Merge "[COMMON] Fix declare bashisms"
diff --git a/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties
index ea799e2..0beaf4a 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties
+++ b/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties
@@ -1,6 +1,6 @@
 {{/*
 #
-#  Copyright (c) 2017-2019 AT&T, IBM, Bell Canada, Nordix Foundation.
+#  Copyright (c) 2017-2022 AT&T, IBM, Bell Canada, Nordix Foundation.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -109,19 +109,70 @@
 blueprintsprocessor.restclient.aai-data.additionalHeaders.Accept=application/json
 
 # Self Service Request Kafka Message Consumer
-blueprintsprocessor.messageconsumer.self-service-api.kafkaEnable=false
-blueprintsprocessor.messageconsumer.self-service-api.type=kafka-basic-auth
-blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers=message-router-kafka:9092
-blueprintsprocessor.messageconsumer.self-service-api.groupId=cds-consumer-group
-blueprintsprocessor.messageconsumer.self-service-api.topic=cds-consumer
-blueprintsprocessor.messageconsumer.self-service-api.clientId=cds-client
-blueprintsprocessor.messageconsumer.self-service-api.pollMillSec=1000
+blueprintsprocessor.messageconsumer.self-service-api.kafkaEnable={{ .Values.kafkaRequestConsumer.enabled  }}
+blueprintsprocessor.messageconsumer.self-service-api.type={{ .Values.kafkaRequestConsumer.type  }}
+{{- if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+{{- else -}}
+blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers={{ .Values.kafkaRequestConsumer.bootstrapServers  }}
+{{- end }}
+blueprintsprocessor.messageconsumer.self-service-api.groupId={{ .Values.kafkaRequestConsumer.groupId  }}
+blueprintsprocessor.messageconsumer.self-service-api.topic={{ .Values.kafkaRequestConsumer.topic  }}
+blueprintsprocessor.messageconsumer.self-service-api.clientId={{ .Values.kafkaRequestConsumer.clientId  }}
+blueprintsprocessor.messageconsumer.self-service-api.pollMillSec={{ .Values.kafkaRequestConsumer.pollMillSec  }}
+{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
+# SCRAM
+blueprintsprocessor.messageconsumer.self-service-api.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
+blueprintsprocessor.messageconsumer.self-service-api.scramPassword=${JAAS_PASS}
+{{ end }}
 
 # Self Service Response Kafka Message Producer
-blueprintsprocessor.messageproducer.self-service-api.bootstrapServers=message-router-kafka:9092
+blueprintsprocessor.messageproducer.self-service-api.type={{ .Values.kafkaRequestProducer.type  }}
+{{- if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageproducer.self-service-api.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+{{- else -}}
+blueprintsprocessor.messageproducer.self-service-api.bootstrapServers={{ .Values.kafkaRequestProducer.bootstrapServers  }}
+{{- end }}
+blueprintsprocessor.messageproducer.self-service-api.clientId={{ .Values.kafkaRequestProducer.clientId }}
+blueprintsprocessor.messageproducer.self-service-api.topic={{ .Values.kafkaRequestProducer.topic }}
+{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
+# SCRAM
+blueprintsprocessor.messageproducer.self-service-api.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
+blueprintsprocessor.messageproducer.self-service-api.scramPassword=${JAAS_PASS}
+{{ end }}
 
-# Kafka Audit Service Configurations
-blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable=false
+# AUDIT KAFKA FEATURE CONFIGURATION
+# Audit feature dumps CDS request to a topic as well as a truncated response message to another topic.
+## Audit request
+blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable={{ .Values.kafkaAuditRequest.enabled }}
+blueprintsprocessor.messageproducer.self-service-api.audit.request.type={{ .Values.kafkaAuditRequest.type }}
+{{- if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageproducer.self-service-api.audit.request.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+{{- else -}}
+blueprintsprocessor.messageproducer.self-service-api.audit.request.bootstrapServers={{ .Values.kafkaAuditRequest.bootstrapServers  }}
+{{- end }}
+blueprintsprocessor.messageproducer.self-service-api.audit.request.clientId={{ .Values.kafkaAuditRequest.clientId }}
+blueprintsprocessor.messageproducer.self-service-api.audit.request.topic={{ .Values.kafkaAuditRequest.topic }}
+{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
+# SCRAM
+blueprintsprocessor.messageproducer.self-service-api.audit.request.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
+blueprintsprocessor.messageproducer.self-service-api.audit.request.scramPassword=${JAAS_PASS}
+{{ end }}
+
+## Audit response
+blueprintsprocessor.messageproducer.self-service-api.audit.response.type={{ .Values.kafkaAuditResponse.type }}
+{{- if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageproducer.self-service-api.audit.response.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+{{- else -}}
+blueprintsprocessor.messageproducer.self-service-api.audit.response.bootstrapServers={{ .Values.kafkaAuditRequest.bootstrapServers  }}
+{{- end }}
+blueprintsprocessor.messageproducer.self-service-api.audit.response.clientId={{ .Values.kafkaAuditResponse.clientId }}
+blueprintsprocessor.messageproducer.self-service-api.audit.response.topic={{ .Values.kafkaAuditResponse.topic }}
+{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
+# SCRAM
+blueprintsprocessor.messageproducer.self-service-api.audit.response.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
+blueprintsprocessor.messageproducer.self-service-api.audit.response.scramPassword=${JAAS_PASS}
+{{ end }}
 
 # Executor Options
 blueprintsprocessor.resourceResolution.enabled=true
@@ -132,10 +183,10 @@
 ## Enable py-executor
 blueprintsprocessor.streamingRemoteExecution.enabled=true
 
