63 files changed, 743 insertions, 242 deletions

diff --git a/kubernetes/clamp/.helmignore b/kubernetes/clamp/.helmignore
new file mode 100644
index 0000000000..68ffb32406
--- /dev/null
+++ b/kubernetes/clamp/.helmignore
@@ -0,0 +1 @@
+components/
diff --git a/kubernetes/clamp/Chart.yaml b/kubernetes/clamp/Chart.yaml
index 0f3f192331..e9f2197ea1 100644
--- a/kubernetes/clamp/Chart.yaml
+++ b/kubernetes/clamp/Chart.yaml
@@ -16,4 +16,4 @@
 apiVersion: v1
 description: ONAP Clamp
 name: clamp
-version: 6.0.0
+version: 7.0.0
diff --git a/kubernetes/clamp/Makefile b/kubernetes/clamp/Makefile
new file mode 100644
index 0000000000..89b2f465ec
--- /dev/null
+++ b/kubernetes/clamp/Makefile
@@ -0,0 +1,56 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+	@if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/clamp/charts/clamp-backend/values.yaml b/kubernetes/clamp/charts/clamp-backend/values.yaml
deleted file mode 100644
index 3e08bd606c..0000000000
--- a/kubernetes/clamp/charts/clamp-backend/values.yaml
+++ /dev/null
@@ -1,137 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global: # global defaults
-  nodePortPrefix: 302
-  repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  persistence: {}
-
-secrets:
-  - uid: db-secret
-    type: basicAuth
-    externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
-    login: '{{ .Values.db.user }}'
-    password: '{{ .Values.db.password }}'
-    passwordPolicy: required
-
-flavor: small
-
-# application image
-repository: nexus3.onap.org:10001
-image: onap/clamp-backend:5.0.7
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# log configuration
-log:
-  path: /var/log/onap
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-
-db: {}
-
-config:
-  log:
-    logstashServiceName: log-ls
-    logstashPort: 5044
-  mysqlPassword: strong_pitchou
-  dataRootDir: /dockerdata-nfs
-  springApplicationJson: >
-        {
-        "spring.datasource.username": "${MYSQL_USER}",
-        "spring.datasource.password": "${MYSQL_PASSWORD}",
-        "spring.datasource.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3",
-        "spring.profiles.active": "clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements",
-        "clamp.config.files.sdcController": "file:/opt/clamp/sdc-controllers-config.json",
-        "clamp.config.dcae.inventory.url": "https4://inventory.{{ include "common.namespace" . }}:8080",
-        "clamp.config.dcae.dispatcher.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443",
-        "clamp.config.dcae.deployment.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443",
-        "clamp.config.dcae.deployment.userName": "none",
-        "clamp.config.dcae.deployment.password": "none",
-        "clamp.config.policy.api.url": "https4://policy-api.{{ include "common.namespace" . }}:6969",
-        "clamp.config.policy.api.userName": "healthcheck",
-        "clamp.config.policy.api.password": "zb!XztG34",
-        "clamp.config.policy.pap.url": "https4://policy-pap.{{ include "common.namespace" . }}:6969",
-        "clamp.config.policy.pap.userName": "healthcheck",
-        "clamp.config.policy.pap.password": "zb!XztG34",
-        "clamp.config.cadi.aafLocateUrl": "https://aaf-locate.{{ include "common.namespace" . }}:8095"
-        }
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
-  initialDelaySeconds: 120
-  periodSeconds: 10
-  # necessary to disable liveness probe when setting breakpoints
-  # in debugger so K8s doesn't restart unresponsive container
-  enabled: true
-
-readiness:
-  initialDelaySeconds: 10
-  periodSeconds: 10
-
-
-service:
-  type: ClusterIP
-  name: clamp-backend
-  portName: clamp-backend
-  internalPort: 8443
-  externalPort: 443
-
-ingress:
-  enabled: false
-
-#resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  #
-  # Example:
-  # Configure resource requests and limits
-  # ref: http://kubernetes.io/docs/user-guide/compute-resources/
-  # Minimum memory for development is 2 CPU cores and 4GB memory
-  # Minimum memory for production is 4 CPU cores and 8GB memory
-resources:
-  small:
-    limits:
-      cpu: 1
-      memory: 1.2Gi
-    requests:
-      cpu: 10m
-      memory: 800Mi
-  large:
-    limits:
-      cpu: 1
-      memory: 1.2Gi
-    requests:
-      cpu: 10m
-      memory: 800Mi
-  unlimited: {}
diff --git a/kubernetes/clamp/components/Makefile b/kubernetes/clamp/components/Makefile
new file mode 100644
index 0000000000..bf267b7720
--- /dev/null
+++ b/kubernetes/clamp/components/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+	@echo "\n[$@]"
+	@make package-$@
+
+make-%:
+	@if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+	@mkdir -p $(PACKAGE_DIR)
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+	@rm -f */requirements.lock
+	@rm -f *tgz */charts/*tgz
+	@rm -rf $(PACKAGE_DIR)
+%:
+	@:
diff --git a/kubernetes/clamp/charts/clamp-backend/Chart.yaml b/kubernetes/clamp/components/clamp-backend/Chart.yaml
index 89117ce205..c9aa635ab5 100644
--- a/kubernetes/clamp/charts/clamp-backend/Chart.yaml
+++ b/kubernetes/clamp/components/clamp-backend/Chart.yaml
@@ -16,4 +16,4 @@
 apiVersion: v1
 description: ONAP Clamp
 name: clamp-backend
-version: 6.0.0
+version: 7.0.0
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/requirements.yaml b/kubernetes/clamp/components/clamp-backend/requirements.yaml
index caff1e5dc4..734166b43d 100644
--- a/kubernetes/clamp/charts/clamp-dash-kibana/requirements.yaml
+++ b/kubernetes/clamp/components/clamp-backend/requirements.yaml
@@ -14,6 +14,9 @@
 # limitations under the License.
 
