Merge "Add CSIT helm charts for policy"

42 files changed, 2897 insertions, 34 deletions

diff --git a/helm/policy/Chart.yaml b/helm/policy/Chart.yaml
index f1930303..3ad91554 100755
--- a/helm/policy/Chart.yaml
+++ b/helm/policy/Chart.yaml
@@ -33,3 +33,19 @@ dependencies:
     version: ~11.x-0
     repository: 'file://components/policy-models-simulator'
     condition: policy-models-simulator.enabled
+  - name: policy-api
+    version: ~11.x-0
+    repository: 'file://components/policy-api'
+    condition: policy-api.enabled
+  - name: policy-pap
+    version: ~11.x-0
+    repository: 'file://components/policy-pap'
+    condition: policy-pap.enabled
+  - name: policy-apex-pdp
+    version: ~11.x-0
+    repository: 'file://components/policy-apex-pdp'
+    condition: policy-apex-pdp.enabled
+  - name: policy-clamp-ac-pf-ppnt
+    version: ~11.x-0
+    repository: 'file://components/policy-clamp-ac-pf-ppnt'
+    condition: policy-clamp-ac-pf-ppnt.enabled
diff --git a/helm/policy/components/policy-apex-pdp/Chart.yaml b/helm/policy/components/policy-apex-pdp/Chart.yaml
new file mode 100755
index 00000000..dd75e97c
--- /dev/null
+++ b/helm/policy/components/policy-apex-pdp/Chart.yaml
@@ -0,0 +1,23 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+apiVersion: v2
+description: ONAP Policy APEX PDP
+name: policy-apex-pdp
+version: 11.0.0
+
diff --git a/helm/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json b/helm/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
new file mode 100755
index 00000000..d03b3795
--- /dev/null
+++ b/helm/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
@@ -0,0 +1,42 @@
+{
+    "name":"OnapPfParameterGroup",
+    "restServerParameters": {
+      "host": "0.0.0.0",
+      "port": 6969,
+      "userName": "${RESTSERVER_USER}",
+      "password": "${RESTSERVER_PASSWORD}",
+      "https": false,
+      "prometheus": true
+    },
+    "pdpStatusParameters":{
+        "pdpGroup": "defaultGroup",
+        "timeIntervalMs": 120000,
+        "pdpType":"apex",
+        "description":"Pdp Heartbeat",
+        "supportedPolicyTypes": [
+            {
+                "name": "onap.policies.native.Apex",
+                "version": "1.0.0"
+            },
+            {
+              "name": "onap.policies.controlloop.operational.common.Apex",
+              "version": "1.0.0"
+            }
+        ]
+    },
+    "topicParameterGroup": {
+        "topicSources" : [{
+            "topic" : "POLICY-PDP-PAP",
+            "servers" : [ "message-router" ],
+            "useHttps" : false,
+            "fetchTimeout": 15000,
+            "topicCommInfrastructure" : "dmaap"
+        }],
+        "topicSinks" : [{
+            "topic" : "POLICY-PDP-PAP",
+            "servers" : [ "message-router" ],
+            "useHttps" : false,
+            "topicCommInfrastructure" : "dmaap"
+        }]
+    }
+}
diff --git a/helm/policy/components/policy-apex-pdp/resources/config/logback.xml b/helm/policy/components/policy-apex-pdp/resources/config/logback.xml
new file mode 100755
index 00000000..d156414d
--- /dev/null
+++ b/helm/policy/components/policy-apex-pdp/resources/config/logback.xml
@@ -0,0 +1,103 @@
+<!--
+  ============LICENSE_START=======================================================
+   Copyright (C) 2023 Nordix Foundation. All rights reserved.
+  ================================================================================
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+       http://www.apache.org/licenses/LICENSE-2.0
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+  SPDX-License-Identifier: Apache-2.0
+  ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+    <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/apex-pdp/error.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/apex-pdp/error.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+            <level>WARN</level>
+        </filter>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="ErrorOut" />
+    </appender>
+
+    <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/apex-pdp/debug.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/apex-pdp/debug.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="DebugOut" />
+    </appender>
+
+    <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/apex-pdp/network.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/apex-pdp/network.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="NetworkOut" />
+    </appender>
+
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="STDOUT" />
+    </appender>
+
+    <logger name="network" level="INFO" additivity="false">
+        <appender-ref ref="AsyncNetworkOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </logger>
+
+    <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+        <appender-ref ref="AsyncNetworkOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </logger>
+
+    <root level="INFO">
+        <appender-ref ref="AsyncDebugOut" />
+        <appender-ref ref="AsyncErrorOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </root>
+
+</configuration>
diff --git a/helm/policy/components/policy-apex-pdp/templates/configmap.yaml b/helm/policy/components/policy-apex-pdp/templates/configmap.yaml
new file mode 100755
index 00000000..1910433b
--- /dev/null
+++ b/helm/policy/components/policy-apex-pdp/templates/configmap.yaml
@@ -0,0 +1,38 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Chart.Name }}-configmap
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: Release
+    heritage: Helm
+{{- with .Files.Glob "resources/config/*store" }}
+binaryData:
+{{- range $path, $bytes := . }}
+  {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
+{{- end }}
+{{- end }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }}
diff --git a/helm/policy/components/policy-apex-pdp/templates/role-binding.yaml b/helm/policy/components/policy-apex-pdp/templates/role-binding.yaml
new file mode 100644
index 00000000..12e1addf
--- /dev/null
+++ b/helm/policy/components/policy-apex-pdp/templates/role-binding.yaml
@@ -0,0 +1,33 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace.
+kind: RoleBinding
+metadata:
+  name: {{ .Chart.Name }}-read
+  namespace: default
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Chart.Name }}-read
+roleRef:
+  kind: Role
+  name: read
+  apiGroup: rbac.authorization.k8s.io
diff --git a/helm/policy/components/policy-apex-pdp/templates/secrets.yaml b/helm/policy/components/policy-apex-pdp/templates/secrets.yaml
new file mode 100755
index 00000000..60443044
--- /dev/null
+++ b/helm/policy/components/policy-apex-pdp/templates/secrets.yaml
@@ -0,0 +1,49 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Chart.Name }}-policy-kafka-user
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: RELEASE
+    heritage: Helm
+type: Opaque
+stringData:
+  sasl.jaas.config: "MobnDove6!Qibh"
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Chart.Name }}-restserver-creds
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: RELEASE
+    heritage: Helm
+type: Opaque
+stringData:
+  login: {{ .Values.restServer.user }}
+  password: {{ .Values.restServer.password }}
+
+
+
diff --git a/helm/policy/components/policy-apex-pdp/templates/service-account.yaml b/helm/policy/components/policy-apex-pdp/templates/service-account.yaml
new file mode 100644
index 00000000..2a46e911
--- /dev/null
+++ b/helm/policy/components/policy-apex-pdp/templates/service-account.yaml
@@ -0,0 +1,20 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Chart.Name }}-read
diff --git a/helm/policy/components/policy-apex-pdp/templates/service.yaml b/helm/policy/components/policy-apex-pdp/templates/service.yaml
new file mode 100755
index 00000000..032424e5
--- /dev/null
+++ b/helm/policy/components/policy-apex-pdp/templates/service.yaml
@@ -0,0 +1,46 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: RELEASE
+    heritage: Helm
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    {{if eq .Values.service.type "NodePort" -}}
+    - port: {{ .Values.service.externalPort }}
+      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+      name: {{ .Values.service.portName }}
+    {{- else -}}
+    - port: {{ .Values.service.externalPort }}
+      targetPort: {{ .Values.service.internalPort }}
+      name: {{ .Values.service.portName }}
+    {{- end}}
+  selector:
+    app: {{ .Chart.Name }}
+    release: RELEASE
+  sessionAffinity: None
diff --git a/helm/policy/components/policy-apex-pdp/templates/statefulset.yaml b/helm/policy/components/policy-apex-pdp/templates/statefulset.yaml
new file mode 100755
index 00000000..29291afc
--- /dev/null
+++ b/helm/policy/components/policy-apex-pdp/templates/statefulset.yaml
@@ -0,0 +1,131 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: RELEASE
+    heritage: Helm
+spec:
+  serviceName: {{ .Chart.Name }}
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ .Chart.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Chart.Name }}
+        release: RELEASE
+    spec:
+      initContainers:
+      - command:
+        - sh
+        args:
+        - -c
+        - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+        env:
+        - name: RESTSERVER_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-restserver-creds
+              key: login
+        - name: RESTSERVER_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-restserver-creds
+              key: password
+{{- if .Values.config.useStrimziKafka }}
+        - name: JAASLOGIN
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-policy-kafka-user
+              key: sasl.jaas.config
+{{- end }}
+        volumeMounts:
+        - mountPath: /config-input
+          name: apexconfig-input
+        - mountPath: /config
+          name: apexconfig
+        image: docker.io/dibi/envsubst:1
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ .Chart.Name }}-update-config
+      containers:
+        - name: {{ .Chart.Name }}
+          image: {{ .Values.image }}
+          imagePullPolicy: {{ .Values.pullPolicy }}
+          command: ["sh","-c"]
+          args: ["/opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"]
+          ports:
+          - containerPort: {{ .Values.service.externalPort }}
+          {{- if eq .Values.liveness.enabled true }}
+          livenessProbe:
+            tcpSocket:
+              port: {{ .Values.service.externalPort }}
+            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.liveness.periodSeconds }}
+          {{- end }}
+          readinessProbe:
+            tcpSocket:
+              port: {{ .Values.service.externalPort }}
+            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.readiness.periodSeconds }}
+          env:
+          - name: REPLICAS
+            value: "{{ .Values.replicaCount }}"
+          volumeMounts:
+          - mountPath: /etc/localtime
+            name: localtime
+            readOnly: true
+          - mountPath: /var/log/onap
+            name: policy-logs
+          - mountPath: /home/apexuser/config
+            name: apexconfig
+          resources:
+{{ toYaml .Values.resources.small | indent 12 }}
+        {{- if .Values.nodeSelector }}
+        nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+        {{- end -}}
+        {{- if .Values.affinity }}
+        affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+        {{- end }}
+      serviceAccountName: {{ .Chart.Name }}-read
+      volumes:
+        - name: localtime
+          hostPath:
+            path: /etc/localtime
+        - name: policy-logs
+          emptyDir: {}
+        - name: apexconfig-input
+          configMap:
+            name: {{ .Chart.Name }}-configmap
+            defaultMode: 0755
+        - name: apexconfig
+          emptyDir:
+            medium: Memory
+      imagePullSecrets:
+      - name: "default-docker-registry-key"
diff --git a/helm/policy/components/policy-apex-pdp/values.yaml b/helm/policy/components/policy-apex-pdp/values.yaml
new file mode 100755
index 00000000..0218b937
--- /dev/null
+++ b/helm/policy/components/policy-apex-pdp/values.yaml
@@ -0,0 +1,116 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation. All rights reserved.
+
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+  nodePortPrefix: 302
+  aafEnabled: false
+  persistence: {}
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: nexus3.onap.org:10001/onap/policy-apex-pdp:2.8.1
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+
+restServer:
+  user: healthcheck
+  password: zb!XztG34
+
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 20
+  periodSeconds: 10
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: true
+
+readiness:
+  initialDelaySeconds: 20
+  periodSeconds: 10
+
+service:
+  type: ClusterIP
+  name: policy-apex-pdp
+  portName: http
+  externalPort: 6969
+  internalPort: 6969
+  nodePort: 37
+
+ingress:
+  enabled: false
+
+# Resource Limit flavor -By Default using small
+# Segregation for Different environment (Small and Large)
+flavor: small
+resources:
+  small:
+    limits:
+      cpu: 1
+      memory: 4Gi
+    requests:
+      cpu: 10m
+      memory: 1Gi
+  unlimited: {}
+
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: policy-apex-pdp
+  roles:
+    - read
+
+# application configuration
+config:
+# Event consumption (kafka) properties
+  useStrimziKafka: true
+  kafkaBootstrap: strimzi-kafka-bootstrap
+  kafka:
+    consumer:
+      groupId: policy-group
+  app:
+    listener:
+      policyPdpPapTopic: policy-pdp-pap
+# If targeting a custom kafka cluster, ie useStrimziKakfa: false
+# uncomment below config and target your kafka bootstrap servers,
+# along with any other security config.
+#
+# eventConsumption:
+#   spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
+#   spring.kafka.security.protocol: PLAINTEXT
+#   spring.kafka.consumer.group-id: policy-group
+#
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format instead of yaml.
diff --git a/helm/policy/components/policy-api/Chart.yaml b/helm/policy/components/policy-api/Chart.yaml
new file mode 100644
index 00000000..ddf11078
--- /dev/null
+++ b/helm/policy/components/policy-api/Chart.yaml
@@ -0,0 +1,24 @@
+#  ============LICENSE_START=======================================================
+#  Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+apiVersion: v2
+description: ONAP Policy Design API
+name: policy-api
+version: 11.0.0
+
+
diff --git a/helm/policy/components/policy-api/resources/config/apiParameters.yaml b/helm/policy/components/policy-api/resources/config/apiParameters.yaml
new file mode 100644
index 00000000..1e8d3da1
--- /dev/null
+++ b/helm/policy/components/policy-api/resources/config/apiParameters.yaml
@@ -0,0 +1,102 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+server:
+  port: {{ .Values.service.internalPort }}
+  ssl:
+    enabled: false
+
+spring:
+  security.user:
+    name: "${RESTSERVER_USER}"
+    password: "${RESTSERVER_PASSWORD}"
+  mvc.converters.preferred-json-mapper: gson
+  datasource:
+    url: jdbc:mariadb://{{ .Values.db.service.name }}/policyadmin
+    driverClassName: org.mariadb.jdbc.Driver
+    username: "${SQL_USER}"
+    password: "${SQL_PASSWORD}"
+    hikari:
+      maximumPoolSize: 20
+  jpa:
+    properties:
+      hibernate:
+        dialect: org.hibernate.dialect.MariaDB103Dialect
+    hibernate:
+      ddl-auto: none
+      naming:
+        physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
+        implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
+
+policy-api:
+  name: ApiGroup
+  aaf: false
+
+database:
+  name: PolicyProviderParameterGroup
+  implementation: org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl
+  driver: org.mariadb.jdbc.Driver
+  url: jdbc:mariadb://{{ .Values.db.service.name }}/policyadmin
+  user: "${SQL_USER}"
+  password: "${SQL_PASSWORD}"
+  persistenceUnit: PolicyDb
+
+policy-preload:
+  policyTypes:
+    - policytypes/onap.policies.monitoring.tcagen2.yaml
+    - policytypes/onap.policies.monitoring.tcagen2.v2.yaml
+    - policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml
+    - policytypes/onap.policies.monitoring.dcae-restconfcollector.yaml
+    - policytypes/onap.policies.monitoring.dcae-pm-subscription-handler.yaml
+    - policytypes/onap.policies.monitoring.dcae-pm-mapper.yaml
+    - policytypes/onap.policies.Optimization.yaml
+    - policytypes/onap.policies.optimization.Resource.yaml
+    - policytypes/onap.policies.optimization.Service.yaml
+    - policytypes/onap.policies.optimization.resource.AffinityPolicy.yaml
+    - policytypes/onap.policies.optimization.resource.DistancePolicy.yaml
+    - policytypes/onap.policies.optimization.resource.HpaPolicy.yaml
+    - policytypes/onap.policies.optimization.resource.OptimizationPolicy.yaml
+    - policytypes/onap.policies.optimization.resource.PciPolicy.yaml
+    - policytypes/onap.policies.optimization.service.QueryPolicy.yaml
+    - policytypes/onap.policies.optimization.service.SubscriberPolicy.yaml
+    - policytypes/onap.policies.optimization.resource.Vim_fit.yaml
+    - policytypes/onap.policies.optimization.resource.VnfPolicy.yaml
+    - policytypes/onap.policies.controlloop.guard.Common.yaml
+    - policytypes/onap.policies.controlloop.guard.common.Blacklist.yaml
+    - policytypes/onap.policies.controlloop.guard.common.FrequencyLimiter.yaml
+    - policytypes/onap.policies.controlloop.guard.common.MinMax.yaml
+    - policytypes/onap.policies.controlloop.guard.common.Filter.yaml
+    - policytypes/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml
+    - policytypes/onap.policies.Naming.yaml
+    - policytypes/onap.policies.Match.yaml
+    - policytypes/onap.policies.native.Drools.yaml
+    - policytypes/onap.policies.native.Xacml.yaml
+    - policytypes/onap.policies.native.Apex.yaml
+    - policytypes/onap.policies.controlloop.operational.Common.yaml
+    - policytypes/onap.policies.controlloop.operational.common.Apex.yaml
+    - policytypes/onap.policies.controlloop.operational.common.Drools.yaml
+  policies:
+    - policies/sdnc.policy.naming.input.tosca.yaml
+
+management:
+  endpoints:
+    web:
+      base-path: /
+      exposure:
+        include: health,metrics,prometheus
+      path-mapping.prometheus: metrics
diff --git a/helm/policy/components/policy-api/resources/config/logback.xml b/helm/policy/components/policy-api/resources/config/logback.xml
new file mode 100755
index 00000000..da8c8c79
--- /dev/null
+++ b/helm/policy/components/policy-api/resources/config/logback.xml
@@ -0,0 +1,159 @@
+<!--
+  ============LICENSE_START=======================================================
+   Copyright (C) 2023 Nordix Foundation. All rights reserved.
+  ================================================================================
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+       http://www.apache.org/licenses/LICENSE-2.0
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+  SPDX-License-Identifier: Apache-2.0
+  ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+    <appender name="ErrorOut"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/api/error.log</file>
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/api/error.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+            <level>WARN</level>
+        </filter>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncErrorOut"
+        class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="ErrorOut" />
+    </appender>
+
+    <appender name="DebugOut"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/api/debug.log</file>
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/api/debug.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncDebugOut"
+        class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="DebugOut" />
+    </appender>
+
+    <appender name="NetworkOut"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/api/network.log</file>
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/api/network.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncNetworkOut"
+        class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="NetworkOut" />
+    </appender>
+
+    <appender name="MetricOut"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/api/metric.log</file>
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/api/metric.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncMetricOut"
+        class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="MetricOut" />
+    </appender>
+
+    <appender name="TransactionOut"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/api/audit.log</file>
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/api/audit.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncTransactionOut"
+        class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="TransactionOut" />
+    </appender>
+
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="STDOUT" />
+    </appender>
+
+    <logger name="network" level="INFO" additivity="false">
+        <appender-ref ref="AsyncNetworkOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </logger>
+
+    <logger name="org.eclipse.jetty.server.RequestLog" level="info"
+        additivity="false">
+        <appender-ref ref="AsyncNetworkOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </logger>
+
+    <logger name="org.eclipse.jetty" level="ERROR" />
+
+    <root level="INFO">
+        <appender-ref ref="AsyncDebugOut" />
+        <appender-ref ref="AsyncErrorOut" />
+        <appender-ref ref="AsyncMetricOut" />
+        <appender-ref ref="AsyncTransactionOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </root>
+
+</configuration>
diff --git a/helm/policy/components/policy-api/templates/configmap.yaml b/helm/policy/components/policy-api/templates/configmap.yaml
new file mode 100644
index 00000000..2ddfab37
--- /dev/null
+++ b/helm/policy/components/policy-api/templates/configmap.yaml
@@ -0,0 +1,37 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Chart.Name }}-configmap
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    heritage: Helm
+{{- with .Files.Glob "resources/config/*store" }}
+binaryData:
+{{- range $path, $bytes := . }}
+  {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
+{{- end }}
+{{- end }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{yaml,xml}").AsConfig . | indent 2 }}
diff --git a/helm/policy/components/policy-api/templates/deployment.yaml b/helm/policy/components/policy-api/templates/deployment.yaml
new file mode 100755
index 00000000..f93854ce
--- /dev/null
+++ b/helm/policy/components/policy-api/templates/deployment.yaml
@@ -0,0 +1,148 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    heritage: Helm
+spec:
+  selector:
+    matchLabels:
+      app: {{ .Chart.Name }}
+  replicas: {{ .Values.replicaCount }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Chart.Name }}
+    spec:
+      initContainers:
+        - command:
+          - /app/ready.py
+          args:
+          - --job-name
+          - policy-galera-config
+          env:
+          - name: NAMESPACE
+            valueFrom:
+              fieldRef:
+                apiVersion: v1
+                fieldPath: metadata.namespace
+          image: nexus3.onap.org:10001/onap/oom/readiness:3.0.1
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          name: {{ .Chart.Name }}-readiness
+        - command:
+          - sh
+          args:
+          - -c
+          - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+          env:
+          - name: SQL_USER
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Chart.Name }}-db-creds
+                key: login
+          - name: SQL_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Chart.Name }}-db-creds
+                key: password
+          - name: RESTSERVER_USER
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Chart.Name }}-restserver-creds
+                key: login
+          - name: RESTSERVER_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Chart.Name }}-restserver-creds
+                key: password
+          volumeMounts:
+          - mountPath: /config-input
+            name: apiconfig
+          - mountPath: /config
+            name: apiconfig-processed
+          image: docker.io/dibi/envsubst:1
+          imagePullPolicy: {{ .Values.pullPolicy }}
+          name: {{ .Chart.Name }}-update-config
+      containers:
+        - name: {{ .Chart.Name }}
+          image: {{ .Values.image }}
+          imagePullPolicy: {{ .Values.pullPolicy }}
+          command: ["/opt/app/policy/api/bin/policy-api.sh"]
+          args: ["/opt/app/policy/api/etc/mounted/apiParameters.yaml"]
+          ports:
+          - containerPort: {{ .Values.service.internalPort }}
+          # disable liveness probe when breakpoints set in debugger
+          # so K8s doesn't restart unresponsive container
+          {{- if eq .Values.liveness.enabled true }}
+          livenessProbe:
+            tcpSocket:
+              port: {{ .Values.service.internalPort }}
+            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.liveness.periodSeconds }}
+          {{ end -}}
+          readinessProbe:
+            httpGet:
+              path: {{ .Values.readiness.api }}
+              port: {{ .Values.service.internalPort }}
+              httpHeaders:
+                - name: Authorization
+                  value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }}
+              scheme: HTTP
+            successThreshold: {{ .Values.readiness.successThreshold }}
+            failureThreshold: {{ .Values.readiness.failureThreshold }}
+            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.readiness.periodSeconds }}
+            timeoutSeconds: {{ .Values.readiness.timeout }}
+          volumeMounts:
+          - mountPath: /etc/localtime
+            name: localtime
+            readOnly: true
+          - mountPath: /opt/app/policy/api/etc/mounted
+            name: apiconfig-processed
+          resources:
+{{ toYaml .Values.resources.small | indent 12 }}
+        {{- if .Values.nodeSelector }}
+        nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+        {{- end -}}
+        {{- if .Values.affinity }}
+        affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+        {{- end }}
+      serviceAccountName: {{ .Chart.Name }}-read
+      volumes:
+        - name: localtime
+          hostPath:
+             path: /etc/localtime
+        - name: apiconfig
+          configMap:
+            name: {{ .Chart.Name }}-configmap
+            defaultMode: 0755
+        - name: apiconfig-processed
+          emptyDir:
+            medium: Memory
+      imagePullSecrets:
+      - name: "default-docker-registry-key"
\ No newline at end of file
diff --git a/helm/policy/components/policy-api/templates/role-binding.yaml b/helm/policy/components/policy-api/templates/role-binding.yaml
new file mode 100644
index 00000000..38fb4a6b
--- /dev/null
+++ b/helm/policy/components/policy-api/templates/role-binding.yaml
@@ -0,0 +1,33 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Chart.Name }}-read
+  namespace: default
+subjects:
+- kind: ServiceAccount
+  name: {{ .Chart.Name }}-read
+roleRef:
+  kind: Role
+  name: read
+  apiGroup: rbac.authorization.k8s.io
+
diff --git a/helm/policy/components/policy-api/templates/secret.yaml b/helm/policy/components/policy-api/templates/secret.yaml
new file mode 100644
index 00000000..68e4dddc
--- /dev/null
+++ b/helm/policy/components/policy-api/templates/secret.yaml
@@ -0,0 +1,53 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Chart.Name }}-db-creds
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: release
+    heritage: Helm
+type: Opaque
+stringData:
+  login: {{ .Values.db.user }}
+  password: {{ .Values.db.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Chart.Name }}-restserver-creds
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: release
+    heritage: Helm
+type: Opaque
+stringData:
+  login: {{ .Values.restServer.user }}
+  password: {{ .Values.restServer.password }}
+
+
diff --git a/helm/policy/components/policy-api/templates/service-account.yaml b/helm/policy/components/policy-api/templates/service-account.yaml
new file mode 100644
index 00000000..310cab47
--- /dev/null
+++ b/helm/policy/components/policy-api/templates/service-account.yaml
@@ -0,0 +1,25 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Chart.Name }}-read
+
diff --git a/helm/policy/components/policy-api/templates/service.yaml b/helm/policy/components/policy-api/templates/service.yaml
new file mode 100644
index 00000000..7a2e6473
--- /dev/null
+++ b/helm/policy/components/policy-api/templates/service.yaml
@@ -0,0 +1,39 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: release
+    heritage: Helm
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.externalPort }}
+      targetPort: {{ .Values.service.internalPort }}
+      name: {{ .Values.service.portName }}
+  selector:
+    app: {{ .Chart.Name }}
+    release: release
\ No newline at end of file
diff --git a/helm/policy/components/policy-api/values.yaml b/helm/policy/components/policy-api/values.yaml
new file mode 100644
index 00000000..09418b7d
--- /dev/null
+++ b/helm/policy/components/policy-api/values.yaml
@@ -0,0 +1,98 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+  nodePortPrefix: 304
+  persistence: {}
+  aafEnabled: false
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: nexus3.onap.org:10001/onap/policy-api:2.7.1
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+db:
+  user: policy-user
+  password: policy-user
+  service:
+    name: mariadb-galera
+    internalPort: 3306
+
+restServer:
+  user: policyadmin
+  password: zb!XztG34
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 60
+  periodSeconds: 10
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: true
+
+readiness:
+  initialDelaySeconds: 10
+  periodSeconds: 120
+  api: /policy/api/v1/healthcheck
+  successThreshold: 1
+  failureThreshold: 3
+  timeout: 60
+
+service:
+  type: ClusterIP
+  name: policy-api
+  portName: http
+  externalPort: 6969
+  internalPort: 6969
+  nodePort: 40
+
+ingress:
+  enabled: false
+
+flavor: small
+resources:
+  small:
+    limits:
+      cpu: 1
+      memory: 4Gi
+    requests:
+      cpu: 100m
+      memory: 1Gi
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: policy-api
+  roles:
+    - read
diff --git a/helm/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml b/helm/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml
new file mode 100644
index 00000000..39627061
--- /dev/null
+++ b/helm/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml
@@ -0,0 +1,22 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+apiVersion: v2
+description: ONAP Policy Clamp ACM Policy Participant
+name: policy-clamp-ac-pf-ppnt
+version: 11.0.0
diff --git a/helm/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml b/helm/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml
new file mode 100644
index 00000000..be8a3550
--- /dev/null
+++ b/helm/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml
@@ -0,0 +1,128 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+spring:
+  autoconfigure:
+    exclude: >
+      org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,
+      org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,
+      org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration
+  security:
+    user:
+      name: ${RESTSERVER_USER}
+      password: ${RESTSERVER_PASSWORD}
+  kafka:
+    consumer:
+      group-id: {{ .Values.config.kafka.consumer.groupId }}
+{{- if .Values.config.useStrimziKafka }}
+    bootstrap-servers: {{ .Values.config.kafkaBootstrap }}:9092
+    security.protocol: SASL_PLAINTEXT
+    properties.sasl:
+      mechanism: SCRAM-SHA-512
+      jaas.config: ${JAASLOGIN}
+{{ else }}
+{{ toYaml .Values.config.eventConsumption | nindent 2 }}
+{{- end }}
+
+security:
+  enable-csrf: false
+
+participant:
+  pdpGroup: defaultGroup
+  pdpType: apex
+  policyApiParameters:
+    clientName: api
+    hostname: policy-api
+    port: 6969
+    userName: ${API_USER}
+    password: ${API_PASSWORD}
+    useHttps: false
+    allowSelfSignedCerts: true
+  policyPapParameters:
+    clientName: pap
+    hostname: policy-pap
+    port: 6969
+    userName: ${PAP_USER}
+    password: ${PAP_PASSWORD}
+    useHttps: false
+    allowSelfSignedCerts: true
+  intermediaryParameters:
+    reportingTimeIntervalMs: 120000
+    description: Participant Description
+    participantId:
+      name: org.onap.PM_Policy
+      version: 1.0.0
+    participantType:
+      name: org.onap.policy.clamp.acm.PolicyParticipant
+      version: 2.3.1
+    clampAutomationCompositionTopics:
+      topicSources:
+        -
+          topic: POLICY-ACRUNTIME-PARTICIPANT
+          servers:
+            - ${topicServer:message-router}
+          topicCommInfrastructure: dmaap
+          fetchTimeout: 15000
+          useHttps: false
+      topicSinks:
+        -
+          topic: POLICY-ACRUNTIME-PARTICIPANT
+          servers:
+            - ${topicServer:message-router}
+          topicCommInfrastructure: dmaap
+          useHttps: false
+
+# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
+#    clampAutomationCompositionTopics:
+#      topicSources:
+#        -
+#          topic: policy-acruntime-participant
+#          servers:
+#            - {{ .Values.config.kafkaBootstrap }}:9092
+#          topicCommInfrastructure: kafka
+#          fetchTimeout: 15000
+#          useHttps: false
+#          additionalProps:
+#            security.protocol: SASL_PLAINTEXT
+#            sasl.mechanism: SCRAM-SHA-512
+#            sasl.jaas.config: ${JAASLOGIN}
+#      topicSinks:
+#        -
+#          topic: policy-acruntime-participant
+#          servers:
+#            - {{ .Values.config.kafkaBootstrap }}:9092
+#          topicCommInfrastructure: kafka
+#          useHttps: false
+#          additionalProps:
+#            security.protocol: SASL_PLAINTEXT
+#            sasl.mechanism: SCRAM-SHA-512
+#            sasl.jaas.config: ${JAASLOGIN}
+
+management:
+  endpoints:
+    web:
+      exposure:
+        include: health, metrics, prometheus
+
+server:
+  port: 8085
+  servlet:
+    context-path: /onap/policyparticipant
+  ssl:
+    enabled: false
+
diff --git a/helm/policy/components/policy-clamp-ac-pf-ppnt/resources/config/logback.xml b/helm/policy/components/policy-clamp-ac-pf-ppnt/resources/config/logback.xml
new file mode 100644
index 00000000..3d24eefe
--- /dev/null
+++ b/helm/policy/components/policy-clamp-ac-pf-ppnt/resources/config/logback.xml
@@ -0,0 +1,103 @@
+<!--
+  ============LICENSE_START=======================================================
+   Copyright (C) 2023 Nordix Foundation. All rights reserved.
+  ================================================================================
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+       http://www.apache.org/licenses/LICENSE-2.0
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+  SPDX-License-Identifier: Apache-2.0
+  ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+    <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/pf-participant/error.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/pf-participant/error.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+            <level>WARN</level>
+        </filter>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="ErrorOut" />
+    </appender>
+
+    <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/pf-participant/debug.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/pf-participant/debug.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="DebugOut" />
+    </appender>
+
+    <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/pf-participant/network.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/pf-participant/network.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="NetworkOut" />
+    </appender>
+
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="STDOUT" />
+    </appender>
+
+    <logger name="network" level="INFO" additivity="false">
+        <appender-ref ref="AsyncNetworkOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </logger>
+
+    <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+        <appender-ref ref="AsyncNetworkOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </logger>
+
+    <root level="INFO">
+        <appender-ref ref="AsyncDebugOut" />
+        <appender-ref ref="AsyncErrorOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </root>
+
+</configuration>
diff --git a/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/configmap.yaml b/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/configmap.yaml
new file mode 100644
index 00000000..1319768a
--- /dev/null
+++ b/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/configmap.yaml
@@ -0,0 +1,32 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Chart.Name }}-configmap
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: RELEASE
+    heritage: Helm
+data:
+{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }}
diff --git a/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml b/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml
new file mode 100644
index 00000000..e9288ad8
--- /dev/null
+++ b/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml
@@ -0,0 +1,150 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: default
+  labels:
+    app.kubernetes.io/name: {{ .Chart.Name }}
+    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    app.kubernetes.io/instance: RELEASE
+    app.kubernetes.io/managed-by: Helm
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ .Chart.Name }}
+      app.kubernetes.io/instance: RELEASE
+  replicas: {{ .Values.replicaCount }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ .Chart.Name }}
+        helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+        app.kubernetes.io/instance: RELEASE
+        app.kubernetes.io/managed-by: Helm
+      name: {{ .Chart.Name }}
+    spec:
+      initContainers:
+      - command:
+        - sh
+        args:
+        - -c
+        - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+        env:
+        - name: API_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-api-secret
+              key: login
+        - name: API_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-api-secret
+              key: password
+        - name: PAP_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-pap-secret
+              key: login
+        - name: PAP_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-pap-secret
+              key: login
+        - name: RESTSERVER_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-restserver-secret
+              key: login
+        - name: RESTSERVER_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-restserver-secret
+              key: login
+{{- if .Values.config.useStrimziKafka }}
+        - name: JAASLOGIN
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-policy-kafka-user
+              key: sasl.jaas.config
+{{- end }}
+        volumeMounts:
+        - mountPath: /config-input
+          name: ac-pf-ppnt-config
+        - mountPath: /config
+          name: ac-pf-ppnt-config-processed
+        image: docker.io/dibi/envsubst:1
+        imagePullPolicy: {{ .Values.pullPolicy }}
+        name: {{ .Chart.Name }}-update-config
+      containers:
+        - name: {{ .Chart.Name }}
+          image: {{ .Values.image }}
+          imagePullPolicy: {{ .Values.pullPolicy }}
+          command: ["/opt/app/policy/clamp/bin/policy-participant.sh"]
+          args: ["/opt/app/policy/clamp/etc/mounted/PolicyParticipantParameters.yaml"]
+          ports:
+            - containerPort: 8085
+              name: http-api
+          # disable liveness probe when breakpoints set in debugger
+          # so K8s doesn't restart unresponsive container
+          {{- if eq .Values.liveness.enabled true }}
+          livenessProbe:
+            tcpSocket:
+              port: {{ .Values.liveness.port }}
+            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.liveness.periodSeconds }}
+          {{ end -}}
+          readinessProbe:
+            tcpSocket:
+              port: {{ .Values.readiness.port }}
+            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.readiness.periodSeconds }}
+          volumeMounts:
+          - mountPath: /etc/localtime
+            name: localtime
+            readOnly: true
+          - mountPath: /opt/app/policy/clamp/etc/mounted
+            name: ac-pf-ppnt-config-processed
+          resources:
+{{ toYaml .Values.resources.small | indent 12 }}
+        {{- if .Values.nodeSelector }}
+        nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+        {{- end -}}
+        {{- if .Values.affinity }}
+        affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+        {{- end }}
+      serviceAccountName: {{ .Chart.Name }}-read
+      volumes:
+        - name: localtime
+          hostPath:
+             path: /etc/localtime
+        - name: ac-pf-ppnt-config
+          configMap:
+            name: {{ .Chart.Name }}-configmap
+            defaultMode: 0755
+        - name: ac-pf-ppnt-config-processed
+          emptyDir:
+            medium: Memory
+      imagePullSecrets:
+      - name: "default-docker-registry-key"
diff --git a/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/role-binding.yaml b/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/role-binding.yaml
new file mode 100644
index 00000000..54e8e901
--- /dev/null
+++ b/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/role-binding.yaml
@@ -0,0 +1,37 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ .Chart.Name }}-read
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    heritage: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Chart.Name }}-read
+    namespace: default
+
diff --git a/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/secrets.yaml b/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/secrets.yaml
new file mode 100644
index 00000000..36cd762b
--- /dev/null
+++ b/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/secrets.yaml
@@ -0,0 +1,80 @@
+{{/*
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Chart.Name }}-api-secret
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: RELEASE
+    heritage: Helm
+type: Opaque
+stringData:
+  login: {{ .Values.restServer.api.user }}
+  password: {{ .Values.restServer.api.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Chart.Name }}-pap-secret
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: RELEASE
+    heritage: Helm
+type: Opaque
+stringData:
+  login: {{ .Values.restServer.pap.user }}
+  password: {{ .Values.restServer.pap.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Chart.Name }}-policy-kafka-user
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: RELEASE
+    heritage: Helm
+type: Opaque
+stringData:
+  sasl.jaas.config: "HuveRotkMosl5!"
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Chart.Name }}-restserver-secret
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: RELEASE
+    heritage: Helm
+type: Opaque
+stringData:
+  login: {{ .Values.restServer.participantppnt.user }}
+  password: {{ .Values.restServer.participantppnt.password }}
\ No newline at end of file
diff --git a/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/service-account.yaml b/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/service-account.yaml
new file mode 100644
index 00000000..7e07faf8
--- /dev/null
+++ b/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/service-account.yaml
@@ -0,0 +1,25 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Chart.Name }}-read
diff --git a/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/service.yaml b/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/service.yaml
new file mode 100644
index 00000000..60456ecd
--- /dev/null
+++ b/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/service.yaml
@@ -0,0 +1,43 @@
+{{/*

+#  ============LICENSE_START=======================================================

+#   Copyright (C) 2023 Nordix Foundation. All rights reserved.

+#  ================================================================================

+#  Licensed under the Apache License, Version 2.0 (the "License");

+#  you may not use this file except in compliance with the License.

+#  You may obtain a copy of the License at

+#

+#       http://www.apache.org/licenses/LICENSE-2.0

+#

+#  Unless required by applicable law or agreed to in writing, software

+#  distributed under the License is distributed on an "AS IS" BASIS,

+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+#  See the License for the specific language governing permissions and

+#  limitations under the License.

+#

+#  SPDX-License-Identifier: Apache-2.0

+#  ============LICENSE_END=========================================================

+*/}}

+

+apiVersion: v1

+kind: Service

+metadata:

+  name: {{ .Chart.Name }}

+  namespace: default

+  labels:

+    app.kubernetes.io/name: {{ .Chart.Name }}

+    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}

+    app.kubernetes.io/instance: RELEASE

+    app.kubernetes.io/managed-by: Helm

+spec:

+  ports:

+    - port: {{ .Values.service.ports.port }}

+      targetPort: {{ .Values.service.ports.port }}

+      protocol: TCP

+      name: {{ .Values.service.ports.name }}

+  ipFamilyPolicy: PreferDualStack

+  type: {{ .Values.service.type }}

+  selector:

+    app.kubernetes.io/name: {{ .Chart.Name }}

+    app.kubernetes.io/instance: RELEASE

+  sessionAffinity: None

+

diff --git a/helm/policy/components/policy-clamp-ac-pf-ppnt/values.yaml b/helm/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
new file mode 100644
index 00000000..f1f0919d
--- /dev/null
+++ b/helm/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
@@ -0,0 +1,119 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+  persistence: {}
+  aafEnabled: false
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: nexus3.onap.org:10001/onap/policy-clamp-ac-pf-ppnt:6.3.1
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# default number of instances
+replicaCount: 1
+
+# application configuration
+restServer:
+  api:
+    user: policyadmin
+    password: zb!XztG34
+  pap:
+    user: policyadmin
+    password: zb!XztG34
+  participantppnt:
+    user: participantUser
+    password: zb!XztG34
+
+nodeSelector: {}
+
+affinity: {}
+ingress:
+  enabled: false
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 20
+  periodSeconds: 10
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: true
+  port: http-api
+
+readiness:
+  initialDelaySeconds: 20
+  periodSeconds: 10
+  port: http-api
+
+service:
+  type: ClusterIP
+  name: policy-clamp-ac-pf-ppnt
+  useNodePortExt: true
+  ports:
+    name: http-api
+    port: 8085
+    nodePort: 42
+
+flavor: small
+resources:
+  small:
+    limits:
+      cpu: 1
+      memory: 4Gi
+    requests:
+      cpu: 100m
+      memory: 1Gi
+  unlimited: {}
+#Pods Service Account
+serviceAccount:
+  nameOverride: policy-clamp-ac-pf-ppnt
+  roles:
+    - read
+
+config:
+# Event consumption (kafka) properties
+  useStrimziKafka: true
+  kafkaBootstrap: strimzi-kafka-bootstrap
+  kafka:
+    consumer:
+      groupId: policy-group
+  app:
+    listener:
+      acRuntimeTopic: policy-acruntime-participant
+# If targeting a custom kafka cluster, ie useStrimziKakfa: false
+# uncomment below config and target your kafka bootstrap servers,
+# along with any other security config.
+#
+# eventConsumption:
+#   spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
+#   spring.kafka.security.protocol: PLAINTEXT
+#   spring.kafka.consumer.group-id: policy-group
+#
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format instead of yaml.
+# additional:
+#   spring.config.max-size: 200
+#   spring.config.min-size: 10
diff --git a/helm/policy/components/policy-pap/Chart.yaml b/helm/policy/components/policy-pap/Chart.yaml
new file mode 100755
index 00000000..d0b9aaa4
--- /dev/null
+++ b/helm/policy/components/policy-pap/Chart.yaml
@@ -0,0 +1,23 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+apiVersion: v2
+description: ONAP Policy Administration (PAP)
+name: policy-pap
+version: 11.0.0
+
diff --git a/helm/policy/components/policy-pap/resources/config/logback.xml b/helm/policy/components/policy-pap/resources/config/logback.xml
new file mode 100755
index 00000000..b544c272
--- /dev/null
+++ b/helm/policy/components/policy-pap/resources/config/logback.xml
@@ -0,0 +1,103 @@
+<!--
+  ============LICENSE_START=======================================================
+   Copyright (C) 2023 Nordix Foundation. All rights reserved.
+  ================================================================================
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+       http://www.apache.org/licenses/LICENSE-2.0
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+  SPDX-License-Identifier: Apache-2.0
+  ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+    <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/pap/error.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/pap/error.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+            <level>WARN</level>
+        </filter>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="ErrorOut" />
+    </appender>
+
+    <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/pap/debug.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/pap/debug.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="DebugOut" />
+    </appender>
+
+    <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/pap/network.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/pap/network.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="NetworkOut" />
+    </appender>
+
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="STDOUT" />
+    </appender>
+
+    <logger name="network" level="INFO" additivity="false">
+        <appender-ref ref="AsyncNetworkOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </logger>
+
+    <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+        <appender-ref ref="AsyncNetworkOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </logger>
+
+    <root level="INFO">
+        <appender-ref ref="AsyncDebugOut" />
+        <appender-ref ref="AsyncErrorOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </root>
+
+</configuration>
diff --git a/helm/policy/components/policy-pap/resources/config/papParameters.yaml b/helm/policy/components/policy-pap/resources/config/papParameters.yaml
new file mode 100644
index 00000000..8dd624a8
--- /dev/null
+++ b/helm/policy/components/policy-pap/resources/config/papParameters.yaml
@@ -0,0 +1,136 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+spring:
+  security:
+    user:
+      name: "${RESTSERVER_USER}"
+      password: "${RESTSERVER_PASSWORD}"
+  http:
+    converters:
+      preferred-json-mapper: gson
+  datasource:
+    url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort}}/policyadmin
+    driverClassName: org.mariadb.jdbc.Driver
+    username: "${SQL_USER}"
+    password: "${SQL_PASSWORD}"
+    hikari:
+      maximumPoolSize: 20
+  jpa:
+    properties:
+      hibernate:
+        dialect: org.hibernate.dialect.MariaDB103Dialect
+    hibernate:
+      ddl-auto: none
+      naming:
+        physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
+        implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
+  kafka:
+    consumer:
+      group-id: {{ .Values.config.kafka.consumer.groupId }}
+{{- if .Values.config.useStrimziKafka }}
+    bootstrap-servers: {{ .Values.config.kafkaBootstrap }}:9092
+    security.protocol: SASL_PLAINTEXT
+    properties.sasl:
+      mechanism: SCRAM-SHA-512
+      jaas.config: ${JAASLOGIN}
+{{ else }}
+{{ toYaml .Values.config.eventConsumption | nindent 2 }}
+{{- end }}
+
+server:
+  port: 6969
+  ssl:
+    enabled: false
+
+pap:
+  name: PapGroup
+  aaf: false
+  pdpParameters:
+    heartBeatMs: 120000
+    updateParameters:
+      maxRetryCount: 1
+      maxWaitMs: 30000
+    stateChangeParameters:
+      maxRetryCount: 1
+      maxWaitMs: 30000
+  savePdpStatisticsInDb: false
+  topicParameterGroup:
+    topicSources:
+    - topic: POLICY-PDP-PAP
+      servers:
+      - message-router
+      useHttps: false
+      fetchTimeout: 15000
+      topicCommInfrastructure: dmaap
+    - topic: POLICY-HEARTBEAT
+      effectiveTopic: POLICY-PDP-PAP
+      consumerGroup: policy-pap
+      servers:
+      - message-router
+      useHttps: false
+      fetchTimeout: 15000
+      topicCommInfrastructure: dmaap
+    topicSinks:
+    - topic: POLICY-PDP-PAP
+      servers:
+      - message-router
+      useHttps: false
+      topicCommInfrastructure: dmaap
+    - topic: POLICY-NOTIFICATION
+      servers:
+      - message-router
+      useHttps: false
+      topicCommInfrastructure: dmaap
+# If Strimzi Kafka to be used for communication, replace following configuration for topicSources and topicSinks
+#          servers:
+#            - {{ .Values.config.kafkaBootstrap }}:9092
+#          topicCommInfrastructure: kafka
+#          additionalProps:
+#            security.protocol: SASL_PLAINTEXT
+#            sasl.mechanism: SCRAM-SHA-512
+#            sasl.jaas.config: ${JAASLOGIN}
+
+  healthCheckRestClientParameters:
+  - clientName: api
+    hostname: policy-api
+    port: 6969
+    userName: "${API_USER}"
+    password: "${API_PASSWORD}"
+    useHttps: false
+    basePath: policy/api/v1/healthcheck
+  - clientName: distribution
+    hostname: policy-distribution
+    port: 6969
+    userName: "${DISTRIBUTION_USER}"
+    password: "${DISTRIBUTION_PASSWORD}"
+    useHttps: false
+    basePath: healthcheck
+  - clientName: dmaap
+    hostname: message-router
+    port: 3904
+    useHttps: false
+    basePath: topics
+
+management:
+  endpoints:
+    web:
+      base-path: /
+      exposure:
+        include: health, metrics, prometheus
+      path-mapping.prometheus: metrics
diff --git a/helm/policy/components/policy-pap/templates/configmap.yaml b/helm/policy/components/policy-pap/templates/configmap.yaml
new file mode 100755
index 00000000..6d77c146
--- /dev/null
+++ b/helm/policy/components/policy-pap/templates/configmap.yaml
@@ -0,0 +1,38 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Chart.Name }}-configmap
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: RELEASE
+    heritage: Helm
+{{- with .Files.Glob "resources/config/*store" }}
+binaryData:
+{{- range $path, $bytes := . }}
+  {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
+{{- end }}
+{{- end }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{yaml,xml}").AsConfig . | indent 2 }}
diff --git a/helm/policy/components/policy-pap/templates/deployment.yaml b/helm/policy/components/policy-pap/templates/deployment.yaml
new file mode 100755
index 00000000..6c82fb8b
--- /dev/null
+++ b/helm/policy/components/policy-pap/templates/deployment.yaml
@@ -0,0 +1,182 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: default
+  labels:
+    app.kubernetes.io/name: {{ .Chart.Name }}
+    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    app.kubernetes.io/instance: RELEASE
+    app.kubernetes.io/managed-by: Helm
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ .Chart.Name }}
+      app.kubernetes.io/instance: RELEASE
+  replicas: {{ .Values.replicaCount }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ .Chart.Name }}
+        helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+        app.kubernetes.io/instance: RELEASE
+        app.kubernetes.io/managed-by: Helm
+
+    spec:
+      initContainers:
+      - command:
+        - /app/ready.py
+        args:
+        - --job-name
+        - policy-galera-config
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        image: nexus3.onap.org:10001/onap/oom/readiness:3.0.1
+        imagePullPolicy: {{ .Values.pullPolicy }}
+        name: {{ .Chart.Name }}-readiness
+      - command:
+        - sh
+        args:
+        - -c
+        - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+        env:
+        - name: SQL_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-db-secret
+              key: login
+        - name: SQL_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-db-secret
+              key: password
+        - name: RESTSERVER_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-restserver-secret
+              key: login
+        - name: RESTSERVER_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-restserver-secret
+              key: password
+        - name: API_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-api-secret
+              key: login
+        - name: API_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-api-secret
+              key: password
+        - name: DISTRIBUTION_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-distribution-secret
+              key: login
+        - name: DISTRIBUTION_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-distribution-secret
+              key: password
+{{- if .Values.config.useStrimziKafka }}
+        - name: JAASLOGIN
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-policy-kafka-user
+              key: sasl.jaas.config
+{{- end }}
+        volumeMounts:
+        - mountPath: /config-input
+          name: papconfig
+        - mountPath: /config
+          name: papconfig-processed
+        image: docker.io/dibi/envsubst:1
+        imagePullPolicy: {{ .Values.pullPolicy }}
+        name: {{ .Chart.Name }}-update-config
+      containers:
+        - name: {{ .Chart.Name }}
+          image: {{ .Values.image }}
+          imagePullPolicy: {{ .Values.pullPolicy }}
+          command: ["/opt/app/policy/pap/bin/policy-pap.sh"]
+          args: ["/opt/app/policy/pap/etc/mounted/papParameters.yaml"]
+          ports:
+            - containerPort: 6969
+              name: http-api
+          # disable liveness probe when breakpoints set in debugger
+          # so K8s doesn't restart unresponsive container
+          {{- if eq .Values.liveness.enabled true }}
+          livenessProbe:
+            tcpSocket:
+              port: {{ .Values.liveness.port }}
+            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.liveness.periodSeconds }}
+          {{ end -}}
+          readinessProbe:
+            httpGet:
+              path: {{ .Values.readiness.api }}
+              port: {{ .Values.readiness.port }}
+              httpHeaders:
+                - name: Authorization
+                  value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }}
+              scheme: HTTP
+            successThreshold: {{ .Values.readiness.successThreshold }}
+            failureThreshold: {{ .Values.readiness.failureThreshold }}
+            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.readiness.periodSeconds }}
+            timeoutSeconds: {{ .Values.readiness.timeout }}
+          volumeMounts:
+          - mountPath: /etc/localtime
+            name: localtime
+            readOnly: true
+          - mountPath: /opt/app/policy/pap/etc/mounted
+            name: papconfig-processed
+          resources:
+{{ toYaml .Values.resources.small | indent 12 }}
+        {{- if .Values.nodeSelector }}
+        nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+        {{- end -}}
+        {{- if .Values.affinity }}
+        affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+        {{- end }}
+      serviceAccountName: {{ .Chart.Name }}-read
+      volumes:
+        - name: localtime
+          hostPath:
+             path: /etc/localtime
+        - name: papconfig
+          configMap:
+            name: {{ .Chart.Name }}-configmap
+            defaultMode: 0755
+        - name: papconfig-processed
+          emptyDir:
+            medium: Memory
+      imagePullSecrets:
+      - name: "default-docker-registry-key"
diff --git a/helm/policy/components/policy-pap/templates/role-binding.yaml b/helm/policy/components/policy-pap/templates/role-binding.yaml
new file mode 100644
index 00000000..38fb4a6b
--- /dev/null
+++ b/helm/policy/components/policy-pap/templates/role-binding.yaml
@@ -0,0 +1,33 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Chart.Name }}-read
+  namespace: default
+subjects:
+- kind: ServiceAccount
+  name: {{ .Chart.Name }}-read
+roleRef:
+  kind: Role
+  name: read
+  apiGroup: rbac.authorization.k8s.io
+
diff --git a/helm/policy/components/policy-pap/templates/secrets.yaml b/helm/policy/components/policy-pap/templates/secrets.yaml
new file mode 100755
index 00000000..7958a112
--- /dev/null
+++ b/helm/policy/components/policy-pap/templates/secrets.yaml
@@ -0,0 +1,97 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Chart.Name }}-api-secret
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: RELEASE
+    heritage: Helm
+type: Opaque
+stringData:
+  login: {{ .Values.healthCheckRestClient.api.user }}
+  password: {{ .Values.healthCheckRestClient.api.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Chart.Name }}-db-secret
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: RELEASE
+    heritage: Helm
+type: Opaque
+stringData:
+  login: {{ .Values.db.user }}
+  password: {{ .Values.db.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Chart.Name }}-distribution-secret
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: RELEASE
+    heritage: Helm
+type: Opaque
+stringData:
+  login: {{ .Values.healthCheckRestClient.distribution.user }}
+  password: {{ .Values.healthCheckRestClient.distribution.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Chart.Name }}-policy-kafka-user
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: RELEASE
+    heritage: Helm
+type: Opaque
+stringData:
+  sasl.jaas.config: "Zule4]TateGila"
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Chart.Name }}-restserver-secret
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: RELEASE
+    heritage: Helm
+type: Opaque
+stringData:
+  login: {{ .Values.restServer.user }}
+  password: {{ .Values.restServer.password }}
\ No newline at end of file
diff --git a/helm/policy/components/policy-pap/templates/service-account.yaml b/helm/policy/components/policy-pap/templates/service-account.yaml
new file mode 100644
index 00000000..2a46e911
--- /dev/null
+++ b/helm/policy/components/policy-pap/templates/service-account.yaml
@@ -0,0 +1,20 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Chart.Name }}-read
diff --git a/helm/policy/components/policy-pap/templates/service.yaml b/helm/policy/components/policy-pap/templates/service.yaml
new file mode 100755
index 00000000..1bee30f1
--- /dev/null
+++ b/helm/policy/components/policy-pap/templates/service.yaml
@@ -0,0 +1,43 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: default
+  labels:
+    name: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: RELEASE
+    heritage: Helm
+
+spec:
+  ports:
+    - port: {{ .Values.service.ports.port }}
+      targetPort: {{ .Values.service.ports.name }}
+      protocol: TCP
+      name: {{ .Values.service.ports.name }}
+  ipFamilyPolicy: PreferDualStack
+  type: {{ .Values.service.type }}
+  selector:
+    app: {{ .Chart.Name }}
+    release: RELEASE
+  sessionAffinity: None
diff --git a/helm/policy/components/policy-pap/values.yaml b/helm/policy/components/policy-pap/values.yaml
new file mode 100755
index 00000000..ae0defb9
--- /dev/null
+++ b/helm/policy/components/policy-pap/values.yaml
@@ -0,0 +1,132 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+  nodePortPrefixExt: 304
+  persistence: {}
+  aafEnabled: false
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: nexus3.onap.org:10001/onap/policy-pap:2.7.1
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+
+db:
+  user: policy-user
+  password: policy-user
+  service:
+    name: mariadb-galera
+    internalPort: 3306
+
+restServer:
+  user: policyadmin
+  password: zb!XztG34
+
+healthCheckRestClient:
+  api:
+    user: policyadmin
+    password: zb!XztG34
+  distribution:
+    user: healthcheck
+    password: zb!XztG34
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 60
+  periodSeconds: 10
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: true
+  port: http-api
+
+readiness:
+  initialDelaySeconds: 10
+  periodSeconds: 120
+  port: http-api
+  api: /policy/pap/v1/healthcheck
+  successThreshold: 1
+  failureThreshold: 3
+  timeout: 60
+
+service:
+  type: ClusterIP
+  name: policy-pap
+  useNodePortExt: true
+  ports:
+    name: http-api
+    port: 6969
+    nodePort: 42
+
+ingress:
+  enabled: false
+
+flavor: small
+resources:
+  small:
+    limits:
+      cpu: 1
+      memory: 4Gi
+    requests:
+      cpu: 100m
+      memory: 1Gi
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: policy-pap
+  roles:
+    - read
+
+# application configuration
+config:
+# Event consumption (kafka) properties
+  useStrimziKafka: true
+  kafkaBootstrap: strimzi-kafka-bootstrap
+  kafka:
+    consumer:
+      groupId: policy-group
+  app:
+    listener:
+      policyPdpPapTopic: policy-pdp-pap
+# If targeting a custom kafka cluster, ie useStrimziKakfa: false
+# uncomment below config and target your kafka bootstrap servers,
+# along with any other security config.
+#
+# eventConsumption:
+#   spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
+#   spring.kafka.security.protocol: PLAINTEXT
+#   spring.kafka.consumer.group-id: policy-group
+#
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format instead of yaml.
diff --git a/helm/policy/values.yaml b/helm/policy/values.yaml
index 8dcdae89..25e4dbfe 100755
--- a/helm/policy/values.yaml
+++ b/helm/policy/values.yaml
@@ -17,7 +17,7 @@
 #################################################################
 
 global:
-  aafEnabled: true
+  aafEnabled: false
   mariadb:
     # '&mariadbConfig' means we "store" the values for  later use in the file
     # with '*mariadbConfig' pointer.
@@ -30,33 +30,6 @@ global:
   kafkaBootstrap: strimzi-kafka-bootstrap
   policyKafkaUser: policy-kafka-user
 
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
-  - uid: db-root-password
-    name: &dbRootPassSecretName 'policy-db-root-password'
-    type: password
-    externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}'
-    password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
-    policy: generate
-  - uid: db-secret
-    name: &dbSecretName 'policy-db-secret'
-    type: basicAuth
-    externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}'
-    login: '{{ index .Values "mariadb-galera" "db" "user" }}'
-    password: '{{ index .Values "mariadb-galera" "db" "password" }}'
-    passwordPolicy: generate
-  - uid: policy-app-user-creds
-    name: &policyAppCredsSecret 'policy-app-user-creds'
-    type: basicAuth
-    externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}'
-    login: '{{ .Values.config.policyAppUserName }}'
-    password: '{{ .Values.config.policyAppUserPassword }}'
-    passwordPolicy: generate
-
-db: &dbSecretsHook
-  credsExternalSecret: *dbSecretName
 
 policy-models-simulator:
   enabled: true
@@ -64,9 +37,15 @@ policy-clamp-ac-k8s-ppnt:
   enabled: true
 policy-clamp-runtime-acm:
   enabled: true
-  db: *dbSecretsHook
-  config:
-    appUserExternalSecret: *policyAppCredsSecret
+policy-api:
+  enabled: true
+policy-pap:
+  enabled: true
+policy-apex-pdp:
+  enabled: true
+policy-clamp-ac-pf-ppnt:
+  enabled: true
+
 
 #################################################################
 # DB configuration defaults.
@@ -143,10 +122,7 @@ mariadb-galera:
   db:
     user: policy-user
     # password:
-    externalSecret: *dbSecretName
     name: &mysqlDbName policyadmin
-  rootUser:
-    externalSecret: *dbRootPassSecretName
   nameOverride: *mariadb-galera
   # mariadb-galera.service and global.mariadb.service must be equals
   service: *mariadbService
@@ -157,6 +133,12 @@ mariadb-galera:
   serviceAccount:
     nameOverride: *mariadb-galera
 
+restServer:
+  policyPapUserName: policyadmin
+  policyPapUserPassword: zb!XztG34
+  policyApiUserName: policyadmin
+  policyApiUserPassword: zb!XztG34
+
 # Resource Limit flavor -By Default using small
 # Segregation for Different environment (small, large, or unlimited)
 flavor: small