-# Used in Health Check
-blueprintsprocessor.messageproducer.self-service-api.type=kafka-basic-auth
-blueprintsprocessor.messageproducer.self-service-api.clientId=cds-client
-blueprintsprocessor.messageproducer.self-service-api.topic=cds-producer
+## Used in Health Check
+#blueprintsprocessor.messageproducer.self-service-api.type=kafka-basic-auth
+#blueprintsprocessor.messageproducer.self-service-api.clientId=cds-client
+#blueprintsprocessor.messageproducer.self-service-api.topic=cds-producer
 
 
 #Encrypted username and password for health check service
diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-topics.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-topics.yaml
new file mode 100644
index 0000000..555f4d4
--- /dev/null
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-topics.yaml
@@ -0,0 +1,68 @@
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if eq .Values.useStrimziKafka true }}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+  name: {{ .Values.kafkaRequestConsumer.topic  }}
+  labels:
+    strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+  partitions: 10
+  replicas: 2
+  config:
+    retention.ms: 7200000
+    segment.bytes: 1073741824
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+  name: {{ .Values.kafkaRequestProducer.topic }}
+  labels:
+    strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+  partitions: 10
+  replicas: 2
+  config:
+    retention.ms: 7200000
+    segment.bytes: 1073741824
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+  name: {{ .Values.kafkaAuditRequest.topic }}
+  labels:
+    strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+  partitions: 10
+  replicas: 2
+  config:
+    retention.ms: 7200000
+    segment.bytes: 1073741824
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+  name: {{ .Values.kafkaAuditResponse.topic }}
+  labels:
+    strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+  partitions: 10
+  replicas: 2
+  config:
+    retention.ms: 7200000
+    segment.bytes: 1073741824
+{{ end }}
\ No newline at end of file
diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-user.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-user.yaml
new file mode 100644
index 0000000..65ee1d2
--- /dev/null
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-user.yaml
@@ -0,0 +1,49 @@
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if eq .Values.useStrimziKafka true }}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+  name: {{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
+  labels:
+    strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+  authentication:
+    type: scram-sha-512
+  authorization:
+    type: simple
+    acls:
+    - resource:
+        type: group
+        name: {{ .Values.kafkaRequestConsumer.groupId  }}
+      operation: All
+    - resource:
+        type: topic
+        name: {{ .Values.kafkaRequestConsumer.topic  }}
+      operation: All
+    - resource:
+        type: topic
+        name: {{ .Values.kafkaRequestProducer.topic }}
+      operation: All
+    - resource:
+        type: topic
+        name: {{ .Values.kafkaAuditRequest.topic }}
+      operation: All
+    - resource:
+        type: topic
+        name: {{ .Values.kafkaAuditResponse.topic }}
+      operation: All
+{{ end }}
\ No newline at end of file
diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
index d92f09a..d68e900 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
@@ -1,6 +1,7 @@
 {{/*
 # Copyright (c) 2019 IBM, Bell Canada
 # Copyright (c) 2020 Samsung Electronics
+# Modification Copyright © 2022 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -78,10 +79,6 @@
         args:
         - --container-name
         - cds-db
-        {{- if .Values.dmaapEnabled  }}
-        - --container-name
-        - message-router
-        {{ end }}
         env:
         - name: NAMESPACE
           valueFrom:
@@ -121,6 +118,10 @@
                 fieldPath: metadata.name
           - name: CLUSTER_CONFIG_FILE
             value: {{ .Values.config.appConfigDir }}/hazelcast.yaml
+          {{ if .Values.useStrimziKafka }}
+          - name: JAAS_PASS
+            value: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-kafka-secret" "key" "password") | indent 12 }}
+          {{ end }}
           ports:
           - containerPort: {{ .Values.service.http.internalPort }}
           - containerPort: {{ .Values.service.grpc.internalPort }}
diff --git a/kubernetes/cds/components/cds-blueprints-processor/values.yaml b/kubernetes/cds/components/cds-blueprints-processor/values.yaml
index a5180c5..af9482b 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/values.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/values.yaml
@@ -1,5 +1,6 @@
 # Copyright (c) 2019 IBM, Bell Canada
 # Copyright (c) 2020 Samsung Electronics
+# Modification Copyright © 2022 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -57,6 +58,13 @@
     externalSecret: '{{ tpl (default "" .Values.config.sdncDB.dbRootPassExternalSecret) . }}'
     password: '{{ .Values.config.sdncDB.dbRootPass }}'
     passwordPolicy: required
+  - uid: cds-kafka-secret
+    externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+    type: genericKV
+    envs:
+      - name: password
+        value: '{{ .Values.config.someConfig }}'
+        policy: generate
 
 #################################################################
 # AAF part
@@ -111,6 +119,7 @@
     # dbCredsExternalSecret: <some secret name>
     # dbRootPassword: password
     # dbRootPassExternalSecret
+  someConfig: blah
 
 # default number of instances
 replicaCount: 1
@@ -119,10 +128,40 @@
 
 affinity: {}
 
-# flag for kafka-listener dependency. Set to true if you are using message-router otherwise set to false if you are using
-# custom kafka cluster.
-dmaapEnabled: true
+# If useStrimziKafka is true, the following also applies:
+# strimzi will create an associated kafka user and the topics defined for Request and Audit elements below.
+# The connection type must be kafka-scram-plain-text-auth
+# The bootstrapServers will target the strimzi kafka cluster by default
+useStrimziKafka: false
+cdsKafkaUser: cds-kafka-user
 