 dependencies:
-  - name: common
-    version: ~6.x-0
+  - name: certInitializer
+    version: ~7.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~7.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/clamp/components/clamp-backend/resources/config/application.properties b/kubernetes/clamp/components/clamp-backend/resources/config/application.properties
new file mode 100644
index 0000000000..8dd0fc796a
--- /dev/null
+++ b/kubernetes/clamp/components/clamp-backend/resources/config/application.properties
@@ -0,0 +1,71 @@
+{{/*
+###
+# ============LICENSE_START=======================================================
+# ONAP CLAMP
+# ================================================================================
+# Copyright (C) 2017-2019 AT&T Intellectual Property. All rights
+#                             reserved.
+# ================================================================================
+# Modifications copyright (c) 2019 Nokia
+# ================================================================================\
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END============================================
+# ===================================================================
+#
+###
+*/}}
+{{- if .Values.global.aafEnabled }}
+server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}
+server.ssl.key-store-password=${cadi_keystore_password_p12}
+server.ssl.key-password=${cadi_key_password}
+server.ssl.key-store-type=PKCS12
+server.ssl.key-alias={{ .Values.certInitializer.fqi }}
+
+# The key file used to decode the key store and trust store password
+# If not defined, the key store and trust store password will not be decrypted
+clamp.config.keyFile=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keyFile }}
+
+## Config part for Client certificates
+server.ssl.client-auth=want
+server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}
+server.ssl.trust-store-password=${cadi_truststore_password}
+{{- end }}
+
+#clds datasource connection details
+spring.datasource.username=${MYSQL_USER}
+spring.datasource.password=${MYSQL_PASSWORD}
+spring.datasource.url=jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3
+spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,default-dictionary-elements
+
+#The log folder that will be used in logback.xml file
+clamp.config.files.sdcController=file:/opt/clamp/sdc-controllers-config.json
+
+#
+# Configuration Settings for Policy Engine Components
+clamp.config.policy.api.url=https4://policy-api.{{ include "common.namespace" . }}:6969
+clamp.config.policy.api.userName=healthcheck
+clamp.config.policy.api.password=zb!XztG34
+clamp.config.policy.pap.url=https4://policy-pap.{{ include "common.namespace" . }}:6969
+clamp.config.policy.pap.userName=healthcheck
+clamp.config.policy.pap.password=zb!XztG34
+
+#DCAE Inventory Url Properties
+clamp.config.dcae.inventory.url=https4://inventory.{{ include "common.namespace" . }}:8080
+clamp.config.dcae.dispatcher.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443
+#DCAE Deployment Url Properties
+clamp.config.dcae.deployment.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443
+clamp.config.dcae.deployment.userName=none
+clamp.config.dcae.deployment.password=none
+
+#AAF related parameters
+clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095
diff --git a/kubernetes/clamp/charts/clamp-backend/resources/config/log/filebeat/filebeat.yml b/kubernetes/clamp/components/clamp-backend/resources/config/log/filebeat/filebeat.yml
index dab2e44f5e..8717e6f33a 100644
--- a/kubernetes/clamp/charts/clamp-backend/resources/config/log/filebeat/filebeat.yml
+++ b/kubernetes/clamp/components/clamp-backend/resources/config/log/filebeat/filebeat.yml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 filebeat.prospectors:
 #it is mandatory, in our case it's log
 - input_type: log
diff --git a/kubernetes/clamp/charts/clamp-backend/resources/config/sdc-controllers-config.json b/kubernetes/clamp/components/clamp-backend/resources/config/sdc-controllers-config.json
index 3adda95c11..3adda95c11 100644
--- a/kubernetes/clamp/charts/clamp-backend/resources/config/sdc-controllers-config.json
+++ b/kubernetes/clamp/components/clamp-backend/resources/config/sdc-controllers-config.json
diff --git a/kubernetes/clamp/charts/clamp-backend/templates/NOTES.txt b/kubernetes/clamp/components/clamp-backend/templates/NOTES.txt
index e36d6a5bfb..e36d6a5bfb 100644
--- a/kubernetes/clamp/charts/clamp-backend/templates/NOTES.txt
+++ b/kubernetes/clamp/components/clamp-backend/templates/NOTES.txt
diff --git a/kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml b/kubernetes/clamp/components/clamp-backend/templates/configmap.yaml
index f66312c741..1a5b0ce06a 100644
--- a/kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml
+++ b/kubernetes/clamp/components/clamp-backend/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
@@ -25,6 +27,5 @@ metadata:
     heritage: {{ .Release.Service }}
 data:
 {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-  spring_application_json: {{ tpl .Values.config.springApplicationJson . | quote }}
 
 {{ include "common.log.configMap" . }}
diff --git a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml b/kubernetes/clamp/components/clamp-backend/templates/deployment.yaml
index 9dfc460d1f..9153f9d0ff 100644
--- a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml
+++ b/kubernetes/clamp/components/clamp-backend/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -36,28 +38,37 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
-        - mariadb
+        - clamp-mariadb
         env:
         - name: NAMESPACE
           valueFrom:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
         # side car containers
         {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }}
         # main container
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          command:
+          - sh
+          workingDir: "/opt/clamp/"
           args:
-            - ""
+          - -c
+          - |
+          {{- if .Values.global.aafEnabled }}
+            export $(grep '^cadi_' {{ .Values.certInitializer.credsPath }}/org.onap.clamp.cred.props | xargs -0)
+          {{- end }}
+            java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./app.jar
           ports:
           - containerPort: {{ .Values.service.internalPort }}
           # disable liveness probe when breakpoints set in debugger
@@ -74,12 +85,15 @@ spec:
               port: {{ .Values.service.internalPort }}
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
-          volumeMounts:
+          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
           - name: logs
             mountPath: {{ .Values.log.path }}
           - mountPath: /opt/clamp/sdc-controllers-config.json
             name: {{ include "common.fullname" . }}-config
             subPath: sdc-controllers-config.json
+          - mountPath: /opt/clamp/application.properties
+            name: {{ include "common.fullname" . }}-config
+            subPath: application.properties
           env:
           - name: MYSQL_USER
             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
@@ -87,28 +101,26 @@ spec:
             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
           - name: MYSQL_DATABASE
             value: {{ tpl .Values.db.databaseName .}}
-          - name: SPRING_APPLICATION_JSON
-            valueFrom:
-              configMapKeyRef:
-                name: {{ template "common.fullname" . }}
-                key: spring_application_json
-          resources:
-{{ include "common.resources" . | indent 12 }}
+          {{-  if ne "unlimited" (include "common.flavor" .) }}
+          - name: JAVA_RAM_CONFIGURATION
+            value: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=75
+          {{-  end }}
+          resources: {{ include "common.resources" . | nindent 12 }}
         {{- if .Values.nodeSelector }}
-        nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+        nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
         {{- end -}}
         {{- if .Values.affinity }}
-        affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+        affinity: {{ toYaml .Values.affinity | nindent 10 }}
         {{- end }}
-      volumes:
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: {{ include "common.fullname" . }}-config
           configMap:
             name: {{ include "common.fullname" . }}
             items:
             - key: sdc-controllers-config.json
               path: sdc-controllers-config.json
+            - key: application.properties
+              path: application.properties
         - name:  logs
           emptyDir: {}
         {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
diff --git a/kubernetes/clamp/charts/mariadb/templates/secrets.yaml b/kubernetes/clamp/components/clamp-backend/templates/secrets.yaml
index 57f88ce32d..4cf8155f6c 100644
--- a/kubernetes/clamp/charts/mariadb/templates/secrets.yaml
+++ b/kubernetes/clamp/components/clamp-backend/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/clamp/charts/clamp-backend/templates/service.yaml b/kubernetes/clamp/components/clamp-backend/templates/service.yaml
index b1a5465116..c01d36a53d 100644
--- a/kubernetes/clamp/charts/clamp-backend/templates/service.yaml
+++ b/kubernetes/clamp/components/clamp-backend/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/clamp/components/clamp-backend/values.yaml b/kubernetes/clamp/components/clamp-backend/values.yaml
new file mode 100644
index 0000000000..efd08ba4d0
--- /dev/null
+++ b/kubernetes/clamp/components/clamp-backend/values.yaml
@@ -0,0 +1,151 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018-2019 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global: # global defaults
+  nodePortPrefix: 302
+  persistence: {}
+  centralizedLoggingEnabled: true
+  #AAF service
+  aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+  permission_user: 1000
+  permission_group: 999
+  keystoreFile: 'org.onap.clamp.p12'
+  truststoreFile: 'org.onap.clamp.trust.jks'
+  keyFile: 'org.onap.clamp.keyfile'
+  truststoreFileONAP: 'truststoreONAPall.jks'
+  nameOverride: clamp-backend-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  fqdn: clamp
+  fqi: clamp@clamp.onap.org
+  public_fqdn: clamp.onap.org
+  cadi_longitude: '-72.0'
+  cadi_latitude: '38.0'
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+    grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_truststore_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_truststore_password.pwd;
+    grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_key_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_key_password.pwd;
+    grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_keystore_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_keystore_password.pwd;
+    grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_keystore_password_p12=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_keystore_password_p12.pwd;
+    cd {{ .Values.credsPath }};
+    chmod a+rx *;
+
+secrets:
+  - uid: db-secret
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+    login: '{{ .Values.db.user }}'
+    password: '{{ .Values.db.password }}'
+    passwordPolicy: required
+
+flavor: small
+
+# application image
+image: onap/clamp-backend:5.1.5
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# log configuration
+log:
+  path: /var/log/onap
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+#####dummy values for db user and password to pass lint!!!#######
+
+db:
+  user: dummyclds
+  password: dummysidnnd83K
+  databaseName: dummycldsdb4
+
+config:
+  log:
+    logstashServiceName: log-ls
+    logstashPort: 5044
+  mysqlPassword: strong_pitchou
+  dataRootDir: /dockerdata-nfs
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 120
+  periodSeconds: 10
+  timeoutSeconds: 3
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: true
+
+readiness:
+  initialDelaySeconds: 10
+  periodSeconds: 10
+  timeoutSeconds: 3
+
+service:
+  type: ClusterIP
+  name: clamp-backend
+  portName: clamp-backend
+  internalPort: 8443
+  externalPort: 443
+
+ingress:
+  enabled: false
+
+#resources: {}
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+#
+# Example:
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+# Minimum memory for development is 2 CPU cores and 4GB memory
+# Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+  small:
+    limits:
+      cpu: 1
+      memory: 1Gi
+    requests:
+      cpu: 1m
+      memory: 1Gi
+  large:
+    limits:
+      cpu: 1
+      memory: 3Gi
+    requests:
+      cpu: 10m
+      memory: 3Gi
+  unlimited: {}
diff --git a/kubernetes/clamp/charts/clamp-dash-es/Chart.yaml b/kubernetes/clamp/components/clamp-dash-es/Chart.yaml
index b2f8624a4b..c2b8ccb781 100644
--- a/kubernetes/clamp/charts/clamp-dash-es/Chart.yaml
+++ b/kubernetes/clamp/components/clamp-dash-es/Chart.yaml
@@ -16,4 +16,4 @@
 apiVersion: v1
 description: ONAP Clamp Dashboard Elasticsearch
 name: clamp-dash-es
-version: 6.0.0
+version: 7.0.0
diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/requirements.yaml b/kubernetes/clamp/components/clamp-dash-es/requirements.yaml
index caff1e5dc4..22b92c4ef7 100644
--- a/kubernetes/clamp/charts/clamp-dash-logstash/requirements.yaml
+++ b/kubernetes/clamp/components/clamp-dash-es/requirements.yaml
@@ -15,5 +15,11 @@
 
 dependencies:
   - name: common
-    version: ~6.x-0
+    version: ~7.x-0
     repository: '@local'
+  - name: certInitializer
+    version: ~7.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~7.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml b/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml
index 1eb20fce89..9e04d5ae01 100644
--- a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml
+++ b/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml
@@ -106,14 +106,24 @@ transport.tcp.port: {{.Values.service.externalPort2}}
 
