Merge "[DMaaP BC] Use common.service template"
diff --git a/docs/images/network/network_1.png b/docs/images/network/network_1.png
new file mode 100644
index 0000000..d51cb12
--- /dev/null
+++ b/docs/images/network/network_1.png
Binary files differ
diff --git a/docs/images/network/network_2.png b/docs/images/network/network_2.png
new file mode 100644
index 0000000..9498a46
--- /dev/null
+++ b/docs/images/network/network_2.png
Binary files differ
diff --git a/docs/images/network/network_3.png b/docs/images/network/network_3.png
new file mode 100644
index 0000000..c729405
--- /dev/null
+++ b/docs/images/network/network_3.png
Binary files differ
diff --git a/docs/images/network/network_4.png b/docs/images/network/network_4.png
new file mode 100644
index 0000000..cc8f96f
--- /dev/null
+++ b/docs/images/network/network_4.png
Binary files differ
diff --git a/docs/images/sg/sg_1.png b/docs/images/sg/sg_1.png
new file mode 100644
index 0000000..ff5264d
--- /dev/null
+++ b/docs/images/sg/sg_1.png
Binary files differ
diff --git a/docs/images/sg/sg_2.png b/docs/images/sg/sg_2.png
new file mode 100644
index 0000000..395057f
--- /dev/null
+++ b/docs/images/sg/sg_2.png
Binary files differ
diff --git a/docs/oom_setup_kubernetes_rancher.rst b/docs/oom_setup_kubernetes_rancher.rst
index 6dcc3c7..1b5d6d1 100644
--- a/docs/oom_setup_kubernetes_rancher.rst
+++ b/docs/oom_setup_kubernetes_rancher.rst
@@ -69,6 +69,42 @@
   > chmod 600 ~/.ssh/onap-key
 
 
+Create Network
+==============
+
+An internal network is required in order to deploy our VMs that will host
+Kubernetes.
+
+.. image:: images/network/network_1.png
+
+.. image:: images/network/network_2.png
+
+.. image:: images/network/network_3.png
+
+.. Note::
+  It's better to have one network per deployment and obviously the name of this
+  network should be unique.
+
+Now we need to create a router to attach this network to outside:
+
+.. image:: images/network/network_4.png
+
+Create Security Group
+=====================
+
+A specific security group is also required
+
+.. image:: images/sg/sg_1.png
+
+then click on `manage rules` of the newly created security group.
+And finally click on `Add Rule` and create the following one:
+
+.. image:: images/sg/sg_2.png
+
+.. Note::
+  the security is clearly not good here and the right SG will be proposed in a
+  future version
+
 Create Kubernetes Control Plane VMs
 ===================================
 
@@ -96,11 +132,15 @@
 Networking
 ----------
 
+Use the created network:
+
 .. image:: images/cp_vms/control_plane_4.png
 
 Security Groups
 ---------------
 
+Use the created security group:
+
 .. image:: images/cp_vms/control_plane_5.png
 
 Key Pair
@@ -112,7 +152,7 @@
 Apply customization script for Control Plane VMs
 ------------------------------------------------
 
-Click :download:`openstack-k8s-controlnode.sh <openstack-k8s-controlnode.sh>` 
+Click :download:`openstack-k8s-controlnode.sh <openstack-k8s-controlnode.sh>`
 to download the script.
 
 .. literalinclude:: openstack-k8s-controlnode.sh
@@ -140,10 +180,10 @@
 Launch new VM instances
 -----------------------
 
-The number and size of Worker VMs is depenedent on the size of the ONAP deployment. 
-By default, all ONAP applications are deployed. It's possible to customize the deployment 
+The number and size of Worker VMs is depenedent on the size of the ONAP deployment.
+By default, all ONAP applications are deployed. It's possible to customize the deployment
 and enable a subset of the ONAP applications. For the purpose of this guide, however,
-we will deploy 12 Kubernetes Workers that have been sized to handle the entire ONAP 
+we will deploy 12 Kubernetes Workers that have been sized to handle the entire ONAP
 application workload.
 
 .. image:: images/wk_vms/worker_1.png
@@ -304,6 +344,12 @@
 https://storage.googleapis.com/kubernetes-release/release/v1.15.2/bin/linux/amd64/kubectl
 https://storage.googleapis.com/kubernetes-release/release/v1.15.2/bin/darwin/amd64/kubectl
 
+You only need to install kubectl where you'll launch kubernetes command. This
+can be any machines of the kubernetes cluster or a machine that has IP access
+to the APIs.
+Usually, we use the first controller as it has also access to internal
+Kubernetes services, which can be convenient.
+
 Validate deployment
 -------------------
 
diff --git a/kubernetes/aai b/kubernetes/aai
index 4f4d14a..3d1bbe8 160000
--- a/kubernetes/aai
+++ b/kubernetes/aai
@@ -1 +1 @@
-Subproject commit 4f4d14ab45a2225953961136220041189d566015
+Subproject commit 3d1bbe894ff20bc8b1512591c6d8993b4d2009b1
diff --git a/kubernetes/cds/charts/cds-sdc-listener/resources/config/application.yaml b/kubernetes/cds/charts/cds-sdc-listener/resources/config/application.yaml
index cc611a1..b3e95a2 100644
--- a/kubernetes/cds/charts/cds-sdc-listener/resources/config/application.yaml
+++ b/kubernetes/cds/charts/cds-sdc-listener/resources/config/application.yaml
@@ -1,8 +1,8 @@
 listenerservice:
   config:
-    asdcAddress: sdc-be:8443 #SDC-BE
-    messageBusAddress: message-router #Message-Router
-    user: vid #SDC-username
+    asdcAddress: sdc-be.{{include "common.namespace" .}}:8443 #SDC-BE
+    messageBusAddress: message-router.{{include "common.namespace" .}} #Message-Router
+    user: cds #SDC-username
     password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U #SDC-password
     pollingInterval: 15
     pollingTimeout: 60
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml
index 98faef0..a27fba5 100644
--- a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml
@@ -63,7 +63,7 @@
   path: /healthcheck
 
 service:
-  type: NodePort
+  type: ClusterIP
   name: config-binding-service
   # TLS service
   secure:
diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml
index c786252..8a3440d 100644
--- a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml
@@ -46,7 +46,7 @@
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.deployment-handler:4.2.0
+image: onap/org.onap.dcaegen2.platform.deployment-handler:4.3.0
 pullPolicy: Always
 
 # probe configuration parameters
diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/resources/config/config.json b/kubernetes/dcaegen2/components/dcae-policy-handler/resources/config/config.json
index 7342ca6..b459a98 100644
--- a/kubernetes/dcaegen2/components/dcae-policy-handler/resources/config/config.json
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/resources/config/config.json
@@ -13,20 +13,27 @@
     "policy_engine": {
       "url": "https://{{ .Values.config.address.policy_xacml_pdp }}:6969",
       "path_decision": "/policy/pdpx/v1/decision",
-      "path_notifications": "/pdp/notifications",
-      "path_api": "/pdp/api/",
       "headers": {
         "Accept": "application/json",
         "Content-Type": "application/json",
-        "ClientAuth": "cHl0aG9uOnRlc3Q=",
         "Authorization": "Basic aGVhbHRoY2hlY2s6emIhWHp0RzM0",
         "Environment": "TEST"
       },
       "target_entity": "policy_engine",
       "tls_ca_mode": "cert_directory",
-      "tls_wss_ca_mode": "cert_directory",
-      "timeout_in_secs": 60,
-      "ws_ping_interval_in_secs": 180
+      "timeout_in_secs": 60
+    },
+    "dmaap_mr" : {
+        "url" : "https://message-router:3904/events/unauthenticated.POLICY-NOTIFICATION/policy-handler/ph1",
+        "query": {
+            "timeout": 15000
+        },
+        "headers" : {
+            "Content-Type" : "application/json"
+        },
+        "target_entity" : "dmaap_mr",
+        "tls_ca_mode" : "cert_directory",
+        "timeout_in_secs": 60
     },
     "deploy_handler": {
       "target_entity": "deployment_handler",
diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
index 8517073..717497f 100644
--- a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
@@ -1,6 +1,6 @@
 #============LICENSE_START========================================================
 # ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -47,7 +47,7 @@
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.policy-handler:5.0.0
+image: onap/org.onap.dcaegen2.platform.policy-handler:5.1.0
 pullPolicy: Always
 
 # probe configuration parameters
@@ -68,7 +68,7 @@
 service:
   type: ClusterIP
   name: policy-handler
-  externalPort: 25577
+  externalPort: 80
   internalPort: 25577
 
 
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml
index 4742773..4c30f58 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml
@@ -22,7 +22,7 @@
 {{- if .Values.global.aafEnabled }}
 {{- $global := . }}
 {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) -}}
+{{- if (include "common.needPV" .) -}}
 {{- range $i := until (int $global.Values.replicaCount)}}
 ---
 kind: PersistentVolume
@@ -33,7 +33,7 @@
   labels:
     app: {{ include "common.name" $global }}
     chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
-    release: "{{ include "common.release" . }}"
+    release: "{{ include "common.release" $global }}"
     heritage: "{{ $global.Release.Service }}"
     name: {{ include "common.fullname" $global }}-aaf-props
 spec:
@@ -44,7 +44,7 @@
   storageClassName: "{{ include "common.fullname" $global }}-data-aaf-props"
   persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
   hostPath:
-    path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ $global.Values.persistence.aafCredsMountSubPath }}-{{$i}}
+    path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.aafCredsMountSubPath }}-{{$i}}
 {{if ne $i (int $global.Values.replicaCount) }}
 ---
 {{- end -}}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml
index c1d8c8f..3f2d39e 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml
@@ -31,7 +31,7 @@
   labels:
     app: {{ include "common.fullname" $global }}
     chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
-    release: "{{ include "common.release" . }}"
+    release: "{{ include "common.release" $global }}"
     heritage: "{{ $global.Release.Service }}"
     name: {{ include "common.fullname" $global }}-event-logs
 spec:
@@ -42,7 +42,7 @@
   persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
   storageClassName: "{{ include "common.fullname" $global }}-data-event-logs"
   hostPath:
-    path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ $global.Values.persistence.eventLogsMountSubPath }}-{{$i}}
+    path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.eventLogsMountSubPath }}-{{$i}}
 {{if ne $i (int $global.Values.replicaCount) }}
 ---
 {{- end -}}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml
index 280e034..094e92a 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml
@@ -20,7 +20,7 @@
 
 {{- $global := . }}
 {{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) -}}
+{{- if (include "common.needPV" .) -}}
 {{- range $i := until (int $global.Values.replicaCount)}}
 kind: PersistentVolume
 apiVersion: v1
@@ -30,7 +30,7 @@
   labels:
     app: {{ include "common.fullname" $global }}
     chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
-    release: "{{ include "common.release" . }}"
+    release: "{{ include "common.release" $global }}"
     heritage: "{{ $global.Release.Service }}"
     name: {{ include "common.fullname" $global }}-spool-data
 spec:
@@ -41,7 +41,7 @@
   persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
   storageClassName: "{{ include "common.fullname" $global }}-data"
   hostPath:
-    path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ $global.Values.persistence.spoolMountSubPath }}-{{$i}}
+    path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.spoolMountSubPath }}-{{$i}}
 {{if ne $i (int $global.Values.replicaCount) }}
 ---
 {{- end -}}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
index 84dadaf..9478a76 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
@@ -17,6 +17,7 @@
 #################################################################
 global:
   loggingDirectory: /var/log/onap/datarouter
+  persistence: {}
 
 #################################################################
 # Application configuration defaults.
@@ -51,6 +52,7 @@
 
 ## Persist data to a persitent volume
 persistence:
+  enabled: true
   volumeReclaimPolicy: Retain
   accessMode: ReadWriteOnce
   mountPath: /dockerdata-nfs
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
index 4619069..06f68e7 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
@@ -18,6 +18,7 @@
 global:
   nodePortPrefix: 302
   loggingDirectory: /opt/app/datartr/logs
+  persistence: {}
 
 #################################################################
 # Secrets metaconfig
@@ -63,6 +64,7 @@
 
 ## Persist data to a persitent volume
 persistence:
+  enabled: true
   volumeReclaimPolicy: Retain
   accessMode: ReadWriteOnce
   mountPath: /dockerdata-nfs
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties
index 1e7d7d3..977699d 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties
@@ -2,13 +2,13 @@
 aaf_env=DEV
 aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm
 
-cadi_truststore=/opt/kafka/config/org.onap.dmaap.mr.trust.jks
+cadi_truststore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.trust.jks
 cadi_truststore_password=enc:gvXm0E9p-_SRNw5_feOUE7wqXBxgxV3S_bdAyB08Sq9F35cCUZHWgQyKIDtTAbEw
 
-cadi_keyfile=/opt/kafka/config/org.onap.dmaap.mr.keyfile
+cadi_keyfile=/etc/kafka/secrets/cert/org.onap.dmaap.mr.keyfile
 
 cadi_alias=dmaapmr@mr.dmaap.onap.org
-cadi_keystore=/opt/kafka/config/org.onap.dmaap.mr.p12
+cadi_keystore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.p12
 cadi_keystore_password=enc:pLMCzQzk-OP7IpYNi0TPtQSkNcraFAdarZG8HbdOKq4BycW6g_7mfhphLhOZo6ht
 cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
 
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/jmx-kafka-prometheus.yml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/jmx-kafka-prometheus.yml
new file mode 100644
index 0000000..2ab713e
--- /dev/null
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/jmx-kafka-prometheus.yml
@@ -0,0 +1,23 @@
+jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.jmx.port }}/jmxrmi
+lowercaseOutputName: true
+lowercaseOutputLabelNames: true
+ssl: false
+rules:
+- pattern : kafka.server<type=ReplicaManager, name=(.+)><>(Value|OneMinuteRate)
+  name: "cp_kafka_server_replicamanager_$1"
+- pattern : kafka.controller<type=KafkaController, name=(.+)><>Value
+  name: "cp_kafka_controller_kafkacontroller_$1"
+- pattern : kafka.server<type=BrokerTopicMetrics, name=(.+)><>OneMinuteRate
+  name: "cp_kafka_server_brokertopicmetrics_$1"
+- pattern : kafka.network<type=RequestMetrics, name=RequestsPerSec, request=(.+)><>OneMinuteRate
+  name: "cp_kafka_network_requestmetrics_requestspersec_$1"
+- pattern : kafka.network<type=SocketServer, name=NetworkProcessorAvgIdlePercent><>Value
+  name: "cp_kafka_network_socketserver_networkprocessoravgidlepercent"
+- pattern : kafka.server<type=ReplicaFetcherManager, name=MaxLag, clientId=(.+)><>Value
+  name: "cp_kafka_server_replicafetchermanager_maxlag_$1"
+- pattern : kafka.server<type=KafkaRequestHandlerPool, name=RequestHandlerAvgIdlePercent><>OneMinuteRate
+  name: "cp_kafka_kafkarequesthandlerpool_requesthandleravgidlepercent"
+- pattern : kafka.controller<type=ControllerStats, name=(.+)><>OneMinuteRate
+  name: "cp_kafka_controller_controllerstats_$1"
+- pattern : kafka.server<type=SessionExpireListener, name=(.+)><>OneMinuteRate
+  name: "cp_kafka_server_sessionexpirelistener_$1"
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/log4j.properties b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/log4j.properties
deleted file mode 100644
index 8e20fa4..0000000
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/log4j.properties
+++ /dev/null
@@ -1,74 +0,0 @@
-log4j.rootLogger=INFO, stdout, kafkaAppender
-
-log4j.appender.stdout=org.apache.log4j.ConsoleAppender
-log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
-log4j.appender.stdout.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-log4j.appender.kafkaAppender=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.kafkaAppender.DatePattern='.'yyyy-MM-dd-HH
-log4j.appender.kafkaAppender.File=${kafka.logs.dir}/server.log
-log4j.appender.kafkaAppender.layout=org.apache.log4j.PatternLayout
-log4j.appender.kafkaAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-log4j.appender.stateChangeAppender=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.stateChangeAppender.DatePattern='.'yyyy-MM-dd-HH
-log4j.appender.stateChangeAppender.File=${kafka.logs.dir}/state-change.log
-log4j.appender.stateChangeAppender.layout=org.apache.log4j.PatternLayout
-log4j.appender.stateChangeAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-log4j.appender.requestAppender=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.requestAppender.DatePattern='.'yyyy-MM-dd-HH
-log4j.appender.requestAppender.File=${kafka.logs.dir}/kafka-request.log
-log4j.appender.requestAppender.layout=org.apache.log4j.PatternLayout
-log4j.appender.requestAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-log4j.appender.cleanerAppender=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.cleanerAppender.DatePattern='.'yyyy-MM-dd-HH
-log4j.appender.cleanerAppender.File=${kafka.logs.dir}/log-cleaner.log
-log4j.appender.cleanerAppender.layout=org.apache.log4j.PatternLayout
-log4j.appender.cleanerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-log4j.appender.controllerAppender=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.controllerAppender.DatePattern='.'yyyy-MM-dd-HH
-log4j.appender.controllerAppender.File=${kafka.logs.dir}/controller.log
-log4j.appender.controllerAppender.layout=org.apache.log4j.PatternLayout
-log4j.appender.controllerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-log4j.appender.authorizerAppender=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.authorizerAppender.DatePattern='.'yyyy-MM-dd-HH
-log4j.appender.authorizerAppender.File=${kafka.logs.dir}/kafka-authorizer.log
-log4j.appender.authorizerAppender.layout=org.apache.log4j.PatternLayout
-log4j.appender.authorizerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-# Change the two lines below to adjust ZK client logging
-log4j.logger.org.I0Itec.zkclient.ZkClient=INFO
-log4j.logger.org.apache.zookeeper=INFO
-
-# Change the two lines below to adjust the general broker logging level (output to server.log and stdout)
-log4j.logger.kafka=INFO
-log4j.logger.org.apache.kafka=INFO
-
-# Change to DEBUG or TRACE to enable request logging
-log4j.logger.kafka.request.logger=WARN, requestAppender
-log4j.additivity.kafka.request.logger=false
-
-# Uncomment the lines below and change log4j.logger.kafka.network.RequestChannel$ to TRACE for additional output
-# related to the handling of requests
-#log4j.logger.kafka.network.Processor=TRACE, requestAppender
-#log4j.logger.kafka.server.KafkaApis=TRACE, requestAppender
-#log4j.additivity.kafka.server.KafkaApis=false
-log4j.logger.kafka.network.RequestChannel$=WARN, requestAppender
-log4j.additivity.kafka.network.RequestChannel$=false
-
-log4j.logger.kafka.controller=TRACE, controllerAppender
-log4j.additivity.kafka.controller=false
-
-log4j.logger.kafka.log.LogCleaner=INFO, cleanerAppender
-log4j.additivity.kafka.log.LogCleaner=false
-
-log4j.logger.state.change.logger=TRACE, stateChangeAppender
-log4j.additivity.state.change.logger=false
-
-# Access denials are logged at INFO level, change to DEBUG to also log allowed accesses
-log4j.logger.kafka.authorizer.logger=INFO, authorizerAppender
-log4j.additivity.kafka.authorizer.logger=false
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/server.properties b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/server.properties
deleted file mode 100644
index 5016507..0000000
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/server.properties
+++ /dev/null
@@ -1,122 +0,0 @@
-############################# Socket Server Settings #############################
-
-# The address the socket server listens on. It will get the value returned from
-# java.net.InetAddress.getCanonicalHostName() if not configured.
-#   FORMAT:
-#     listeners = listener_name://host_name:port
-#   EXAMPLE:
-#     listeners = PLAINTEXT://your.host.name:9092
-listeners=EXTERNAL_SASL_PLAINTEXT://0.0.0.0:9093,INTERNAL_SASL_PLAINTEXT://0.0.0.0:9092
-
-# Maps listener names to security protocols, the default is for them to be the same. See the config documentation for more details
-listener.security.protocol.map=INTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT,EXTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT
-
-# The number of threads that the server uses for receiving requests from the network and sending responses to the network
-num.network.threads=3
-
-# The number of threads that the server uses for processing requests, which may include disk I/O
-num.io.threads=8
-
-# The send buffer (SO_SNDBUF) used by the socket server
-socket.send.buffer.bytes=102400
-
-#The number of hours to keep a log file before deleting it
-log.retention.hours=168
-#The maximum size of the log before deleting it
-log.retention.bytes=21474836480
-
-# The receive buffer (SO_RCVBUF) used by the socket server
-socket.receive.buffer.bytes=102400
-
-# The maximum size of a request that the socket server will accept (protection against OOM)
-socket.request.max.bytes=104857600
-
-
-############################# Log Basics #############################
-
-# A comma separated list of directories under which to store log files
-log.dirs=/opt/kafka/data
-
-# The default number of log partitions per topic. More partitions allow greater
-# parallelism for consumption, but this will also result in more files across
-# the brokers.
-num.partitions={{ .Values.defaultpartitions }}
-
-# The number of threads per data directory to be used for log recovery at startup and flushing at shutdown.
-# This value is recommended to be increased for installations with data dirs located in RAID array.
-num.recovery.threads.per.data.dir=1
-
-############################# Internal Topic Settings  #############################
-# The replication factor for the group metadata internal topics "__consumer_offsets" and "__transaction_state"
-# For anything other than development testing, a value greater than 1 is recommended for to ensure availability such as 3.
-offsets.topic.replication.factor={{ .Values.replicaCount }}
-transaction.state.log.replication.factor=1
-transaction.state.log.min.isr=1
-
-############################# Log Flush Policy #############################
-
-# Messages are immediately written to the filesystem but by default we only fsync() to sync
-# the OS cache lazily. The following configurations control the flush of data to disk.
-# There are a few important trade-offs here:
-#    1. Durability: Unflushed data may be lost if you are not using replication.
-#    2. Latency: Very large flush intervals may lead to latency spikes when the flush does occur as there will be a lot of data to flush.
-#    3. Throughput: The flush is generally the most expensive operation, and a small flush interval may lead to excessive seeks.
-# The settings below allow one to configure the flush policy to flush data after a period of time or
-# every N messages (or both). This can be done globally and overridden on a per-topic basis.
-
-# The number of messages to accept before forcing a flush of data to disk
-#log.flush.interval.messages=10000
-
-# The maximum amount of time a message can sit in a log before we force a flush
-#log.flush.interval.ms=1000
-
-############################# Log Retention Policy #############################
-
-# The following configurations control the disposal of log segments. The policy can
-# be set to delete segments after a period of time, or after a given size has accumulated.
-# A segment will be deleted whenever *either* of these criteria are met. Deletion always happens
-# from the end of the log.
-
-# The minimum age of a log file to be eligible for deletion due to age
-log.retention.hours=168
-
-# A size-based retention policy for logs. Segments are pruned from the log unless the remaining
-# segments drop below log.retention.bytes. Functions independently of log.retention.hours.
-#log.retention.bytes=1073741824
-
-# The maximum size of a log segment file. When this size is reached a new log segment will be created.
-log.segment.bytes=1073741824
-
-# The interval at which log segments are checked to see if they can be deleted according
-# to the retention policies
-log.retention.check.interval.ms=300000
-
-############################# Zookeeper #############################
-
-# Zookeeper connection string (see zookeeper docs for details).
-# This is a comma separated host:port pairs, each corresponding to a zk
-# server. e.g. "127.0.0.1:3000,127.0.0.1:3001,127.0.0.1:3002".
-# You can also append an optional chroot string to the urls to specify the
-# root directory for all kafka znodes.
-zookeeper.connect={{ include "common.release" . }}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}}
-
-# Timeout in ms for connecting to zookeeper
-zookeeper.connection.timeout.ms=6000
-
-
-############################# Group Coordinator Settings #############################
-
-# The following configuration specifies the time, in milliseconds, that the GroupCoordinator will delay the initial consumer rebalance.
-# The rebalance will be further delayed by the value of group.initial.rebalance.delay.ms as new members join the group, up to a maximum of max.poll.interval.ms.
-# The default value for this is 3 seconds.
-# We override this to 0 here as it makes for a better out-of-the-box experience for development and testing.
-# However, in production environments the default value of 3 seconds is more suitable as this will help to avoid unnecessary, and potentially expensive, rebalances during application startup.
-group.initial.rebalance.delay.ms=0
-
-inter.broker.listener.name=INTERNAL_SASL_PLAINTEXT
-default.replication.factor={{ .Values.replicaCount }}
-delete.topic.enable=true
-sasl.enabled.mechanisms=PLAIN
-authorizer.class.name=org.onap.dmaap.kafkaAuthorize.KafkaCustomAuthorizer
-version=1.1.1
-sasl.mechanism.inter.broker.protocol=PLAIN
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/jaas/kafka_server_jaas.conf b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/jaas/kafka_server_jaas.conf
new file mode 100644
index 0000000..ff43fbb
--- /dev/null
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/jaas/kafka_server_jaas.conf
@@ -0,0 +1,11 @@
+KafkaServer {
+   org.onap.dmaap.kafkaAuthorize.PlainLoginModule1 required
+   username="${KAFKA_ADMIN}"
+   password="${KAFKA_PSWD}"
+   user_${KAFKA_ADMIN}="${KAFKA_PSWD}";
+};
+Client {
+   org.apache.zookeeper.server.auth.DigestLoginModule required
+   username="${ZK_ADMIN}"
+   password="${ZK_PSWD}";
+ };
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/jaas/zk_client_jaas.conf b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/jaas/zk_client_jaas.conf
new file mode 100644
index 0000000..0755c1e
--- /dev/null
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/jaas/zk_client_jaas.conf
@@ -0,0 +1,5 @@
+Client {
+   org.apache.zookeeper.server.auth.DigestLoginModule required
+   username="${ZK_ADMIN}"
+   password="${ZK_PSWD}";
+ };
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml
index e579d82..5039898 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml
@@ -12,19 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-server-prop-configmap
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/server.properties").AsConfig . | indent 2 }}
----
+{{- if  .Values.global.aafEnabled }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -38,11 +26,10 @@
 data:
 {{ tpl (.Files.Glob "resources/config/cadi.properties").AsConfig . | indent 2 }}
 ---
-
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ include "common.fullname" . }}-log4j-prop-configmap
+  name: {{ include "common.fullname" . }}-jaas-configmap
   namespace: {{ include "common.namespace" . }}
   labels:
     app: {{ include "common.name" . }}
@@ -50,6 +37,37 @@
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 data:
-{{ tpl (.Files.Glob "resources/config/log4j.properties").AsConfig . | indent 2 }}
----
+{{ tpl (.Files.Glob "resources/jaas/kafka_server_jaas.conf").AsConfig . | indent 2 }}
 
+{{ else }}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-jaas-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/jaas/zk_client_jaas.conf").AsConfig . | indent 2 }}
+
+{{- end }}
+
+{{- if  .Values.prometheus.jmx.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-prometheus-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ (.Files.Glob "resources/config/jmx-kafka-prometheus.yml").AsConfig | indent 2 }}
+---
+{{- end }}
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/Chart.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml
similarity index 73%
rename from kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/Chart.yaml
rename to kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml
index 921865d..58a1066 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/Chart.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml
@@ -1,5 +1,4 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright © 2020 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -13,8 +12,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-apiVersion: v1
-description: ONAP Message Router Kafka Service
-name: message-router-mirrormaker
-version: 5.0.0
-
+{{ include "common.secret" . }}
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml
index aa97e32..ab3a6bf 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml
@@ -1,4 +1,3 @@
-# Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -32,6 +31,11 @@
       labels:
         app:  {{ include "common.name" . }}
         release: {{ include "common.release" . }}
+      {{- if .Values.prometheus.jmx.enabled }}
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }}
+      {{- end }}
     spec:
       podAntiAffinity:
          {{if eq .Values.podAntiAffinityType "hard" -}}
@@ -47,10 +51,14 @@
                     operator: In
                     values:
                     - {{ include "common.name" . }}
+                  - key: "release"
+                    operator: In
+                    values:
+                    - {{ include "common.release" . }}
              topologyKey: "kubernetes.io/hostname"
       {{- if .Values.nodeAffinity }}
       nodeAffinity:
-        {{ toYaml .Values.nodeAffinity | indent 10 }}
+      {{ toYaml .Values.nodeAffinity | indent 10 }}
       {{- end }}
       initContainers:
       - name: {{ include "common.name" . }}-initcontainer
@@ -74,24 +82,58 @@
         -  sh
         - -exec
         - |
-          chown -R 1000:1000 /opt/kafka/data;
-          rm -rf '/opt/kafka/data/lost+found';
-          cp /opt/kafka/tmpconfig/server.properties /opt/kafka/config/;
-          chown 1000:1000 /opt/kafka/config/server.properties;
-          cd /opt/kafka/config;
-          ls;
+          chown -R 1000:0 /var/lib/kafka/data;
         image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
-        - mountPath: /opt/kafka/data
+        - mountPath: /var/lib/kafka/data
           name: kafka-data
-        - mountPath: /opt/kafka/tmpconfig/server.properties
-          subPath: server.properties
-          name: server
-        - mountPath: /opt/kafka/config
-          name: config-data
         name: {{ include "common.name" . }}-permission-fixer
+      - command:
+        - sh
+        args:
+        - -c
+        - "cd /config-input  && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/kafka/secrets/jaas/${PFILE}; done"
+        env:
+        - name: ZK_ADMIN
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-client" "key" "login") | indent 10 }}
+        - name: ZK_PSWD
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-client" "key" "password") | indent 10 }}
+        - name: KAFKA_ADMIN
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "kafka-admin" "key" "login") | indent 10 }}
+        - name: KAFKA_PSWD
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "kafka-admin" "key" "password") | indent 10 }}
+        volumeMounts:
+        - mountPath: /etc/kafka/secrets/jaas
+          name: jaas-config
+        - mountPath: /config-input
+          name: jaas
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ include "common.name" . }}-update-config
       containers:
+      {{- if .Values.prometheus.jmx.enabled }}
+      - name: prometheus-jmx-exporter
+        image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+        - java
+        - -XX:+UnlockExperimentalVMOptions
+        - -XX:+UseCGroupMemoryLimitForHeap
+        - -XX:MaxRAMFraction=1
+        - -XshowSettings:vm
+        - -jar
+        - jmx_prometheus_httpserver.jar
+        - {{ .Values.prometheus.jmx.port | quote }}
+        - /etc/jmx-kafka/jmx-kafka-prometheus.yml
+        ports:
+        - containerPort: {{ .Values.prometheus.jmx.port }}
+        resources:
+{{ toYaml .Values.prometheus.jmx.resources | indent 10 }}
+        volumeMounts:
+        - name: jmx-config
+          mountPath: /etc/jmx-kafka
+      {{- end }}
       - name: {{ include "common.name" .  }}
         image: "{{ include "common.repository" . }}/{{ .Values.image }}"
         imagePullPolicy:  {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -100,14 +142,21 @@
         - -exc
         - |
           export KAFKA_BROKER_ID=${HOSTNAME##*-} && \
-          export ENDPOINT_PORT=$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )) && \
+          {{- if  .Values.global.aafEnabled }}
           export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_SASL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_SASL_PLAINTEXT://:{{ .Values.service.internalPort }} && \
-          exec start-kafka.sh
+          {{ else }}
+          export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_PLAINTEXT://:{{ .Values.service.internalPort }} && \
+          {{- end }}
+          exec /etc/confluent/docker/run
         resources:
 {{ include "common.resources" . | indent 12 }}
         ports:
         - containerPort: {{ .Values.service.internalPort }}
         - containerPort: {{ .Values.service.externalPort }}
+        {{- if .Values.prometheus.jmx.enabled }}
+        - containerPort: {{ .Values.jmx.port }}
+          name: jmx
+        {{- end }}
        {{ if eq .Values.liveness.enabled true }}
         livenessProbe:
           tcpSocket:
@@ -128,28 +177,63 @@
             fieldRef:
               apiVersion: v1
               fieldPath: status.hostIP
+        - name: KAFKA_ZOOKEEPER_CONNECT
+          value: {{ include "common.release" . }}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}}
+        - name: KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE
+          value: "{{ .Values.kafka.enableSupport }}"
+        - name: KAFKA_OPTS
+          value: "{{ .Values.kafka.jaasOptions }}"
+        {{- if  .Values.global.aafEnabled }}
+        - name: KAFKA_OPTS
+          value: "{{ .Values.kafka.jaasOptionsAaf }}"
         - name: aaf_locate_url
           value: https://aaf-locate.{{ include "common.namespace" . }}:8095
-
+        - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP
+          value: "{{ .Values.kafka.protocolMapAaf }}"
+        - name: KAFKA_LISTENERS
+          value: "{{ .Values.kafka.listenersAaf }}"
+        - name: KAFKA_SASL_ENABLED_MECHANISMS
+          value: "{{ .Values.kafka.saslMech }}"
+        - name: KAFKA_INTER_BROKER_LISTENER_NAME
+          value: "{{ .Values.kafka.interBrokerListernerAaf }}"
+        - name: KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL
+          value: "{{ .Values.kafka.saslInterBrokerProtocol }}"
+        - name: KAFKA_AUTHORIZER_CLASS_NAME
+          value: "{{ .Values.kafka.authorizer }}"
+        {{ else }}
+         - name: KAFKA_OPTS
+          value: "{{ .Values.kafka.jaasOptions }}"
+        - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP
+          value: "{{ .Values.kafka.protocolMap }}"
+        - name: KAFKA_LISTENERS
+          value: "{{ .Values.kafka.listeners }}"
+        - name: KAFKA_INTER_BROKER_LISTENER_NAME
+          value: "{{ .Values.kafka.interBrokerListerner }}"
+        {{- end }}
+        {{- range $key, $value := .Values.configurationOverrides }}
+        - name: {{ printf "KAFKA_%s" $key | replace "." "_" | upper | quote }}
+          value: {{ $value | quote }}
+        {{- end }}
+        {{- if .Values.jmx.port }}
+        - name: KAFKA_JMX_PORT
+          value: "{{ .Values.jmx.port }}"
+        {{- end }}
+        - name: enableCadi
+          value: "{{ .Values.global.aafEnabled }}"
         volumeMounts:
         - mountPath: /etc/localtime
           name: localtime
           readOnly: true
         - mountPath: /var/run/docker.sock
           name: docker-socket
-        - mountPath: /opt/kafka/tmpconfig/server.properties
-          subPath: server.properties
-          name: server
-        - mountPath: /opt/kafka/config/server.properties
-          subPath: server.properties
-          name: config-data
-        - mountPath: /opt/kafka/config/log4j.properties
-          subPath: log4j.properties
-          name: log4j
-        - mountPath: /opt/kafka/config/cadi.properties
+        {{- if .Values.global.aafEnabled }}
+        - mountPath: /etc/kafka/data/cadi.properties
           subPath: cadi.properties
           name: cadi
-        - mountPath: /opt/kafka/data
+        {{ end  }}
+        - name: jaas-config
+          mountPath: /etc/kafka/secrets/jaas
+        - mountPath: /var/lib/kafka/data
           name: kafka-data
       {{- if .Values.tolerations }}
       tolerations:
@@ -159,20 +243,25 @@
       - name: localtime
         hostPath:
           path: /etc/localtime
-      - name: config-data
-        emptyDir: {}
+      - name: jaas-config
+        emptyDir:
+          medium: Memory
       - name: docker-socket
         hostPath:
           path: /var/run/docker.sock
-      - name: server
-        configMap:
-          name: {{ include "common.fullname" . }}-server-prop-configmap
-      - name: log4j
-        configMap:
-          name: {{ include "common.fullname" . }}-log4j-prop-configmap
+      {{- if .Values.global.aafEnabled }}
       - name: cadi
         configMap:
           name: {{ include "common.fullname" . }}-cadi-prop-configmap
+      {{ end }}
+      - name: jaas
+        configMap:
+          name: {{ include "common.fullname" . }}-jaas-configmap
+       {{- if .Values.prometheus.jmx.enabled }}
+      - name: jmx-config
+        configMap:
+          name: {{ include "common.fullname" . }}-prometheus-configmap
+       {{- end }}
 {{ if not .Values.persistence.enabled }}
       - name: kafka-data
         emptyDir: {}
@@ -194,4 +283,4 @@
             storage: {{ .Values.persistence.size | quote }}
 {{ end }}
       imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml
index 873e72e..0399c3a 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml
@@ -24,13 +24,14 @@
   loggingImage: beats/filebeat:5.5.0
   persistence: {}
   ubuntuInitRepository: registry.hub.docker.com
+  envsubstImage: dibi/envsubst
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/dmaap/kafka111:1.0.1
+image: onap/dmaap/kafka111:1.0.3
 pullPolicy: Always
 ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
 busyBoxImage: busybox:1.30
@@ -41,15 +42,76 @@
   name: message-router-zookeeper
   port: 2181
 
+kafka:
+  heapOptions: -Xmx5G -Xms1G
+  jaasOptions: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/zk_client_jaas.conf
+  jaasOptionsAaf: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/kafka_server_jaas.conf
+  enableSupport: false
+  protocolMapAaf: INTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT,EXTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT
+  protocolMap: INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT
+  listenersAaf: EXTERNAL_SASL_PLAINTEXT://0.0.0.0:9091,INTERNAL_SASL_PLAINTEXT://0.0.0.0:9092
+  listeners: EXTERNAL_PLAINTEXT://0.0.0.0:9091,INTERNAL_PLAINTEXT://0.0.0.0:9092
+  authorizer: org.onap.dmaap.kafkaAuthorize.KafkaCustomAuthorizer
+  saslInterBrokerProtocol: PLAIN
+  saslMech: PLAIN
+  interBrokerListernerAaf: INTERNAL_SASL_PLAINTEXT
+  interBrokerListerner: INTERNAL_PLAINTEXT
+
+
+configurationOverrides:
+  "offsets.topic.replication.factor": "3"
+  "log.dirs": "/var/lib/kafka/data"
+  "log.retention.hours": "168"
+  "num.partitions": "3"
+  "offsets.topic.replication.factor": "3"
+  "transaction.state.log.replication.factor": "1"
+  "transaction.state.log.min.isr": "1"
+  "num.recovery.threads.per.data.dir": "5"
+  "log.retention.hours": "168"
+  "zookeeper.connection.timeout.ms": "6000"
+  "default.replication.factor": "3"
+
+jmx:
+  port: 5555
+
+prometheus:
+  jmx:
+    enabled: false
+    image: solsson/kafka-prometheus-jmx-exporter@sha256
+    imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143
+    imageRepository: docker.io
+    port: 5556
+
+jaas:
+  config:
+    zkClient: kafka
+    zkClientPassword: kafka_secret
+    kafkaAdminUser: admin
+    kafkaAdminPassword: admin_secret
+    #kafkaAdminUserExternal:  some secret
+    #zkClientPasswordExternal: some secret
+
+
+secrets:
+  - uid: zk-client
+    type: basicAuth
+    externalSecret: '{{ .Values.jaas.config.zkClientPasswordExternal}}'
+    login: '{{ .Values.jaas.config.zkClient }}'
+    password: '{{ .Values.jaas.config.zkClientPassword }}'
+    passwordPolicy: required
+  - uid: kafka-admin
+    type: basicAuth
+    externalSecret: '{{ .Values.jaas.config.kafkaAdminUserExternal}}'
+    login: '{{ .Values.jaas.config.kafkaAdminUser }}'
+    password: '{{ .Values.jaas.config.kafkaAdminPassword }}'
+    passwordPolicy: required
+
 # flag to enable debugging - application support required
 debugEnabled: false
 
 # default number of instances
 replicaCount: 3
 
-#Kafka custom authorizer class name
-kafkaCustomAuthorizer: org.onap.dmaap.kafkaAuthorize.KafkaCustomAuthorizer
-deleteTopicEnable: true
 
 # To access Kafka outside cluster, this value must be set to hard and the number of nodes in K8S cluster must be equal or greater then replica count
 podAntiAffinityType: soft
@@ -69,17 +131,17 @@
 
 # probe configuration parameters
 liveness:
-  initialDelaySeconds: 60
-  periodSeconds: 10
-  timeoutSeconds: 1
+  initialDelaySeconds: 70
+  periodSeconds: 20
+  timeoutSeconds: 10
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
   enabled: true
 
 readiness:
-  initialDelaySeconds: 60
-  periodSeconds: 10
-  timeoutSeconds: 1
+  initialDelaySeconds: 90
+  periodSeconds: 20
+  timeoutSeconds: 100
 
 ## Persist data to a persitent volume
 persistence:
@@ -109,7 +171,8 @@
   name: message-router-kafka
   portName: message-router-kafka
   internalPort: 9092
-  externalPort: 9093
+  internalSSLPort: 9093
+  externalPort: 9091
   baseNodePort: 30490
 
 
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/templates/NOTES.txt b/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/templates/NOTES.txt
deleted file mode 100644
index a44d0f7..0000000
--- a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/templates/NOTES.txt
+++ /dev/null
@@ -1,34 +0,0 @@
-# Copyright © 2018  AT&T Intellectual Property.  All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/templates/deployment.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/templates/deployment.yaml
deleted file mode 100644
index 9c8a43b..0000000
--- a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/templates/deployment.yaml
+++ /dev/null
@@ -1,105 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1beta1
-kind: Deployment
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-spec:
-  serviceName: {{ .Values.service.name }}
-  replicas: {{ .Values.replicaCount }}
-  template:
-    metadata:
-      labels:
-        app:  {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
-    spec:
-      initContainers:
-      - name: {{ include "common.name" . }}-initcontainer
-        image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.ubuntuInitImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-      - command:
-        - /root/ready.py
-        args:
-        - --container-name
-        - {{ .Values.messagerouter.container }}
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-readiness
-      containers:
-      - name: {{ include "common.name" .  }}
-        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
-        imagePullPolicy:  {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        command:
-        - sh
-        - -exc
-        - |
-          exec start-mirrormaker.sh
-        resources:
-{{ include "common.resources" . | indent 12 }}
-        ports:
-        - containerPort: {{ .Values.service.internalPort }}
-        {{ if eq .Values.liveness.enabled true }}
-        livenessProbe:
-          exec:
-            command:
-            - sh
-            - -c
-            - "touch /tmp/lprobe.txt"
-            - "rm /tmp/lprobe.txt"
-          initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
-          periodSeconds: {{ .Values.liveness.periodSeconds }}
-          timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
-        {{ end }}
-        readinessProbe:
-          exec:
-            command:
-            - sh
-            - -c
-            - "touch /tmp/rprobe.txt"
-            - "rm /tmp/rprobe.txt"
-          initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
-          periodSeconds: {{ .Values.readiness.periodSeconds }}
-          timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
-        env:
-        - name: KAFKA_HEAP_OPTS
-          value: "{{ .Values.kafkaHeapOptions }}"
-        volumeMounts:
-        - mountPath: /etc/localtime
-          name: localtime
-          readOnly: true
-        - mountPath: /var/run/docker.sock
-          name: docker-socket
-      volumes:
-      - name: localtime
-        hostPath:
-          path: /etc/localtime
-      - name: docker-socket
-        hostPath:
-          path: /var/run/docker.sock
-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/values.yaml
deleted file mode 100644
index 676f634..0000000
--- a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/values.yaml
+++ /dev/null
@@ -1,100 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
-  nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-  persistence: {}
-  ubuntuInitRepository: registry.hub.docker.com
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/dmaap/kafka111:1.0.1
-pullPolicy: Always
-ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
-
-zookeeper:
-  name: message-router-zookeeper
-  port: 2181
-
-messagerouter:
-  container: message-router 
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# default number of instances
-replicaCount: 1
-kafkaHeapOptions: -Xmx4G -Xms2G
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
-  initialDelaySeconds: 60
-  periodSeconds: 20
-  timeoutSeconds: 5
-  # necessary to disable liveness probe when setting breakpoints
-  # in debugger so K8s doesn't restart unresponsive container
-  enabled: true
-
-readiness:
-  initialDelaySeconds: 60
-  periodSeconds: 20
-  timeoutSeconds: 5
-
-
-service:
-  type: NodePort
-  name: message-router-mirrormaker
-  portName: message-router-mirrormaker
-  internalPort: 9092
-  
- 
-
-ingress:
-  enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: large
-# Segregation for Different environment (Small and Large)
-resources:
-  small:
-    limits:
-      cpu: 2000m
-      memory: 4Gi
-    requests:
-      cpu: 500m
-      memory: 1Gi
-  large:
-    limits:
-      cpu: 4000m
-      memory: 8Gi
-    requests:
-      cpu: 1000m
-      memory: 2Gi
-  unlimited: {}
-
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/resources/config/jmx-zookeeper-prometheus.yml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/resources/config/jmx-zookeeper-prometheus.yml
new file mode 100644
index 0000000..a75b644
--- /dev/null
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/resources/config/jmx-zookeeper-prometheus.yml
@@ -0,0 +1,21 @@
+jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.jmx.port }}/jmxrmi
+lowercaseOutputName: true
+lowercaseOutputLabelNames: true
+ssl: false
+rules:
+- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+)><>(\\w+)"
+  name: "message-router-zookeeper_$2"
+- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+)><>(\\w+)"
+  name: "message-router-zookeeper_$3"
+  labels:
+    replicaId: "$2"
+- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+)><>(\\w+)"
+  name: "message-router-zookeeper_$4"
+  labels:
+    replicaId: "$2"
+    memberType: "$3"
+- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+), name3=(\\w+)><>(\\w+)"
+  name: "message-router-zookeeper_$4_$5"
+  labels:
+    replicaId: "$2"
+    memberType: "$3"
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/resources/config/zk_server_jaas.conf b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/resources/config/zk_server_jaas.conf
new file mode 100644
index 0000000..8266f6b
--- /dev/null
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/resources/config/zk_server_jaas.conf
@@ -0,0 +1,4 @@
+Server {
+       org.apache.zookeeper.server.auth.DigestLoginModule required
+       user_${ZK_ADMIN}="${ZK_PSWD}";
+};
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/configmap.yaml
new file mode 100644
index 0000000..907111d
--- /dev/null
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/configmap.yaml
@@ -0,0 +1,42 @@
+# Copyright © 2020 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if  .Values.prometheus.jmx.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-prometheus-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{  (.Files.Glob "resources/config/jmx-zookeeper-prometheus.yml").AsConfig  | indent 2 }}
+---
+{{ end }}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-jaas-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{  (.Files.Glob "resources/config/zk_server_jaas.conf").AsConfig  | indent 2 }}
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/Chart.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/secrets.yaml
similarity index 73%
copy from kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/Chart.yaml
copy to kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/secrets.yaml
index 921865d..729cad4 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/Chart.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/secrets.yaml
@@ -1,5 +1,4 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright © 2020 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -13,8 +12,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-apiVersion: v1
-description: ONAP Message Router Kafka Service
-name: message-router-mirrormaker
-version: 5.0.0
-
+{{ include "common.secret" . }}
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml
index af4c171..e98e614 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml
@@ -36,6 +36,11 @@
       labels:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
+      {{- if .Values.prometheus.jmx.enabled }}
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }}
+      {{- end }}
     spec:
       podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
@@ -47,6 +52,10 @@
                     operator: In
                     values:
                     - {{ include "common.name" . }}
+                  - key: "release"
+                    operator: In
+                    values:
+                    - {{ include "common.release" . }}
              topologyKey: "kubernetes.io/hostname"
       {{- if .Values.nodeAffinity }}
       nodeAffinity:
@@ -58,13 +67,53 @@
         - sh
         - -exec
         - >
-          chown -R 1000:1000 /tmp/zookeeper/apikeys;
+          chown -R 1000:0 /tmp/zookeeper/apikeys;
         image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - mountPath: /tmp/zookeeper/apikeys
           name: zookeeper-data
+      - command:
+        - sh
+        args:
+        - -c
+        - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/zookeeper/secrets/jaas/${PFILE}; done"
+        env:
+        - name: ZK_ADMIN
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-admin" "key" "login") | indent 10 }}
+        - name: ZK_PSWD
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-admin" "key" "password") | indent 10 }}
+        volumeMounts:
+        - mountPath: /etc/zookeeper/secrets/jaas
+          name: jaas-config
+        - mountPath: /config-input
+          name: jaas
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ include "common.name" . }}-update-config
       containers:
+      {{- if .Values.prometheus.jmx.enabled }}
+      - name: prometheus-jmx-exporter
+        image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+        - java
+        - -XX:+UnlockExperimentalVMOptions
+        - -XX:+UseCGroupMemoryLimitForHeap
+        - -XX:MaxRAMFraction=1
+        - -XshowSettings:vm
+        - -jar
+        - jmx_prometheus_httpserver.jar
+        - {{ .Values.prometheus.jmx.port | quote }}
+        - /etc/jmx-zookeeper/jmx-zookeeper-prometheus.yml
+        ports:
+        - containerPort: {{ .Values.prometheus.jmx.port }}
+        resources:
+{{ toYaml .Values.prometheus.jmx.resources | indent 10 }}
+        volumeMounts:
+        - name: jmx-config
+          mountPath: /etc/jmx-zookeeper
+      {{- end }}
       - name: {{ include "common.name" . }}
         image: "{{ include "common.repository" . }}/{{ .Values.image }}"
         imagePullPolicy:  {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -77,39 +126,71 @@
           name: {{ .Values.service.serverPortName }}
         - containerPort: {{ .Values.service.leaderElectionPort }}
           name: {{ .Values.service.leaderElectionPortName }}
+        {{- if .Values.prometheus.jmx.enabled }}
+        - containerPort: {{ .Values.jmx.port }}
+          name: jmx
+        {{- end }}
         {{ if eq .Values.liveness.enabled true }}
         livenessProbe:
           exec:
-            command:
-            - sh
-            - -c
-            - "zookeeper-ready.sh 2181"
+            command:  ['/bin/bash', '-c', 'echo "ruok" | nc -w 2 -q 2 localhost 2181 | grep imok']
           initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
           periodSeconds: {{ .Values.liveness.periodSeconds }}
           timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
         {{ end }}
         readinessProbe:
           exec:
-            command:
-            - sh
-            - -c
-            - "zookeeper-ready.sh 2181"
+            command: ['/bin/bash', '-c', 'echo "ruok" | nc -w 2 -q 2 localhost 2181 | grep imok']
           initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
           periodSeconds: {{ .Values.readiness.periodSeconds }}
           timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+        resources:
+{{ toYaml .Values.resources | indent 10 }}
         env:
-        - name: ZK_REPLICAS
+        - name : KAFKA_HEAP_OPTS
+          value: "{{ .Values.zkConfig.heapOptions }}"
+        {{- if .Values.jmx.port }}
+        - name : KAFKA_JMX_PORT
+          value: "{{ .Values.jmx.port }}"
+        {{- end }}
+        - name : ZOOKEEPER_REPLICAS
           value: "{{ .Values.replicaCount }}"
-        - name: ZK_INIT_LIMIT
-          value: "{{ .Values.zk.initLimit }}"
-        - name: ZK_SYNC_LIMIT
-          value: "{{ .Values.zk.syncLimit }}"
+        - name : ZOOKEEPER_TICK_TIME
+          value: "{{ .Values.zkConfig.tickTime }}"
+        - name : ZOOKEEPER_SYNC_LIMIT
+          value: "{{ .Values.zkConfig.syncLimit }}"
+        - name : ZOOKEEPER_INIT_LIMIT
+          value: "{{ .Values.zkConfig.initLimit }}"
+        - name : ZOOKEEPER_MAX_CLIENT_CNXNS
+          value: "{{ .Values.zkConfig.maxClientCnxns }}"
+        - name : ZOOKEEPER_AUTOPURGE_SNAP_RETAIN_COUNT
+          value: "{{ .Values.zkConfig.autoPurgeSnapRetainCount}}"
+        - name : ZOOKEEPER_AUTOPURGE_PURGE_INTERVAL
+          value: "{{ .Values.zkConfig.autoPurgePurgeInterval}}"
+        - name: ZOOKEEPER_CLIENT_PORT
+          value: "{{ .Values.zkConfig.clientPort }}"
+        - name: KAFKA_OPTS
+          value: "{{ .Values.zkConfig.kafkaOpts }}"
+        - name: EXTRA_ARGS
+          value: "{{ .Values.zkConfig.extraArgs }}"
+        - name: ZOOKEEPER_SERVER_ID
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        command:
+        - "bash"
+        - "-c"
+        - |
+          ZOOKEEPER_SERVER_ID=$((${HOSTNAME##*-}+1)) \
+          /etc/confluent/docker/run
         volumeMounts:
         - mountPath: /etc/localtime
           name: localtime
           readOnly: true
         - mountPath: /var/lib/zookeeper/data
           name: zookeeper-data
+        - name: jaas-config
+          mountPath: /etc/zookeeper/secrets/jaas
       {{- if .Values.tolerations }}
       tolerations:
         {{ toYaml .Values.tolerations | indent 10 }}
@@ -118,15 +199,29 @@
       - name: localtime
         hostPath:
           path: /etc/localtime
+      - name: jaas-config
+        emptyDir:
+          medium: Memory
+      - name: docker-socket
+        hostPath:
+          path: /var/run/docker.sock
+      - name: jaas
+        configMap:
+          name: {{ include "common.fullname" . }}-jaas-configmap
+       {{- if .Values.prometheus.jmx.enabled }}
+      - name: jmx-config
+         configMap:
+           name: {{ include "common.fullname" . }}-prometheus-configmap
+       {{- end }}
 {{ if not .Values.persistence.enabled }}
       - name: zookeeper-data
         emptyDir: {}
 {{ else }}
   volumeClaimTemplates:
     - metadata:
-        name:  zookeeper-data
+        name: zookeeper-data
         labels:
-          app:  {{ include "common.fullname" . }}
+          app: {{ include "common.fullname" . }}
           chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
           release: "{{ include "common.release" . }}"
           heritage: "{{ .Release.Service }}"
@@ -139,4 +234,4 @@
             storage: {{ .Values.persistence.size | quote }}
 {{ end }}
       imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml
index eeb77ba..4abb6e3 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml
@@ -24,13 +24,14 @@
   loggingImage: beats/filebeat:5.5.0
   ubuntuInitRepository: registry.hub.docker.com
   persistence: {}
+  envsubstImage: dibi/envsubst
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/dmaap/zookeeper:6.0.0
+image: onap/dmaap/zookeeper:6.0.2
 pullPolicy: Always
 ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
 busyBoxImage: busybox:1.30
@@ -39,12 +40,6 @@
 # flag to enable debugging - application support required
 debugEnabled: false
 
-# application configuration
-config:
-  # gerrit branch where the latest code is checked in
-  gerritBranch: master
-  # gerrit project where the latest code is checked in
-  gerritProject: http://gerrit.onap.org/r/dmaap/messagerouter/messageservice.git
 
 # default number of instances
 replicaCount: 3
@@ -59,22 +54,55 @@
 
 # probe configuration parameters
 liveness:
-  initialDelaySeconds: 10
-  periodSeconds: 10
-  timeoutSeconds: 1
+  initialDelaySeconds: 40
+  periodSeconds: 20
+  timeoutSeconds: 10
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
   enabled: true
 
 readiness:
-  initialDelaySeconds: 10
-  periodSeconds: 10
-  timeoutSeconds: 1
+  initialDelaySeconds: 40
+  periodSeconds: 20
+  timeoutSeconds: 10
 
 #Zookeeper properties
-zk:
- initLimit: 5
- syncLimit: 2
+zkConfig:
+  tickTime: 2000
+  syncLimit: 5
+  initLimit: 10
+  maxClientCnxns: 200
+  autoPurgeSnapRetainCount: 3
+  autoPurgePurgeInterval: 24
+  heapOptions: -Xmx2G -Xms2G
+  kafkaOpts: -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
+  extraArgs: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf
+  clientPort: 2181
+
+jmx:
+  port: 5555
+
+prometheus:
+  jmx:
+    enabled: false
+    image: solsson/kafka-prometheus-jmx-exporter@sha256
+    imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143
+    imageRepository: docker.io
+    port: 5556
+
+jaas:
+  config:
+    zkAdminUser: kafka
+    zkAdminPassword: kafka_secret
+    #zkAdminPasswordExternal= some password
+
+secrets:
+  - uid: zk-admin
+    type: basicAuth
+    externalSecret: '{{ .Values.jaas.config.zkAdminPasswordExternal}}'
+    login: '{{ .Values.jaas.config.zkAdminUser }}'
+    password: '{{ .Values.jaas.config.zkAdminPassword }}'
+    passwordPolicy: required
 
 ## Persist data to a persitent volume
 persistence:
diff --git a/kubernetes/multicloud/charts/multicloud-fcaps/values.yaml b/kubernetes/multicloud/charts/multicloud-fcaps/values.yaml
index 4b34784..6182cbe 100644
--- a/kubernetes/multicloud/charts/multicloud-fcaps/values.yaml
+++ b/kubernetes/multicloud/charts/multicloud-fcaps/values.yaml
@@ -23,7 +23,7 @@
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-fcaps:1.5.3
+image: onap/multicloud/openstack-fcaps:1.5.5
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/multicloud/charts/multicloud-pike/values.yaml b/kubernetes/multicloud/charts/multicloud-pike/values.yaml
index a4c7100..ec79a1a 100644
--- a/kubernetes/multicloud/charts/multicloud-pike/values.yaml
+++ b/kubernetes/multicloud/charts/multicloud-pike/values.yaml
@@ -23,7 +23,7 @@
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-pike:1.4.1
+image: onap/multicloud/openstack-pike:1.5.5
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/values.yaml b/kubernetes/multicloud/charts/multicloud-starlingx/values.yaml
index 2dffd1c..cb065d6 100644
--- a/kubernetes/multicloud/charts/multicloud-starlingx/values.yaml
+++ b/kubernetes/multicloud/charts/multicloud-starlingx/values.yaml
@@ -23,7 +23,7 @@
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-starlingx:1.5.3
+image: onap/multicloud/openstack-starlingx:1.5.5
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/multicloud/charts/multicloud-windriver/values.yaml b/kubernetes/multicloud/charts/multicloud-windriver/values.yaml
index 1104fa0..8ab4d56 100644
--- a/kubernetes/multicloud/charts/multicloud-windriver/values.yaml
+++ b/kubernetes/multicloud/charts/multicloud-windriver/values.yaml
@@ -26,7 +26,7 @@
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-windriver:1.5.3
+image: onap/multicloud/openstack-windriver:1.5.5
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/policy/charts/policy-pap/Chart.yaml b/kubernetes/policy/charts/pap/Chart.yaml
similarity index 97%
rename from kubernetes/policy/charts/policy-pap/Chart.yaml
rename to kubernetes/policy/charts/pap/Chart.yaml
index 85e44e7..25e481b 100644
--- a/kubernetes/policy/charts/policy-pap/Chart.yaml
+++ b/kubernetes/policy/charts/pap/Chart.yaml
@@ -18,5 +18,5 @@
 
 apiVersion: v1
 description: ONAP Policy Administration (PAP)
-name: policy-pap
+name: pap
 version: 5.0.0
diff --git a/kubernetes/policy/charts/policy-pap/requirements.yaml b/kubernetes/policy/charts/pap/requirements.yaml
similarity index 100%
rename from kubernetes/policy/charts/policy-pap/requirements.yaml
rename to kubernetes/policy/charts/pap/requirements.yaml
diff --git a/kubernetes/policy/charts/policy-pap/resources/config/config.json b/kubernetes/policy/charts/pap/resources/config/config.json
similarity index 100%
rename from kubernetes/policy/charts/policy-pap/resources/config/config.json
rename to kubernetes/policy/charts/pap/resources/config/config.json
diff --git a/kubernetes/policy/charts/policy-pap/templates/NOTES.txt b/kubernetes/policy/charts/pap/templates/NOTES.txt
similarity index 100%
rename from kubernetes/policy/charts/policy-pap/templates/NOTES.txt
rename to kubernetes/policy/charts/pap/templates/NOTES.txt
diff --git a/kubernetes/policy/charts/policy-pap/templates/configmap.yaml b/kubernetes/policy/charts/pap/templates/configmap.yaml
similarity index 100%
rename from kubernetes/policy/charts/policy-pap/templates/configmap.yaml
rename to kubernetes/policy/charts/pap/templates/configmap.yaml
diff --git a/kubernetes/policy/charts/policy-pap/templates/deployment.yaml b/kubernetes/policy/charts/pap/templates/deployment.yaml
similarity index 100%
rename from kubernetes/policy/charts/policy-pap/templates/deployment.yaml
rename to kubernetes/policy/charts/pap/templates/deployment.yaml
diff --git a/kubernetes/policy/charts/policy-pap/templates/service.yaml b/kubernetes/policy/charts/pap/templates/service.yaml
similarity index 100%
rename from kubernetes/policy/charts/policy-pap/templates/service.yaml
rename to kubernetes/policy/charts/pap/templates/service.yaml
diff --git a/kubernetes/policy/charts/policy-pap/values.yaml b/kubernetes/policy/charts/pap/values.yaml
similarity index 100%
rename from kubernetes/policy/charts/policy-pap/values.yaml
rename to kubernetes/policy/charts/pap/values.yaml
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index ca1a8a3..ba20739 100644
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -26,7 +26,7 @@
   pdp:
     nameOverride: pdp
   pap:
-    nameOverride: policy
+    nameOverride: pap
   drools:
     nameOverride: drools
   brmwgw:
diff --git a/kubernetes/robot b/kubernetes/robot
index c854b48..3fa8381 160000
--- a/kubernetes/robot
+++ b/kubernetes/robot
@@ -1 +1 @@
-Subproject commit c854b484ebbd5e0c1be1e6a032a79beeb4cab6ff
+Subproject commit 3fa8381f2a1e5f030ee1388466417817dda0fbe2
diff --git a/kubernetes/so/charts/so-mariadb/templates/job.yaml b/kubernetes/so/charts/so-mariadb/templates/job.yaml
index 68c6017..c300209 100644
--- a/kubernetes/so/charts/so-mariadb/templates/job.yaml
+++ b/kubernetes/so/charts/so-mariadb/templates/job.yaml
@@ -43,14 +43,11 @@
         - name: DB_HOST
           value: {{ .Values.global.migration.dbHost }}
         - name: DB_USER
-          value: {{ .Values.global.migration.dbUser }}
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-backup-creds" "key" "login") | indent 10 }}
         - name: DB_PORT
           value: "{{ .Values.global.migration.dbPort }}"
         - name: DB_PASS
-          valueFrom:
-            secretKeyRef:
-              name: {{ template "common.fullname" . }}-migration
-              key: db-root-password-backup
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-backup-creds" "key" "password") | indent 10 }}
         command:
         - /bin/bash
         - -c
@@ -138,10 +135,7 @@
               name: {{ include "common.release" . }}-so-db-secrets
               key: mariadb.readwrite.port
         - name: MYSQL_ROOT_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ template "common.fullname" . }}
-              key: db-root-password
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 10 }}
         volumeMounts:
         - mountPath: /etc/localtime
           name: localtime
diff --git a/kubernetes/so/charts/so-mariadb/templates/secrets.yaml b/kubernetes/so/charts/so-mariadb/templates/secrets.yaml
index 1c309fa..746fe61 100644
--- a/kubernetes/so/charts/so-mariadb/templates/secrets.yaml
+++ b/kubernetes/so/charts/so-mariadb/templates/secrets.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,36 +12,5 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-type: Opaque
-data:
-  db-root-password: {{ .Values.global.mariadbGalera.mariadbRootPassword | b64enc | quote }}
-{{- if .Values.global.migration.enabled }}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-migration
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    "helm.sh/hook": pre-upgrade,pre-install
-    "helm.sh/hook-weight": "0"
-    "helm.sh/hook-delete-policy": before-hook-creation
-type: Opaque
-data:
-  db-root-password-backup: {{ .Values.global.migration.dbPassword | b64enc | quote }}
-{{- end }}
+
+{{ include "common.secret" . }}
diff --git a/kubernetes/so/charts/so-mariadb/values.yaml b/kubernetes/so/charts/so-mariadb/values.yaml
index acf9cb4..a5586c6 100755
--- a/kubernetes/so/charts/so-mariadb/values.yaml
+++ b/kubernetes/so/charts/so-mariadb/values.yaml
@@ -26,6 +26,28 @@
   ubuntuInitRepository: registry.hub.docker.com
 
 #################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: db-root-pass
+    name: '{{ include "common.release" . }}-so-mariadb-root-pass'
+    type: password
+    externalSecret: '{{ .Values.db.rootPasswordExternalSecret }}'
+    password: '{{ .Values.db.rootPassword }}'
+    passwordPolicy: required
+  - uid: db-backup-creds
+    name: '{{ include "common.release" . }}-so-mariadb-backup-creds'
+    type: basicAuth
+    externalSecret: '{{ .Values.db.backupCredsExternalSecret }}'
+    login: '{{ .Values.db.backupUser }}'
+    password: '{{ .Values.db.backupPassword }}'
+    passwordPolicy: required
+    annotations:
+      helm.sh/hook: pre-upgrade,pre-install
+      helm.sh/hook-weight: "0"
+      helm.sh/hook-delete-policy: before-hook-creation
+
+#################################################################
 # Application configuration defaults.
 #################################################################
 # application image
@@ -34,6 +56,13 @@
 pullPolicy: Always
 ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
 
+# db config
+db:
+  rootPassword: secretpassword
+  # rootPasswordExternalSecret: some secret
+  backupPassword: secretpassword
+  backupUser: root
+  # backupCredsExternalSecret: some secret
 # application configuration
 config:
   # gerrit branch where the latest heat code is checked in
diff --git a/kubernetes/vfc/charts/vfc-catalog/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-catalog/templates/deployment.yaml
index b5246d1..028b164 100644
--- a/kubernetes/vfc/charts/vfc-catalog/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-catalog/templates/deployment.yaml
@@ -87,6 +87,8 @@
               {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
             - name: REDIS_ADDR
               value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+            - name: REG_TO_MSB_WHEN_START
+              value: "{{ .Values.global.config.reg_to_msb_when_start }}"
           volumeMounts:
           - name: {{ include "common.fullname" . }}-catalog
             mountPath: /service/vfc/nfvo/catalog/static
diff --git a/kubernetes/vfc/charts/vfc-catalog/values.yaml b/kubernetes/vfc/charts/vfc-catalog/values.yaml
index 8914d66..3411c44 100644
--- a/kubernetes/vfc/charts/vfc-catalog/values.yaml
+++ b/kubernetes/vfc/charts/vfc-catalog/values.yaml
@@ -39,7 +39,7 @@
 flavor: small
 
 repository: nexus3.onap.org:10001
-image: onap/vfc/catalog:1.3.4
+image: onap/vfc/catalog:1.3.8
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/vfc/charts/vfc-ems-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-ems-driver/templates/deployment.yaml
index 446bcb9..51080a5 100644
--- a/kubernetes/vfc/charts/vfc-ems-driver/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-ems-driver/templates/deployment.yaml
@@ -79,6 +79,8 @@
               value: "{{ .Values.config.vescollectorServiceName }}:{{ .Values.config.vescollectorPort }}"
             - name: VES_AUTHINFO
               value: "{{ .Values.config.vescollectorUser }}:{{ .Values.config.vescollectorPassword }}"
+            - name: REG_TO_MSB_WHEN_START
+              value: "{{ .Values.global.config.reg_to_msb_when_start }}"
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
diff --git a/kubernetes/vfc/charts/vfc-ems-driver/values.yaml b/kubernetes/vfc/charts/vfc-ems-driver/values.yaml
index d4c71b6..999a33a 100644
--- a/kubernetes/vfc/charts/vfc-ems-driver/values.yaml
+++ b/kubernetes/vfc/charts/vfc-ems-driver/values.yaml
@@ -29,7 +29,7 @@
 flavor: small
 
 repository: nexus3.onap.org:10001
-image: onap/vfc/emsdriver:1.3.0
+image: onap/vfc/emsdriver:1.3.1
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml
index 5e84c86..a425670 100644
--- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml
@@ -59,6 +59,8 @@
               value: "{{ .Values.global.config.ssl_enabled }}"
             - name: MSB_ADDR
               value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+            - name: REG_TO_MSB_WHEN_START
+              value: "{{ .Values.global.config.reg_to_msb_when_start }}"
           volumeMounts:
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml
index 96bae84..d7108a8 100644
--- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml
+++ b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml
@@ -29,7 +29,7 @@
 flavor: small
 
 repository: nexus3.onap.org:10001
-image: onap/vfc/gvnfmdriver:1.3.5
+image: onap/vfc/gvnfmdriver:1.3.8
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/deployment.yaml
index 163214a..401d00c 100644
--- a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/deployment.yaml
@@ -76,6 +76,8 @@
               value: "{{ .Values.global.config.ssl_enabled }}"
             - name: MSB_ADDR
               value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+            - name: REG_TO_MSB_WHEN_START
+              value: "{{ .Values.global.config.reg_to_msb_when_start }}"
           volumeMounts:
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
diff --git a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml
index 70125e9..8b27d45 100644
--- a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml
+++ b/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml
@@ -29,7 +29,7 @@
 flavor: small
 
 repository: nexus3.onap.org:10001
-image: onap/vfc/nfvo/svnfm/huawei:1.3.0
+image: onap/vfc/nfvo/svnfm/huawei:1.3.6
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/vfc/charts/vfc-juju-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-juju-vnfm-driver/templates/deployment.yaml
index 008d480..2a542e7 100644
--- a/kubernetes/vfc/charts/vfc-juju-vnfm-driver/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-juju-vnfm-driver/templates/deployment.yaml
@@ -75,6 +75,8 @@
               value: "{{ .Values.global.config.ssl_enabled }}"
             - name: MSB_ADDR
               value: "{{ .Values.global.config.msbServiceName}}:{{ .Values.global.config.msbPort }}"
+            - name: REG_TO_MSB_WHEN_START
+              value: "{{ .Values.global.config.reg_to_msb_when_start }}"
           volumeMounts:
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
diff --git a/kubernetes/vfc/charts/vfc-juju-vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-juju-vnfm-driver/values.yaml
index f68f0fc..1bcdf57 100644
--- a/kubernetes/vfc/charts/vfc-juju-vnfm-driver/values.yaml
+++ b/kubernetes/vfc/charts/vfc-juju-vnfm-driver/values.yaml
@@ -29,7 +29,7 @@
 flavor: small
 
 repository: nexus3.onap.org:10001
-image: onap/vfc/jujudriver:1.3.1
+image: onap/vfc/jujudriver:1.3.8
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/vfc/charts/vfc-multivim-proxy/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-multivim-proxy/templates/deployment.yaml
index be76d55..88e4ca5 100644
--- a/kubernetes/vfc/charts/vfc-multivim-proxy/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-multivim-proxy/templates/deployment.yaml
@@ -75,6 +75,8 @@
               value: "{{ .Values.global.config.ssl_enabled }}"
             - name: MSB_ADDR
               value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+            - name: REG_TO_MSB_WHEN_START
+              value: "{{ .Values.global.config.reg_to_msb_when_start }}"
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
diff --git a/kubernetes/vfc/charts/vfc-multivim-proxy/values.yaml b/kubernetes/vfc/charts/vfc-multivim-proxy/values.yaml
index 211ff72..464afe2 100644
--- a/kubernetes/vfc/charts/vfc-multivim-proxy/values.yaml
+++ b/kubernetes/vfc/charts/vfc-multivim-proxy/values.yaml
@@ -29,7 +29,7 @@
 flavor: small
 
 repository: nexus3.onap.org:10001
-image: onap/vfc/multivimproxy:1.3.0
+image: onap/vfc/multivimproxy:1.3.1
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/templates/deployment.yaml
index 3f747ce..00c53b2 100644
--- a/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/templates/deployment.yaml
@@ -77,6 +77,8 @@
               value: "{{ .Values.global.config.ssl_enabled }}"
             - name: MSB_ADDR
               value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+            - name: REG_TO_MSB_WHEN_START
+              value: "{{ .Values.global.config.reg_to_msb_when_start }}"
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
diff --git a/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/values.yaml
index 74f5b67..e24c3bd 100644
--- a/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/values.yaml
+++ b/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/values.yaml
@@ -29,7 +29,7 @@
 flavor: small
 
 repository: nexus3.onap.org:10001
-image: onap/vfc/nfvo/svnfm/nokiav2:1.3.0
+image: onap/vfc/nfvo/svnfm/nokiav2:1.3.6
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/vfc/charts/vfc-nslcm/values.yaml b/kubernetes/vfc/charts/vfc-nslcm/values.yaml
index 35637f3..30bcc7b 100644
--- a/kubernetes/vfc/charts/vfc-nslcm/values.yaml
+++ b/kubernetes/vfc/charts/vfc-nslcm/values.yaml
@@ -39,7 +39,7 @@
 flavor: small
 
 repository: nexus3.onap.org:10001
-image: onap/vfc/nslcm:1.3.4
+image: onap/vfc/nslcm:1.3.7
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml
index bff1e94..a6850b5 100644
--- a/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml
@@ -54,6 +54,8 @@
           env:
             - name: MSB_ADDR
               value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+            - name: REG_TO_MSB_WHEN_START
+              value: "{{ .Values.global.config.reg_to_msb_when_start }}"
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
diff --git a/kubernetes/vfc/charts/vfc-redis/values.yaml b/kubernetes/vfc/charts/vfc-redis/values.yaml
index cb018b4..30e2b2c 100644
--- a/kubernetes/vfc/charts/vfc-redis/values.yaml
+++ b/kubernetes/vfc/charts/vfc-redis/values.yaml
@@ -29,7 +29,7 @@
 flavor: small
 
 repository: nexus3.onap.org:10001
-image: onap/vfc/db:1.3.1
+image: onap/vfc/db:1.3.3
 pullPolicy: Always
 
 # flag to enable debugging - application support required
diff --git a/kubernetes/vfc/charts/vfc-resmgr/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-resmgr/templates/deployment.yaml
index ce381d7..54ff350 100644
--- a/kubernetes/vfc/charts/vfc-resmgr/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-resmgr/templates/deployment.yaml
@@ -75,6 +75,8 @@
               value: "{{ .Values.global.config.ssl_enabled }}"
             - name: MSB_ADDR
               value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+            - name: REG_TO_MSB_WHEN_START
+              value: "{{ .Values.global.config.reg_to_msb_when_start }}"
           volumeMounts:
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
diff --git a/kubernetes/vfc/charts/vfc-resmgr/values.yaml b/kubernetes/vfc/charts/vfc-resmgr/values.yaml
index 71cf4cc..f494b85 100644
--- a/kubernetes/vfc/charts/vfc-resmgr/values.yaml
+++ b/kubernetes/vfc/charts/vfc-resmgr/values.yaml
@@ -29,7 +29,7 @@
 flavor: small
 
 repository: nexus3.onap.org:10001
-image: onap/vfc/resmanagement:1.3.0
+image: onap/vfc/resmanagement:1.3.1
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml
index 465f4cf..9332014 100644
--- a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml
@@ -87,6 +87,8 @@
               {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
             - name: REDIS_ADDR
               value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+            - name: REG_TO_MSB_WHEN_START
+              value: "{{ .Values.global.config.reg_to_msb_when_start }}"
           volumeMounts:
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
diff --git a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml b/kubernetes/vfc/charts/vfc-vnflcm/values.yaml
index b58f30b..60a6abc 100644
--- a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml
+++ b/kubernetes/vfc/charts/vfc-vnflcm/values.yaml
@@ -39,7 +39,7 @@
 flavor: small
 
 repository: nexus3.onap.org:10001
-image: onap/vfc/vnflcm:1.3.4
+image: onap/vfc/vnflcm:1.3.7
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml
index c4c070d..61adba8 100644
--- a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml
@@ -87,7 +87,8 @@
               value: "{{ .Values.global.config.mariadb_admin }}"
             - name: MYSQL_ROOT_PASSWORD
               {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
-
+            - name: REG_TO_MSB_WHEN_START
+              value: "{{ .Values.global.config.reg_to_msb_when_start }}"
           volumeMounts:
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml
index 9cceb9f..20af3bb 100644
--- a/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml
+++ b/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml
@@ -39,7 +39,7 @@
 flavor: small
 
 repository: nexus3.onap.org:10001
-image: onap/vfc/vnfmgr:1.3.4
+image: onap/vfc/vnfmgr:1.3.8
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml
index e70bf0e..ee9ff9c 100644
--- a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml
@@ -87,7 +87,8 @@
               value: "{{ .Values.global.config.mariadb_admin }}"
             - name: MYSQL_ROOT_PASSWORD
               {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
-
+            - name: REG_TO_MSB_WHEN_START
+              value: "{{ .Values.global.config.reg_to_msb_when_start }}"
           volumeMounts:
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
diff --git a/kubernetes/vfc/charts/vfc-vnfres/values.yaml b/kubernetes/vfc/charts/vfc-vnfres/values.yaml
index 1a64402..078554d 100644
--- a/kubernetes/vfc/charts/vfc-vnfres/values.yaml
+++ b/kubernetes/vfc/charts/vfc-vnfres/values.yaml
@@ -39,7 +39,7 @@
 flavor: small
 
 repository: nexus3.onap.org:10001
-image: onap/vfc/vnfres:1.3.4
+image: onap/vfc/vnfres:1.3.7
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/vfc/charts/vfc-workflow-engine/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-workflow-engine/templates/deployment.yaml
index 410d4b6..c78d6b3 100644
--- a/kubernetes/vfc/charts/vfc-workflow-engine/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-workflow-engine/templates/deployment.yaml
@@ -83,6 +83,8 @@
               value: "{{ .Values.global.config.msbServiceName }}"
             - name: OPENPALETTE_MSB_PORT
               value: "{{ .Values.global.config.msbPort | default 80 }}"
+            - name: REG_TO_MSB_WHEN_START
+              value: "{{ .Values.global.config.reg_to_msb_when_start }}"
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
diff --git a/kubernetes/vfc/charts/vfc-workflow-engine/values.yaml b/kubernetes/vfc/charts/vfc-workflow-engine/values.yaml
index daf1429..f626cbe 100644
--- a/kubernetes/vfc/charts/vfc-workflow-engine/values.yaml
+++ b/kubernetes/vfc/charts/vfc-workflow-engine/values.yaml
@@ -29,7 +29,7 @@
 flavor: small
 
 repository: nexus3.onap.org:10001
-image: onap/vfc/wfengine-activiti:1.3.0
+image: onap/vfc/wfengine-activiti:1.3.3
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/vfc/charts/vfc-workflow/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-workflow/templates/deployment.yaml
index 534979b..a28814c 100644
--- a/kubernetes/vfc/charts/vfc-workflow/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-workflow/templates/deployment.yaml
@@ -83,6 +83,8 @@
               value: "{{ .Values.global.config.msbServiceName }}"
             - name: OPENPALETTE_MSB_PORT
               value: "{{ .Values.global.config.msbPort | default 80 }}"
+            - name: REG_TO_MSB_WHEN_START
+              value: "{{ .Values.global.config.reg_to_msb_when_start }}"
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
diff --git a/kubernetes/vfc/charts/vfc-workflow/values.yaml b/kubernetes/vfc/charts/vfc-workflow/values.yaml
index 1c7444f..57e8253 100644
--- a/kubernetes/vfc/charts/vfc-workflow/values.yaml
+++ b/kubernetes/vfc/charts/vfc-workflow/values.yaml
@@ -29,7 +29,7 @@
 flavor: small
 
 repository: nexus3.onap.org:10001
-image: onap/vfc/wfengine-mgrservice:1.3.0
+image: onap/vfc/wfengine-mgrservice:1.3.3
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/vfc/charts/vfc-zte-sdnc-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-zte-sdnc-driver/templates/deployment.yaml
index be76d55..88e4ca5 100644
--- a/kubernetes/vfc/charts/vfc-zte-sdnc-driver/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-zte-sdnc-driver/templates/deployment.yaml
@@ -75,6 +75,8 @@
               value: "{{ .Values.global.config.ssl_enabled }}"
             - name: MSB_ADDR
               value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+            - name: REG_TO_MSB_WHEN_START
+              value: "{{ .Values.global.config.reg_to_msb_when_start }}"
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
diff --git a/kubernetes/vfc/charts/vfc-zte-sdnc-driver/values.yaml b/kubernetes/vfc/charts/vfc-zte-sdnc-driver/values.yaml
index 4c2a546..a72d7cc 100644
--- a/kubernetes/vfc/charts/vfc-zte-sdnc-driver/values.yaml
+++ b/kubernetes/vfc/charts/vfc-zte-sdnc-driver/values.yaml
@@ -29,7 +29,7 @@
 flavor: small
 
 repository: nexus3.onap.org:10001
-image: onap/vfc/ztesdncdriver:1.3.0
+image: onap/vfc/ztesdncdriver:1.3.1
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml
index 5f5e710..bd79aad 100644
--- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml
@@ -75,6 +75,8 @@
               value: "{{ .Values.global.config.ssl_enabled }}"
             - name: MSB_ADDR
               value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+            - name: REG_TO_MSB_WHEN_START
+              value: "{{ .Values.global.config.reg_to_msb_when_start }}"
           volumeMounts:
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml
index 3655fc0..6c0f829 100644
--- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml
+++ b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml
@@ -29,7 +29,7 @@
 flavor: small
 
 repository: nexus3.onap.org:10001
-image: onap/vfc/ztevnfmdriver:1.3.1
+image: onap/vfc/ztevnfmdriver:1.3.6
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/vfc/values.yaml b/kubernetes/vfc/values.yaml
index 88275ae..b204c58 100644
--- a/kubernetes/vfc/values.yaml
+++ b/kubernetes/vfc/values.yaml
@@ -20,6 +20,11 @@
     msbPort: 443
     redisServiceName: vfc-redis
     redisPort: 6379
+# Becaue now oom can register the microservice to msb automatically,
+# If it is set to false, vfc contanier will not register again, if it is
+# set to true, vfc will register by itself.
+# we use this flag to determine who is responbile for serice registeration
+# and it can reduce duplicate registration.
     reg_to_msb_when_start: False
     mariadb_admin: root
   persistence:
diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml
index ab6bae3..9529e55 100644
--- a/kubernetes/vnfsdk/values.yaml
+++ b/kubernetes/vnfsdk/values.yaml
@@ -98,7 +98,7 @@
   name: refrepo
   portName: refrepo
   nodePort: 97
-  internalPort: 8702
+  internalPort: 8703
 
 ingress:
   enabled: false