+kafkaRequestConsumer:
+  enabled: false
+  type: kafka-scram-plain-text-auth
+  bootstrapServers: host:port
+  groupId: cds-consumer
+  topic: cds.blueprint-processor.self-service-api.request
+  clientId: request-receiver-client-id
+  pollMillSec: 1000
+kafkaRequestProducer:
+  type: kafka-scram-plain-text-auth
+  bootstrapServers: host:port
+  clientId: request-producer-client-id
+  topic: cds.blueprint-processor.self-service-api.response
+  enableIdempotence: false
+kafkaAuditRequest:
+  enabled: false
+  type: kafka-scram-plain-text-auth
+  bootstrapServers: host:port
+  clientId: audit-request-producer-client-id
+  topic: cds.blueprint-processor.self-service-api.audit.request
+  enableIdempotence: false
+kafkaAuditResponse:
+  type: kafka-scram-plain-text-auth
+  bootstrapServers: host:port
+  clientId: audit-response-producer-client-id
+  topic: cds.blueprint-processor.self-service-api.audit.response
+  enableIdempotence: false
 
 # probe configuration parameters
 startup:
diff --git a/kubernetes/cds/values.yaml b/kubernetes/cds/values.yaml
index edac066..58e6b65 100644
--- a/kubernetes/cds/values.yaml
+++ b/kubernetes/cds/values.yaml
@@ -1,6 +1,7 @@
 # Copyright © 2020 Samsung Electronics
 # Copyright © 2019 Orange, Bell Canada
 # Copyright © 2017 Amdocs, Bell Canada
+# Modification Copyright © 2022 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -22,6 +23,7 @@
   nodePortPrefixExt: 304
   persistence:
     mountPath: /dockerdata-nfs
+  cdsKafkaUser: cds-kafka-user
 
 #################################################################
 # Secrets metaconfig
@@ -212,6 +214,7 @@
       dbPort: 3306
       dbName: *mysqlDbName
       dbCredsExternalSecret: *dbUserSecretName
+    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.kafkaUser }}'
 
 cds-command-executor:
   enabled: true
diff --git a/kubernetes/contrib/components/awx/templates/service.yaml b/kubernetes/contrib/components/awx/templates/service.yaml
index 10f031d..85ec8c8 100755
--- a/kubernetes/contrib/components/awx/templates/service.yaml
+++ b/kubernetes/contrib/components/awx/templates/service.yaml
@@ -49,7 +49,6 @@
   ports:
     - port: {{ .Values.service.web.externalPort }}
       targetPort: {{ .Values.service.web.internalPort }}
-      nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.web.nodePort }}
       name: {{ .Values.service.web.portName }}
   selector:
     app: {{ include "common.fullname" . }}
diff --git a/kubernetes/contrib/components/awx/values.yaml b/kubernetes/contrib/components/awx/values.yaml
index 0a247c5..44c5741 100755
--- a/kubernetes/contrib/components/awx/values.yaml
+++ b/kubernetes/contrib/components/awx/values.yaml
@@ -92,11 +92,10 @@
     internalPort: 15672
     externalPort: 15672
   web:
-    type: NodePort
+    type: ClusterIP
     portName: web
     internalPort: 8052
     externalPort: 8052
-    nodePort: 78
   rabbitmq:
     type: ClusterIP
     http:
diff --git a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
index e9958f1..e295a37 100644
--- a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
+++ b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
@@ -1,7 +1,7 @@
 {{/*
 #  Copyright (C) 2021 Pantheon.tech
 #  Modifications Copyright (C) 2020 Bell Canada.
-#  Modifications Copyright (C) 2021 Nordix Foundation.
+#  Modifications Copyright (C) 2021-2022 Nordix Foundation.
 #  Modifications Copyright (C) 2021 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -28,17 +28,21 @@
     password: ${DB_PASSWORD}
     driverClassName: org.postgresql.Driver
     initialization-mode: always
-
   liquibase:
     change-log: classpath:changelog/changelog-master.yaml
     labels: {{ .Values.config.liquibaseLabels }}
 
+  kafka:
+    producer:
+      client-id: cps-core
+
 security:
-    # comma-separated uri patterns which do not require authorization
-    permit-uri: /manage/**,/swagger-ui/**,/swagger-resources/**,/api-docs
-    auth:
-        username: ${CPS_USERNAME}
-        password: ${CPS_PASSWORD}
+  # comma-separated uri patterns which do not require authorization
+  permit-uri: /manage/**,/swagger-ui/**,/swagger-resources/**,/api-docs
+  auth:
+    username: ${CPS_USERNAME}
+    password: ${CPS_PASSWORD}
+
 logging:
   level:
     org:
@@ -49,12 +53,18 @@
     username: ${DMI_USERNAME}
     password: ${DMI_PASSWORD}
 
-{{- if .Values.config.eventPublisher }}
+{{- if .Values.config.useStrimziKafka }}
+spring.kafka.bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+spring.kafka.security.protocol: SASL_PLAINTEXT
+spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512
+spring.kafka.properties.sasl.jaas.config: ${JAASLOGIN}
+{{ else }}
 {{ toYaml .Values.config.eventPublisher | nindent 2 }}
 {{- end }}
 
 {{- if .Values.config.additional }}
 {{ toYaml .Values.config.additional | nindent 2 }}
 {{- end }}
+
 # Last empty line is required otherwise the last property will be missing from application.yml file in the pod.
 
