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/configmap.yaml
index 1d0751a01b..83f658f751 100644
--- a/kubernetes/vfc/charts/vfc-nslcm/templates/configmap.yaml
+++ b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/deployment.yaml
index c6987f14ee..4f74d1ddd5 100644
--- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml
+++ b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -37,10 +39,11 @@ spec:
     spec:
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
+          - containerPort: {{ .Values.service.internalPort2 }}
           # disable liveness probe when breakpoints set in debugger
           # so K8s doesn't restart unresponsive container
           {{ if .Values.liveness.enabled }}
@@ -71,8 +74,8 @@ spec:
           - name: {{ include "common.fullname" . }}-logs
             mountPath: /var/log/onap
           - name: {{ include "common.fullname" . }}-logconfig
-            mountPath: /opt/vfc/gvnfmdriver/config/log.yml
-            subPath: log.yml
+            mountPath: /opt/vfc/hwvnfmdriver/config/log4j.properties
+            subPath: log4j.properties
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -86,7 +89,7 @@ spec:
 
         # side car containers
         - name: {{ include "common.name" . }}-filebeat-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-filebeat-conf
diff --git a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/service.yaml b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/service.yaml
index b8a6b07b32..95a84cff02 100644
--- a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/service.yaml
+++ b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/values.yaml
index 8b27d45a61..8718aff291 100644
--- a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml
+++ b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/values.yaml
@@ -17,10 +17,8 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
+  config:
+    ssl_enabled: false
 
 #################################################################
 # Application configuration defaults.
@@ -28,8 +26,7 @@ global:
 # application image
 flavor: small
 
-repository: nexus3.onap.org:10001
-image: onap/vfc/nfvo/svnfm/huawei:1.3.6
+image: onap/vfc/nfvo/svnfm/huawei:1.3.8
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/.helmignore b/kubernetes/vfc/components/vfc-nslcm/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/.helmignore
+++ b/kubernetes/vfc/components/vfc-nslcm/.helmignore
diff --git a/kubernetes/vfc/charts/vfc-nslcm/Chart.yaml b/kubernetes/vfc/components/vfc-nslcm/Chart.yaml
index a58118f3df..a58118f3df 100644
--- a/kubernetes/vfc/charts/vfc-nslcm/Chart.yaml
+++ b/kubernetes/vfc/components/vfc-nslcm/Chart.yaml
diff --git a/kubernetes/vfc/components/vfc-nslcm/requirements.yaml b/kubernetes/vfc/components/vfc-nslcm/requirements.yaml
new file mode 100644
index 0000000000..fbe51550f0
--- /dev/null
+++ b/kubernetes/vfc/components/vfc-nslcm/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/vfc/charts/vfc-nslcm/resources/config/logging/log.yml b/kubernetes/vfc/components/vfc-nslcm/resources/config/logging/log.yml
index 4ae7ab16a8..c88606239e 100644
--- a/kubernetes/vfc/charts/vfc-nslcm/resources/config/logging/log.yml
+++ b/kubernetes/vfc/components/vfc-nslcm/resources/config/logging/log.yml
@@ -11,6 +11,9 @@ loggers:
         level: "DEBUG"
         propagate: False
 handlers:
+    console:
+        class: "logging.StreamHandler"
+        formatter: "standard"
     nslcmlocal_handler:
         level: "DEBUG"
         class:
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/configmap.yaml b/kubernetes/vfc/components/vfc-nslcm/templates/configmap.yaml
index 1d0751a01b..83f658f751 100644
--- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/configmap.yaml
+++ b/kubernetes/vfc/components/vfc-nslcm/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml b/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml
index 546f5389b0..40ca646e0f 100644
--- a/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml
+++ b/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -37,7 +39,7 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - {{ .Values.config.mariadbService }}
@@ -47,7 +49,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       containers:
@@ -57,7 +59,7 @@ spec:
           args:
             - -c
             - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
@@ -76,20 +78,20 @@ spec:
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           env:
-            - name: MSB_PROTO
-              value: "{{ .Values.global.config.msbprotocol }}"
+            - name: MSB_HOST
+              value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
             - name: SSL_ENABLED
               value: "{{ .Values.global.config.ssl_enabled }}"
-            - name: MSB_ADDR
-              value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
             - name: MYSQL_ADDR
               value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
             - name: MYSQL_ROOT_USER
               value: "{{ .Values.global.config.mariadb_admin }}"
             - name: MYSQL_ROOT_PASSWORD
               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
-            - name: REDIS_ADDR
-              value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+            - name: REDIS_HOST
+              value: "{{ .Values.global.config.redisServiceName }}"
+            - name: REDIS_PORT
+              value: "{{ .Values.global.config.redisPort }}"
             - name: REG_TO_MSB_WHEN_START
               value: "{{ .Values.global.config.reg_to_msb_when_start }}"
           volumeMounts:
@@ -114,7 +116,7 @@ spec:
 
         # side car containers
         - name: {{ include "common.name" . }}-filebeat-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-filebeat-conf
diff --git a/kubernetes/vfc/charts/vfc-nslcm/templates/secrets.yaml b/kubernetes/vfc/components/vfc-nslcm/templates/secrets.yaml
index b0cc27bd8d..246928825e 100644
--- a/kubernetes/vfc/charts/vfc-nslcm/templates/secrets.yaml
+++ b/kubernetes/vfc/components/vfc-nslcm/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright (c) 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/vfc/charts/vfc-nslcm/templates/service.yaml b/kubernetes/vfc/components/vfc-nslcm/templates/service.yaml
index 5484b2cfa2..f46530ded9 100644
--- a/kubernetes/vfc/charts/vfc-nslcm/templates/service.yaml
+++ b/kubernetes/vfc/components/vfc-nslcm/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
@@ -32,6 +34,15 @@ metadata:
           "port": "{{.Values.service.externalPort}}",
           "enable_ssl": {{ .Values.global.config.ssl_enabled }},
           "visualRange":"1"
+      },
+      {
+          "serviceName": "nslcm",
+          "version": "v2",
+          "url": "/api/nslcm/v2",
+          "protocol": "REST",
+          "port": "{{.Values.service.externalPort}}",
+          "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+          "visualRange":"1"
       }
       ]'
 spec:
diff --git a/kubernetes/vfc/charts/vfc-nslcm/values.yaml b/kubernetes/vfc/components/vfc-nslcm/values.yaml
index e36efee902..6b23913a51 100644
--- a/kubernetes/vfc/charts/vfc-nslcm/values.yaml
+++ b/kubernetes/vfc/components/vfc-nslcm/values.yaml
@@ -17,10 +17,8 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
+  config:
+    ssl_enabled: false
 
 #################################################################
 # Secrets metaconfig
@@ -38,8 +36,7 @@ secrets:
 # application image
 flavor: small
 
-repository: nexus3.onap.org:10001
-image: onap/vfc/nslcm:1.3.9
+image: onap/vfc/nslcm:1.4.1
 pullPolicy: Always
 
 #Istio sidecar injection policy
@@ -52,7 +49,7 @@ debugEnabled: false
 config:
   mariadbService: vfc-mariadb
   mariadbPort: 3306
-  # mariadbRootPassword: secretpassword
+  mariadbRootPassword: secretpassword
   # mariadbRootPasswordExternalSecret: some secret
 
 
diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/.helmignore b/kubernetes/vfc/components/vfc-redis/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/sdnc/charts/sdnc-ansible-server/.helmignore
+++ b/kubernetes/vfc/components/vfc-redis/.helmignore
diff --git a/kubernetes/vfc/charts/vfc-redis/Chart.yaml b/kubernetes/vfc/components/vfc-redis/Chart.yaml
index 59a56209a1..ede374f88b 100644
--- a/kubernetes/vfc/charts/vfc-redis/Chart.yaml
+++ b/kubernetes/vfc/components/vfc-redis/Chart.yaml
@@ -13,6 +13,6 @@
 # limitations under the License.
 
 apiVersion: v1
-description: ONAP VFC - DB
+description: ONAP VFC - REDIS
 name: vfc-redis
 version: 6.0.0
diff --git a/kubernetes/vfc/components/vfc-redis/requirements.yaml b/kubernetes/vfc/components/vfc-redis/requirements.yaml
new file mode 100644
index 0000000000..fbe51550f0
--- /dev/null
+++ b/kubernetes/vfc/components/vfc-redis/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml b/kubernetes/vfc/components/vfc-redis/templates/deployment.yaml
index 0ed9622d99..787c62c3c5 100644
--- a/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml
+++ b/kubernetes/vfc/components/vfc-redis/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright (C) 2018 Verizon. All Rights Reserved
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -35,11 +37,10 @@ spec:
     spec:
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
-          - containerPort: {{ .Values.service.internalPort2 }}
           # disable liveness probe when breakpoints set in debugger
           # so K8s doesn't restart unresponsive container
           {{ if .Values.liveness.enabled }}
@@ -54,11 +55,6 @@ spec:
               port: {{ .Values.service.internalPort }}
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
-          env:
-            - name: MSB_ADDR
-              value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
-            - name: REG_TO_MSB_WHEN_START
-              value: "{{ .Values.global.config.reg_to_msb_when_start }}"
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
diff --git a/kubernetes/policy/charts/drools/charts/nexus/templates/service.yaml b/kubernetes/vfc/components/vfc-redis/templates/service.yaml
index 7883651a2e..b20f3f8880 100644
--- a/kubernetes/policy/charts/drools/charts/nexus/templates/service.yaml
+++ b/kubernetes/vfc/components/vfc-redis/templates/service.yaml
@@ -1,5 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+{{/*
+# Copyright (C) 2018 Verizon. All Rights Reserved
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
@@ -28,6 +29,7 @@ spec:
   ports:
     {{if eq .Values.service.type "NodePort" -}}
     - port: {{ .Values.service.externalPort }}
+      targetPort: {{ .Values.service.internalPort }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
       name: {{ .Values.service.portName }}
     {{- else -}}
diff --git a/kubernetes/vfc/charts/vfc-redis/values.yaml b/kubernetes/vfc/components/vfc-redis/values.yaml
index 30e2b2ce9a..6ea05d72a6 100644
--- a/kubernetes/vfc/charts/vfc-redis/values.yaml
+++ b/kubernetes/vfc/components/vfc-redis/values.yaml
@@ -17,10 +17,6 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
 
 #################################################################
 # Application configuration defaults.
@@ -28,8 +24,7 @@ global:
 # application image
 flavor: small
 
-repository: nexus3.onap.org:10001
-image: onap/vfc/db:1.3.3
+image: onap/vfc/db:1.3.4
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -61,10 +56,8 @@ service:
   type: ClusterIP
   name: vfc-redis
   portName: vfc-redis
-  externalPort: 3306
-  internalPort: 3306
-  externalPort2: 6379
-  internalPort2: 6379
+  externalPort: 6379
+  internalPort: 6379
 
 ingress:
   enabled: false
diff --git a/kubernetes/sdnc/charts/sdnc-portal/.helmignore b/kubernetes/vfc/components/vfc-vnflcm/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/sdnc/charts/sdnc-portal/.helmignore
+++ b/kubernetes/vfc/components/vfc-vnflcm/.helmignore
diff --git a/kubernetes/vfc/charts/vfc-vnflcm/Chart.yaml b/kubernetes/vfc/components/vfc-vnflcm/Chart.yaml
index 5bde32a97c..5bde32a97c 100644
--- a/kubernetes/vfc/charts/vfc-vnflcm/Chart.yaml
+++ b/kubernetes/vfc/components/vfc-vnflcm/Chart.yaml
diff --git a/kubernetes/vfc/components/vfc-vnflcm/requirements.yaml b/kubernetes/vfc/components/vfc-vnflcm/requirements.yaml
new file mode 100644
index 0000000000..fbe51550f0
--- /dev/null
+++ b/kubernetes/vfc/components/vfc-vnflcm/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/vfc/charts/vfc-vnflcm/resources/config/logging/log.yml b/kubernetes/vfc/components/vfc-vnflcm/resources/config/logging/log.yml
index 4af8faa40f..9dbf475beb 100644
--- a/kubernetes/vfc/charts/vfc-vnflcm/resources/config/logging/log.yml
+++ b/kubernetes/vfc/components/vfc-vnflcm/resources/config/logging/log.yml
@@ -11,6 +11,9 @@ loggers:
         level: "DEBUG"
         propagate: False
 handlers:
+    console:
+        class: "logging.StreamHandler"
+        formatter: "standard"
     vnfmgrlocal_handler:
         level: "DEBUG"
         class:
diff --git a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/configmap.yaml b/kubernetes/vfc/components/vfc-vnflcm/templates/configmap.yaml
index 1d0751a01b..83f658f751 100644
--- a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/configmap.yaml
+++ b/kubernetes/vfc/components/vfc-vnflcm/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml b/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml
index d78fa3b4ef..b93d7af02b 100644
--- a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml
+++ b/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -37,7 +39,7 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - {{ .Values.config.mariadbService }}
@@ -47,7 +49,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       containers:
@@ -57,7 +59,7 @@ spec:
           args:
             - -c
             - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
@@ -76,20 +78,20 @@ spec:
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           env:
-            - name: MSB_PROTO
-              value: "{{ .Values.global.config.msbprotocol }}"
+            - name: MSB_HOST
+              value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
             - name: SSL_ENABLED
               value: "{{ .Values.global.config.ssl_enabled }}"
-            - name: MSB_ADDR
-              value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
             - name: MYSQL_ADDR
               value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
             - name: MYSQL_ROOT_USER
               value: "{{ .Values.global.config.mariadb_admin }}"
             - name: MYSQL_ROOT_PASSWORD
               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
-            - name: REDIS_ADDR
-              value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+            - name: REDIS_HOST
+              value: "{{ .Values.global.config.redisServiceName }}"
+            - name: REDIS_PORT
+              value: "{{ .Values.global.config.redisPort }}"
             - name: REG_TO_MSB_WHEN_START
               value: "{{ .Values.global.config.reg_to_msb_when_start }}"
           volumeMounts:
@@ -114,7 +116,7 @@ spec:
 
         # side car containers
         - name: {{ include "common.name" . }}-filebeat-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-filebeat-conf
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml b/kubernetes/vfc/components/vfc-vnflcm/templates/secrets.yaml
index b0cc27bd8d..246928825e 100644
--- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml
+++ b/kubernetes/vfc/components/vfc-vnflcm/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright (c) 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/vfc/charts/vfc-vnflcm/templates/service.yaml b/kubernetes/vfc/components/vfc-vnflcm/templates/service.yaml
index 049e7e1ccc..b64740bbe2 100644
--- a/kubernetes/vfc/charts/vfc-vnflcm/templates/service.yaml
+++ b/kubernetes/vfc/components/vfc-vnflcm/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml b/kubernetes/vfc/components/vfc-vnflcm/values.yaml
index 48176a70a5..a58b4daa68 100644
--- a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml
+++ b/kubernetes/vfc/components/vfc-vnflcm/values.yaml
@@ -17,10 +17,8 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
+  config:
+    ssl_enabled: false
 
 #################################################################
 # Secrets metaconfig
@@ -38,8 +36,7 @@ secrets:
 # application image
 flavor: small
 
-repository: nexus3.onap.org:10001
-image: onap/vfc/vnflcm:1.3.9
+image: onap/vfc/vnflcm:1.4.0
 pullPolicy: Always
 
 #Istio sidecar injection policy
@@ -52,7 +49,7 @@ debugEnabled: false
 config:
   mariadbService: vfc-mariadb
   mariadbPort: 3306
-  # mariadbRootPassword: secretpassword
+  mariadbRootPassword: secretpassword
   # mariadbRootPasswordExternalSecret: some secret
 
 
diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/.helmignore b/kubernetes/vfc/components/vfc-vnfmgr/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/.helmignore
+++ b/kubernetes/vfc/components/vfc-vnfmgr/.helmignore
diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/Chart.yaml b/kubernetes/vfc/components/vfc-vnfmgr/Chart.yaml
index 938ea5d4f1..938ea5d4f1 100644
--- a/kubernetes/vfc/charts/vfc-vnfmgr/Chart.yaml
+++ b/kubernetes/vfc/components/vfc-vnfmgr/Chart.yaml
diff --git a/kubernetes/vfc/components/vfc-vnfmgr/requirements.yaml b/kubernetes/vfc/components/vfc-vnfmgr/requirements.yaml
new file mode 100644
index 0000000000..fbe51550f0
--- /dev/null
+++ b/kubernetes/vfc/components/vfc-vnfmgr/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/resources/config/logging/log.yml b/kubernetes/vfc/components/vfc-vnfmgr/resources/config/logging/log.yml
index 4af8faa40f..9dbf475beb 100644
--- a/kubernetes/vfc/charts/vfc-vnfmgr/resources/config/logging/log.yml
+++ b/kubernetes/vfc/components/vfc-vnfmgr/resources/config/logging/log.yml
@@ -11,6 +11,9 @@ loggers:
         level: "DEBUG"
         propagate: False
 handlers:
+    console:
+        class: "logging.StreamHandler"
+        formatter: "standard"
     vnfmgrlocal_handler:
         level: "DEBUG"
         class:
diff --git a/kubernetes/vfc/components/vfc-vnfmgr/templates/configmap.yaml b/kubernetes/vfc/components/vfc-vnfmgr/templates/configmap.yaml
new file mode 100644
index 0000000000..83f658f751
--- /dev/null
+++ b/kubernetes/vfc/components/vfc-vnfmgr/templates/configmap.yaml
@@ -0,0 +1,23 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-logging-configmap
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml b/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml
index d8be53bd45..9c8430c9fc 100644
--- a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml
+++ b/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -37,7 +39,7 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - {{ .Values.config.mariadbService }}
@@ -47,7 +49,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       containers:
@@ -57,7 +59,7 @@ spec:
           args:
             - -c
             - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
@@ -76,16 +78,16 @@ spec:
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           env:
-            - name: MSB_PROTO
-              value: "{{ .Values.global.config.msbprotocol }}"
+            - name: MSB_HOST
+              value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
             - name: SSL_ENABLED
               value: "{{ .Values.global.config.ssl_enabled }}"
-            - name: MSB_ADDR
-              value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
             - name: MYSQL_ADDR
               value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
-            - name: REDIS_ADDR
-              value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+            - name: REDIS_HOST
+              value: "{{ .Values.global.config.redisServiceName }}"
+            - name: REDIS_PORT
+              value: "{{ .Values.global.config.redisPort }}"
             - name: MYSQL_ROOT_USER
               value: "{{ .Values.global.config.mariadb_admin }}"
             - name: MYSQL_ROOT_PASSWORD
@@ -114,7 +116,7 @@ spec:
 
         # side car containers
         - name: {{ include "common.name" . }}-filebeat-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-filebeat-conf
diff --git a/kubernetes/vfc/charts/vfc-vnflcm/templates/secrets.yaml b/kubernetes/vfc/components/vfc-vnfmgr/templates/secrets.yaml
index b0cc27bd8d..246928825e 100644
--- a/kubernetes/vfc/charts/vfc-vnflcm/templates/secrets.yaml
+++ b/kubernetes/vfc/components/vfc-vnfmgr/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright (c) 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/templates/service.yaml b/kubernetes/vfc/components/vfc-vnfmgr/templates/service.yaml
index d87ad801ba..97ef463977 100644
--- a/kubernetes/vfc/charts/vfc-vnfmgr/templates/service.yaml
+++ b/kubernetes/vfc/components/vfc-vnfmgr/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml b/kubernetes/vfc/components/vfc-vnfmgr/values.yaml
index 20af3bb5ef..85de68ea47 100644
--- a/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml
+++ b/kubernetes/vfc/components/vfc-vnfmgr/values.yaml
@@ -17,10 +17,8 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
+  config:
+    ssl_enabled: false
 
 #################################################################
 # Secrets metaconfig
@@ -38,8 +36,7 @@ secrets:
 # application image
 flavor: small
 
-repository: nexus3.onap.org:10001
-image: onap/vfc/vnfmgr:1.3.8
+image: onap/vfc/vnfmgr:1.3.9
 pullPolicy: Always
 
 #Istio sidecar injection policy
@@ -52,7 +49,7 @@ debugEnabled: false
 config:
   mariadbService: vfc-mariadb
   mariadbPort: 3306
-  # mariadbRootPassword: secretpassword
+  mariadbRootPassword: secretpassword
   # mariadbRootPasswordExternalSecret: some secret
 
 # default number of instances
diff --git a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/.helmignore b/kubernetes/vfc/components/vfc-vnfres/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/.helmignore
+++ b/kubernetes/vfc/components/vfc-vnfres/.helmignore
diff --git a/kubernetes/vfc/charts/vfc-vnfres/Chart.yaml b/kubernetes/vfc/components/vfc-vnfres/Chart.yaml
index 3002bce3e8..3002bce3e8 100644
--- a/kubernetes/vfc/charts/vfc-vnfres/Chart.yaml
+++ b/kubernetes/vfc/components/vfc-vnfres/Chart.yaml
diff --git a/kubernetes/vfc/components/vfc-vnfres/requirements.yaml b/kubernetes/vfc/components/vfc-vnfres/requirements.yaml
new file mode 100644
index 0000000000..fbe51550f0
--- /dev/null
+++ b/kubernetes/vfc/components/vfc-vnfres/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/vfc/charts/vfc-vnfres/resources/config/logging/log.yml b/kubernetes/vfc/components/vfc-vnfres/resources/config/logging/log.yml
index c4cc1e3072..7644af1e1b 100644
--- a/kubernetes/vfc/charts/vfc-vnfres/resources/config/logging/log.yml
+++ b/kubernetes/vfc/components/vfc-vnfres/resources/config/logging/log.yml
@@ -11,6 +11,9 @@ loggers:
         level: "DEBUG"
         propagate: False
 handlers:
+    console:
+        class: "logging.StreamHandler"
+        formatter: "standard"
     vnflcmlocal_handler:
         level: "DEBUG"
         class:
diff --git a/kubernetes/vfc/components/vfc-vnfres/templates/configmap.yaml b/kubernetes/vfc/components/vfc-vnfres/templates/configmap.yaml
new file mode 100644
index 0000000000..83f658f751
--- /dev/null
+++ b/kubernetes/vfc/components/vfc-vnfres/templates/configmap.yaml
@@ -0,0 +1,23 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-logging-configmap
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
diff --git a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml b/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml
index a39eb68af4..2577887523 100644
--- a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml
+++ b/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -37,7 +39,7 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - {{ .Values.config.mariadbService }}
@@ -47,7 +49,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       containers:
@@ -57,7 +59,7 @@ spec:
           args:
             - -c
             - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
@@ -76,16 +78,16 @@ spec:
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           env:
-            - name: MSB_PROTO
-              value: "{{ .Values.global.config.msbprotocol }}"
+            - name: MSB_HOST
+              value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
             - name: SSL_ENABLED
               value: "{{ .Values.global.config.ssl_enabled }}"
-            - name: MSB_ADDR
-              value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
             - name: MYSQL_ADDR
               value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
-            - name: REDIS_ADDR
-              value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+            - name: REDIS_HOST
+              value: "{{ .Values.global.config.redisServiceName }}"
+            - name: REDIS_PORT
+              value: "{{ .Values.global.config.redisPort }}"
             - name: MYSQL_ROOT_USER
               value: "{{ .Values.global.config.mariadb_admin }}"
             - name: MYSQL_ROOT_PASSWORD
@@ -114,7 +116,7 @@ spec:
 
         # side car containers
         - name: {{ include "common.name" . }}-filebeat-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-filebeat-conf
diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/templates/secrets.yaml b/kubernetes/vfc/components/vfc-vnfres/templates/secrets.yaml
index b0cc27bd8d..246928825e 100644
--- a/kubernetes/vfc/charts/vfc-vnfmgr/templates/secrets.yaml
+++ b/kubernetes/vfc/components/vfc-vnfres/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright (c) 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/vfc/charts/vfc-vnfres/templates/service.yaml b/kubernetes/vfc/components/vfc-vnfres/templates/service.yaml
index 902b4ed481..c043913b70 100644
--- a/kubernetes/vfc/charts/vfc-vnfres/templates/service.yaml
+++ b/kubernetes/vfc/components/vfc-vnfres/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/vfc/charts/vfc-vnfres/values.yaml b/kubernetes/vfc/components/vfc-vnfres/values.yaml
index 078554d5d6..fd8b26f387 100644
--- a/kubernetes/vfc/charts/vfc-vnfres/values.yaml
+++ b/kubernetes/vfc/components/vfc-vnfres/values.yaml
@@ -17,10 +17,8 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
+  config:
+    ssl_enabled: false
 
 #################################################################
 # Secrets metaconfig
@@ -38,8 +36,7 @@ secrets:
 # application image
 flavor: small
 
-repository: nexus3.onap.org:10001
-image: onap/vfc/vnfres:1.3.7
+image: onap/vfc/vnfres:1.3.8
 pullPolicy: Always
 
 #Istio sidecar injection policy
@@ -52,7 +49,7 @@ debugEnabled: false
 config:
   mariadbService: vfc-mariadb
   mariadbPort: 3306
-  # mariadbRootPassword: secretpassword
+  mariadbRootPassword: secretpassword
   # mariadbRootPasswordExternalSecret: some secret
 
 
diff --git a/kubernetes/vfc/charts/vfc-nslcm/.helmignore b/kubernetes/vfc/components/vfc-zte-vnfm-driver/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/vfc/charts/vfc-nslcm/.helmignore
+++ b/kubernetes/vfc/components/vfc-zte-vnfm-driver/.helmignore
diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/Chart.yaml b/kubernetes/vfc/components/vfc-zte-vnfm-driver/Chart.yaml
index d8cd37921e..d8cd37921e 100644
--- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/Chart.yaml
+++ b/kubernetes/vfc/components/vfc-zte-vnfm-driver/Chart.yaml
diff --git a/kubernetes/vfc/components/vfc-zte-vnfm-driver/requirements.yaml b/kubernetes/vfc/components/vfc-zte-vnfm-driver/requirements.yaml
new file mode 100644
index 0000000000..fbe51550f0
--- /dev/null
+++ b/kubernetes/vfc/components/vfc-zte-vnfm-driver/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/resources/config/logging/log.yml b/kubernetes/vfc/components/vfc-zte-vnfm-driver/resources/config/logging/log.yml
index a0bf170fe6..6c00048ff7 100644
--- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/resources/config/logging/log.yml
+++ b/kubernetes/vfc/components/vfc-zte-vnfm-driver/resources/config/logging/log.yml
@@ -11,6 +11,9 @@ loggers:
         level: "DEBUG"
         propagate: False
 handlers:
+    console:
+        class: "logging.StreamHandler"
+        formatter: "standard"
     ztevnfmdriverlocal_handler:
         level: "DEBUG"
         class:
diff --git a/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/configmap.yaml b/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/configmap.yaml
new file mode 100644
index 0000000000..83f658f751
--- /dev/null
+++ b/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/configmap.yaml
@@ -0,0 +1,23 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-logging-configmap
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/deployment.yaml
index 4dd801ac14..8c24dd6c45 100644
--- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml
+++ b/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -35,25 +37,9 @@ spec:
       annotations:
         sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
     spec:
-      initContainers:
-#Example init container for dependency checking
-#      - command:
-#        - /root/ready.py
-#        args:
-#        - --container-name
-#        - mariadb
-#        env:
-#        - name: NAMESPACE
-#          valueFrom:
-#            fieldRef:
-#              apiVersion: v1
-#              fieldPath: metadata.namespace
-#        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-#        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-#        name: {{ include "common.name" . }}-readiness
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
@@ -72,12 +58,10 @@ spec:
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           env:
-            - name: MSB_PROTO
-              value: "{{ .Values.global.config.msbprotocol }}"
+            - name: MSB_HOST
+              value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
             - name: SSL_ENABLED
               value: "{{ .Values.global.config.ssl_enabled }}"
-            - name: MSB_ADDR
-              value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
             - name: REG_TO_MSB_WHEN_START
               value: "{{ .Values.global.config.reg_to_msb_when_start }}"
           volumeMounts:
@@ -102,7 +86,7 @@ spec:
 
         # side car containers
         - name: {{ include "common.name" . }}-filebeat-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          image: {{ include "repositoryGenerator.image.logging" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-filebeat-conf
diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/service.yaml b/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/service.yaml
index 5b22914f38..826b6904f9 100644
--- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/service.yaml
+++ b/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml b/kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml
index 6c0f829c80..4dbdfe9e33 100644
--- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml
+++ b/kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml
@@ -17,10 +17,8 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
+  config:
+    ssl_enabled: false
 
 #################################################################
 # Application configuration defaults.
@@ -28,8 +26,7 @@ global:
 # application image
 flavor: small
 
-repository: nexus3.onap.org:10001
-image: onap/vfc/ztevnfmdriver:1.3.6
+image: onap/vfc/ztevnfmdriver:1.3.8
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/vfc/requirements.yaml b/kubernetes/vfc/requirements.yaml
index 8d6c55931d..1ac82cbecb 100644
--- a/kubernetes/vfc/requirements.yaml
+++ b/kubernetes/vfc/requirements.yaml
@@ -19,3 +19,38 @@ dependencies:
   - name: mariadb-galera
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
+  - name: vfc-generic-vnfm-driver
+    version: ~6.x-0
+    repository: 'file://components/vfc-generic-vnfm-driver'
+    condition: vfc-generic-vnfm-driver.enabled
+  - name: vfc-huawei-vnfm-driver
+    version: ~6.x-0
+    repository: 'file://components/vfc-huawei-vnfm-driver'
+    condition: vfc-huawei-vnfm-driver.enabled
+  - name: vfc-nslcm
+    version: ~6.x-0
+    repository: 'file://components/vfc-nslcm'
+    condition: vfc-nslcm.enabled
+  - name: vfc-redis
+    version: ~6.x-0
+    repository: 'file://components/vfc-redis'
+    condition: vfc-redis.enabled
+  - name: vfc-vnflcm
+    version: ~6.x-0
+    repository: 'file://components/vfc-vnflcm'
+    condition: vfc-vnflcm.enabled
+  - name: vfc-vnfmgr
+    version: ~6.x-0
+    repository: 'file://components/vfc-vnfmgr'
+    condition: vfc-vnfmgr.enabled
+  - name: vfc-vnfres
+    version: ~6.x-0
+    repository: 'file://components/vfc-vnfres'
+    condition: vfc-vnfres.enabled
+  - name: vfc-zte-vnfm-driver
+    version: ~6.x-0
+    repository: 'file://components/vfc-zte-vnfm-driver'
+    condition: vfc-zte-vnfm-driver.enabled
diff --git a/kubernetes/vfc/templates/configmap.yaml b/kubernetes/vfc/templates/configmap.yaml
index 22a9844fa9..88fda224ee 100644
--- a/kubernetes/vfc/templates/configmap.yaml
+++ b/kubernetes/vfc/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/vfc/templates/secrets.yaml b/kubernetes/vfc/templates/secrets.yaml
index b0cc27bd8d..246928825e 100644
--- a/kubernetes/vfc/templates/secrets.yaml
+++ b/kubernetes/vfc/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright (c) 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,5 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/vfc/values.yaml b/kubernetes/vfc/values.yaml
index 05e8c64974..28cee56904 100644
--- a/kubernetes/vfc/values.yaml
+++ b/kubernetes/vfc/values.yaml
@@ -62,19 +62,32 @@ db: &dbConfig
   mariadbPort: 3306
   mariadbRootPasswordExternalSecret: *dbRootPassSecret
 
+vfc-generic-vnfm-driver:
+  enabled: true
+
+vfc-huawei-vnfm-driver:
+  enabled: true
+
 vfc-nslcm:
+  enabled: true
   config:
     << : *dbConfig
 
+vfc-redis:
+  enabled: true
+
 vfc-vnflcm:
+  enabled: true
   config:
     << : *dbConfig
 
 vfc-vnfmgr:
+  enabled: true
   config:
     << : *dbConfig
 
 vfc-vnfres:
+  enabled: true
   config:
     << : *dbConfig
 
@@ -86,3 +99,6 @@ vfc-workflow:
 vfc-workflow-engine:
   config:
     workflowPort: 10550
+
+vfc-zte-vnfm-driver:
+  enabled: true
\ No newline at end of file
diff --git a/kubernetes/vid/requirements.yaml b/kubernetes/vid/requirements.yaml
index e7764e08e8..ed8b8057d9 100644
--- a/kubernetes/vid/requirements.yaml
+++ b/kubernetes/vid/requirements.yaml
@@ -22,3 +22,9 @@ dependencies:
   - name: mariadb-galera
     version: ~6.x-0
     repository: '@local'
+    condition: global.mariadbGalera.localCluster
+  - name: mariadb-init
+    version: ~6.x-0
+    repository: '@local'
+    condition: not global.mariadbGalera.localCluster
+
diff --git a/kubernetes/vid/resources/config/db_cmd.sh b/kubernetes/vid/resources/config/db_cmd.sh
index 95b83d4b59..efd92b223f 100644..100755
--- a/kubernetes/vid/resources/config/db_cmd.sh
+++ b/kubernetes/vid/resources/config/db_cmd.sh
@@ -1,5 +1,7 @@
 #!/bin/sh
+{{/*
 # Copyright © 2018 AT&T
+# Copyright © 2020 Aarna Networks
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,11 +14,31 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
+
+DB={{index .Values "mariadb-galera" "config" "mysqlDatabase" | upper }}
+eval "MYSQL_USER=\$MYSQL_USER_${DB}"
+eval "MYSQL_PASSWORD=\$MYSQL_PASSWORD_${DB}"
+
+#echo "Going to run mysql ${DB} -u${MYSQL_USER} -p${MYSQL_PASSWORD} -h${DB_HOST} -P${DB_PORT} ..."
+mysql -u${MYSQL_USER} -p${MYSQL_PASSWORD} -h${DB_HOST} -P${DB_PORT} <<'EOD'
+CREATE TABLE IF NOT EXISTS `{{index .Values "mariadb-galera" "config" "mysqlDatabase" }}`.`schema_info` (
+`SCHEMA_ID` VARCHAR(25) NOT NULL,
+`SCHEMA_DESC` VARCHAR(75) NOT NULL,
+`DATASOURCE_TYPE` VARCHAR(100) NULL DEFAULT NULL,
+`CONNECTION_URL` VARCHAR(200) NOT NULL,
+`USER_NAME` VARCHAR(45) NOT NULL,
+`PASSWORD` VARCHAR(45) NULL DEFAULT NULL,
+`DRIVER_CLASS` VARCHAR(100) NOT NULL,
+`MIN_POOL_SIZE` INT(11) NOT NULL,
+`MAX_POOL_SIZE` INT(11) NOT NULL,
+`IDLE_CONNECTION_TEST_PERIOD` INT(11) NOT NULL)
+ENGINE = InnoDB
+DEFAULT CHARACTER SET = utf8;
+EOD
 
-echo "Going to run mysql -u${MYSQL_USER} -p${MYSQL_PASSWORD} -h${MYSQL_HOST} -P${MYSQL_PORT} ..."
-mysql -u${MYSQL_USER} -p${MYSQL_PASSWORD} -h${MYSQL_HOST} -P${MYSQL_PORT} < /db-config/vid-pre-init.sql
 if [ $? -ne 0 ];then
-        echo "ERROR: Failed to run ${cmd} vid-pre-init.sql"
+        echo "ERROR: Failed to run cmd vid-pre-init.sql"
         exit 1
 else
         echo "INFO: Database initialized successfully"
diff --git a/kubernetes/vid/resources/config/log/filebeat/filebeat.yml b/kubernetes/vid/resources/config/log/filebeat/filebeat.yml
index 1854263feb..9a721a885e 100644
--- a/kubernetes/vid/resources/config/log/filebeat/filebeat.yml
+++ b/kubernetes/vid/resources/config/log/filebeat/filebeat.yml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 filebeat.prospectors:
 #it is mandatory, in our case it's log
diff --git a/kubernetes/vid/resources/config/vid-pre-init.sql b/kubernetes/vid/resources/config/vid-pre-init.sql
deleted file mode 100644
index 2dbbbcce6d..0000000000
--- a/kubernetes/vid/resources/config/vid-pre-init.sql
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/
-
-CREATE TABLE IF NOT EXISTS `vid_openecomp_epsdk`.`schema_info` (
-`SCHEMA_ID` VARCHAR(25) NOT NULL,
-`SCHEMA_DESC` VARCHAR(75) NOT NULL,
-`DATASOURCE_TYPE` VARCHAR(100) NULL DEFAULT NULL,
-`CONNECTION_URL` VARCHAR(200) NOT NULL,
-`USER_NAME` VARCHAR(45) NOT NULL,
-`PASSWORD` VARCHAR(45) NULL DEFAULT NULL,
-`DRIVER_CLASS` VARCHAR(100) NOT NULL,
-`MIN_POOL_SIZE` INT(11) NOT NULL,
-`MAX_POOL_SIZE` INT(11) NOT NULL,
-`IDLE_CONNECTION_TEST_PERIOD` INT(11) NOT NULL)
-ENGINE = InnoDB
-DEFAULT CHARACTER SET = utf8;
\ No newline at end of file
diff --git a/kubernetes/vid/templates/configmap.yaml b/kubernetes/vid/templates/configmap.yaml
index 42f2099836..0ba466dfb9 100644
--- a/kubernetes/vid/templates/configmap.yaml
+++ b/kubernetes/vid/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
@@ -41,7 +43,7 @@ data:
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ include "common.fullname" . }}
+  name: {{ include "common.fullname" . }}-db-init
   namespace: {{ include "common.namespace" . }}
   labels:
     app: {{ include "common.name" . }}
@@ -49,4 +51,4 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
\ No newline at end of file
+{{ tpl (.Files.Glob "resources/config/db_cmd.sh").AsConfig . | indent 2 }}
diff --git a/kubernetes/vid/templates/deployment.yaml b/kubernetes/vid/templates/deployment.yaml
index a031dbcede..41b0019cbe 100644
--- a/kubernetes/vid/templates/deployment.yaml
+++ b/kubernetes/vid/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Copyright © 2020 Samsung Electronics
 #
@@ -12,8 +13,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "common.fullname" . }}
@@ -24,6 +26,9 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 spec:
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
   replicas: {{ .Values.replicaCount }}
   template:
     metadata:
@@ -33,17 +38,17 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/job_complete.py
+        - /app/ready.py
         args:
         - --job-name
-        - {{ include "common.fullname" . }}-galera-config
+        - {{ include "common.fullname" . }}-mariadb-init-config-job
         env:
         - name: NAMESPACE
           valueFrom:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       containers:
@@ -100,9 +105,9 @@ spec:
             - name: VID_UEB_URL_LIST
               value: message-router.{{ include "common.namespace" . }}
             - name: VID_MYSQL_HOST
-              value: {{ index .Values "mariadb-galera" "service" "name" }}
+              value: {{  include "common.mariadbService" . }}
             - name: VID_MYSQL_PORT
-              value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
+              value: "{{ include "common.mariadbPort" . }}"
             - name: VID_MYSQL_DBNAME
               value: {{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
             - name: VID_MYSQL_USER
diff --git a/kubernetes/vid/templates/job.yaml b/kubernetes/vid/templates/job.yaml
deleted file mode 100644
index 724b4e11a6..0000000000
--- a/kubernetes/vid/templates/job.yaml
+++ /dev/null
@@ -1,80 +0,0 @@
-# Copyright © 2018 Amdocs, Bell Canada
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: {{ include "common.fullname" . }}-galera-config
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}-job
-    release: {{ include "common.release" . }}
-spec:
-  template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}-job
-        release: {{ include "common.release" . }}
-    spec:
-      initContainers:
-#This container checks that all galera instances are up before initializing it.
-      - name: {{ include "common.name" . }}-readiness
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        command:
-        - /root/ready.py
-        - --container-name
-        - {{ index .Values "mariadb-galera" "service" "name" }}
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-      containers:
-      - name: {{ include "common.name" . }}-job
-        image: {{ .Values.mariadb_image }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        volumeMounts:
-        - mountPath: /dbcmd-config/db_cmd.sh
-          name: {{ include "common.fullname" . }}-config
-          subPath: db_cmd.sh
-        - mountPath: /db-config/vid-pre-init.sql
-          name: {{ include "common.fullname" . }}-config
-          subPath: vid-pre-init.sql
-        command:
-        - /bin/sh
-        args:
-        - -x
-        - /dbcmd-config/db_cmd.sh
-        env:
-        - name: MYSQL_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 10 }}
-        - name: MYSQL_HOST
-          value: {{ index .Values "mariadb-galera" "service" "name" }}
-        - name: MYSQL_USER
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 10 }}
-        - name: MYSQL_PORT
-          value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
-      restartPolicy: Never
-      volumes:
-        - name: {{ include "common.fullname" . }}-config
-          configMap:
-            name: {{ include "common.fullname" . }}
-            items:
-              - key: db_cmd.sh
-                path: db_cmd.sh
-              - key: vid-pre-init.sql
-                path: vid-pre-init.sql
diff --git a/kubernetes/vid/templates/secrets.yaml b/kubernetes/vid/templates/secrets.yaml
index 9be979bba5..72934fffd8 100644
--- a/kubernetes/vid/templates/secrets.yaml
+++ b/kubernetes/vid/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Copyright © 2020 Samsung Electronics
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
 ---
diff --git a/kubernetes/vid/templates/service.yaml b/kubernetes/vid/templates/service.yaml
index b5973ef6ea..e62f64d366 100644
--- a/kubernetes/vid/templates/service.yaml
+++ b/kubernetes/vid/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml
index 63c6307f06..93de57e4b3 100644
--- a/kubernetes/vid/values.yaml
+++ b/kubernetes/vid/values.yaml
@@ -18,10 +18,15 @@
 # Declare variables to be passed into your templates.
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
+  readinessImage: onap/oom/readiness:3.0.1
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
+  mariadbGalera: &mariadbGalera
+    #This flag allows VID to instantiate its own mariadb-galera cluster
+    localCluster: false
+    service: mariadb-galera
+    internalPort: 3306
+    nameOverride: mariadb-galera
 
 #################################################################
 # Secrets metaconfig
@@ -39,12 +44,9 @@ subChartsOnly:
 
 # application image
 repository: nexus3.onap.org:10001
-image: onap/vid:6.0.4
+image: onap/vid:7.0.0
 pullPolicy: Always
 
-# mariadb image for initializing
-mariadb_image: library/mariadb:10
-
 # application configuration
 config:
   db:
@@ -68,7 +70,9 @@ config:
   roleaccesscentralized: remote
 
 mariadb-galera:
-  config:
+ # '&mariadbConfig' means we "store" the values for  later use in the file
+ # with '*mariadbConfig' pointer.
+  config: &mariadbConfig
     userCredentialsExternalSecret: '{{ include "common.release" . }}-vid-db-user-secret'
     mysqlDatabase: vid_openecomp_epsdk
   nameOverride: vid-galera
@@ -84,6 +88,13 @@ mariadb-galera:
     [mysqld]
     lower_case_table_names = 1
 
+mariadb-init:
+  config: *mariadbConfig
+  nameOverride: vid-mariadb-init
+  # A configMap of same name is created. It points to file that will be run after
+  # The DB has been created.
+  dbScriptConfigMap: '{{ include "common.release" . }}-vid-db-init'
+
 # default number of instances
 replicaCount: 1
 
diff --git a/kubernetes/vnfsdk/requirements.yaml b/kubernetes/vnfsdk/requirements.yaml
index a287d9c928..1b01fddcd9 100644
--- a/kubernetes/vnfsdk/requirements.yaml
+++ b/kubernetes/vnfsdk/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
   - name: postgres
     version: ~6.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/vnfsdk/resources/config/configuration.xml b/kubernetes/vnfsdk/resources/config/configuration.xml
index 6bd4e1c8eb..09b6551c00 100644
--- a/kubernetes/vnfsdk/resources/config/configuration.xml
+++ b/kubernetes/vnfsdk/resources/config/configuration.xml
@@ -23,7 +23,7 @@ PUBLIC "//mybatis.org//DTD Config 3.0//EN"
             <transactionManager type="JDBC" />
             <dataSource type="UNPOOLED">
                 <property name="driver" value="org.postgresql.Driver" />
-                <property name="url" value="jdbc:postgresql://{{ .Values.postgres.service.name }}:{{ .Values.postgres.service.externalPort }}/marketplaceDB" />
+                <property name="url" value="jdbc:postgresql://{{.Values.postgres.service.name2}}:{{.Values.postgres.service.externalPort}}/marketplaceDB" />
                 <property name="username" value="${PG_USER}" />
                 <property name="password" value="${PG_PASSWORD}" />
             </dataSource>
diff --git a/kubernetes/vnfsdk/templates/configmap.yaml b/kubernetes/vnfsdk/templates/configmap.yaml
index 0c39e6e685..c41c3ef0d6 100644
--- a/kubernetes/vnfsdk/templates/configmap.yaml
+++ b/kubernetes/vnfsdk/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/vnfsdk/templates/deployment.yaml b/kubernetes/vnfsdk/templates/deployment.yaml
index 95f68018af..7e4ad5bd92 100644
--- a/kubernetes/vnfsdk/templates/deployment.yaml
+++ b/kubernetes/vnfsdk/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -49,12 +51,12 @@ spec:
           name: init-data-input
         - mountPath: /config
           name: init-data
-        image: "{{ .Values.global.envsubstImage }}"
+        image: {{ include "repositoryGenerator.image.envsubst" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-update-config
 
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - "{{ .Values.postgres.nameOverride }}"
@@ -64,16 +66,16 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       containers:
-      - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+      - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}
         resources:
 {{ include "common.resources" . | indent 12 }}
-        volumes:
+        volumeMounts:
         - mountPath: /service/webapps/ROOT/WEB-INF/classes/mybatis/configuration/configuration.xml
           name: init-data
           subPath: configuration.xml
diff --git a/kubernetes/vnfsdk/templates/job.yaml b/kubernetes/vnfsdk/templates/job.yaml
index 1d0dd29f59..7c320fc86f 100644
--- a/kubernetes/vnfsdk/templates/job.yaml
+++ b/kubernetes/vnfsdk/templates/job.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: batch/v1
 kind: Job
@@ -33,7 +35,7 @@ spec:
       restartPolicy: Never
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - "{{ .Values.postgres.nameOverride }}"
@@ -43,12 +45,12 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy}}
         name: {{ include "common.name" . }}-readiness
       containers:
       - name: {{ include "common.name" . }}-job
-        image: "{{ .Values.postgresRepository }}/{{ .Values.postgresImage }}"
+        image: {{ include "repositoryGenerator.image.postgres" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         env:
         - name: PGUSER
diff --git a/kubernetes/vnfsdk/templates/service.yaml b/kubernetes/vnfsdk/templates/service.yaml
index 3f2ea9c2f8..25786bd7ad 100644
--- a/kubernetes/vnfsdk/templates/service.yaml
+++ b/kubernetes/vnfsdk/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml
index e6a489b3e3..55eea0fa60 100644
--- a/kubernetes/vnfsdk/values.yaml
+++ b/kubernetes/vnfsdk/values.yaml
@@ -17,12 +17,6 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  repository: nexus3.onap.org:10001
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  envsubstImage: dibi/envsubst
 
 secrets:
   - uid: pg-root-pass
@@ -43,10 +37,7 @@ secrets:
 # Application configuration defaults.
 #################################################################
 # application image
-repository: nexus3.onap.org:10001
-image: onap/vnfsdk/refrepo:1.5.2
-postgresRepository: crunchydata
-postgresImage: crunchy-postgres:centos7-10.3-1.8.2
+image: onap/vnfsdk/refrepo:1.6.2
 pullPolicy: Always
 
 # application configuration override for postgres