 ######## Start OpenDistro for Elasticsearch Security Demo Configuration ########
 # WARNING: revise all the lines below before you go into production
+{{- if .Values.global.aafEnabled }}
+opendistro_security.ssl.transport.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }}
+opendistro_security.ssl.transport.pemkey_filepath: {{ .Values.certInitializer.clamp_key }}
+opendistro_security.ssl.transport.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }}
+opendistro_security.ssl.http.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }}
+opendistro_security.ssl.http.pemkey_filepath: {{ .Values.certInitializer.clamp_key }}
+opendistro_security.ssl.http.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }}
+{{- else }}
 opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
 opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
 opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
-opendistro_security.ssl.transport.enforce_hostname_verification: false
-opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}}
 opendistro_security.ssl.http.pemcert_filepath: esnode.pem
 opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
 opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
+{{- end }}
+opendistro_security.ssl.transport.enforce_hostname_verification: false
+opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}}
+
 opendistro_security.allow_unsafe_democertificates: true
 opendistro_security.allow_default_init_securityindex: true
 opendistro_security.authcz.admin_dn:
diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/configmap.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/configmap.yaml
index 20ff6f27c2..fe0349ede9 100644
--- a/kubernetes/clamp/charts/clamp-dash-es/templates/configmap.yaml
+++ b/kubernetes/clamp/components/clamp-dash-es/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml
index 0ec38b08e3..d7aa77cd01 100644
--- a/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml
+++ b/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -51,7 +53,7 @@ spec:
               fieldPath: metadata.namespace
         securityContext:
           privileged: true
-        image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }}
+        image: {{ include "repositoryGenerator.image.busybox" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: init-sysctl
         volumeMounts:
@@ -59,10 +61,22 @@ spec:
           mountPath: /usr/share/elasticsearch/logs/
         - name: {{ include "common.fullname" . }}-data
           mountPath: /usr/share/elasticsearch/data/
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          {{- if .Values.global.aafEnabled }}
+          command:
+          - sh
+          args:
+          - -c
+          - |
+            cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_key }}
+            cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_pem }}
+            cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_ca_certs_pem }}
+            /usr/local/bin/docker-entrypoint.sh
+          {{- end }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
             name: {{ include "common.servicename" . }}
@@ -85,7 +99,7 @@ spec:
             periodSeconds: {{ .Values.readiness.periodSeconds }}
             timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
           env:
-          volumeMounts:
+          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
@@ -104,7 +118,7 @@ spec:
         affinity:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
-      volumes:
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: localtime
           hostPath:
             path: /etc/localtime
diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/pv.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/pv.yaml
index 3669621b24..3669621b24 100644
--- a/kubernetes/clamp/charts/clamp-dash-es/templates/pv.yaml
+++ b/kubernetes/clamp/components/clamp-dash-es/templates/pv.yaml
diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/pvc.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/pvc.yaml
index 6ae4eea0d3..6ae4eea0d3 100644
--- a/kubernetes/clamp/charts/clamp-dash-es/templates/pvc.yaml
+++ b/kubernetes/clamp/components/clamp-dash-es/templates/pvc.yaml
diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/service.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/service.yaml
index 292fc31dc3..9c182edbc0 100644
--- a/kubernetes/clamp/charts/clamp-dash-es/templates/service.yaml
+++ b/kubernetes/clamp/components/clamp-dash-es/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/clamp/charts/clamp-dash-es/values.yaml b/kubernetes/clamp/components/clamp-dash-es/values.yaml
index 27158a6668..1e2ae4778d 100644
--- a/kubernetes/clamp/charts/clamp-dash-es/values.yaml
+++ b/kubernetes/clamp/components/clamp-dash-es/values.yaml
@@ -18,21 +18,52 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
   persistence: {}
-flavor: small
+  centralizedLoggingEnabled: true
+  #AAF service
+  aafEnabled: true
 
 #################################################################
-# Application configuration defaults.
+# AAF part
 #################################################################
+certInitializer:
+  permission_user: 1000
+  permission_group: 999
+  addconfig: true
+  keystoreFile: "org.onap.clamp.p12"
+  truststoreFile: "org.onap.clamp.trust.jks"
+  keyFile: "org.onap.clamp.keyfile"
+  truststoreFileONAP: "truststoreONAPall.jks"
+  clamp_key: "org.onap.clamp.crt.key"
+  clamp_pem: "org.onap.clamp.key.pem"
+  clamp_ca_certs_pem: "clamp-ca-certs.pem"
+  nameOverride: clamp-es-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: clamp
+  fqi: clamp@clamp.onap.org
+  public_fqdn: clamp.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+    cd {{ .Values.credsPath }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+    chmod a+rx *;
 
-# BusyBox image
-busyboxRepository: registry.hub.docker.com
-busyboxImage: library/busybox:latest
+flavor: small
 
+#################################################################
+# Application configuration defaults.
+#################################################################
 # application image
-repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-elasticsearch:5.0.3
+image: onap/clamp-dashboard-elasticsearch:5.0.4
 pullPolicy: Always
 
 # flag to enable debugging - application support required
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/Chart.yaml b/kubernetes/clamp/components/clamp-dash-kibana/Chart.yaml
index 5d897d96eb..f5c146a782 100644
--- a/kubernetes/clamp/charts/clamp-dash-kibana/Chart.yaml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/Chart.yaml
@@ -16,4 +16,4 @@
 apiVersion: v1
 description: ONAP Clamp Dashboard Kibana
 name: clamp-dash-kibana
-version: 6.0.0
+version: 7.0.0
diff --git a/kubernetes/clamp/charts/clamp-backend/requirements.yaml b/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml
index d3c442d32e..22b92c4ef7 100644
--- a/kubernetes/clamp/charts/clamp-backend/requirements.yaml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml
@@ -15,8 +15,11 @@
 
 dependencies:
   - name: common
-    version: ~6.x-0
-    # local reference to common chart, as it is
-    # a part of this chart's package and will not
-    # be published independently to a repo (at this point)
+    version: ~7.x-0
     repository: '@local'
+  - name: certInitializer
+    version: ~7.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~7.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml b/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml
index db81e3da00..b7a8fbf348 100644
--- a/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.# Default Kibana configuration from kibana-docker.
+*/}}
 
 server.name: "Clamp CL Dashboard"
 server.host: "0"
@@ -18,9 +20,13 @@ server.host: "0"
 server.port: {{.Values.service.externalPort}}
 
 server.ssl.enabled: {{.Values.config.sslEnabled}}
+{{- if .Values.global.aafEnabled }}
+server.ssl.certificate: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }}
+server.ssl.key: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }}
+{{ else }}
 server.ssl.certificate: {{.Values.config.sslPemCertFilePath}}
 server.ssl.key: {{.Values.config.sslPemkeyFilePath}}
-
+{{- end }}
 # The URL of the Elasticsearch instance to use for all your queries.
 elasticsearch.hosts: ${elasticsearch_base_url}
 
@@ -32,4 +38,4 @@ elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
 
 opendistro_security.multitenancy.enabled: true
 opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"]
-opendistro_security.readonly_mode.roles: ["kibana_read_only"]
\ No newline at end of file
+opendistro_security.readonly_mode.roles: ["kibana_read_only"]
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/configmap.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/configmap.yaml
index 5d1b32258c..48d85478c4 100644
--- a/kubernetes/clamp/charts/clamp-dash-kibana/templates/configmap.yaml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml
index bf78eef2eb..8cb95cdf0b 100644
--- a/kubernetes/clamp/charts/clamp-dash-kibana/templates/deployment.yaml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -36,7 +38,7 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - clamp-dash-es
@@ -46,12 +48,13 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
@@ -73,7 +76,7 @@ spec:
           env:
           - name: elasticsearch_base_url
             value: "{{ternary "https" "http" .Values.security.ssl.enabled}}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}"
-          volumeMounts:
+          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
@@ -90,7 +93,7 @@ spec:
         affinity:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
-      volumes:
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: localtime
           hostPath:
             path: /etc/localtime
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/ingress.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml
index 0cd8cfbd36..e5d7174e85 100644
--- a/kubernetes/clamp/charts/clamp-dash-kibana/templates/ingress.yaml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2020 Samsung, Orange
+{{/* # Copyright © 2020 Samsung, Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,5 +11,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.ingress" . }}
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/service.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/service.yaml
index 07d4a8f8ea..f1b6cf55c6 100644
--- a/kubernetes/clamp/charts/clamp-dash-kibana/templates/service.yaml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml b/kubernetes/clamp/components/clamp-dash-kibana/values.yaml
index 96a30f9e5f..9b5f1fc344 100644
--- a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/values.yaml
@@ -18,23 +18,52 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
   persistence: {}
-flavor: small
+  centralizedLoggingEnabled: true
+  #AAF service
+  aafEnabled: true
 
 #################################################################
-# Application configuration defaults.
+# AAF part
 #################################################################
+certInitializer:
+  permission_user: 1000
+  permission_group: 999
+  addconfig: true
+  keystoreFile: "org.onap.clamp.p12"
+  truststoreFile: "org.onap.clamp.trust.jks"
+  keyFile: "org.onap.clamp.keyfile"
+  truststoreFileONAP: "truststoreONAPall.jks"
+  clamp_key: "org.onap.clamp.crt.key"
+  clamp_pem: "org.onap.clamp.key.pem"
+  clamp_ca_certs_pem: "clamp-ca-certs.pem"
+  nameOverride: clamp-kibana-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: clamp
+  fqi: clamp@clamp.onap.org
+  public_fqdn: clamp.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+    cd {{ .Values.credsPath }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+    chmod a+rx *;
 
-# BusyBox image
-busyboxRepository: registry.hub.docker.com
-busyboxImage: library/busybox:latest
+flavor: small
 
+#################################################################
+# Application configuration defaults.
+#################################################################
 # application image
-repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-kibana:5.0.3
+image: onap/clamp-dashboard-kibana:5.0.4
 pullPolicy: Always
 
 # flag to enable debugging - application support required
diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/Chart.yaml b/kubernetes/clamp/components/clamp-dash-logstash/Chart.yaml
index 9fc0317fd3..686898eea2 100644
--- a/kubernetes/clamp/charts/clamp-dash-logstash/Chart.yaml
+++ b/kubernetes/clamp/components/clamp-dash-logstash/Chart.yaml
@@ -16,4 +16,4 @@
 apiVersion: v1
 description: ONAP Clamp Dashboard Logstash
 name: clamp-dash-logstash
-version: 6.0.0
+version: 7.0.0
diff --git a/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml b/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml
new file mode 100644
index 0000000000..22b92c4ef7
--- /dev/null
+++ b/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml
@@ -0,0 +1,25 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~7.x-0
+    repository: '@local'
+  - name: certInitializer
+    version: ~7.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~7.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/logstash.yml
index cecd5b18c8..1e06e34cfb 100644
--- a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml
+++ b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/logstash.yml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2020  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 http.host: "0.0.0.0"
 ## Path where pipeline configurations reside
 path.config: /usr/share/logstash/pipeline
diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf
index c005fcca3e..b978e766d3 100644
--- a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf
+++ b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf
@@ -1,3 +1,4 @@
+{{/*
 # Copyright (c) 2018 AT&T Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 input {
     http_poller {
         urls => {
@@ -46,7 +48,11 @@ input {
         request_timeout => 30
         schedule => { "every" => "1m" }
         codec => "plain"
+{{- if .Values.global.aafEnabled }}
+        cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
         cacert => "/certs.d/aafca.pem"
+{{- end }}
     }
 }
 
@@ -217,8 +223,13 @@ output {
 
     if "error" in [tags] {
         elasticsearch {
+            ilm_enabled => false
             codec => "json"
+{{- if .Values.global.aafEnabled }}
+            cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
             cacert => "/clamp-cert/ca-certs.pem"
+{{- end }}
             ssl_certificate_verification => false
             hosts => ["${elasticsearch_base_url}"]
             user => ["${logstash_user}"]
@@ -229,9 +240,14 @@ output {
 
     } else if "event-cl-aggs" in [tags] {
         elasticsearch {
+            ilm_enabled => false
             codec => "json"
             hosts => ["${elasticsearch_base_url}"]
+{{- if .Values.global.aafEnabled }}
+            cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
             cacert => "/clamp-cert/ca-certs.pem"
+{{- end }}
             ssl_certificate_verification => false
             user => ["${logstash_user}"]
             password => ["${logstash_pwd}"]
@@ -243,9 +259,14 @@ output {
 
     } else {
         elasticsearch {
+            ilm_enabled => false
             codec => "json"
             hosts => ["${elasticsearch_base_url}"]
+{{- if .Values.global.aafEnabled }}
+            cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
             cacert => "/clamp-cert/ca-certs.pem"
+{{- end }}
             ssl_certificate_verification => false
             user => ["${logstash_user}"]
             password => ["${logstash_pwd}"]
diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/configmap.yaml
index 4278a6e6d3..3e98246df1 100644
--- a/kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml
+++ b/kubernetes/clamp/components/clamp-dash-logstash/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml
index d0c737f047..f098338c7f 100644
--- a/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml
+++ b/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -36,7 +38,7 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - clamp-dash-es
@@ -46,12 +48,13 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           env:
           - name: dmaap_consumer_group
@@ -91,7 +94,7 @@ spec:
             periodSeconds: {{ .Values.liveness.periodSeconds }}
             timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
           {{ end -}}
-          volumeMounts:
+          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
@@ -111,7 +114,7 @@ spec:
         affinity:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
-      volumes:
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: localtime
           hostPath:
             path: /etc/localtime
diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/service.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/service.yaml
index 07d4a8f8ea..f1b6cf55c6 100644
--- a/kubernetes/clamp/charts/clamp-dash-logstash/templates/service.yaml
+++ b/kubernetes/clamp/components/clamp-dash-logstash/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml b/kubernetes/clamp/components/clamp-dash-logstash/values.yaml
index 3ec5684f6b..9aab3af252 100644
--- a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml
+++ b/kubernetes/clamp/components/clamp-dash-logstash/values.yaml
@@ -18,10 +18,45 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
   persistence: {}
+  centralizedLoggingEnabled: true
+  #AAF service
+  aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+  permission_user: 1000
+  permission_group: 999
+  addconfig: true
+  keystoreFile: "org.onap.clamp.p12"
+  truststoreFile: "org.onap.clamp.trust.jks"
+  keyFile: "org.onap.clamp.keyfile"
+  truststoreFileONAP: "truststoreONAPall.jks"
+  clamp_key: "org.onap.clamp.crt.key"
+  clamp_pem: "org.onap.clamp.key.pem"
+  clamp_ca_certs_pem: "clamp-ca-certs.pem"
+  nameOverride: clamp-logstash-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: clamp
+  fqi: clamp@clamp.onap.org
+  public_fqdn: clamp.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+    cd {{ .Values.credsPath }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+    chmod a+rx *;
+
 flavor: small
 
 #################################################################
@@ -29,8 +64,7 @@ flavor: small
 #################################################################
 
 # application image
-repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-logstash:5.0.3
+image: onap/clamp-dashboard-logstash:5.0.4
 pullPolicy: Always
 
 # flag to enable debugging - application support required
diff --git a/kubernetes/clamp/charts/mariadb/Chart.yaml b/kubernetes/clamp/components/clamp-mariadb/Chart.yaml
index eaad8b8440..c0de18592c 100644
--- a/kubernetes/clamp/charts/mariadb/Chart.yaml
+++ b/kubernetes/clamp/components/clamp-mariadb/Chart.yaml
@@ -15,5 +15,5 @@
 
 apiVersion: v1
 description: MariaDB Service
-name: mariadb
-version: 6.0.0
+name: clamp-mariadb
+version: 7.0.0
diff --git a/kubernetes/clamp/charts/mariadb/NOTES.txt b/kubernetes/clamp/components/clamp-mariadb/NOTES.txt
index 1103affff1..1103affff1 100644
--- a/kubernetes/clamp/charts/mariadb/NOTES.txt
+++ b/kubernetes/clamp/components/clamp-mariadb/NOTES.txt
diff --git a/kubernetes/clamp/charts/clamp-dash-es/requirements.yaml b/kubernetes/clamp/components/clamp-mariadb/requirements.yaml
index caff1e5dc4..d62ef09a4d 100644
--- a/kubernetes/clamp/charts/clamp-dash-es/requirements.yaml
+++ b/kubernetes/clamp/components/clamp-mariadb/requirements.yaml
@@ -1,5 +1,4 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright © 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,5 +14,8 @@
 
 dependencies:
   - name: common
-    version: ~6.x-0
+    version: ~7.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~7.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh b/kubernetes/clamp/components/clamp-mariadb/resources/config/init/docker-entrypoint.sh
index 6c69694011..71f32e2eff 100755
--- a/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh
+++ b/kubernetes/clamp/components/clamp-mariadb/resources/config/init/docker-entrypoint.sh
@@ -18,6 +18,11 @@ for arg; do
 	esac
 done
 