diff --git a/kubernetes/cps/components/cps-core/templates/deployment.yaml b/kubernetes/cps/components/cps-core/templates/deployment.yaml
index e6ee161..54e2cc6 100644
--- a/kubernetes/cps/components/cps-core/templates/deployment.yaml
+++ b/kubernetes/cps/components/cps-core/templates/deployment.yaml
@@ -1,7 +1,7 @@
 {{/*
 # Copyright (C) 2021 Pantheon.tech, Orange
 # Modifications Copyright (C) 2021 Bell Canada.
-# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (C) 2021-2022 Nordix Foundation.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -57,7 +57,10 @@
             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "login") | indent 12 }}
           - name: DMI_PASSWORD
             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "password") | indent 12 }}
-
+          {{- if .Values.config.useStrimziKafka }}
+          - name: JAASLOGIN
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-kafka-user" "key" "sasl.jaas.config") | indent 12 }}
+          {{- end }}
         volumeMounts:
           - mountPath: /config-input
             name: init-data-input
diff --git a/kubernetes/cps/components/cps-core/values.yaml b/kubernetes/cps/components/cps-core/values.yaml
index d65924e..2afc1fd 100644
--- a/kubernetes/cps/components/cps-core/values.yaml
+++ b/kubernetes/cps/components/cps-core/values.yaml
@@ -1,5 +1,6 @@
 # Copyright (C) 2021 Pantheon.tech, Orange, Bell Canada.
 # Modifications Copyright (C) 2022 Bell Canada
+# Modifications Copyright © 2022 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -42,6 +43,13 @@
     login: '{{ .Values.config.dmiPluginUserName }}'
     password: '{{ .Values.config.dmiPluginUserPassword }}'
     passwordPolicy: generate
+  - uid: cps-kafka-user
+    externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+    type: genericKV
+    envs:
+      - name: sasl.jaas.config
+        value: '{{ .Values.config.someConfig }}'
+        policy: generate
 
 #################################################################
 # Global configuration defaults.
@@ -170,17 +178,23 @@
   #appUserPassword:
   dmiPluginUserName: dmiuser
 # Any new property can be added in the env by setting in overrides in the format mentioned below
-# All the added properties must be in "key: value" format insead of yaml.
+# All the added properties must be in "key: value" format instead of yaml.
 #  additional:
 #    spring.config.max-size: 200
 #    spring.config.min-size: 10
 
-  eventPublisher:
-    spring.kafka.bootstrap-servers: message-router-kafka:9092
-    spring.kafka.security.protocol: SASL_PLAINTEXT
-    spring.kafka.properties.sasl.mechanism: PLAIN
-    spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username=admin password=admin_secret;
-    spring.kafka.producer.client-id: cps-core
+# kafka config
+  useStrimziKafka: true
+  kafkaBootstrap: strimzi-kafka-bootstrap
+# If targeting a custom kafka cluster, ie useStrimziKakfa: false
+# uncomment below config and target your kafka bootstrap servers,
+# along with any other security config.
+
+#  eventPublisher:
+#    spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
+#    spring.kafka.security.protocol: SASL_PLAINTEXT
+#    spring.kafka.properties.sasl.mechanism: PLAIN
+#    spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username=admin password=admin_secret;
 
   additional:
     notification.data-updated.enabled: true
diff --git a/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml b/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml
index 32ae51b..6e80843 100644
--- a/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml
+++ b/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml
@@ -1,6 +1,7 @@
 {{/*
 # ============LICENSE_START=======================================================
 #  Copyright (c) 2021 Bell Canada.
+# Modifications Copyright © 2022 Nordix Foundation
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -24,19 +25,31 @@
     username: ${DB_USERNAME}
     password: ${DB_PASSWORD}
 
+  kafka:
+    consumer:
+      group-id: {{ .Values.config.kafka.consumer.groupId }}
+
+app:
+  listener:
+    data-updated:
+      topic: {{ .Values.config.app.listener.dataUpdatedTopic }}
+
+{{- if .Values.config.useStrimziKafka }}
+spring.kafka.bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+spring.kafka.security.protocol: SASL_PLAINTEXT
+spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512
+spring.kafka.properties.sasl.jaas.config: ${JAASLOGIN}
+{{ else }}
+{{ toYaml .Values.config.eventPublisher | nindent 2 }}
+{{- end }}
+
+{{- if .Values.config.additional }}
+{{ toYaml .Values.config.additional | nindent 2 }}
+{{- end }}
+
 security:
   auth:
     username: ${APP_USERNAME}
     password: ${APP_PASSWORD}
 
-# Event consumption properties (kafka)
-{{- if .Values.config.eventConsumption }}
-{{ toYaml .Values.config.eventConsumption | nindent 2 }}
-{{- end }}
-
-# Additional properties
-{{- if .Values.config.additional }}
-{{ toYaml .Values.config.additional | nindent 2 }}
-{{- end }}
-
 # Last empty line is required otherwise the last property will be missing from application.yml file in the pod.
diff --git a/kubernetes/cps/components/cps-temporal/templates/deployment.yaml b/kubernetes/cps/components/cps-temporal/templates/deployment.yaml
index 806e65a..71ff371 100644
--- a/kubernetes/cps/components/cps-temporal/templates/deployment.yaml
+++ b/kubernetes/cps/components/cps-temporal/templates/deployment.yaml
@@ -1,6 +1,7 @@
 {{/*
 # ============LICENSE_START=======================================================
 #  Copyright (c) 2021 Bell Canada.
+# Modifications Copyright © 2022 Nordix Foundation
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -53,6 +54,10 @@
             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }}
           - name: APP_PASSWORD
             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }}
+          {{- if .Values.config.useStrimziKafka }}
+          - name: JAASLOGIN
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-kafka-user" "key" "sasl.jaas.config") | indent 12 }}
+          {{- end }}
         volumeMounts:
           - mountPath: /config-input
             name: init-data-input
diff --git a/kubernetes/cps/components/cps-temporal/values.yaml b/kubernetes/cps/components/cps-temporal/values.yaml
index 68bc2a7..a92791e 100644
--- a/kubernetes/cps/components/cps-temporal/values.yaml
+++ b/kubernetes/cps/components/cps-temporal/values.yaml
@@ -1,5 +1,6 @@
 # ============LICENSE_START=======================================================
 #  Copyright (c) 2021 Bell Canada.
+# Modifications Copyright © 2022 Nordix Foundation
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -39,6 +40,13 @@
     login: '{{ .Values.config.appUserName }}'
     password: '{{ .Values.config.appUserPassword }}'
     passwordPolicy: generate
+  - uid: cps-kafka-user
+    externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+    type: genericKV
+    envs:
+      - name: sasl.jaas.config
+        value: '{{ .Values.config.someConfig }}'
+        policy: generate
 
 image: onap/cps-temporal:1.1.0
 containerPort: &svc_port 8080
@@ -139,13 +147,23 @@
     profile: helm
   #appUserPassword:
 
-  # Event consumption (kafka) properties
-  # All Kafka properties must be in "key: value" format instead of yaml.
-  eventConsumption:
-    spring.kafka.bootstrap-servers: message-router-kafka:9092
-    spring.kafka.security.protocol: PLAINTEXT
-    spring.kafka.consumer.group-id: cps-temporal-group
-    app.listener.data-updated.topic: cps.data-updated-events
+# Event consumption (kafka) properties
+  useStrimziKafka: true
+  kafkaBootstrap: strimzi-kafka-bootstrap
+  kafka:
+    consumer:
+      groupId: cps-temporal-group
+  app:
+    listener:
+      dataUpdatedTopic: cps.data-updated-events
+# If targeting a custom kafka cluster, ie useStrimziKakfa: false
+# uncomment below config and target your kafka bootstrap servers,
+# along with any other security config.
+
+#  eventConsumption:
+#    spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
+#    spring.kafka.security.protocol: PLAINTEXT
+#    spring.kafka.consumer.group-id: cps-temporal-group
 
 # Any new property can be added in the env by setting in overrides in the format mentioned below
 # All the added properties must be in "key: value" format instead of yaml.
diff --git a/kubernetes/cps/templates/cps-kafka-topic.yaml b/kubernetes/cps/templates/cps-kafka-topic.yaml
new file mode 100644
index 0000000..1a23ddf
--- /dev/null
+++ b/kubernetes/cps/templates/cps-kafka-topic.yaml
@@ -0,0 +1,28 @@
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.config.useStrimziKafka }}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+  name: {{ .Values.config.dataUpdatedTopic.name }}
+  labels:
+    strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+  partitions: {{ .Values.config.dataUpdatedTopic.partitions }}
+  config:
+    retention.ms: {{ .Values.config.dataUpdatedTopic.retentionMs }}
+    segment.bytes: {{ .Values.config.dataUpdatedTopic.segmentBytes }}
+{{- end }}
\ No newline at end of file
diff --git a/kubernetes/cps/templates/cps-kafka-user.yaml b/kubernetes/cps/templates/cps-kafka-user.yaml
new file mode 100644
index 0000000..b3136d7
--- /dev/null
+++ b/kubernetes/cps/templates/cps-kafka-user.yaml
@@ -0,0 +1,41 @@
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.config.useStrimziKafka }}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+  name: {{ include "common.release" . }}-{{ .Values.global.cpsKafkaUser }}
+  labels:
+    strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+  authentication:
+    type: scram-sha-512
+  authorization:
+    type: simple
+    acls:
+    - resource:
+        type: group
+        name: {{ .Values.config.dataUpdatedTopic.consumer.groupId }}
+      operation: Read
+    - resource:
+        type: topic
+        name: {{ .Values.config.dataUpdatedTopic.name }}
+      operation: Read
+    - resource:
+        type: topic
+        name: {{ .Values.config.dataUpdatedTopic.name }}
+      operation: Write
+{{- end }}
\ No newline at end of file
diff --git a/kubernetes/cps/values.yaml b/kubernetes/cps/values.yaml
index 754b016..700ad38 100755
--- a/kubernetes/cps/values.yaml
+++ b/kubernetes/cps/values.yaml
@@ -1,4 +1,5 @@
 # Copyright (C) 2021 Bell Canada
+# Modifications Copyright © 2022 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -40,9 +41,20 @@
     virtualhost:
       baseurl: "simpledemo.onap.org"
 
+  kafkaBootstrap: strimzi-kafka-bootstrap
+  cpsKafkaUser: cps-kafka-user
+
 config:
   coreUserName: cpsuser
   dmiPluginUserName: dmiuser
+  useStrimziKafka: true
+  dataUpdatedTopic:
+    name: cps.data-updated-events
+    partitions: 10
+    retentionMs: 7200000
+    segmentBytes: 1073741824
+    consumer:
+      groupId: cps-temporal-group
 
 # Enable all CPS components by default
 cps-core:
@@ -50,9 +62,12 @@
   config:
     appUserExternalSecret: *core-creds-secret
     dmiPluginUserExternalSecret: *dmi-plugin-creds-secret
+    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.cpsKafkaUser }}'
 
 cps-temporal:
   enabled: true
+  config:
+    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.cpsKafkaUser }}'
 
 ncmp-dmi-plugin:
   enabled: true
diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
index 869472e..ef272ee 100644
--- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
@@ -2,6 +2,7 @@
 # ============================================================================
 # Copyright (C) 2021-2022 Wipro Limited.
 # Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (C) 2022 Huawei Canada Limited.
 # ============================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -57,7 +58,7 @@
 # Application Configuration Defaults.
 #################################################################
 # Application Image
-image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.0.7
+image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.1.1
 
 # Log directory where logging sidecar should look for log files
 # if path is set to null sidecar won't be deployed in spite of
@@ -144,6 +145,17 @@
   sliceanalysisms.rannfnssiDetailsTemplateId: get-rannfnssiid-details
   sliceanalysisms.desUrl: http://dl-des:1681/datalake/v1/exposure/pm_data
   sliceanalysisms.pmDataDurationInWeeks: 4
+  sliceanalysisms.vesNotifPollingInterval: 15
+  sliceanalysisms.vesNotifChangeIdentifier: PM_BW_UPDATE
+  sliceanalysisms.vesNotifChangeType: BandwidthChanged
+  sliceanalysisms.aaiNotif.targetAction: UPDATE
+  sliceanalysisms.aaiNotif.targetSource: UUI
+  sliceanalysisms.aaiNotif.targetEntity: service-instance
+  sliceanalysisms.ccvpnEvalInterval: 15
+  sliceanalysisms.ccvpnEvalThreshold: 0.8
+  sliceanalysisms.ccvpnEvalPrecision: 100.0
+  sliceanalysisms.ccvpnEvalPeriodicCheckOn: true
+  sliceanalysisms.ccvpnEvalOnDemandCheckOn: true
   streams_publishes:
     CL_topic:
       type: message-router
@@ -162,6 +174,19 @@
       type: message-router
       dmaap_info:
         topic_url: http://message-router:3904/events/DCAE_CL_RSP
+    ves_ccvpn_notification_topic:
+      type: message-router
+      dmaap_info:
+        topic_url: http://message-router:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT
+    aai_subscriber:
+      type: message-router
+      servers : ["message-router:3904"]
+      consumer_group: dcae_ccvpn_cl
+      consumer_instance: dcae_ccvpn_cl_aaievent
+      fetch_timeout: 15000
+      fetch_limit: 100
+      dmaap_info:
+        topic_url: http://message-router:3904/events/AAI-EVENT
 
 applicationEnv:
   STANDALONE: 'false'
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml
index 7475a4d..9e62ccf 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml
@@ -31,7 +31,7 @@
 logging:
 
   # The default level of all loggers. Can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL.
-  level: ALL
+  level: INFO
 
   # Logger-specific levels.
   loggers:
@@ -41,7 +41,7 @@
 
   appenders:
     - type: console
-      threshold: ALL
+      threshold: INFO
       timeZone: UTC
       logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
     - type: file
@@ -51,7 +51,7 @@
       archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/engine-d-error-%d{yyyy-MM-dd}.log.gz
       archivedFileCount: 7
     - type: file
-      threshold: DEBUG
+      threshold: INFO
       logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
       currentLogFilename: /var/log/ONAP/holmes/engine-d-debug.log
       archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/engine-d-debug-%d{yyyy-MM-dd}.log.gz
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
index c8ec225..5781dab 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
@@ -28,7 +28,7 @@
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/holmes/engine-management:10.0.2
+image: onap/holmes/engine-management:10.0.3
 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
 
 #################################################################
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml
index 43a83d0..89269de 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml
@@ -24,7 +24,7 @@
 logging:
 
   # The default level of all loggers. Can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL.
-  level: ALL
+  level: INFO
 
   # Logger-specific levels.
   loggers:
@@ -34,7 +34,7 @@
 
   appenders:
     - type: console
-      threshold: ALL
+      threshold: INFO
       timeZone: UTC
       logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
     - type: file
@@ -45,7 +45,7 @@
       archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/rulemgt-relation-error-%d{yyyy-MM-dd}.log.gz
       archivedFileCount: 7
     - type: file
-      threshold: DEBUG
+      threshold: INFO
       logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
       currentLogFilename: /var/log/ONAP/holmes/rulemgt-relation-debug.log
       archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/rulemgt-relation-debug-%d{yyyy-MM-dd}.log.gz
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
index 9407619..fbe873b 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
@@ -28,7 +28,7 @@
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/holmes/rule-management:10.0.2
+image: onap/holmes/rule-management:10.0.3
 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
 
 #################################################################
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
index 72c5ddc..228302f 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
@@ -16,7 +16,7 @@
 global: # global defaults
   nodePortPrefix: 302
   image:
-    optf_has: onap/optf-has:2.2.1
+    optf_has: onap/optf-has:2.3.0
 
 #################################################################
 # secrets metaconfig
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
index 0157c56..a8c5dd2 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
@@ -14,7 +14,7 @@
 
 global:
   image:
-    optf_has: onap/optf-has:2.2.1
+    optf_has: onap/optf-has:2.3.0
 
 #################################################################
 # Secrets metaconfig
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
index 5623cde..0aaf428 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
@@ -14,7 +14,7 @@
 
 global:
   image:
-    optf_has: onap/optf-has:2.2.1
+    optf_has: onap/optf-has:2.3.0
 
 #################################################################
 # secrets metaconfig
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
index fa8bdd9..fd88273 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
@@ -14,7 +14,7 @@
 
 global:
   image:
-    optf_has: onap/optf-has:2.2.1
+    optf_has: onap/optf-has:2.3.0
 
 #################################################################
 # secrets metaconfig
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
index e7ceddd..36c1945 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
@@ -14,7 +14,7 @@
 
 global:
   image:
-    optf_has: onap/optf-has:2.2.1
+    optf_has: onap/optf-has:2.3.0
 
 #################################################################
 # secrets metaconfig
diff --git a/kubernetes/oof/components/oof-has/resources/config/conductor.conf b/kubernetes/oof/components/oof-has/resources/config/conductor.conf
index 7d724a5..22a20fe 100755
--- a/kubernetes/oof/components/oof-has/resources/config/conductor.conf
+++ b/kubernetes/oof/components/oof-has/resources/config/conductor.conf
@@ -753,3 +753,47 @@
 #password =
 
 get_ta_list_url = "/api/v1/execute/ran-coverage-area/get_ta_list"
+
+[dcae]
+
+#
+# From conductor
+#
+#
+# Data Store table prefix. (string value)
+#table_prefix = dcae
+
+# Base URL for DCAE, up to and not including the version, and without a
+# trailing slash. (string value)
+server_url = https://{{.Values.config.dcae.service}}.{{ include "common.namespace" . }}:{{.Values.config.dcae.port}}
+
+# Timeout for DCAE Rest Call (string value)
+#dcae_rest_timeout = 30
+
+# Number of retry for DCAE Rest Call (string value)
+#dcae_retries = 3
+
+# The version of A&AI in v# format. (string value)
+server_url_version = v1
+
+# SSL/TLS certificate file in pem format. This certificate must be registered
+# with the SDC endpoint. (string value)
+#certificate_file = certificate.pem
+certificate_file =
+
+# Private Certificate Key file in pem format. (string value)
+#certificate_key_file = certificate_key.pem
+certificate_key_file =
+
+# Certificate Authority Bundle file in pem format. Must contain the appropriate
+# trust chain for the Certificate file. (string value)
+#certificate_authority_bundle_file = certificate_authority_bundle.pem
+certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
+
+# Username for DCAE. (string value)
+#username =
+
+# Password for DCAE. (string value)
+#password =
+
+get_slice_config_url = "/api/v1/slices-config"
\ No newline at end of file
diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml
index bc129be..8a146a9 100755
--- a/kubernetes/oof/components/oof-has/values.yaml
+++ b/kubernetes/oof/components/oof-has/values.yaml
@@ -19,7 +19,7 @@
 global:
   commonConfigPrefix: onap-oof-has
   image:
-    optf_has: onap/optf-has:2.2.1
+    optf_has: onap/optf-has:2.3.0
   persistence:
     enabled: true
 
@@ -71,6 +71,9 @@
   cps:
     service: cps-tbdmt
     port: 8080
+  dcae:
+    service: dcae-slice-analysis-ms
+    port: 8080
   etcd:
     serviceName: &etcd-service oof-has-etcd
     port: 2379
diff --git a/kubernetes/policy/components/policy-gui/resources/config/default.conf b/kubernetes/policy/components/policy-gui/resources/config/default.conf
deleted file mode 100644
index 98417cd..0000000
--- a/kubernetes/policy/components/policy-gui/resources/config/default.conf
+++ /dev/null
@@ -1,32 +0,0 @@
-server {
-
-  listen 2443 default ssl;
-  ssl_protocols TLSv1.2;
-  {{ if .Values.global.aafEnabled }}
-  ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}};
-  ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}};
-  {{ else }}
-  ssl_certificate /etc/ssl/clamp.pem;
-  ssl_certificate_key /etc/ssl/clamp.key;
-  {{ end }}
-
-  ssl_verify_client optional_no_ca;
-  absolute_redirect off;
-
-  location / {
-    root /usr/share/nginx/html;
-    index index.html index.htm;
-    try_files $uri $uri/ =404;
-  }
-
-  location /clamp/restservices/clds/ {
-    proxy_pass https://policy-clamp-be:8443/restservices/clds/;
-    proxy_set_header X-SSL-Cert $ssl_client_escaped_cert;
-  }
-
-  location = /50x.html {
-    root /var/lib/nginx/html;
-  }
-  error_page  500 502 503 504  /50x.html;
-  error_log /var/log/nginx/error.log warn;
-}
diff --git a/kubernetes/policy/components/policy-gui/templates/deployment.yaml b/kubernetes/policy/components/policy-gui/templates/deployment.yaml
index b67fa27..a155715 100644
--- a/kubernetes/policy/components/policy-gui/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-gui/templates/deployment.yaml
@@ -1,6 +1,6 @@
 {{/*
 #  ============LICENSE_START=======================================================
-#   Copyright (C) 2021 Nordix Foundation.
+#   Copyright (C) 2021-2022 Nordix Foundation.
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -62,6 +62,20 @@
         - name: {{ include "common.name" . }}
           image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+          command: ["sh","-c"]
+          args: ["source {{ .Values.certInitializer.credsPath }}/.ci;/opt/app/policy/gui/bin/policy-gui.sh"]
+          env:
+{{- else }}
+          command: ["/opt/app/policy/gui/bin/policy-gui.sh"]
+          env:
+          - name: KEYSTORE_PASSWD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+          - name: TRUSTSTORE_PASSWD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
+          - name: CLAMP_URL
+            value: https://policy-clamp-be:8443
           ports:
           - containerPort: {{ .Values.service.internalPort }}
           # disable liveness probe when breakpoints set in debugger
@@ -81,9 +95,6 @@
           volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
           - name: logs
             mountPath: {{ .Values.log.path }}
-          - mountPath: /etc/nginx/conf.d/default.conf
-            name: {{ include "common.fullname" . }}-config
-            subPath: default.conf
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -99,9 +110,6 @@
         - name: {{ include "common.fullname" . }}-config
           configMap:
             name: {{ include "common.fullname" . }}
-            items:
-            - key: default.conf
-              path: default.conf
         - name:  logs
           emptyDir: {}
         {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml
index 6ee7715..aa2b9d3 100644
--- a/kubernetes/policy/components/policy-gui/values.yaml
+++ b/kubernetes/policy/components/policy-gui/values.yaml
@@ -1,5 +1,5 @@
 #  ============LICENSE_START=======================================================
-#   Copyright (C) 2021 Nordix Foundation.
+#   Copyright (C) 2021-2022 Nordix Foundation.
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -26,36 +26,46 @@
   aafEnabled: true
 
 #################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: keystore-password
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+    password: '{{ .Values.certStores.keyStorePassword }}'
+    passwordPolicy: required
+  - uid: truststore-password
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+    password: '{{ .Values.certStores.trustStorePassword }}'
+    passwordPolicy: required
+
+certStores:
+  keyStorePassword: Pol1cy_0nap
+  trustStorePassword: Pol1cy_0nap
+
+#################################################################
 # AAF part
 #################################################################
 certInitializer:
-  permission_user: 1000
-  permission_group: 999
-  addconfig: true
-  keystoreFile: "org.onap.clamp.p12"
-  truststoreFile: "org.onap.clamp.trust.jks"
-  keyFile: "org.onap.clamp.keyfile"
-  truststoreFileONAP: "truststoreONAPall.jks"
-  clamp_key: "clamp.key"
-  clamp_pem: "clamp.pem"
-  clamp_ca_certs_pem: "clamp-ca-certs.pem"
   nameOverride: policy-gui-cert-initializer
   aafDeployFqi: deployer@people.osaaf.org
   aafDeployPass: demo123456!
-  # aafDeployCredsExternalSecret: some secret
-  fqdn: clamp
-  fqi: clamp@clamp.onap.org
-  public_fqdn: clamp.onap.org
-  cadi_longitude: "0.0"
+  fqdn: policy
+  fqi: policy@policy.onap.org
+  public_fqdn: policy.onap.org
   cadi_latitude: "0.0"
-  app_ns: org.osaaf.aaf
+  cadi_longitude: "0.0"
   credsPath: /opt/app/osaaf/local
+  app_ns: org.osaaf.aaf
+  uid: 100
+  gid: 101
   aaf_add_config: >
-    cd {{ .Values.credsPath }};
-    openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
-    openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
-    openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
-    chmod a+rx *;
+    echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+    echo "export TRUSTSTORE='{{ .Values.credsPath }}/org.onap.policy.trust.jks'" >> {{ .Values.credsPath }}/.ci;
+    echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+    echo "export TRUSTSTORE_PASSWD='${cadi_truststore_password}'" >> {{ .Values.credsPath }}/.ci;
+    chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
 
 subChartsOnly:
   enabled: true
@@ -63,7 +73,7 @@
 flavor: small
 
 # application image
-image: onap/policy-gui:2.2.0
+image: onap/policy-gui:2.2.2
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -71,7 +81,7 @@
 
 # log configuration
 log:
-  path: /var/log/nginx/
+  path: /var/log/onap/policy/gui
 
 #################################################################
 # Application configuration defaults.
diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
index d76e002..63d266b 100644
--- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
+++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
@@ -1,7 +1,6 @@
 #!/bin/bash
 
 set -eo pipefail
-shopt -s nullglob
 
 # logging functions
 mysql_log() {
diff --git a/kubernetes/sdc/components/sdc-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-fe/templates/service.yaml
index f899d58..968a09c 100644
--- a/kubernetes/sdc/components/sdc-fe/templates/service.yaml
+++ b/kubernetes/sdc/components/sdc-fe/templates/service.yaml
@@ -42,9 +42,6 @@
     - port: {{ .Values.service.internalPort }}
       name: {{ .Values.service.portName }}
       targetPort: {{ .Values.service.internalPort }}
-      {{ if eq .Values.service.type "NodePort" -}}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
-      {{ end }}
     {{ if (include "common.needTLS" .) }}
     - port:  {{ .Values.service.internalPort2 }}
       targetPort: {{ .Values.service.internalPort2 }}
diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml
index a2502a9..6267da9 100644
--- a/kubernetes/sdc/components/sdc-fe/values.yaml
+++ b/kubernetes/sdc/components/sdc-fe/values.yaml
@@ -112,7 +112,6 @@
   type: NodePort
   name: sdc-fe
   portName: http
-  nodePort: "06"
   internalPort: 8181
   externalPort: 8181
   nodePort2: "07"
diff --git a/kubernetes/strimzi/templates/strimzi-kafka-admin-user.yaml b/kubernetes/strimzi/templates/strimzi-kafka-admin-user.yaml
new file mode 100644
index 0000000..2653c67
--- /dev/null
+++ b/kubernetes/strimzi/templates/strimzi-kafka-admin-user.yaml
@@ -0,0 +1,31 @@
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+  name: {{ .Values.kafkaStrimziAdminUser }}
+  labels:
+    strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+  authentication:
+    type: {{ .Values.saslMechanism }}
+  authorization:
+    type: simple
+    acls:
+    - resource:
+        type: group
+        name: onap-group
+      operation: Read
\ No newline at end of file
diff --git a/kubernetes/strimzi/templates/strimzi-kafka.yaml b/kubernetes/strimzi/templates/strimzi-kafka.yaml
index a94879b..5f1e730 100644
--- a/kubernetes/strimzi/templates/strimzi-kafka.yaml
+++ b/kubernetes/strimzi/templates/strimzi-kafka.yaml
@@ -57,16 +57,18 @@
     authorization:
       type: simple
       superUsers:
-        - {{ include "common.release" . }}-{{ .Values.kafkaStrimziAdminUser }}
+        - {{ .Values.kafkaStrimziAdminUser }}
     template:
       pod:
         securityContext:
           runAsUser: 0
           fsGroup: 0
     config:
+      default.replication.factor: {{ .Values.replicaCount }}
+      min.insync.replicas: {{ .Values.replicaCount }}
       offsets.topic.replication.factor: {{ .Values.replicaCount }}
       transaction.state.log.replication.factor: {{ .Values.replicaCount }}
-      transaction.state.log.min.isr: 2
+      transaction.state.log.min.isr: {{ .Values.replicaCount }}
       log.message.format.version: "3.0"
       inter.broker.protocol.version: "3.0"
     storage: