Merge "[DOC] Bump the version of rancher, k8s and helm"
diff --git a/docs/oom_user_guide.rst b/docs/oom_user_guide.rst
index b0c5d6e..7340ddf 100644
--- a/docs/oom_user_guide.rst
+++ b/docs/oom_user_guide.rst
@@ -404,6 +404,7 @@
   10.12.6.155 msb.api.simpledemo.onap.org
   10.12.6.155 clamp.api.simpledemo.onap.org
   10.12.6.155 so.api.simpledemo.onap.org
+  10.12.6.155 sdc.workflow.plugin.simpledemo.onap.org
 
 Ensure you've disabled any proxy settings the browser you are using to access
 the portal and then simply access now the new ssl-encrypted URL:
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index 899ad2c..41e42b5 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -5,14 +5,66 @@
 .. reserved.
 .. _release_notes:
 
-.. Links
-.. _release-notes-label:
-
 ONAP Operations Manager Release Notes
 =====================================
 
+Version 6.0.0 (Frankfurt Release)
+---------------------------------
+
+:Release Date: 2020-xx-xx
+
+Summary
+-------
+
+The focus of this release is to strengthen the foundation of OOM installer.
+A list of issues resolved in this release can be found here: https://jira.onap.org/projects/OOM/versions/10826
+
+**Software Requirements**
+
+* Upgraded to Kubernetes 1.15.x and Helm 2.16.x
+
+**Hardcoded Password removal**
+
+* All mariadb galera password are not hardcoded
+
+**New Features**
+
+* Ingress deployment is getting more and more usable
+* Use of dynamic Persistent Volume is available
+
+**Bug Fixes**
+
+**Known Issues**
+
+The following known issues will be addressed in a future release:
+
+* [`OOM-2075 <https://jira.onap.org/browse/OOM-2075>`_] - https://jira.onap.org/browse/OOM-2075
+
+**Security Notes**
+
+*Fixed Security Issues*
+
+* In default deployment OOM (consul-server-ui) exposes HTTP port 30270 outside of cluster. [`OJSI-134 <https://jira.onap.org/browse/OJSI-134>`_]
+* CVE-2019-12127 - OOM exposes unprotected API/UI on port 30270 [`OJSI-202 <https://jira.onap.org/browse/OJSI-202>`_]
+
+*Known Security Issues*
+
+* Hard coded password used for all oom deployments [`OJSI-188 <https://jira.onap.org/browse/OJSI-188>`_]
+
+*Known Vulnerabilities in Used Modules*
+
+OOM code has been formally scanned during build time using NexusIQ and no
+Critical vulnerability was found.
+
+Quick Links:
+
+  - `OOM project page <https://wiki.onap.org/display/DW/ONAP+Operations+Manager+Project>`_
+
+  - `Passing Badge information for OOM <https://bestpractices.coreinfrastructure.org/en/projects/1631>`_
+
+
 Version 5.0.1 (El Alto Release)
-----------------------------------
+-------------------------------
 
 :Release Date: 2019-10-10
 
@@ -62,22 +114,6 @@
 
   - `Passing Badge information for OOM <https://bestpractices.coreinfrastructure.org/en/projects/1631>`_
 
-Version 6.0.0 (Frankfurt)
-----------------------------------
-
-:Release Date: 2020-05-14
-
-Summary
--------
-
-**Software Requirements**
-
-* Upgraded to Kubernetes 1.15.x and Helm 2.16.x
-
-**Hardcoded Password removal**
-
-* All mariadb galera password are not hardcoded
-
 
 Version 5.0.0 (El Alto Early Drop)
 ----------------------------------
diff --git a/kubernetes/aai b/kubernetes/aai
index 0c4cd89..5ae975d 160000
--- a/kubernetes/aai
+++ b/kubernetes/aai
@@ -1 +1 @@
-Subproject commit 0c4cd899d53538202c23030ab278984897aede94
+Subproject commit 5ae975da2bc5c09318465405a343146a56b42a3a
diff --git a/kubernetes/clamp/charts/clamp-backend/values.yaml b/kubernetes/clamp/charts/clamp-backend/values.yaml
index 1888854..4825217 100644
--- a/kubernetes/clamp/charts/clamp-backend/values.yaml
+++ b/kubernetes/clamp/charts/clamp-backend/values.yaml
@@ -27,7 +27,7 @@
 
 # application image
 repository: nexus3.onap.org:10001
-image: onap/clamp-backend:5.0.3
+image: onap/clamp-backend:5.0.4
 pullPolicy: Always
 
 # flag to enable debugging - application support required
diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl
index 98b8d67..3d745ed 100644
--- a/kubernetes/common/common/templates/_service.tpl
+++ b/kubernetes/common/common/templates/_service.tpl
@@ -222,8 +222,8 @@
 {{-   $labels := default (dict) .labels -}}
 {{-   $matchLabels := default (dict) .matchLabels -}}
 
-{{-   if (and (include "common.needTLS" .) $both_tls_and_plain) }}
-{{      include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true $labels "matchLabels" $matchLabels) }}
+{{-   if (and (include "common.needTLS" $dot) $both_tls_and_plain) }}
+{{      include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true $labels "matchLabels" $matchLabels) }}
 {{-     if (ne $serviceType "ClusterIP") }}
 ---
 {{-       if $suffix }}
@@ -231,10 +231,10 @@
 {{-       else }}
 {{-         $suffix = "external" }}
 {{-       end }}
-{{        include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }}
+{{        include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }}
 {{-     end }}
 {{-   else }}
-{{      include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }}
+{{      include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }}
 {{-   end }}
 {{- end -}}
 
@@ -302,3 +302,33 @@
 {{-     end }}
 {{-   end }}
 {{- end -}}
+
+{{- define "common.port.buildCache" -}}
+  {{- $global := . }}
+  {{- if not $global.Values._DmaapDrNodePortsCache }}
+    {{- $portCache := dict }}
+    {{- range $port := .Values.service.ports }}
+      {{- $_ := set $portCache $port.name (dict "port" $port.port "plain_port" $port.plain_port) }}
+    {{- end }}
+    {{- $_ := set $global.Values "_DmaapDrNodePortsCache" $portCache }}
+  {{- end }}
+{{- end -}}
+
+{/*
+  Get Port value according to its name and if we want tls or plain port.
+  The template takes below arguments:
+    - .global: environment (.)
+    - .name: name of the port
+    - .getPlain: boolean allowing to choose between tls (false, default) or
+                 plain (true)
+    If plain_port is not set and we ask for plain, it will return empty.
+*/}
+{{- define "common.getPort" -}}
+  {{- $global := .global }}
+  {{- $name := .name }}
+  {{- $getPlain := default false .getPlain }}
+  {{- include "common.port.buildCache" $global }}
+  {{- $portCache := $global.Values._DmaapDrNodePortsCache }}
+  {{- $port := index $portCache $name }}
+  {{- ternary $port.plain_port $port.port $getPlain }}
+{{- end -}}
diff --git a/kubernetes/common/elasticsearch/Chart.yaml b/kubernetes/common/elasticsearch/Chart.yaml
new file mode 100644
index 0000000..5179056
--- /dev/null
+++ b/kubernetes/common/elasticsearch/Chart.yaml
@@ -0,0 +1,19 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: v1
+description: ONAP elasticsearch
+name: elasticsearch
+version: 6.0.0
diff --git a/kubernetes/common/elasticsearch/components/curator/Chart.yaml b/kubernetes/common/elasticsearch/components/curator/Chart.yaml
new file mode 100644
index 0000000..d1eaa61
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/Chart.yaml
@@ -0,0 +1,19 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: v1
+description: ONAP elasticsearch curator
+name: curator
+version: 6.0.0
diff --git a/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml
new file mode 100644
index 0000000..7e73420
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml
@@ -0,0 +1,74 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.enabled }}
+{{- range $kind, $enabled := .Values.hooks }}
+{{- if $enabled }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "common.fullname" . }}-curator-on-{{ $kind }}
+  namespace: {{ include "common.namespace" . }}
+  labels: {{- include "common.labels" . | nindent 2 }}
+    role: "curator"
+  annotations:
+    "helm.sh/hook": post-{{ $kind }}
+    "helm.sh/hook-weight": "1"
+{{- if $.Values.cronjob.annotations }}
+{{ toYaml $.Values.cronjob.annotations | indent 4 }}
+{{- end }}
+spec:
+ template:
+    metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+    spec:
+      volumes:
+        - name: config-volume
+          configMap:
+            name: {{ template "common.fullname" (dict "suffix" "curator" "dot" .) }}
+{{- if $.Values.extraVolumes }}
+{{ toYaml $.Values.extraVolumes | indent 8 }}
+{{- end }}
+      restartPolicy: Never
+{{- if $.Values.priorityClassName }}
+      priorityClassName: "{{ $.Values.priorityClassName }}"
+{{- end }}
+      containers:
+        - name: {{ template "common.fullname" . }}-curator
+          image: {{printf "%s/%s:%s" (include "common.repository" .)  .Values.image.imageName  .Values.image.tag }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          volumeMounts:
+            - name: config-volume
+              mountPath: /etc/es-curator
+    {{- if $.Values.extraVolumeMounts }}
+{{ toYaml $.Values.extraVolumeMounts | indent 12 }}
+    {{- end }}
+          command: [ "curator" ]
+          args: [ "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ]
+          resources:
+{{ toYaml $.Values.resources | indent 12 }}
+    {{- with $.Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with $.Values.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with $.Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+{{- end -}}
+{{- end }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/curator/requirements.yaml b/kubernetes/common/elasticsearch/components/curator/requirements.yaml
new file mode 100644
index 0000000..ff65593
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/requirements.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml b/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml
new file mode 100644
index 0000000..dc2a430
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml
@@ -0,0 +1,24 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.enabled }}
+apiVersion: v1
+kind: ConfigMap
+{{ $role := "curator" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+data:
+  action_file.yml: {{ required "A valid .Values.configMaps.action_file_yml entry is required!" (toYaml .Values.configMaps.action_file_yml | indent 2) }}
+  config.yml: {{ required "A valid .Values.configMaps.config_yml entry is required!" (tpl (toYaml .Values.configMaps.config_yml | indent 2) $) }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml
new file mode 100644
index 0000000..901c0a5
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml
@@ -0,0 +1,112 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.enabled }}
+{{ $role := "curator" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+  {{- if .Values.cronjob.annotations }}
+  annotations: {{- toYaml .Values.cronjob.annotations | indent 4 }}
+  {{- end }}
+spec:
+  schedule: "{{ .Values.cronjob.schedule }}"
+  {{- with .Values.cronjob.concurrencyPolicy }}
+  concurrencyPolicy: {{ . }}
+  {{- end }}
+  {{- with .Values.cronjob.failedJobsHistoryLimit }}
+  failedJobsHistoryLimit: {{ . }}
+  {{- end }}
+  {{- with .Values.cronjob.successfulJobsHistoryLimit }}
+  successfulJobsHistoryLimit: {{ . }}
+  {{- end }}
+  jobTemplate:
+    metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+    spec:
+      template:
+        metadata: {{- include "common.templateMetadata" . | nindent 10 }}
+        spec:
+          volumes:
+            - name: config-volume
+              configMap:
+                name: {{ template "common.fullname" . }}-curator
+            {{- if .Values.extraVolumes }}
+            {{- toYaml .Values.extraVolumes | nindent 12 }}
+            {{- end }}
+          restartPolicy: {{ .Values.global.restartPolicy | default .Values.cronjob.jobRestartPolicy }}
+          {{- if .Values.priorityClassName }}
+          priorityClassName: {{ .Values.priorityClassName | quote }}
+          {{- end }}
+{{- include "elasticsearch.imagePullSecrets" . | indent 10 }}
+          {{- if .Values.extraInitContainers }}
+          initContainers:
+            {{- range $key, $value := .Values.extraInitContainers }}
+            - name: "{{ $key }}"
+            {{- toYaml $value | nindent 14 }}
+            {{- end }}
+          {{- end }}
+          {{- if .Values.rbac.enabled }}
+          serviceAccountName: {{ include "elasticsearch.curator.serviceAccountName" . }}
+          {{- end }}
+          {{- if .Values.affinity }}
+          affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.nodeSelector }}
+          nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.tolerations }}
+          tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.securityContext }}
+          securityContext: {{- toYaml .Values.securityContext | nindent 12 }}
+          {{- end }}
+          containers:
+            - name: {{ template "common.fullname" . }}-curator
+              image: {{printf "%s/%s:%s" (include "common.repository" .)  .Values.image.imageName  .Values.image.tag }}
+              imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+              volumeMounts:
+                - name: config-volume
+                  mountPath: /etc/es-curator
+                {{- if .Values.extraVolumeMounts }}
+                {{- toYaml .Values.extraVolumeMounts | nindent 16 }}
+                {{- end }}
+              {{ if .Values.command }}
+              command: {{ toYaml .Values.command | nindent 16 }}
+              {{- end }}
+              {{- if .Values.dryrun }}
+              args: [ "--dry-run", "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ]
+              {{- else }}
+              args: [ "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ]
+              {{- end }}
+              env:
+                {{- if .Values.env }}
+                {{- range $key,$value := .Values.env }}
+                - name: {{ $key | upper | quote}}
+                  value: {{ $value | quote}}
+                {{- end }}
+                {{- end }}
+                {{- if .Values.envFromSecrets }}
+                {{- range $key,$value := .Values.envFromSecrets }}
+                - name: {{ $key | upper | quote}}
+                  valueFrom:
+                    secretKeyRef:
+                      name: {{ $value.from.secret | quote}}
+                      key: {{ $value.from.key | quote}}
+                {{- end }}
+                {{- end }}
+              {{- if .Values.resources }}
+              resources: {{- toYaml .Values.resources | nindent 16 }}
+              {{- end }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml b/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml
new file mode 100644
index 0000000..6fe032d
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml
@@ -0,0 +1,46 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if and .Values.enabled .Values.psp.create }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+{{ $role := "curator" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+spec:
+  privileged: true
+  #requiredDropCapabilities:
+  volumes:
+    - 'configMap'
+    - 'secret'
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: 'MustRunAsNonRoot'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/curator/templates/role.yaml b/kubernetes/common/elasticsearch/components/curator/templates/role.yaml
new file mode 100644
index 0000000..0d189f4
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/templates/role.yaml
@@ -0,0 +1,32 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if and .Values.enabled .Values.rbac.enabled }}
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+{{ $role := "curator" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role "component" "elasticsearch-curator-configmap") -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+rules:
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["update", "patch"]
+  {{- if .Values.psp.create }}
+  - apiGroups: ["extensions"]
+    resources: ["podsecuritypolicies"]
+    verbs: ["use"]
+    resourceNames:
+      - {{ include "common.fullname" (dict "suffix" $suffix "dot" .) }}
+  {{- end }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml b/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml
new file mode 100644
index 0000000..b112468
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml
@@ -0,0 +1,29 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if and .Values.enabled .Values.rbac.enabled }}
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+{{ $role := "curator" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role "component" "elasticsearch-curator-configmap") -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+roleRef:
+  kind: Role
+  name: {{ template "common.name" (dict "suffix" $suffix "dot" .) }}
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "elasticsearch.curator.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml
new file mode 100644
index 0000000..0bd4ae0
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if and .Values.enabled .Values.serviceAccount.create .Values.rbac.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+{{ $role := .Values.name -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/curator/values.yaml b/kubernetes/common/elasticsearch/components/curator/values.yaml
new file mode 100644
index 0000000..5e0d966
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/values.yaml
@@ -0,0 +1,180 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+  persistence:
+    mountPath: /dockerdata-nfs
+    backup:
+      mountPath: /dockerdata-nfs/backup
+    storageClass:
+  clusterName: cluster.local
+repositoryOverride: docker.io
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+## Elasticsearch curator parameters
+##
+enabled: false
+name: curator
+image:
+  imageName: bitnami/elasticsearch-curator
+  tag: 5.8.1-debian-9-r74
+  pullPolicy: IfNotPresent
+  ## Optionally specify an array of imagePullSecrets.
+  ## Secrets must be manually created in the namespace.
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+  ##
+  # pullSecrets:
+  #   - myRegistryKeySecretName
+service:
+  port: 9200
+cronjob:
+  # At 01:00 every day
+  schedule: "0 1 * * *"
+  annotations: {}
+  concurrencyPolicy: ""
+  failedJobsHistoryLimit: ""
+  successfulJobsHistoryLimit: ""
+  jobRestartPolicy: Never
+podAnnotations: {}
+rbac:
+  # Specifies whether RBAC should be enabled
+  enabled: false
+serviceAccount:
+  # Specifies whether a ServiceAccount should be created
+  create: true
+  # The name of the ServiceAccount to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name:
+psp:
+  # Specifies whether a podsecuritypolicy should be created
+  create: false
+hooks:
+  install: false
+  upgrade: false
+# run curator in dry-run mode
+dryrun: false
+command: ["curator"]
+env: {}
+configMaps:
+  # Delete indices older than 90 days
+  action_file_yml: |-
+    ---
+    actions:
+      1:
+        action: delete_indices
+        description: "Clean up ES by deleting old indices"
+        options:
+          timeout_override:
+          continue_if_exception: False
+          disable_action: False
+          ignore_empty_list: True
+        filters:
+        - filtertype: age
+          source: name
+          direction: older
+          timestring: '%Y.%m.%d'
+          unit: days
+          unit_count: 90
+          field:
+          stats_result:
+          epoch:
+          exclude: False
+  # Default config (this value is evaluated as a template)
+  config_yml: |-
+    ---
+    client:
+      hosts:
+        {{ template "common.fullname" . }}.{{ template "common.namespace" . }}.svc.{{ .Values.global.clusterName }}
+      port: {{ .Values.service.port }}
+      # url_prefix:
+      # use_ssl: True
+      # certificate:
+      # client_cert:
+      # client_key:
+      # ssl_no_validate: True
+      # http_auth:
+      # timeout: 30
+      # master_only: False
+    # logging:
+    #   loglevel: INFO
+    #   logfile:
+    #   logformat: default
+    #   blacklist: ['elasticsearch', 'urllib3']
+## Curator resources requests and limits
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  limits: {}
+  #  cpu: 100m
+  #  memory: 128Mi
+  requests: {}
+  #  cpu: 100m
+  #  memory: 128Mi
+priorityClassName: ""
+# extraVolumes and extraVolumeMounts allows you to mount other volumes
+# Example Use Case: mount ssl certificates when elasticsearch has tls enabled
+# extraVolumes:
+#   - name: es-certs
+#     secret:
+#       defaultMode: 420
+#       secretName: es-certs
+# extraVolumeMounts:
+#   - name: es-certs
+#     mountPath: /certs
+#     readOnly: true
+## Add your own init container or uncomment and modify the given example.
+##
+extraInitContainers: {}
+## Don't configure S3 repository till Elasticsearch is reachable.
+## Ensure that it is available at http://elasticsearch:9200
+##
+# elasticsearch-s3-repository:
+#   image: bitnami/minideb:latest
+#   imagePullPolicy: "IfNotPresent"
+#   command:
+#   - "/bin/bash"
+#   - "-c"
+#   args:
+#   - |
+#     ES_HOST=elasticsearch
+#     ES_PORT=9200
+#     ES_REPOSITORY=backup
+#     S3_REGION=us-east-1
+#     S3_BUCKET=bucket
+#     S3_BASE_PATH=backup
+#     S3_COMPRESS=true
+#     S3_STORAGE_CLASS=standard
+#     install_packages curl && \
+#     ( counter=0; while (( counter++ < 120 )); do curl -s http://${ES_HOST}:${ES_PORT} >/dev/null 2>&1 && break; echo "Waiting for elasticsearch $counter/120"; sleep 1; done ) && \
+#     cat <<EOF | curl -sS -XPUT -H "Content-Type: application/json" -d @- http://${ES_HOST}:${ES_PORT}/_snapshot/${ES_REPOSITORY} \
+#     {
+#       "type": "s3",
+#       "settings": {
+#         "bucket": "${S3_BUCKET}",
+#         "base_path": "${S3_BASE_PATH}",
+#         "region": "${S3_REGION}",
+#         "compress": "${S3_COMPRESS}",
+#         "storage_class": "${S3_STORAGE_CLASS}"
+#       }
+#     }
+
diff --git a/kubernetes/common/elasticsearch/components/data/Chart.yaml b/kubernetes/common/elasticsearch/components/data/Chart.yaml
new file mode 100644
index 0000000..5243a56
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/data/Chart.yaml
@@ -0,0 +1,19 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: v1
+description: ONAP elasticsearch data
+name: data
+version: 6.0.0
diff --git a/kubernetes/common/elasticsearch/components/data/requirements.yaml b/kubernetes/common/elasticsearch/components/data/requirements.yaml
new file mode 100644
index 0000000..6a61926
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/data/requirements.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/common/elasticsearch/components/data/templates/pv.yaml b/kubernetes/common/elasticsearch/components/data/templates/pv.yaml
new file mode 100644
index 0000000..c713ec8
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/data/templates/pv.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}}
diff --git a/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml
new file mode 100644
index 0000000..2ac3880
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+{{ $role := .Values.name -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml
new file mode 100644
index 0000000..994b458
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml
@@ -0,0 +1,175 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: apps/v1
+kind: StatefulSet
+{{ $role := "data" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+spec:
+  updateStrategy:
+    type: {{ .Values.updateStrategy.type }}
+    {{- if (eq "OnDelete" .Values.updateStrategy.type) }}
+    rollingUpdate: null
+    {{- else if .Values.updateStrategy.rollingUpdatePartition }}
+    rollingUpdate:
+      partition: {{ .Values.updateStrategy.rollingUpdatePartition }}
+    {{- end }}
+  selector: {{- include "common.selectors" (dict "matchLabels" $labels "dot" .) | nindent 4 }}
+  serviceName: {{ include "common.fullname" . }}-data
+  replicas: {{ .Values.replicaCount }}
+  template:
+    metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }}
+    spec:
+{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
+      {{- if .Values.affinity }}
+      affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.tolerations }}
+      tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ template "elasticsearch.data.serviceAccountName" . }}
+      {{- if .Values.securityContext.enabled }}
+      securityContext:
+        fsGroup: {{ .Values.securityContext.fsGroup }}
+      {{- end }}
+      {{- if or .Values.sysctlImage.enabled (and .Values.volumePermissions.enabled .Values.persistence.enabled) }}
+      initContainers:
+        {{- if .Values.sysctlImage.enabled }}
+        ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors)
+        - name: sysctl
+          image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          command:
+            - /bin/sh
+            - -c
+            - |
+              set -o errexit
+              set -o pipefail
+              set -o nounset
+              sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536
+          securityContext:
+            privileged: true
+        {{- end }}
+        {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
+        - name: volume-permissions
+          image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          command:
+            - /bin/sh
+            - -c
+            - |
+              chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //bitnami/elasticsearch/data
+          securityContext:
+            runAsUser: 0
+          {{- if .Values.volumePermissions.resource }}
+          resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: data
+              mountPath: "/bitnami/elasticsearch/data"
+        {{- end }}
+      {{- end }}
+      containers:
+        - name: {{ include "common.name" . }}-elasticsearch
+          image: {{ printf "%s/%s:%s" (include "common.repository" .)  .Values.image.imageName  .Values.image.tag }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          {{- if .Values.securityContext.enabled }}
+          securityContext:
+            runAsUser: {{ .Values.securityContext.runAsUser }}
+          {{- end }}
+          env:
+            - name: BITNAMI_DEBUG
+              value: {{ ternary "true" "false" .Values.image.debug | quote }}
+            - name: ELASTICSEARCH_CLUSTER_NAME
+              value: {{include "elasticsearch.clustername" .}}
+            - name: ELASTICSEARCH_CLUSTER_HOSTS
+              value: {{ include "common.name" . }}-discovery
+            {{- if .Values.plugins }}
+            - name: ELASTICSEARCH_PLUGINS
+              value: {{ .Values.plugins | quote }}
+            {{- end }}
+            - name: ELASTICSEARCH_HEAP_SIZE
+              value: {{ .Values.heapSize | quote }}
+            - name: ELASTICSEARCH_IS_DEDICATED_NODE
+              value: "yes"
+            - name: ELASTICSEARCH_NODE_TYPE
+              value: "data"
+          ports: {{- include "common.containerPorts" . |indent 12 }}
+          {{- if .Values.livenessProbe.enabled }}
+          livenessProbe:
+            initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+            httpGet:
+              path: /_cluster/health?local=true
+              port: 9200
+          {{- end }}
+          {{- if .Values.readinessProbe.enabled }}
+          readinessProbe:
+            initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+            httpGet:
+              path: /_cluster/health?local=true
+              port: 9200
+          {{- end }}
+          {{- if .Values.resources }}
+          resources: {{- toYaml .Values.resources | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            {{- if .Values.config }}
+            - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml
+              name: "config"
+              subPath: elasticsearch.yml
+            {{- end }}
+            - name: "data"
+              mountPath: "/bitnami/elasticsearch/data"
+            {{- if .Values.extraVolumeMounts }}
+            {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
+            {{- end }}
+      volumes:
+        {{- if .Values.config }}
+        - name: "config"
+          configMap:
+            name: {{ template "common.fullname" . }}
+        {{- end }}
+        {{- if .Values.extraVolumes }}
+        {{- toYaml .Values.extraVolumes | nindent 8 }}
+        {{- end }}
+{{- if not .Values.persistence.enabled }}
+        - name: "data"
+          emptyDir: {}
+{{- else }}
+  volumeClaimTemplates:
+    - metadata:
+        name: "data"
+        {{- if .Values.persistence.annotations }}
+        annotations: {{- toYaml .Values.persistence.annotations | nindent 10 }}
+        {{- end }}
+      spec:
+        accessModes:
+          - {{ .Values.persistence.accessMode }}
+        storageClassName: {{ include "common.storageClass" (dict "dot" . "suffix" .Values.persistence.suffix) }}
+        resources:
+          requests:
+            storage: {{ .Values.persistence.size | quote }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/data/values.yaml b/kubernetes/common/elasticsearch/components/data/values.yaml
new file mode 100644
index 0000000..cfb7f51
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/data/values.yaml
@@ -0,0 +1,170 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+  persistence:
+    mountPath: /dockerdata-nfs
+    backup:
+      mountPath: /dockerdata-nfs/backup
+    storageClass:
+repositoryOverride: docker.io
+#################################################################
+# Application configuration defaults.
+#################################################################
+## Init containers parameters:
+sysctlImage:
+  enabled: true
+## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
+volumePermissions:
+  enabled: true
+# application image
+## Elasticsearch data node parameters
+##
+name: data
+## Number of data node(s) replicas to deploy
+##
+replicaCount: 0
+## required for "common.containerPorts"
+## no dedicated service for data nodes
+service:
+  ## list of ports for "common.containerPorts"
+  ports:
+  - name: http-transport
+    port: 9300
+
+image:
+  imageName: bitnami/elasticsearch
+  tag: 6.8.6-debian-9-r23
+  ## Specify a imagePullPolicy
+  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+  ##
+  pullPolicy: IfNotPresent
+  ## Optionally specify an array of imagePullSecrets.
+  ## Secrets must be manually created in the namespace.
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+  ##
+  # pullSecrets:
+  #   - myRegistryKeySecretName
+  ## Set to true if you would like to see extra information on logs
+  ## ref:  https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+  ##
+  debug: false
+
+
+## updateStrategy for ElasticSearch Data statefulset
+## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+##
+updateStrategy:
+  type: RollingUpdate
+  # rollingUpdatePartition
+heapSize: 128m
+## Provide annotations for the data pods.
+##
+podAnnotations: {}
+## Pod Security Context for data pods.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+##
+securityContext:
+  enabled: true
+  fsGroup: 1001
+  runAsUser: 1001
+## Affinity for pod assignment.
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}
+## Node labels for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## Tolerations for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
+## Elasticsearch data container's resource requests and limits
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+  ## We usually recommend not to specify default resources and to leave this as a conscious
+  ## choice for the user. This also increases chances charts run on environments with little
+  ## resources, such as Minikube.
+  limits: {}
+  #   cpu: 100m
+  #   memory: 128Mi
+  requests:
+    cpu: 25m
+    memory: 1152Mi
+## Elasticsearch data container's liveness and readiness probes
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+##
+livenessProbe:
+  enabled: false
+#  initialDelaySeconds: 90
+#  periodSeconds: 10
+#  timeoutSeconds: 5
+#  successThreshold: 1
+#  failureThreshold: 5
+readinessProbe:
+  enabled: false
+#  initialDelaySeconds: 90
+#  periodSeconds: 10
+#  timeoutSeconds: 5
+#  successThreshold: 1
+#  failureThreshold: 5
+## Enable persistence using Persistent Volume Claims
+## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+##
+persistence:
+  ## If true, use a Persistent Volume Claim, If false, use emptyDir
+  ##
+  enabled: true
+  ## suffix for pv
+  suffix: data-pv
+
+  ## Persistent Volume Storage Class
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is
+  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+  ##   GKE, AWS & OpenStack)
+  ##
+  # storageClass: "-"
+  ## Persistent Volume Claim annotations
+  ##
+  annotations: {}
+  ## Persistent Volume Access Mode
+  ##
+  accessMode:  ReadWriteOnce
+  ## Persistent Volume size
+  ##
+  size: 8Gi
+## Provide functionality to use RBAC
+##
+  # existingClaim:
+  volumeReclaimPolicy: Retain
+  mountSubPath: elastic-data
+  storageType: local
+  backup:
+    mountPath: /dockerdata-nfs/backup
+serviceAccount:
+  ## Specifies whether a ServiceAccount should be created for the data node
+  ##
+  create: false
+  ## The name of the ServiceAccount to use.
+  ## If not set and create is true, a name is generated using the fullname template
+  ##
+  # name:
diff --git a/kubernetes/common/elasticsearch/components/master/Chart.yaml b/kubernetes/common/elasticsearch/components/master/Chart.yaml
new file mode 100644
index 0000000..e9ac99a
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/master/Chart.yaml
@@ -0,0 +1,20 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+
+apiVersion: v1
+description: ONAP elasticsearch master
+name: master
+version: 6.0.0
diff --git a/kubernetes/common/elasticsearch/components/master/requirements.yaml b/kubernetes/common/elasticsearch/components/master/requirements.yaml
new file mode 100644
index 0000000..6a61926
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/master/requirements.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/common/elasticsearch/components/master/templates/pv.yaml b/kubernetes/common/elasticsearch/components/master/templates/pv.yaml
new file mode 100644
index 0000000..c713ec8
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/master/templates/pv.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}}
diff --git a/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml
new file mode 100644
index 0000000..05a3af3
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml
@@ -0,0 +1,23 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+{{ $role := .Values.name -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml
new file mode 100644
index 0000000..dfa3ccb
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml
@@ -0,0 +1,179 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: StatefulSet
+{{ $role := "master" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+spec:
+  updateStrategy:
+    type: {{ .Values.updateStrategy.type }}
+    {{- if (eq "OnDelete" .Values.updateStrategy.type) }}
+    rollingUpdate: null
+    {{- end }}
+  selector: {{- include "common.selectors" (dict "matchLabels" $labels "dot" .)| nindent 4 }}
+  serviceName: {{ include "common.fullname" . }}-master
+  replicas: {{ .Values.replicaCount }}
+  template:
+    metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }}
+    spec:
+{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
+      {{- if .Values.affinity }}
+      affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.tolerations }}
+      tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ template "elasticsearch.serviceAccountName" . }}
+      {{- if .Values.securityContext.enabled }}
+      securityContext:
+        fsGroup: {{ .Values.securityContext.fsGroup }}
+      {{- end }}
+      {{- if or .Values.sysctlImage.enabled (and .Values.volumePermissions.enabled .Values.persistence.enabled) }}
+      initContainers:
+        {{- if .Values.sysctlImage.enabled }}
+        ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors)
+        - name: sysctl
+          image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          command:
+            - /bin/sh
+            - -c
+            - |
+              set -o errexit
+              set -o pipefail
+              set -o nounset
+              sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536
+          securityContext:
+            privileged: true
+        {{- end }}
+        {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
+        - name: volume-permissions
+          image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          command:
+            - /bin/sh
+            - -c
+            - |
+              chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //bitnami/elasticsearch/data
+          securityContext:
+            runAsUser: 0
+          {{- if .Values.volumePermissions.resource }}
+          resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: data
+              mountPath: "/bitnami/elasticsearch/data"
+        {{- end }}
+      {{- end }}
+      containers:
+        - name: {{ include "common.name" . }}-elasticsearch
+          image: {{ printf "%s/%s:%s" (include "common.repository" .)  .Values.image.imageName  .Values.image.tag }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          {{- if .Values.securityContext.enabled }}
+          securityContext:
+            runAsUser: {{ .Values.securityContext.runAsUser }}
+          {{- end }}
+          env:
+            - name: BITNAMI_DEBUG
+              value: {{ ternary "true" "false" .Values.image.debug | quote }}
+            - name: ELASTICSEARCH_CLUSTER_NAME
+              value: {{ include "elasticsearch.clustername" . }}
+            - name: ELASTICSEARCH_CLUSTER_HOSTS
+              value: {{ include "common.name" . }}-discovery
+            - name: ELASTICSEARCH_CLUSTER_MASTER_HOSTS
+              {{- $elasticsearchMasterFullname := printf "%s-%s" (include "common.fullname" . ) "master" }}
+              {{- $replicas := int .Values.replicaCount }}
+              value: {{range $i, $e := until $replicas }}{{ $elasticsearchMasterFullname }}-{{ $e }} {{ end }}
+            - name: ELASTICSEARCH_MINIMUM_MASTER_NODES
+              value: {{ add (div .Values.replicaCount 2) 1 | quote }}
+            {{- if .Values.plugins }}
+            - name: ELASTICSEARCH_PLUGINS
+              value: {{ .Values.plugins | quote }}
+            {{- end }}
+            - name: ELASTICSEARCH_HEAP_SIZE
+              value: {{ .Values.heapSize | quote }}
+            - name: ELASTICSEARCH_IS_DEDICATED_NODE
+              value: {{ .Values.dedicatednode | quote }}
+            - name: ELASTICSEARCH_NODE_TYPE
+              value: "master"
+          ports: {{- include "common.containerPorts" . |indent 12 }}
+          {{- if .Values.livenessProbe.enabled }}
+          livenessProbe:
+            initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+            httpGet:
+              path: /_cluster/health?local=true
+              port: 9200
+          {{- end }}
+          {{- if .Values.readinessProbe.enabled }}
+          readinessProbe:
+            initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+            httpGet:
+              path: /_cluster/health?local=true
+              port: 9200
+          {{- end }}
+          {{- if .Values.resources }}
+          resources: {{- toYaml .Values.resources | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            {{- if .Values.config }}
+            - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml
+              name: config
+              subPath: elasticsearch.yml
+            {{- end }}
+            - name: data
+              mountPath: /bitnami/elasticsearch/data
+            {{- if .Values.extraVolumeMounts }}
+            {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
+            {{- end }}
+      volumes:
+        {{- if .Values.config }}
+        - name: config
+          configMap:
+            name: {{ include "common.fullname" . }}
+        {{- end }}
+        {{- if .Values.extraVolumes }}
+        {{- toYaml .Values.extraVolumes | nindent 8 }}
+        {{- end }}
+{{- if not .Values.persistence.enabled }}
+        - name: "data"
+          emptyDir: {}
+{{- else }}
+  volumeClaimTemplates:
+    - metadata:
+        name: "data"
+        {{- if .Values.persistence.annotations }}
+        annotations: {{- toYaml .Values.persistence.annotations | nindent 10 }}
+        {{- end }}
+      spec:
+        accessModes:
+          - {{ .Values.persistence.accessMode }}
+        storageClassName: {{ include "common.storageClass" (dict "dot" . "suffix" .Values.persistence.suffix) }}
+        resources:
+          requests:
+            storage: {{ .Values.persistence.size | quote }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/master/templates/svc.yaml b/kubernetes/common/elasticsearch/components/master/templates/svc.yaml
new file mode 100644
index 0000000..8d66ef0
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/master/templates/svc.yaml
@@ -0,0 +1,19 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+{{ $role := "master" -}}
+{{ $labels := (dict "role" $role) -}}
+{{ $matchLabels := (dict "role" $role) }}
+{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }}
\ No newline at end of file
diff --git a/kubernetes/common/elasticsearch/components/master/values.yaml b/kubernetes/common/elasticsearch/components/master/values.yaml
new file mode 100644
index 0000000..2862692
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/master/values.yaml
@@ -0,0 +1,203 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+  persistence:
+    mountPath: /dockerdata-nfs
+    backup:
+      mountPath: /dockerdata-nfs/backup
+    storageClass:
+repositoryOverride: docker.io
+#################################################################
+# Application configuration defaults.
+#################################################################
+## Init containers parameters:
+sysctlImage:
+  enabled: true
+## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
+volumePermissions:
+  enabled: true
+
+# application image
+## Elasticsearch master-eligible node parameters
+##
+name: master
+## Number of master-eligible node(s) replicas to deploy
+##
+replicaCount: 3
+## master acts as master only node, choose 'no' if no further data nodes are deployed)
+dedicatednode: "yes"
+## dedicatednode: "no"
+image:
+  imageName: bitnami/elasticsearch
+  tag: 6.8.6-debian-9-r23
+  ## Specify a imagePullPolicy
+  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+  ##
+  pullPolicy: IfNotPresent
+  ## Optionally specify an array of imagePullSecrets.
+  ## Secrets must be manually created in the namespace.
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+  ##
+  # pullSecrets:
+  #   - myRegistryKeySecretName
+  ## Set to true if you would like to see extra information on logs
+  ## ref:  https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+  ##
+  debug: false
+
+## String to partially override common.fullname template (will maintain the release name)
+##
+# nameOverride:
+
+## String to fully override common.fullname template
+##
+# fullnameOverride:
+## updateStrategy for ElasticSearch master statefulset
+## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+##
+updateStrategy:
+  type: RollingUpdate
+heapSize: 128m
+## Provide annotations for master-eligible pods.
+##
+podAnnotations: {}
+## Pod Security Context for master-eligible pods.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+##
+securityContext:
+  enabled: true
+  fsGroup: 1001
+  runAsUser: 1001
+## Affinity for pod assignment.
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}
+## Node labels for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## Tolerations for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
+## Elasticsearch master-eligible container's resource requests and limits
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+  ## We usually recommend not to specify default resources and to leave this as a conscious
+  ## choice for the user. This also increases chances charts run on environments with little
+  ## resources, such as Minikube.
+  limits: {}
+  #   cpu: 100m
+  #   memory: 128Mi
+  requests:
+    cpu: 25m
+    memory: 256Mi
+## Elasticsearch master-eligible container's liveness and readiness probes
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+##
+livenessProbe:
+  enabled: false
+#  initialDelaySeconds: 90
+#  periodSeconds: 10
+#  timeoutSeconds: 5
+#  successThreshold: 1
+#  failureThreshold: 5
+readinessProbe:
+  enabled: false
+#  initialDelaySeconds: 90
+#  periodSeconds: 10
+#  timeoutSeconds: 5
+#  successThreshold: 1
+#  failureThreshold: 5
+## Enable persistence using Persistent Volume Claims
+## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+##
+persistence:
+  ## If true, use a Persistent Volume Claim, If false, use emptyDir
+  ##
+  enabled: true
+  ## suffix for pv
+  suffix: master-pv
+  ## Persistent Volume Storage Class
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is
+  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+  ##   GKE, AWS & OpenStack)
+  ##
+  # storageClass: "-"
+  ## Persistent Volume Claim annotations
+  ##
+  annotations: {}
+  ## Persistent Volume Access Mode
+  ##
+  accessMode: ReadWriteOnce
+  ## Persistent Volume size
+  ##
+  size: 8Gi
+  # existingClaim:
+  volumeReclaimPolicy: Retain
+  mountSubPath: elastic-master
+  storageType: local
+  backup:
+    mountPath: /dockerdata-nfs/backup
+## Service parameters for master-eligible node(s)
+##
+service:
+  suffix: "service"
+  name: ""
+  ## list of ports for "common.containerPorts"
+  ## Elasticsearch transport port
+  ports:
+  - name: http-transport
+    port: 9300
+  ## master-eligible service type
+  ##
+  type: ClusterIP
+  ## Specify the nodePort value for the LoadBalancer and NodePort service types.
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+  ##
+  # nodePort:
+  ## Provide any additional annotations which may be required. This can be used to
+  ## set the LoadBalancer service type to internal only.
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
+  ##
+  annotations: {}
+  ## Set the LoadBalancer service type to internal only.
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
+  ##
+  # loadBalancerIP:
+## Provide functionality to use RBAC
+##
+serviceAccount:
+  ## Specifies whether a ServiceAccount should be created for the master node
+  create: false
+  ## The name of the ServiceAccount to use.
+  ## If not set and create is true, a name is generated using the fullname template
+  # name:
+
+
+## Elasticsearch cluster name
+##
+clusterName: elastic-cluster
+
+
+
diff --git a/kubernetes/common/elasticsearch/requirements.yaml b/kubernetes/common/elasticsearch/requirements.yaml
new file mode 100644
index 0000000..84fa71c
--- /dev/null
+++ b/kubernetes/common/elasticsearch/requirements.yaml
@@ -0,0 +1,30 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~6.x-0
+    repository: '@local'
+  - name: master
+    version: ~6.x-0
+    repository: 'file://components/master'
+  - name: data
+    version: ~6.x-0
+    repository: 'file://components/data'
+    condition: elasticsearch.data.enabled,data.enabled
+  - name: curator
+    version: ~6.x-0
+    repository: 'file://components/curator'
+    condition: elasticsearch.curator.enabled,curator.enabled
+
diff --git a/kubernetes/common/elasticsearch/templates/_helpers.tpl b/kubernetes/common/elasticsearch/templates/_helpers.tpl
new file mode 100644
index 0000000..fdbe82f
--- /dev/null
+++ b/kubernetes/common/elasticsearch/templates/_helpers.tpl
@@ -0,0 +1,103 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+
+
+{{ define "elasticsearch.clustername"}}
+{{- printf "%s-%s" (include "common.name" .) "cluster" -}}
+{{- end -}}
+
+{{/*
+This define should be used instead of "common.fullname" to allow
+special handling of kibanaEnabled=true
+Create a default fully qualified coordinating name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "elasticsearch.coordinating.fullname" -}}
+{{- if .Values.global.kibanaEnabled -}}
+{{- printf "%s-%s" .Release.Name .Values.global.coordinating.name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" (include "common.fullname" .) .Values.global.coordinating.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Create the name of the master service account to use
+ */}}
+{{- define "elasticsearch.master.serviceAccountName" -}}
+{{- if .Values.master.serviceAccount.create -}}
+    {{ default (include "common.fullname" (dict "suffix" "master" "dot" .)) .Values.master.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.master.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Create the name of the coordinating-only service account to use
+ */}}
+{{- define "elasticsearch.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "common.fullname" . ) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Create the name of the data service account to use
+ */}}
+{{- define "elasticsearch.data.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "common.fullname" (dict "suffix" "data" "dot" .)) .Values.data.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "elasticsearch.imagePullSecrets" -}}
+{{- if .Values.global }}
+{{- if .Values.global.imagePullSecrets }}
+imagePullSecrets:
+{{- range .Values.global.imagePullSecrets }}
+  - name: {{ . }}
+{{- end }}
+{{- end }}
+{{- else }}
+{{- $imagePullSecrets := coalesce .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.curator.image.pullSecrets .Values.sysctlImage.pullSecrets .Values.volumePermissions.image.pullSecrets -}}
+{{- if $imagePullSecrets }}
+imagePullSecrets:
+{{- range $imagePullSecrets }}
+  - name: {{ . }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "elasticsearch.curator.serviceAccountName" -}}
+{{- if .Values.curator.serviceAccount.create -}}
+    {{ default (include "common.fullname" (dict "suffix" "currator" "dot" .)) .Values.curator.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.curator.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
diff --git a/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml b/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml
new file mode 100644
index 0000000..b4e0044
--- /dev/null
+++ b/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml
@@ -0,0 +1,33 @@
+
+{{ if .Values.global.aafEnabled }}
+{{/*
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.aafConfig.addconfig -}}
+apiVersion: v1
+kind: ConfigMap
+{{ $suffix := "aaf-add-config" -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
+data:
+  aaf-add-config.sh: |-
+    cd /opt/app/osaaf/local
+    mkdir -p certs
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0)
+    keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.aafConfig.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password
+    openssl pkcs12 -in {{ .Values.aafConfig.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12
+    cp {{ .Values.aafConfig.fqi_namespace }}.key certs/key.pem
+    chmod -R 755 certs
+{{- end -}}
+{{- end -}}
diff --git a/kubernetes/common/elasticsearch/templates/configmap-es.yaml b/kubernetes/common/elasticsearch/templates/configmap-es.yaml
new file mode 100644
index 0000000..38234da
--- /dev/null
+++ b/kubernetes/common/elasticsearch/templates/configmap-es.yaml
@@ -0,0 +1,20 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.config }}
+apiVersion: v1
+kind: ConfigMap
+metadata:  {{- include "common.resourceMetadata" . | nindent 2 }}
+data:
+  elasticsearch.yml: |- {{- toYaml .Values.config | nindent 4 }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/templates/configmap-server-block.yaml b/kubernetes/common/elasticsearch/templates/configmap-server-block.yaml
new file mode 100644
index 0000000..49ce0ef
--- /dev/null
+++ b/kubernetes/common/elasticsearch/templates/configmap-server-block.yaml
@@ -0,0 +1,31 @@
+{{/*
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.nginx.serverBlock -}}
+
+apiVersion: v1
+kind: ConfigMap
+{{ $suffix := "nginx-server-block" -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
+data:
+  server-block.conf: |-
+{{ if .Values.global.aafEnabled }}
+{{ .Values.nginx.serverBlock.https | indent 4 }}
+{{ else }}
+{{ .Values.nginx.serverBlock.http | indent 4 }}
+
+
+{{ end }}
+{{- end -}}
diff --git a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
new file mode 100644
index 0000000..65a7f46
--- /dev/null
+++ b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
@@ -0,0 +1,167 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: apps/v1
+kind: Deployment
+{{ $role := "coordinating-only" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+spec:
+  strategy:
+    type: {{ .Values.updateStrategy.type }}
+    {{- if (eq "Recreate" .Values.updateStrategy.type) }}
+    rollingUpdate: null
+    {{- end }}
+  selector: {{- include "common.selectors" (dict "matchLabels" $labels "dot" .) | nindent 4 }}
+  replicas: {{ .Values.replicaCount }}
+  template:
+    metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }}
+    spec:
+{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
+      {{- if .Values.affinity }}
+      affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.tolerations }}
+      tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ template "elasticsearch.serviceAccountName" . }}
+      {{- if .Values.securityContext.enabled }}
+      securityContext:
+        fsGroup: {{ .Values.securityContext.fsGroup }}
+      {{- end }}
+
+      ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors)
+      initContainers:
+      {{- if .Values.sysctlImage.enabled }}
+        - name: sysctl
+          image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          command:
+            - /bin/sh
+            - -c
+            - |
+              set -o errexit
+              set -o pipefail
+              set -o nounset
+              sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536
+          securityContext:
+            privileged: true
+      {{- end }}
+          {{ include "common.aaf-config" . | nindent 8}}
+
+      containers:
+        - name: {{ include "common.name" . }}-nginx
+          image: {{printf "%s/%s:%s" (include "common.repository" .)  .Values.nginx.imageName  .Values.nginx.tag }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.nginx.pullPolicy | quote }}
+          ports: {{- include "common.containerPorts" . | indent 12 -}}
+          {{- if .Values.nginx.livenessProbe }}
+          livenessProbe: {{- toYaml .Values.nginx.livenessProbe | nindent 12 }}
+          {{- end }}
+          {{- if .Values.nginx.readinessProbe }}
+          readinessProbe: {{- toYaml .Values.nginx.readinessProbe | nindent 12 }}
+          {{- end }}
+          {{- if .Values.nginx.resources }}
+          resources: {{- toYaml .Values.nginx.resources | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+          {{- if .Values.nginx.serverBlock }}
+          - name: nginx-server-block
+            mountPath: /opt/bitnami/nginx/conf/server_blocks
+          {{- end }}
+          {{- include "common.aaf-config-volume-mountpath" . | nindent 10 }}
+
+        - name: {{ include "common.name" . }}-elasticsearch
+          image: {{ printf "%s/%s:%s" (include "common.repository" .)  .Values.image.imageName  .Values.image.tag }}
+          {{- if .Values.securityContext.enabled }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          securityContext:
+            runAsUser: {{ .Values.securityContext.runAsUser }}
+          {{- end }}
+          env:
+            - name: BITNAMI_DEBUG
+              value: {{ ternary "true" "false" .Values.image.debug | quote }}
+            - name: ELASTICSEARCH_CLUSTER_NAME
+              value: {{ include "elasticsearch.clustername" .}}
+            - name: ELASTICSEARCH_CLUSTER_HOSTS
+              value: {{ include "common.name" . }}-discovery
+            {{- if .Values.plugins }}
+            - name: ELASTICSEARCH_PLUGINS
+              value: {{ .Values.plugins | quote }}
+            {{- end }}
+            - name: ELASTICSEARCH_HEAP_SIZE
+              value: {{ .Values.heapSize | quote }}
+            - name: ELASTICSEARCH_IS_DEDICATED_NODE
+              value: "yes"
+            - name: ELASTICSEARCH_NODE_TYPE
+              value: "coordinating"
+            - name: ELASTICSEARCH_PORT_NUMBER
+              value: "9000"
+          {{/*ports: {{- include "common.containerPorts" . | indent 12 -}} */}}
+          {{- if .Values.livenessProbe.enabled }}
+          livenessProbe:
+            initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+            httpGet:
+              path: /_cluster/health?local=true
+              port: http
+          {{- end }}
+          {{- if .Values.readinessProbe.enabled}}
+          readinessProbe:
+            initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.readinessProbe.successThreshold }}
+            failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
+            httpGet:
+              path: /_cluster/health?local=true
+              port: http
+          {{- end }}
+          {{- if .Values.resources }}
+          resources: {{- toYaml .Values.resources | nindent 12 }}
+          {{- end}}
+          volumeMounts:
+            {{- if .Values.config }}
+            - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml
+              name: config
+              subPath: elasticsearch.yml
+            {{- end }}
+            - name: data
+              mountPath: "/bitnami/elasticsearch/data/"
+            {{- if .Values.extraVolumeMounts }}
+            {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
+            {{- end }}
+      volumes:
+        {{- if .Values.config }}
+        - name: config
+          configMap:
+            name: {{ include "common.fullname" . }}
+        {{- end }}
+        - name: data
+          emptyDir: {}
+        {{- if .Values.extraVolumes }}
+        {{- toYaml .Values.extraVolumes | nindent 8 }}
+        {{- end }}
+        {{- if .Values.nginx.serverBlock }}
+        - name: nginx-server-block
+          configMap:
+            name: {{ include "common.fullname" . }}-nginx-server-block
+        {{- end }}
+        {{- include "common.aaf-config-volumes" . | nindent 8}}
+
diff --git a/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml
new file mode 100644
index 0000000..610c7d6
--- /dev/null
+++ b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ $role := "coordinating-only" -}}
+{{ $labels := (dict "role" $role) -}}
+{{ $matchLabels := (dict "role" $role) }}
+{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }}
diff --git a/kubernetes/common/elasticsearch/templates/discovery-svc.yaml b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml
new file mode 100644
index 0000000..fa79c29
--- /dev/null
+++ b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- $matchLabels := (dict "discovery" (include "elasticsearch.clustername" .) "nameNoMatch" "useDiscoveryService") }}
+{{ include "common.headlessService" (dict "matchLabels" $matchLabels "dot" .) }}
diff --git a/kubernetes/common/elasticsearch/templates/secrets.yaml b/kubernetes/common/elasticsearch/templates/secrets.yaml
new file mode 100644
index 0000000..359e897
--- /dev/null
+++ b/kubernetes/common/elasticsearch/templates/secrets.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2018 Amdocs, Bell Canada
+# Copyright © 2019 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/common/elasticsearch/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml
new file mode 100644
index 0000000..49ad504
--- /dev/null
+++ b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+{{ $role := .Values.global.coordinating.name -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/values.yaml b/kubernetes/common/elasticsearch/values.yaml
new file mode 100644
index 0000000..3627b2e
--- /dev/null
+++ b/kubernetes/common/elasticsearch/values.yaml
@@ -0,0 +1,329 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+  aafEnabled: true
+  aafAgentImage: onap/aaf/aaf_agent:2.1.15
+  nodePortPrefix: 302
+  readinessRepository: oomk8s
+  readinessImage: readiness-check:2.0.2
+  loggingRepository: docker.elastic.co
+  loggingImage: beats/filebeat:5.5.0
+  busyboxRepository: registry.hub.docker.com
+  busyboxImage: library/busybox:latest
+  clusterName: cluster.local
+
+persistence:
+  mountPath: /dockerdata-nfs
+  backup:
+    mountPath: /dockerdata-nfs/backup
+  storageClass:
+repositoryOverride: docker.io
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+## Init containers parameters:
+sysctlImage:
+  enabled: true
+
+# application image
+image:
+  imageName: bitnami/elasticsearch
+  tag: 6.8.6-debian-9-r23
+  ## Specify a imagePullPolicy
+  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+  ##
+  pullPolicy: IfNotPresent
+  ## Optionally specify an array of imagePullSecrets.
+  ## Secrets must be manually created in the namespace.
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+  ##
+  # pullSecrets:
+  #   - myRegistryKeySecretName
+  ## Set to true if you would like to see extra information on logs
+  ## ref:  https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+  ##
+  debug: false
+
+## String to partially override common.fullname template (will maintain the release name)
+##
+# nameOverride:
+
+## String to fully override common.fullname template
+##
+# fullnameOverride:
+## updateStrategy for ElasticSearch coordinating deployment
+## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
+##
+updateStrategy:
+  type: RollingUpdate
+heapSize: 128m
+## Provide annotations for the coordinating-only pods.
+##
+podAnnotations: {}
+## Pod Security Context for coordinating-only pods.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+##
+securityContext:
+  enabled: true
+  fsGroup: 1001
+  runAsUser: 1001
+## Affinity for pod assignment.
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}
+## Node labels for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## Tolerations for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
+## Elasticsearch coordinating-only container's resource requests and limits
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+  ## We usually recommend not to specify default resources and to leave this as a conscious
+  ## choice for the user. This also increases chances charts run on environments with little
+  ## resources, such as Minikube.
+  limits: {}
+  #   cpu: 100m
+  #   memory: 128Mi
+  requests:
+    cpu: 25m
+    memory: 256Mi
+## Elasticsearch coordinating-only container's liveness and readiness probes
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+##
+livenessProbe:
+  enabled: false
+#  initialDelaySeconds: 90
+#  periodSeconds: 10
+#  timeoutSeconds: 5
+#  successThreshold: 1
+#  failureThreshold: 5
+readinessProbe:
+  enabled: false
+#  initialDelaySeconds: 90
+#  periodSeconds: 10
+#  timeoutSeconds: 5
+#  successThreshold: 1
+#  failureThreshold: 5
+## Service parameters for coordinating-only node(s)
+##
+serviceAccount:
+  ## Specifies whether a ServiceAccount should be created for the coordinating node
+  ##
+  create: false
+  ## The name of the ServiceAccount to use.
+  ## If not set and create is true, a name is generated using the fullname template
+  ##
+  # name:
+
+## Bitnami Minideb image version
+## ref: https://hub.docker.com/r/bitnami/minideb/tags/
+##
+sysctlImage:
+  enabled: true
+  imageName: bitnami/minideb
+  tag: stretch
+  ## Specify a imagePullPolicy
+  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+  ##
+  pullPolicy: Always
+  ## Optionally specify an array of imagePullSecrets.
+  ## Secrets must be manually created in the namespace.
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+  ##
+  # pullSecrets:
+  #   - myRegistryKeySecretName
+
+# nginx image
+nginx:
+  imageName: bitnami/nginx
+  tag: 1.16-debian-9
+  pullPolicy: IfNotPresent
+  service:
+    name: nginx
+    ports:
+    - name: elasticsearch
+      port: 8080
+## Custom server block to be added to NGINX configuration
+## PHP-FPM example server block:
+  serverBlock:
+    https: |-
+      server {
+        listen 9200 ssl;
+        #server_name ;
+        # auth_basic "server auth";
+        # auth_basic_user_file /etc/nginx/passwords;
+        ssl_certificate /opt/app/osaaf/local/certs/cert.pem;
+        ssl_certificate_key /opt/app/osaaf/local/certs/key.pem;
+        location / {
+          # deny node shutdown api
+          if ($request_filename ~ "_shutdown") {
+            return 403;
+            break;
+          }
+
+          proxy_pass http://localhost:9000;
+          proxy_http_version 1.1;
+          proxy_set_header Connection "Keep-Alive";
+          proxy_set_header Proxy-Connection "Keep-Alive";
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-Forwarded-Proto $scheme;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header Host $http_host;
+          proxy_redirect off;
+        }
+
+        location = / {
+          proxy_pass http://localhost:9000;
+          proxy_http_version 1.1;
+          proxy_set_header Connection "Keep-Alive";
+          proxy_set_header Proxy-Connection "Keep-Alive";
+          proxy_redirect off;
+          auth_basic "off";
+        }
+      }
+    http: |-
+      server {
+        listen 9200 ;
+        #server_name ;
+        location / {
+          # deny node shutdown api
+          if ($request_filename ~ "_shutdown") {
+            return 403;
+            break;
+          }
+
+          proxy_pass http://localhost:9000;
+          proxy_http_version 1.1;
+          proxy_set_header Connection "Keep-Alive";
+          proxy_set_header Proxy-Connection "Keep-Alive";
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-Forwarded-Proto $scheme;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header Host $http_host;
+          proxy_redirect off;
+        }
+
+        location = / {
+          proxy_pass http://localhost:9000;
+          proxy_http_version 1.1;
+          proxy_set_header Connection "Keep-Alive";
+          proxy_set_header Proxy-Connection "Keep-Alive";
+          proxy_redirect off;
+          auth_basic "off";
+        }
+      }
+#################################################################
+# coordinating service configuration defaults.
+#################################################################
+
+service:
+  name: ""
+  suffix: ""
+  ## coordinating-only service type
+  ##
+  type: ClusterIP
+  headlessPorts:
+  - name: http-transport
+    port: 9300
+  headless:
+    suffix: discovery
+    annotations:
+      service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+    publishNotReadyAddresses: true
+  ## Elasticsearch tREST API port
+  ##
+  ports:
+  - name: elasticsearch
+    port: 9200
+
+
+  ## Specify the nodePort value for the LoadBalancer and NodePort service types.
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+  ##
+  # nodePort:
+  ## Provide any additional annotations which may be required. This can be used to
+  ## set the LoadBalancer service type to internal only.
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
+  ##
+  annotations: {}
+  ## Set the LoadBalancer service type to internal only.
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
+  ##
+  # loadBalancerIP:
+  ## Provide functionality to use RBAC
+  ##
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: &aaf_secret_uid elasticsearch-aaf-deploy-creds
+    type: basicAuth
+    externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
+    login: '{{ .Values.aafConfig.aafDeployFqi }}'
+    password: '{{ .Values.aafConfig.aafDeployPass }}'
+    passwordPolicy: required
+#################################################################
+# aaf configuration defaults.
+#################################################################
+aafConfig:
+  addconfig: true
+  fqdn: "elastic"
+  image: onap/aaf/aaf_agent:2.1.15
+  app_ns: "org.osaaf.aaf"
+  fqi_namespace: org.onap.elastic
+  fqi: "elastic@elastic.onap.org"
+  public_fqdn: "aaf.osaaf.org"
+  deploy_fqi: "deployer@people.osaaf.org"
+  aafDeployFqi: "deployer@people.osaaf.org"
+  aafDeployPass: demo123456!
+  #aafDeployCredsExternalSecret: some secret
+  #cadi_latitude: "52.5"
+  #cadi_longitude: "13.4"
+  secret_uid: *aaf_secret_uid
+#################################################################
+# subcharts configuration defaults.
+#################################################################
+
+
+#data:
+#  enabled: false
+
+#curator:
+#  enabled: false
+
+## Change nameOverride to be consistent accross all elasticsearch (sub)-charts
+
+master:
+  replicaCount: 3
+  # dedicatednode: "yes"
+  # working as master node only, in this case increase replicaCount for elasticsearch-data
+  # dedicatednode: "no"
+  # handles master and data node functionality
+  dedicatednode: "no"
+data:
+  enabled: false
+curator:
+  enabled: false
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml
index e0cb1dd..d2bba11 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml
@@ -57,4 +57,4 @@
   #ssl.key: $ssl.key
 
   #The passphrase used to decrypt an encrypted key stored in the configured key file
-  #ssl.key_passphrase: $ssl.key_passphrase
\ No newline at end of file
+  #ssl.key_passphrase: $ssl.key_passphrase
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
index 3a95b5a..784a35e 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
+++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
@@ -38,11 +38,11 @@
 #    The port number for http as seen within the server
 #
 #IntHttpPort:    ${DRTR_NODE_INTHTTPPORT:-8080}
-IntHttpPort={{.Values.config.dmaapDrNode.internalPort}}
+IntHttpPort={{ include "common.getPort" (dict "global" . "name" "api" "getPlain" true) }}
 #
 #    The port number for https as seen within the server
 #
-IntHttpsPort={{.Values.config.dmaapDrNode.internalPort2}}
+IntHttpsPort={{ include "common.getPort" (dict "global" . "name" "api") }}
 #
 #    The external port number for https taking port mapping into account
 #
@@ -59,7 +59,7 @@
 #
 #    The path to the directory where log files are stored
 #
-LogDir=/opt/app/datartr/logs
+LogDir={{ .Values.persistence.event.path }}
 #
 #    The retention interval (in days) for log files
 #
@@ -67,7 +67,7 @@
 #
 #    The path to the directories where data and meta data files are stored
 #
-SpoolDir=/opt/app/datartr/spool
+SpoolDir={{ .Values.persistence.spool.path }}
 #
 #    The path to the redirection data file
 #
@@ -101,5 +101,4 @@
 CadiEnabled = false
 #
 #    AAF Props file path
-AAFPropsFilePath = /opt/app/osaaf/local/org.onap.dmaap-dr.props
-
+AAFPropsFilePath = {{ .Values.aafConfig.credsPath }}/org.onap.dmaap-dr.props
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt b/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt
index 65597e0..62aeffb 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt
@@ -17,17 +17,17 @@
 {{- range .Values.ingress.hosts }}
   http://{{ . }}
 {{- end }}
-{{- else if contains "NodePort" .Values.config.dmaapDrNode.servicetype }}
+{{- else if contains "NodePort" .Values.service.type }}
   export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
   export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
   echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.config.dmaapDrNode.servicetype }}
+{{- else if contains "LoadBalancer" .Values.service.type }}
      NOTE: It may take a few minutes for the LoadBalancer IP to be available.
            You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
   export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
   echo http://$SERVICE_IP:{{.Values.config.dmaapDrNode.externalPort}}
-{{- else if contains "ClusterIP" .Values.config.dmaapDrNode.servicetype }}
+{{- else if contains "ClusterIP" .Values.service.type }}
   export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
   echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:{{.Values.config.dmaapDrNode.internalPort}}
-{{- end }}
\ No newline at end of file
+  kubectl port-forward $POD_NAME 8080:{{ include "common.getPort" (dict "global" . "name" "api" "getPlain" true) }}
+{{- end }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/post-install-job.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/post-install-job.yaml
index e9ab9c9..d03d616 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/post-install-job.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/post-install-job.yaml
@@ -1,27 +1,9 @@
 apiVersion: batch/v1
 kind: Job
-metadata:
-  name: {{ include "common.fullname" . }}-post-install
-  labels:
-    app.kubernetes.io/managed-by: {{.Release.Service | quote }}
-    app.kubernetes.io/instance: {{include "common.release" . | quote }}
-    helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}"
-    release: {{ include "common.release" . }}
-  annotations:
-    # This is what defines this resource as a hook. Without this line, the
-    # job is considered part of the release.
-    "helm.sh/hook": post-install
-    "helm.sh/hook-weight": "-2"
-    "helm.sh/hook-delete-policy": hook-succeeded
+metadata: {{ include "common.resourceMetadata" (dict "dot" . "suffix" "post-install" "annotations" .Values.job.annotations) | nindent 2 }}
 spec:
   template:
-    metadata:
-      name: {{ include "common.fullname" . }}
-      labels:
-        app.kubernetes.io/managed-by: {{.Release.Service | quote }}
-        app.kubernetes.io/instance: {{include "common.release" . | quote }}
-        helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}"
-        release: {{ include "common.release" . }}
+    metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
       restartPolicy: Never
       containers:
@@ -50,15 +32,12 @@
 # NOTE: the basename of the subdirectory is important - it matches the DBCL API URI
         - name: {{ include "common.fullname" . }}-dbc-drnodes
           mountPath: /opt/app/config/dr_nodes/
-        resources:
-{{ include "common.resources" . | indent 10 }}
+        resources: {{ include "common.resources" . | nindent 10 }}
         {{- if .Values.nodeSelector }}
-      nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
+      nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
         {{- end -}}
         {{- if .Values.affinity }}
-      affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+      affinity: {{ toYaml .Values.affinity | nindent 8 }}
         {{- end }}
       volumes:
         - name: localtime
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml
deleted file mode 100644
index 4c30f58..0000000
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
-{{/*
-  # ============LICENSE_START=======================================================
-  #  Copyright (C) 2019 Nordix Foundation.
-  # ================================================================================
-  # Licensed under the Apache License, Version 2.0 (the "License");
-  # you may not use this file except in compliance with the License.
-  # You may obtain a copy of the License at
-  #
-  #      http://www.apache.org/licenses/LICENSE-2.0
-  #
-  # Unless required by applicable law or agreed to in writing, software
-  # distributed under the License is distributed on an "AS IS" BASIS,
-  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  # See the License for the specific language governing permissions and
-  # limitations under the License.
-  #
-  # SPDX-License-Identifier: Apache-2.0
-  # ============LICENSE_END=========================================================
-*/}}
-
-
-{{- if .Values.global.aafEnabled }}
-{{- $global := . }}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
-{{- if (include "common.needPV" .) -}}
-{{- range $i := until (int $global.Values.replicaCount)}}
----
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  name: {{ include "common.fullname" $global }}-aaf-props-{{ $i }}
-  namespace: {{ include "common.namespace" $global }}
-  labels:
-    app: {{ include "common.name" $global }}
-    chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
-    release: "{{ include "common.release" $global }}"
-    heritage: "{{ $global.Release.Service }}"
-    name: {{ include "common.fullname" $global }}-aaf-props
-spec:
-  capacity:
-    storage: {{ $global.Values.persistence.aafCredsSize }}
-  accessModes:
-    - {{ $global.Values.persistence.accessMode }}
-  storageClassName: "{{ include "common.fullname" $global }}-data-aaf-props"
-  persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
-  hostPath:
-    path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.aafCredsMountSubPath }}-{{$i}}
-{{if ne $i (int $global.Values.replicaCount) }}
----
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml
index c7ecb07..59b7b8c 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml
@@ -1,7 +1,7 @@
 {{/*
-  # ============LICENSE_START=======================================================
-  #  Copyright (C) 2019 Nordix Foundation.
-  # ================================================================================
+  # ============LICENSE_START===================================================
+  #  Copyright (C) 2020 Nordix Foundation, Orange.
+  # ============================================================================
   # Licensed under the Apache License, Version 2.0 (the "License");
   # you may not use this file except in compliance with the License.
   # You may obtain a copy of the License at
@@ -15,37 +15,7 @@
   # limitations under the License.
   #
   # SPDX-License-Identifier: Apache-2.0
-  # ============LICENSE_END=========================================================
+  # ============LICENSE_END=====================================================
 */}}
 
----
-{{- $global := . }}
-{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
-{{- if (include "common.needPV" .) -}}
-{{- range $i := until (int $global.Values.replicaCount)}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  name: {{ include "common.fullname" $global }}-event-logs-{{ $i }}
-  namespace: {{ include "common.namespace" $global }}
-  labels:
-    app: {{ include "common.fullname" $global }}
-    chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
-    release: "{{ include "common.release" $global }}"
-    heritage: "{{ $global.Release.Service }}"
-    name: {{ include "common.fullname" $global }}-event-logs
-spec:
-  capacity:
-    storage: {{ $global.Values.persistence.eventLogSize}}
-  accessModes:
-    - {{ $global.Values.persistence.accessMode }}
-  persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
-  storageClassName: "{{ include "common.fullname" $global }}-data-event-logs"
-  hostPath:
-    path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.eventLogsMountSubPath }}-{{$i}}
-{{if ne $i (int $global.Values.replicaCount) }}
----
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
+{{ include "common.replicaPV" (dict "dot" . "suffix" "event-logs" "persistenceInfos" .Values.persistence.event) }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml
index 094e92a..8ada883 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml
@@ -1,7 +1,7 @@
 {{/*
-  # ============LICENSE_START=======================================================
-  #  Copyright (C) 2019 Nordix Foundation.
-  # ================================================================================
+  # ============LICENSE_START===================================================
+  #  Copyright (C) 2020 Nordix Foundation, Orange.
+  # ============================================================================
   # Licensed under the Apache License, Version 2.0 (the "License");
   # you may not use this file except in compliance with the License.
   # You may obtain a copy of the License at
@@ -15,36 +15,7 @@
   # limitations under the License.
   #
   # SPDX-License-Identifier: Apache-2.0
-  # ============LICENSE_END=========================================================
+  # ============LICENSE_END=====================================================
 */}}
 
-{{- $global := . }}
-{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
-{{- if (include "common.needPV" .) -}}
-{{- range $i := until (int $global.Values.replicaCount)}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  name: {{ include "common.fullname" $global }}-spool-data-{{$i}}
-  namespace: {{ include "common.namespace" $global }}
-  labels:
-    app: {{ include "common.fullname" $global }}
-    chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
-    release: "{{ include "common.release" $global }}"
-    heritage: "{{ $global.Release.Service }}"
-    name: {{ include "common.fullname" $global }}-spool-data
-spec:
-  capacity:
-    storage: {{ $global.Values.persistence.spoolSize}}
-  accessModes:
-    - {{ $global.Values.persistence.accessMode }}
-  persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
-  storageClassName: "{{ include "common.fullname" $global }}-data"
-  hostPath:
-    path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.spoolMountSubPath }}-{{$i}}
-{{if ne $i (int $global.Values.replicaCount) }}
----
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
+{{ include "common.replicaPV" (dict "dot" . "suffix" "spool" "persistenceInfos" .Values.persistence.spool) }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml
new file mode 100644
index 0000000..f8c32e0
--- /dev/null
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml
index 77aae1d..4ad43ac 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml
@@ -12,40 +12,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{.Values.config.dmaapDrNode.name}}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-  annotations:
-      service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
-spec:
-  type: {{.Values.config.dmaapDrNode.servicetype}}
-  ports:
-    {{if eq .Values.config.dmaapDrNode.servicetype "NodePort" -}}
-    {{- if .Values.global.allow_http }}
-    - port: {{.Values.config.dmaapDrNode.externalPort}}
-      targetPort: {{.Values.config.dmaapDrNode.internalPort}}
-      nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{.Values.config.dmaapDrNode.nodePort}}
-      name: {{.Values.config.dmaapDrNode.name}}
-    {{- end}}
-    - port: {{.Values.config.dmaapDrNode.externalPort2}}
-      targetPort: {{.Values.config.dmaapDrNode.internalPort2}}
-      nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{.Values.config.dmaapDrNode.nodePort2}}
-      name: {{.Values.config.dmaapDrNode.name}}2
-    {{- else -}}
-    - port: {{.Values.config.dmaapDrNode.externalPort}}
-      targetPort: {{.Values.config.dmaapDrNode.internalPort}}
-      name: {{.Values.config.dmaapDrNode.name}}
-    - port: {{.Values.config.dmaapDrNode.externalPort2}}
-      targetPort: {{.Values.config.dmaapDrNode.internalPort2}}
-      name: {{.Values.config.dmaapDrNode.name}}2
-    {{- end}}
-  selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
\ No newline at end of file
+{{ include "common.service" . }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
index 5ef7c2f..6d79715 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
@@ -11,24 +11,15 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-apiVersion: apps/v1beta1
+apiVersion: apps/v1
 kind: StatefulSet
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
 spec:
+  selector: {{- include "common.selectors" . | nindent 4 }}
+  serviceName: {{ include "common.servicename" . }}
   replicas: {{ .Values.replicaCount }}
-  serviceName: {{ .Values.config.dmaapDrNode.name }}
   template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
+    metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
       initContainers:
         - name: {{ include "common.name" . }}-readiness
@@ -45,94 +36,37 @@
               fieldRef:
                 apiVersion: v1
                 fieldPath: metadata.namespace
-        {{- if .Values.global.aafEnabled }}
-        - name: {{ include "common.name" . }}-aaf-readiness
-          image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          command:
-          - /root/ready.py
-          args:
-          - --container-name
-          - aaf-locate
-          - --container-name
-          - aaf-cm
-          env:
-          - name: NAMESPACE
-            valueFrom:
-              fieldRef:
-                apiVersion: v1
-                fieldPath: metadata.namespace
-        - name: {{ include "common.name" . }}-dr-node-aaf-config
-          image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}"
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          volumeMounts:
-          - mountPath: {{ .Values.persistence.aafCredsPath }}
-            name: {{ include "common.fullname" . }}-aaf-props
-          command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"]
-          env:
-          - name: APP_FQI
-            value: "{{ .Values.aafConfig.fqi }}"
-          - name: aaf_locate_url
-            value: "https://aaf-locate.{{ .Release.Namespace }}:8095"
-          - name: aaf_locator_container
-            value: "{{ .Values.global.aafLocatorContainer }}"
-          - name: aaf_locator_container_ns
-            value: "{{ .Release.Namespace }}"
-          - name: aaf_locator_fqdn
-            value: "{{ .Values.aafConfig.fqdn }}"
-          - name: aaf_locator_public_fqdn
-            value: "{{.Values.aafConfig.publicFqdn}}"
-          - name: aaf_locator_app_ns
-            value: "{{ .Values.global.aafAppNs }}"
-          - name: DEPLOY_FQI
-            value: "{{ .Values.aafConfig.aafDeployFqi }}"
-          - name: DEPLOY_PASSWORD
-            value: "{{ .Values.aafConfig.aafDeployPass }}"
-          - name: cadi_longitude
-            value: "{{ .Values.aafConfig.cadiLongitude }}"
-          - name: cadi_latitude
-            value: "{{ .Values.aafConfig.cadiLatitude }}"
-        {{- end }}
+        {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config" . | nindent 8 }}{{ end }}
         - name: {{ include "common.name" . }}-permission-fixer
           image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          volumeMounts:
-          - mountPath: {{ .Values.persistence.spoolPath }}
-            name: {{ include "common.fullname" . }}-data
-          - mountPath: {{ .Values.persistence.eventLogsPath }}
+          volumeMounts: {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config-volume-mountpath" . | nindent 10 }}{{ end }}
+          - mountPath: {{ .Values.persistence.spool.path }}
+            name: {{ include "common.fullname" . }}-spool
+          - mountPath: {{ .Values.persistence.event.path }}
             name: {{ include "common.fullname" . }}-event-logs
-        {{- if .Values.global.aafEnabled }}
-          - mountPath: {{ .Values.persistence.aafCredsPath }}
-            name: {{ include "common.fullname" . }}-aaf-props
-        {{- end }}
           command: ["chown","-Rf","1000:1001", "/opt/app/"]
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          ports:
-          - containerPort: {{.Values.config.dmaapDrNode.externalPort}}
-          - containerPort: {{.Values.config.dmaapDrNode.externalPort2}}
+          ports: {{ include "common.containerPorts" . | nindent 12  }}
           {{- if eq .Values.liveness.enabled true }}
           livenessProbe:
             tcpSocket:
-              port: {{.Values.config.dmaapDrNode.internalPort}}
+              port: {{.Values.liveness.port}}
             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
             periodSeconds: {{ .Values.liveness.periodSeconds }}
           {{ end -}}
           readinessProbe:
             tcpSocket:
-              port: {{.Values.config.dmaapDrNode.internalPort}}
+              port: {{.Values.readiness.port}}
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
-          volumeMounts:
-          {{- if .Values.global.aafEnabled }}
-          - mountPath: {{ .Values.persistence.aafCredsPath }}
-            name: {{ include "common.fullname" . }}-aaf-props
-          {{- end }}
-          - mountPath: {{ .Values.persistence.spoolPath }}
-            name: {{ include "common.fullname" . }}-data
-          - mountPath: {{ .Values.persistence.eventLogsPath }}
+          volumeMounts: {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config-volume-mountpath" . | nindent 10 }}{{ end }}
+          - mountPath: {{ .Values.persistence.spool.path }}
+            name: {{ include "common.fullname" . }}-spool
+          - mountPath: {{ .Values.persistence.event.path }}
             name: {{ include "common.fullname" . }}-event-logs
           - mountPath: /etc/localtime
             name: localtime
@@ -145,15 +79,12 @@
             subPath: logback.xml
           - mountPath: {{ .Values.global.loggingDirectory }}
             name: {{ include "common.fullname" . }}-logs
-          resources:
-{{ include "common.resources" . }}
+          resources: {{ include "common.resources" . | nindent 12 }}
         {{- if .Values.nodeSelector }}
-        nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+        nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
         {{- end -}}
         {{- if .Values.affinity }}
-        affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+        affinity: {{ toYaml .Values.affinity | nindent 10 }}
         {{- end -}}
         # Filebeat sidecar container
         - name: {{ include "common.name" . }}-filebeat-onap
@@ -169,7 +100,7 @@
             mountPath: /var/log/onap/datarouter-node
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
-      volumes:
+      volumes: {{ include "common.aaf-config-volumes" . | nindent 8 }}
         - name: localtime
           hostPath:
             path: /etc/localtime
@@ -192,56 +123,11 @@
       {{- if not .Values.persistence.enabled }}
         - name:  {{ include "common.fullname" . }}-event-logs
           emptyDir: {}
-        - name: {{ include "common.fullname" . }}-data
+        - name: {{ include "common.fullname" . }}-spool
           emptyDir: {}
-      {{- if .Values.global.aafEnabled }}
-        - name:  {{ include "common.fullname" . }}-aaf-props
-          emptyDir: {}
-      {{- end }}
       {{- end }}
 {{- if .Values.persistence.enabled }}
   volumeClaimTemplates:
-  - metadata:
-      name: {{ include "common.fullname" . }}-data
-      labels:
-        name: {{ include "common.fullname" . }}
-    spec:
-      accessModes:
-      - {{ .Values.persistence.accessMode }}
-      storageClassName: {{ include "common.storageClass" . }}
-      resources:
-        requests:
-          storage: {{ .Values.persistence.spoolSize }}
-  - metadata:
-      name: {{ include "common.fullname" . }}-event-logs
-      labels:
-        name: {{ include "common.fullname" . }}
-    spec:
-      accessModes:
-      - {{ .Values.persistence.accessMode }}
-      {{- if eq "True" (include "common.needPV" .) }}
-      storageClassName: "{{ include "common.fullname" . }}-data-event-logs"
-      {{- else }}
-      storageClassName: {{ include "common.storageClass" . }}
-      {{- end }}
-      resources:
-        requests:
-          storage: {{ .Values.persistence.eventLogSize }}
-{{- if .Values.global.aafEnabled }}
-  - metadata:
-      name: {{ include "common.fullname" . }}-aaf-props
-      labels:
-        name: {{ include "common.fullname" . }}
-    spec:
-      accessModes:
-      - {{ .Values.persistence.accessMode }}
-      {{- if eq "True" (include "common.needPV" .) }}
-      storageClassName: "{{ include "common.fullname" . }}-data-aaf-props"
-      {{- else }}
-      storageClassName: {{ include "common.storageClass" . }}
-      {{- end }}
-      resources:
-        requests:
-          storage: {{ .Values.persistence.aafCredsSize }}
-{{- end }}
+  - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "spool" "persistenceInfos" .Values.persistence.spool) | indent 4 | trim }}
+  - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "event-logs" "persistenceInfos" .Values.persistence.event) | indent 4 | trim }}
 {{- end }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
index 9ed8a0b..5c32d99 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
@@ -18,6 +18,7 @@
 global:
   loggingDirectory: /var/log/onap/datarouter
   persistence: {}
+  aafEnabled: true
 
 #################################################################
 # Application configuration defaults.
@@ -45,40 +46,70 @@
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
   enabled: true
+  port: api
 
 readiness:
   initialDelaySeconds: 30
   periodSeconds: 10
+  port: api
 
 ## Persist data to a persitent volume
 persistence:
   enabled: true
-  volumeReclaimPolicy: Retain
-  accessMode: ReadWriteOnce
   mountPath: /dockerdata-nfs
+  spool:
+    enabled: true
+    volumeReclaimPolicy: Retain
+    accessMode: ReadWriteOnce
+    mountSubPath: data-router/dr-node/spool-data
+    size: 2Gi
+    path: /opt/app/datartr/spool
+    labels:
+      app.kubernetes.io/component: spool
 
-  spoolMountSubPath: data-router/dr-node/spool-data
-  spoolSize: 2Gi
-  spoolPath: /opt/app/datartr/spool
+  event:
+    enabled: true
+    volumeReclaimPolicy: Retain
+    accessMode: ReadWriteOnce
+    mountSubPath: data-router/dr-node/event-logs
+    path: /opt/app/datartr/logs
+    size: 2Gi
+    labels:
+      app.kubernetes.io/component: event-logs
 
-  eventLogsMountSubPath: data-router/dr-node/event-logs
-  eventLogSize: 2Gi
-  eventLogsPath: /opt/app/datartr/logs
+job:
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-weight": "-2"
+    "helm.sh/hook-delete-policy": hook-succeeded
 
-  aafCredsMountSubPath: data-router/dr-node/aaf-props
-  aafCredsSize: 10M
-  aafCredsPath: /opt/app/osaaf/local
-
-#AAF local config
+#################################################################
+# AAF part
+#################################################################
 aafConfig:
   aafDeployFqi: deployer@people.osaaf.org
   aafDeployPass: demo123456!
   fqdn: dmaap-dr-node
   fqi: dmaap-dr-node@dmaap-dr.onap.org
-  publicFqdn: dmaap-dr.onap.org
-  cadiLatitude: 0.0
-  cadiLongitude: 0.0
+  public_fqdn: dmaap-dr.onap.org
+  cadi_longitude: 0.0
+  cadi_latitude: 0.0
+  app_ns: org.osaaf.aaf
+  permission_user: 1000
+  permission_group: 1001
+  secret_uid: &aaf_secret_uid dmaap-dr-node-aaf-deploy-creds
+  credsPath: /opt/app/osaaf/local
 
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: *aaf_secret_uid
+    type: basicAuth
+    externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
+    login: '{{ .Values.aafConfig.aafDeployFqi }}'
+    password: '{{ .Values.aafConfig.aafDeployPass }}'
+    passwordPolicy: required
 
 ingress:
   enabled: false
@@ -109,19 +140,22 @@
       memory: 2Gi
   unlimited: {}
 
+service:
+  type: NodePort
+  name: dmaap-dr-node
+  useNodePortExt: true
+  annotations:
+    service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+  ports:
+    - name: api
+      port: 8443
+      plain_port: 8080
+      port_protocol: http
+      nodePort: 94
+
 config:
   # dr node server configuration
   dmaapDrNode:
-    servicetype: NodePort
-    name: dmaap-dr-node
-    externalPort: 8080
-    externalPort2: 8443
-    internalPort: 8080
-    internalPort2: 8443
-    portName: dr-node-port
-    portName2: dr-node-port2
-    nodePort: 93
-    nodePort2: 94
     # dr uses the EELF Logging framework https://github.com/att/EELF
     # and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
     logLevel: "INFO"
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml
index 00c2661..f294abf 100644
--- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml
+++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml
@@ -73,6 +73,10 @@
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           env:
+          - name: MSB_PROTO
+            value: "{{ .Values.global.config.msbProtocol }}"
+          - name: SSL_ENABLED
+            value: "{{ .Values.global.config.ssl_enabled }}"
           - name: MSB_ADDR
             value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
           - name: MYSQL_ADDR
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml
index c4aad67..61aefa5 100644
--- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml
+++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml
@@ -30,14 +30,16 @@
           "url": "/api/parser/v1",
           "protocol": "REST",
           "port": "{{.Values.service.externalPort}}",
+          "enable_ssl": {{ .Values.global.config.ssl_enabled }},
           "visualRange":"1"
       },
       {
-          "serviceName": "etsicatalog",
+          "serviceName": "catalog",
           "version": "v1",
           "url": "/api/catalog/v1",
           "protocol": "REST",
           "port": "{{.Values.service.externalPort}}",
+          "enable_ssl": {{ .Values.global.config.ssl_enabled }},
           "visualRange":"1"
       },
 	  {
@@ -46,6 +48,7 @@
           "url": "/api/nsd/v1",
           "protocol": "REST",
           "port": "{{.Values.service.externalPort}}",
+          "enable_ssl": {{ .Values.global.config.ssl_enabled }},
           "visualRange":"1"
       },
 	  {
@@ -54,6 +57,7 @@
           "url": "/api/vnfpkgm/v1",
           "protocol": "REST",
           "port": "{{.Values.service.externalPort}}",
+          "enable_ssl": {{ .Values.global.config.ssl_enabled }},
           "visualRange":"1"
       }
       ]'
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml
index af0d473..a278a47 100644
--- a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml
+++ b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml
@@ -23,6 +23,8 @@
   loggingImage: beats/filebeat:5.5.0
 
   config:
+    ssl_enabled: false
+    msbProtocol: https
     msbServiceName: msb-iag
     msbPort: 443
 
diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml
index dcf9573..f6a0af5 100644
--- a/kubernetes/nbi/values.yaml
+++ b/kubernetes/nbi/values.yaml
@@ -75,7 +75,7 @@
 
 # application image
 repository: nexus3.onap.org:10001
-image: onap/externalapi/nbi:6.0.2
+image: onap/externalapi/nbi:6.0.3
 pullPolicy: IfNotPresent
 sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU=
 aai_authorization: Basic QUFJOkFBSQ==
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 62949db..6233394 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -56,6 +56,10 @@
   # image pull policy
   pullPolicy: Always
 
+  # default clusterName
+  # {{ template "common.fullname" . }}.{{ template "common.namespace" . }}.svc.{{ .Values.global.clusterName }}
+  clusterName: cluster.local
+
   # default mount path root directory referenced
   # by persistent volumes and log files
   persistence:
diff --git a/kubernetes/policy/charts/pap/resources/config/config.json b/kubernetes/policy/charts/pap/resources/config/config.json
index 544ecdf..5c02ce0 100644
--- a/kubernetes/policy/charts/pap/resources/config/config.json
+++ b/kubernetes/policy/charts/pap/resources/config/config.json
@@ -20,8 +20,8 @@
     "restServerParameters":{
         "host":"0.0.0.0",
         "port":6969,
-        "userName":"healthcheck",
-        "password":"zb!XztG34",
+        "userName":"${RESTSERVER_USER}",
+        "password":"${RESTSERVER_PASSWORD}",
         "https": true,
         "aaf": false
     },
@@ -69,8 +69,8 @@
         "clientName": "api",
         "hostname": "policy-api",
         "port": 6969,
-        "userName": "healthcheck",
-        "password": "zb!XztG34",
+        "userName": "${API_USER}",
+        "password": "${API_PASSWORD}",
         "useHttps": true,
         "basePath": "policy/api/v1/healthcheck"
     },
@@ -78,8 +78,8 @@
         "clientName": "distribution",
         "hostname": "policy-distribution",
         "port": 6969,
-        "userName": "healthcheck",
-        "password": "zb!XztG34",
+        "userName": "${DISTRIBUTION_USER}",
+        "password": "${DISTRIBUTION_PASSWORD}",
         "useHttps": true,
         "basePath": "healthcheck"
     }]
diff --git a/kubernetes/policy/charts/pap/templates/deployment.yaml b/kubernetes/policy/charts/pap/templates/deployment.yaml
index 85ca9c1..39ac8a8 100644
--- a/kubernetes/policy/charts/pap/templates/deployment.yaml
+++ b/kubernetes/policy/charts/pap/templates/deployment.yaml
@@ -42,6 +42,18 @@
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
         - name: SQL_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+        - name: RESTSERVER_USER
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
+        - name: RESTSERVER_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
+        - name: API_USER
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "login") | indent 10 }}
+        - name: API_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "password") | indent 10 }}
+        - name: DISTRIBUTION_USER
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "login") | indent 10 }}
+        - name: DISTRIBUTION_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "password") | indent 10 }}
         volumeMounts:
         - mountPath: /config-input
           name: papconfig
diff --git a/kubernetes/policy/charts/pap/values.yaml b/kubernetes/policy/charts/pap/values.yaml
index ad7cf96..ca0c84f 100644
--- a/kubernetes/policy/charts/pap/values.yaml
+++ b/kubernetes/policy/charts/pap/values.yaml
@@ -34,6 +34,24 @@
     login: '{{ .Values.db.user }}'
     password: '{{ .Values.db.password }}'
     passwordPolicy: required
+  - uid: restserver-secret
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+    login: '{{ .Values.restServer.user }}'
+    password: '{{ .Values.restServer.password }}'
+    passwordPolicy: required
+  - uid: api-secret
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.api.credsExternalSecret) . }}'
+    login: '{{ .Values.healthCheckRestClient.api.user }}'
+    password: '{{ .Values.healthCheckRestClient.api.password }}'
+    passwordPolicy: required
+  - uid: distribution-secret
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.distribution.credsExternalSecret) . }}'
+    login: '{{ .Values.healthCheckRestClient.distribution.user }}'
+    password: '{{ .Values.healthCheckRestClient.distribution.password }}'
+    passwordPolicy: required
 
 #################################################################
 # Application configuration defaults.
@@ -51,6 +69,16 @@
 db:
   user: policy_user
   password: policy_user
+restServer:
+  user: healthcheck
+  password: zb!XztG34
+healthCheckRestClient:
+  api:
+    user: healthcheck
+    password: zb!XztG34
+  distribution:
+    user: healthcheck
+    password: zb!XztG34
 
 # default number of instances
 replicaCount: 1
diff --git a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf
index 52480e5..bb12880 100644
--- a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf
+++ b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf
@@ -39,10 +39,10 @@
 REST_PDP_MAXCONTENT=999999999
 
 # PDP related properties
-PDP_HTTP_USER_ID=testpdp
-PDP_HTTP_PASSWORD=alpha123
-PDP_PAP_PDP_HTTP_USER_ID=testpap
-PDP_PAP_PDP_HTTP_PASSWORD=alpha123
+PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID}
+PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD}
+PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID}
+PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD}
 
 node_type=pdp_xacml
 resource_name=pdp_1
diff --git a/kubernetes/policy/charts/pdp/templates/statefulset.yaml b/kubernetes/policy/charts/pdp/templates/statefulset.yaml
index e55f9d0..8e0c403 100644
--- a/kubernetes/policy/charts/pdp/templates/statefulset.yaml
+++ b/kubernetes/policy/charts/pdp/templates/statefulset.yaml
@@ -46,6 +46,14 @@
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
         - name: JDBC_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+        - name: PDP_HTTP_USER_ID
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
+        - name: PDP_HTTP_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
+        - name: PDP_PAP_PDP_HTTP_USER_ID
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
+        - name: PDP_PAP_PDP_HTTP_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
         volumeMounts:
         - mountPath: /config-input
           name: pe
@@ -81,6 +89,14 @@
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
         - name: JDBC_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+        - name: PDP_HTTP_USER_ID
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
+        - name: PDP_HTTP_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
+        - name: PDP_PAP_PDP_HTTP_USER_ID
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
+        - name: PDP_PAP_PDP_HTTP_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
         resources:
 {{ include "common.resources" . | indent 12 }}
         ports:
diff --git a/kubernetes/policy/charts/pdp/values.yaml b/kubernetes/policy/charts/pdp/values.yaml
index 7b5f6f8..0b2f92b 100644
--- a/kubernetes/policy/charts/pdp/values.yaml
+++ b/kubernetes/policy/charts/pdp/values.yaml
@@ -33,6 +33,18 @@
     login: '{{ .Values.db.user }}'
     password: '{{ .Values.db.password }}'
     passwordPolicy: required
+  - uid: pdp-http-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}'
+    login: '{{ .Values.pdp.pdphttpuserid }}'
+    password: '{{ .Values.pdp.pdphttppassword }}'
+    passwordPolicy: required
+  - uid: pap-http-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}'
+    login: '{{ .Values.pap.pdppappdphttpuserid }}'
+    password: '{{ .Values.pap.pdppappdphttppassword }}'
+    passwordPolicy: required
 
 #################################################################
 # Application configuration defaults.
@@ -50,6 +62,12 @@
 db:
   user: policy_user
   password: policy_user
+pdp:
+  pdphttpuserid: testpdp
+  pdphttppassword: alpha123
+pap:
+  pdppappdphttpuserid: testpap
+  pdppappdphttppassword: alpha123
 
 config:
   papPort: 9091
diff --git a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql
index fd357f3..7baf85f 100644
--- a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql
+++ b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql
@@ -38,7 +38,7 @@
 --cli => 8080:30260
 update fn_app set app_url = 'https://{{.Values.config.cliHostName}}:{{.Values.config.cliPort}}/', app_type = 1 where app_name = 'CLI';
 --msb-iag => 80:30280
-update fn_app set app_url = 'http://{{.Values.config.msbHostName}}:{{.Values.config.msbPort}}/iui/microservices/default.html' where app_name = 'MSB';
+update fn_app set app_url = 'https://{{.Values.config.msbHostName}}:{{.Values.config.msbPort}}/iui/microservices/default.html' where app_name = 'MSB';
 
 
 /*
diff --git a/kubernetes/portal/charts/portal-mariadb/templates/job.yaml b/kubernetes/portal/charts/portal-mariadb/templates/job.yaml
index b6495c9..812dc66 100644
--- a/kubernetes/portal/charts/portal-mariadb/templates/job.yaml
+++ b/kubernetes/portal/charts/portal-mariadb/templates/job.yaml
@@ -33,7 +33,7 @@
       restartPolicy: Never
       initContainers:
       - name: {{ include "common.name" . }}-init-readiness
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.readinessImage }}"
+        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
         - /root/ready.py
diff --git a/kubernetes/portal/charts/portal-mariadb/values.yaml b/kubernetes/portal/charts/portal-mariadb/values.yaml
index 26afa60..1234b6b 100644
--- a/kubernetes/portal/charts/portal-mariadb/values.yaml
+++ b/kubernetes/portal/charts/portal-mariadb/values.yaml
@@ -20,6 +20,7 @@
   nodePortPrefix: 302
   persistence: {}
   readinessRepository: oomk8s
+  readinessImage: readiness-check:2.0.0
 
 
 # application image
@@ -27,7 +28,7 @@
 image: onap/portal-db:3.2.0
 pullPolicy: Always
 
-readinessImage: readiness-check:2.0.0
+
 mariadbInitImage: "mariadb-client-init:3.0.0"
 
 # application configuration
@@ -65,7 +66,7 @@
   # application's front end hostname.  Must be resolvable on the client side environment
   dmaapBcHostName: "dmaap-bc.simpledemo.onap.org"
   # msb IAG ui assignment for port 80
-  msbPort: "30280"
+  msbPort: "30283"
   # application's front end hostname.  Must be resolvable on the client side environment
   msbHostName: "msb.api.simpledemo.onap.org"
   # SO Monitoring assignment for port 30224
diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml
index 967a674..3f44c6d 100644
--- a/kubernetes/sdnc/requirements.yaml
+++ b/kubernetes/sdnc/requirements.yaml
@@ -30,3 +30,6 @@
     version: ~6.x-0
     repository: '@local'
     condition: .global.mariadbGalera.localCluster
+  - name: elasticsearch
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index fda5617..21513eb 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -289,6 +289,36 @@
     name: sdnc-dgbuilder
     nodePort: "03"
 
+# local elasticsearch cluster
+localElasticCluster: true
+elasticsearch:
+  nameOverride: sdnrdb
+  name: sdnrdb-cluster
+  aafConfig:
+    fqdn: "sdnc"
+    fqi_namespace: org.onap.sdnc
+    fqi: "sdnc@sdnc.onap.org"
+  service:
+    name: sdnrdb
+
+  master:
+    replicaCount: 3
+    # dedicatednode: "yes"
+    # working as master node only, in this case increase replicaCount for elasticsearch-data
+    # dedicatednode: "no"
+    # handles master and data node functionality
+    dedicatednode: "no"
+    nameOverride: sdnrdb
+
+  curator:
+    enabled: true
+    nameOverride: sdnrdb
+  data:
+    enabled: true
+    replicaCount: 1
+    nameOverride: sdnrdb
+
+
 # default number of instances
 replicaCount: 1