+prepare_password()
+{
+	echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+}
+
 # usage: file_env VAR [DEFAULT]
 #    ie: file_env 'XYZ_DB_PASSWORD' 'example'
 # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
@@ -36,7 +41,7 @@ file_env() {
 	elif [ "${!fileVar:-}" ]; then
 		val="$(< "${!fileVar}")"
 	fi
-	val=`echo -n $val | sed -e "s/'/''/g"`
+	val=`prepare_password $val`
 	export "$var"="$val"
 	unset "$fileVar"
 }
diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/conf.d/conf1/my.cnf b/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/conf.d/conf1/my.cnf
index 612590cc6b..8b5dc2a021 100644
--- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/conf.d/conf1/my.cnf
+++ b/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/conf.d/conf1/my.cnf
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -20,6 +21,7 @@
 # In this file, you can use all long options that a program supports.
 # If you want to know which options a program supports, run the program
 # with the "--help" option.
+*/}}
 
 # The following options will be passed to all MySQL clients
 ##[client]
diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql b/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql
index 1f153bce04..1f153bce04 100644
--- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql
+++ b/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql
diff --git a/kubernetes/clamp/charts/mariadb/templates/NOTES.txt b/kubernetes/clamp/components/clamp-mariadb/templates/NOTES.txt
index 1103affff1..1103affff1 100644
--- a/kubernetes/clamp/charts/mariadb/templates/NOTES.txt
+++ b/kubernetes/clamp/components/clamp-mariadb/templates/NOTES.txt
diff --git a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/configmap.yaml
index 01420aa97b..b8a774acbe 100644
--- a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml
+++ b/kubernetes/clamp/components/clamp-mariadb/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 #{{ if not .Values.disableClampClampMariadb }}
 apiVersion: v1
diff --git a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/deployment.yaml
index 7d6e162813..8ddf584988 100644
--- a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml
+++ b/kubernetes/clamp/components/clamp-mariadb/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -36,7 +38,7 @@ spec:
     spec:
       containers:
         - name: {{ include "common.name" .  }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
diff --git a/kubernetes/clamp/charts/mariadb/templates/pv.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/pv.yaml
index 424987936d..424987936d 100644
--- a/kubernetes/clamp/charts/mariadb/templates/pv.yaml
+++ b/kubernetes/clamp/components/clamp-mariadb/templates/pv.yaml
diff --git a/kubernetes/clamp/charts/mariadb/templates/pvc.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/pvc.yaml
index 6856c80540..6856c80540 100644
--- a/kubernetes/clamp/charts/mariadb/templates/pvc.yaml
+++ b/kubernetes/clamp/components/clamp-mariadb/templates/pvc.yaml
diff --git a/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/secrets.yaml
index 57f88ce32d..4cf8155f6c 100644
--- a/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml
+++ b/kubernetes/clamp/components/clamp-mariadb/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/clamp/charts/mariadb/templates/service.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/service.yaml
index 2533c26161..20a5065503 100644
--- a/kubernetes/clamp/charts/mariadb/templates/service.yaml
+++ b/kubernetes/clamp/components/clamp-mariadb/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/clamp/charts/mariadb/values.yaml b/kubernetes/clamp/components/clamp-mariadb/values.yaml
index 2a90e8480c..60b2cfef4f 100644
--- a/kubernetes/clamp/charts/mariadb/values.yaml
+++ b/kubernetes/clamp/components/clamp-mariadb/values.yaml
@@ -21,8 +21,7 @@ global: # global defaults
 
   persistence: {}
 # application image
-repository: docker.io
-image: mariadb:10.3.12
+image: mariadb:10.5.4
 pullPolicy: Always
 flavor: small
 #################################################################
@@ -40,7 +39,11 @@ secrets:
     password: '{{ .Values.db.password }}'
 
 # Application configuration
-db: {}
+# dummy value db user pasword to pass lint!!!
+db:
+  user: dummy-clds
+  password: dummy-sidnnd83K
+  databaseName: dummy-cldsdb4
 
 # default number of instances
 replicaCount: 1
@@ -51,15 +54,17 @@ affinity: {}
 
 # probe configuration parameters
 liveness:
-  initialDelaySeconds: 10
+  initialDelaySeconds: 30
   periodSeconds: 10
+  timeoutSeconds: 3
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
   enabled: true
 
 readiness:
-  initialDelaySeconds: 10
+  initialDelaySeconds: 30
   periodSeconds: 10
+  timeoutSeconds: 3
 
 ## Persist data to a persitent volume
 persistence:
diff --git a/kubernetes/clamp/requirements.yaml b/kubernetes/clamp/requirements.yaml
index d3c442d32e..2d271032e9 100644
--- a/kubernetes/clamp/requirements.yaml
+++ b/kubernetes/clamp/requirements.yaml
@@ -14,9 +14,24 @@
 # limitations under the License.
 
 dependencies:
-  - name: common
-    version: ~6.x-0
-    # local reference to common chart, as it is
-    # a part of this chart's package and will not
-    # be published independently to a repo (at this point)
+  - name: certInitializer
+    version: ~7.x-0
     repository: '@local'
+  - name: repositoryGenerator
+    version: ~7.x-0
+    repository: '@local'
+  - name: clamp-mariadb
+    version: ~7.x-0
+    repository: 'file://components/clamp-mariadb'
+  - name: clamp-backend
+    version: ~7.x-0
+    repository: 'file://components/clamp-backend'
+  - name: clamp-dash-es
+    version: ~7.x-0
+    repository: 'file://components/clamp-dash-es'
+  - name: clamp-dash-logstash
+    version: ~7.x-0
+    repository: 'file://components/clamp-dash-logstash'
+  - name: clamp-dash-kibana
+    version: ~7.x-0
+    repository: 'file://components/clamp-dash-kibana'
\ No newline at end of file
diff --git a/kubernetes/clamp/resources/config/default.conf b/kubernetes/clamp/resources/config/default.conf
index 84beff8d5a..3e6fde9d0d 100644
--- a/kubernetes/clamp/resources/config/default.conf
+++ b/kubernetes/clamp/resources/config/default.conf
@@ -2,8 +2,14 @@ server {
 
   listen 2443 default ssl;
   ssl_protocols TLSv1.2;
+  {{ if .Values.global.aafEnabled }}
+  ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}};
+  ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}};
+  {{ else }}
   ssl_certificate /etc/ssl/clamp.pem;
   ssl_certificate_key /etc/ssl/clamp.key;
+  {{ end }}
+
   ssl_verify_client optional_no_ca;
     location /restservices/clds/ {
         proxy_pass https://clamp-backend:443;
diff --git a/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml b/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml
index dab2e44f5e..8717e6f33a 100644
--- a/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml
+++ b/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 filebeat.prospectors:
 #it is mandatory, in our case it's log
 - input_type: log
diff --git a/kubernetes/clamp/templates/configmap.yaml b/kubernetes/clamp/templates/configmap.yaml
index 3fce850140..1a5b0ce06a 100644
--- a/kubernetes/clamp/templates/configmap.yaml
+++ b/kubernetes/clamp/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/clamp/templates/deployment.yaml b/kubernetes/clamp/templates/deployment.yaml
index 97637b058d..51b864b986 100644
--- a/kubernetes/clamp/templates/deployment.yaml
+++ b/kubernetes/clamp/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -36,7 +38,7 @@ spec:
     spec:
       initContainers:
       - command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - clamp-backend
@@ -46,15 +48,16 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | nindent 6 }}
       containers:
         # side car containers
         {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }}
         # main container
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
@@ -72,7 +75,7 @@ spec:
               port: {{ .Values.service.internalPort }}
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
-          volumeMounts:
+          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
           - name: logs
             mountPath: {{ .Values.log.path }}
           - mountPath: /etc/nginx/conf.d/default.conf
@@ -88,7 +91,7 @@ spec:
         affinity:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
-      volumes:
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: {{ include "common.fullname" . }}-config
           configMap:
             name: {{ include "common.fullname" . }}
diff --git a/kubernetes/clamp/templates/secrets.yaml b/kubernetes/clamp/templates/secrets.yaml
index 57f88ce32d..4cf8155f6c 100644
--- a/kubernetes/clamp/templates/secrets.yaml
+++ b/kubernetes/clamp/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,5 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{ include "common.secretFast" . }}
diff --git a/kubernetes/clamp/templates/service.yaml b/kubernetes/clamp/templates/service.yaml
index 800cc36535..31f4380eb8 100644
--- a/kubernetes/clamp/templates/service.yaml
+++ b/kubernetes/clamp/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml
index 2a27c140eb..b2b37d3755 100644
--- a/kubernetes/clamp/values.yaml
+++ b/kubernetes/clamp/values.yaml
@@ -18,11 +18,43 @@
 #################################################################
 global: # global defaults
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  centralizedLoggingEnabled: false
+  centralizedLoggingEnabled: true
+  #AAF service
+  aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+  permission_user: 1000
+  permission_group: 999
+  addconfig: true
+  keystoreFile: "org.onap.clamp.p12"
+  truststoreFile: "org.onap.clamp.trust.jks"
+  keyFile: "org.onap.clamp.keyfile"
+  truststoreFileONAP: "truststoreONAPall.jks"
+  clamp_key: "clamp.key"
+  clamp_pem: "clamp.pem"
+  clamp_ca_certs_pem: "clamp-ca-certs.pem"
+  nameOverride: clamp-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: clamp
+  fqi: clamp@clamp.onap.org
+  public_fqdn: clamp.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+    cd {{ .Values.credsPath }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+    chmod a+rx *;
 
 secrets:
   - uid: db-root-pass
@@ -45,7 +77,7 @@ clamp-backend:
   db:
     userCredsExternalSecret: *dbUserPass
     databaseName: *dbName
-mariadb:
+clamp-mariadb:
   db:
     rootCredsExternalSecret: *dbRootPass
     userCredsExternalSecret: *dbUserPass
@@ -57,8 +89,7 @@ subChartsOnly:
 flavor: small
 
 # application image
-repository: nexus3.onap.org:10001
-image: onap/clamp-frontend:5.0.7
+image: onap/clamp-frontend:5.1.5
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -88,6 +119,7 @@ affinity: {}
 liveness:
   initialDelaySeconds: 120
   periodSeconds: 10
+  timeoutSeconds: 3
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
   enabled: true
@@ -95,7 +127,7 @@ liveness:
 readiness:
   initialDelaySeconds: 10
   periodSeconds: 10
-
+  timeoutSeconds: 3
 
 service:
   type: NodePort
@@ -139,7 +171,7 @@ resources:
       cpu: 1
       memory: 200Mi
     requests:
-      cpu: 10m
+      cpu: 1m
       memory: 50Mi
   large:
     limits: