Merge "[PLATFORM] Add Keycloak ONAP REALM import"
diff --git a/docs/sections/guides/deployment_guides/oom_customize_overrides.rst b/docs/sections/guides/deployment_guides/oom_customize_overrides.rst
index a49543c..90a2061 100644
--- a/docs/sections/guides/deployment_guides/oom_customize_overrides.rst
+++ b/docs/sections/guides/deployment_guides/oom_customize_overrides.rst
@@ -60,9 +60,17 @@
       # enable all component's Ingress interfaces
       enable_all: false
       # default Ingress base URL
-      # can be overwritten in component by setting ingress.baseurlOverride
+      # All http requests via ingress will be redirected
       virtualhost:
+        # Default Ingress base URL
+        # can be overwritten in component by setting ingress.baseurlOverride
         baseurl: "simpledemo.onap.org"
+        # prefix for baseaddr
+        # can be overwritten in component by setting ingress.preaddrOverride
+        preaddr: ""
+        # postfix for baseaddr
+        # can be overwritten in component by setting ingress.postaddrOverride
+        postaddr: ""
       # All http requests via ingress will be redirected on Ingress controller
       # only valid for Istio Gateway (ServiceMesh enabled)
       config:
@@ -101,6 +109,10 @@
 - enable_all: true → enables Ingress configuration in each component
 - virtualhost.baseurl: "simpledemo.onap.org" → sets globally the URL for all Interfaces set by the components,
     resulting in e.g. "aai-api.simpledemo.onap.org", can be overwritten in the component via: ingress.baseurlOverride
+- virtualhost.preaddr: "pre-" → sets globally a prefix for the Application name for all Interfaces set by the components,
+    resulting in e.g. "pre-aai-api.simpledemo.onap.org", can be overwritten in the component via: ingress.preaddrOverride
+- virtualhost.postaddr: "-post" → sets globally a postfix for the Application name for all Interfaces set by the components,
+    resulting in e.g. "aai-api-post.simpledemo.onap.org", can be overwritten in the component via: ingress.postaddrOverride
 - config.ssl: redirect → sets in the Ingress globally the redirection of all Interfaces from http (port 80) to https (port 443)
 - config.tls.secret: "..." → (optional) overrides the default selfsigned SSL certificate with a certificate stored in the specified secret
 - namespace: istio-ingress → (optional) overrides the namespace of the ingress gateway which is used for the created SSL certificate
diff --git a/docs/sections/guides/infra_guides/oom_base_optional_addons.rst b/docs/sections/guides/infra_guides/oom_base_optional_addons.rst
index 5f81a36..b424c65 100644
--- a/docs/sections/guides/infra_guides/oom_base_optional_addons.rst
+++ b/docs/sections/guides/infra_guides/oom_base_optional_addons.rst
@@ -128,7 +128,7 @@
   <recommended-istio-version> with the version defined in
   the :ref:`versions_table` table::
 
-    > helm upgrade -i istio-ingressgateway istio/gateway -n istio-ingress
+    > helm upgrade -i istio-ingress istio/gateway -n istio-ingress
     --version <recommended-istio-version> --wait
 
 Kiali Installation
diff --git a/kubernetes/common/common/templates/_dmaapProvisioning.tpl b/kubernetes/common/common/templates/_dmaapProvisioning.tpl
index 11d7501..8b3f19f 100644
--- a/kubernetes/common/common/templates/_dmaapProvisioning.tpl
+++ b/kubernetes/common/common/templates/_dmaapProvisioning.tpl
@@ -104,6 +104,10 @@
   image: {{ include "repositoryGenerator.image.dbcClient" $dot }}
   imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
   env:
+  - name: PROTO
+    value: "http"
+  - name: PORT
+    value: "8080"
   - name: RESP_CACHE
     value: /opt/app/config/cache
   - name: REQUESTID
diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl
index d8a9447..7065338 100644
--- a/kubernetes/common/common/templates/_ingress.tpl
+++ b/kubernetes/common/common/templates/_ingress.tpl
@@ -23,45 +23,87 @@
 {{- define "ingress.config.host" -}}
 {{-   $dot := default . .dot -}}
 {{-   $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{-   $preaddr := default "" $dot.Values.global.ingress.virtualhost.preaddr -}}
+{{-   $preaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $preaddr "parent" (default (dict) $dot.Values.ingress) "var" "preaddrOverride") -}}
+{{-   $postaddr := default "" $dot.Values.global.ingress.virtualhost.postaddr -}}
+{{-   $postaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $postaddr "parent" (default (dict) $dot.Values.ingress) "var" "postaddrOverride") -}}
 {{-   $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}}
 {{-   $burl := include "common.ingress._overrideIfDefined" (dict "currVal" $burl "parent" (default (dict) $dot.Values.ingress) "var" "baseurlOverride") -}}
-{{ printf "%s.%s" $baseaddr $burl }}
+{{ printf "%s%s%s.%s" $preaddr $baseaddr $postaddr $burl }}
 {{- end -}}
 
 {{/*
-  Helper function to add the tls route
+  Istio Helper function to add the tls route
 */}}
-{{- define "ingress.config.tls" -}}
+{{- define "istio.config.tls_simple" -}}
 {{-   $dot := default . .dot -}}
-{{-   $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+    tls:
 {{-   if $dot.Values.global.ingress.config }}
-{{-     if $dot.Values.global.ingress.config.ssl }}
-{{-       if eq $dot.Values.global.ingress.config.ssl "redirect" }}
+{{-     if $dot.Values.global.ingress.config.tls }}
+      credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }}
+{{-     else }}
+      credentialName: "ingress-tls-secret"
+{{-     end }}
+{{-   else }}
+      credentialName: "ingress-tls-secret"
+{{-   end }}
+      mode: SIMPLE
+{{- end -}}
+
+{{/*
+  Istio Helper function to add the tls route
+*/}}
+{{- define "istio.config.tls" -}}
+{{-   $dot := default . .dot -}}
+{{-   $service := (required "'service' param, set to the specific service, is required." .service) -}}
+{{-   $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{-   if $service.exposedPort }}
+{{-     if $service.exposedProtocol }}
+{{-       if eq $service.exposedProtocol "TLS" }}
+    {{ include "istio.config.tls_simple" (dict "dot" $dot ) }}
+{{-       end }}
+{{-     end }}
+{{-   else }}
+{{-     if $dot.Values.global.ingress.config }}
+{{-       if $dot.Values.global.ingress.config.ssl }}
+{{-         if eq $dot.Values.global.ingress.config.ssl "redirect" }}
     tls:
       httpsRedirect: true
   - port:
       number: 443
       name: https
       protocol: HTTPS
-    tls:
-{{-         if $dot.Values.global.ingress.config }}
-{{-           if $dot.Values.global.ingress.config.tls }}
-      credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }}
-{{-           else }}
-      credentialName: "ingress-tls-secret"
-{{-           end }}
-{{-         else }}
-      credentialName: "ingress-tls-secret"
-{{-         end }}
-      mode: SIMPLE
+    {{ include "istio.config.tls_simple" (dict "dot" $dot ) }}
     hosts:
     - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+{{-         end }}
 {{-       end }}
 {{-     end }}
 {{-   end }}
 {{- end -}}
 
 {{/*
+  Istio Helper function to add the external port of the service
+*/}}
+{{- define "istio.config.port" -}}
+{{-   $dot := default . .dot -}}
+{{-   if .exposedPort }}
+      number: {{ .exposedPort }}
+{{-     if .exposedProtocol }}
+      name: {{ .baseaddr }}
+      protocol: {{ .exposedProtocol }}
+{{-     else }}
+      name: http
+      protocol: HTTP
+{{-     end -}}
+{{-   else }}
+      number: 80
+      name: http
+      protocol: HTTP
+{{-   end -}}
+{{- end -}}
+
+{{/*
   Helper function to add the route to the service
 */}}
 {{- define "ingress.config.port" -}}
@@ -88,7 +130,7 @@
 {{- end -}}
 
 {{/*
-  Helper function to add the route to the service
+  Istio Helper function to add the route to the service
 */}}
 {{- define "istio.config.route" -}}
 {{-   $dot := default . .dot -}}
@@ -196,15 +238,13 @@
   name: {{ $baseaddr }}-gateway
 spec:
   selector:
-    istio: ingressgateway # use Istio default gateway implementation
+    istio: ingress # use Istio default gateway implementation
   servers:
   - port:
-      number: 80
-      name: http
-      protocol: HTTP
+      {{- include "istio.config.port" . }}
     hosts:
     - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
-    {{ include "ingress.config.tls" (dict "dot" $dot "baseaddr" $baseaddr) }}
+    {{- include "istio.config.tls" (dict "dot" $dot "service" . "baseaddr" $baseaddr) }}
 ---
 apiVersion: networking.istio.io/v1beta1
 kind: VirtualService
diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml
index bfa5637..dcf85fe 100644
--- a/kubernetes/common/network-name-gen/values.yaml
+++ b/kubernetes/common/network-name-gen/values.yaml
@@ -89,7 +89,7 @@
   polBasicAuthPassword: zb!XztG34
   polUrl:
     https: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision
-    http: http://policy-xacml-pdp:8080/policy/pdpx/v1/decision
+    http: http://policy-xacml-pdp:6969/policy/pdpx/v1/decision
   polEnv: TEST
   polReqId: xx
   disableHostVerification: true
@@ -98,7 +98,7 @@
   aaiAuth: QUFJOkFBSQ==
   aaiUri:
     https: https://aai:8443/aai/v14/
-    http: http://aai:8080/aai/v14/
+    http: http://aai:80/aai/v14/
 
 # default number of instances
 replicaCount: 1
diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml
index aa6159c..5d886aa 100644
--- a/kubernetes/common/repositoryGenerator/values.yaml
+++ b/kubernetes/common/repositoryGenerator/values.yaml
@@ -40,7 +40,7 @@
   postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1
   readinessImage: onap/oom/readiness:3.0.1
   dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
-  dbcClientImage: onap/dmaap/dbc-client:2.0.10
+  dbcClientImage: onap/dmaap/dbc-client:2.0.11
   quitQuitImage: onap/oom/readiness:4.1.0
 
   # Default credentials
diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
index cbe02a1..d990e4d 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
@@ -69,7 +69,7 @@
 # TLS role -- set to true if microservice acts as server
 # If true, an init container will retrieve a server cert
 # and key from AAF and mount them in certDirectory.
-tlsServer: true
+tlsServer: false
 
 # CMPv2 certificate
 # It is used only when:
@@ -97,7 +97,6 @@
 readinessCheck:
   wait_for:
     containers:
-      - aaf-cm
       - dmaap-bc
       - dmaap-provisioning-job
       - message-router
diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml
index 0198a7d..83acd54 100644
--- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml
@@ -1,6 +1,6 @@
 # ================================ LICENSE_START =============================
 # ============================================================================
-# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2021-2023 AT&T Intellectual Property. All rights reserved.
 # Copyright (c) 2022 J. F. Lucas. All rights reserved.
 # ============================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -57,7 +57,7 @@
 # Application Configuration Defaults.
 #################################################################
 # Application Image
-image: onap/org.onap.dcaegen2.services.heartbeat:2.5.0
+image: onap/org.onap.dcaegen2.services.heartbeat:2.6.0
 pullPolicy: Always
 
 # Log directory where logging sidecar should look for log files
diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml
index 59fda72..502a6a8 100644
--- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml
@@ -27,9 +27,6 @@
   - name: common
     version: ~12.x-0
     repository: '@local'
-  - name: readinessCheck
-    version: ~12.x-0
-    repository: '@local'
   - name: repositoryGenerator
     version: ~12.x-0
     repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
index da3f473..f788ab0 100644
--- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
@@ -59,7 +59,7 @@
 # TLS role -- set to true if microservice acts as server
 # If true, an init container will retrieve a server cert
 # and key from AAF and mount them in certDirectory.
-tlsServer: true
+tlsServer: false
 
 secrets:
   - uid: hv-ves-kafka-secret
@@ -94,11 +94,6 @@
         key: password
         create: true
 
-# dependencies
-readinessCheck:
-  wait_for:
-    - aaf-cm
-
 # probe configuration
 readiness:
   type: exec
@@ -136,7 +131,7 @@
   server.idleTimeoutSec: 300
   server.listenPort: 6061
   cbs.requestIntervalSec: 5
-  security.sslDisable: false
+  security.sslDisable: true
   security.keys.keyStoreFile: /etc/ves-hv/ssl/cert.jks
   security.keys.keyStorePasswordFile: /etc/ves-hv/ssl/jks.pass
   security.keys.trustStoreFile: /etc/ves-hv/ssl/trust.jks
diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
index a2479b6..5cdd5db 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
@@ -135,11 +135,11 @@
   aaf_identity: ""
   aaf_password: ""
   pm-mapper-filter: "{ \"filters\":[] }"
-  key_store_path: /opt/app/pm-mapper/etc/cert/cert.jks
-  key_store_pass_path: /opt/app/pm-mapper/etc/cert/jks.pass
+  #key_store_path: /opt/app/pm-mapper/etc/cert/cert.jks
+  #key_store_pass_path: /opt/app/pm-mapper/etc/cert/jks.pass
   trust_store_path: /opt/app/pm-mapper/etc/cert/trust.jks
   trust_store_pass_path: /opt/app/pm-mapper/etc/cert/trust.pass
-  dmaap_dr_delete_endpoint: https://dmaap-dr-node:8443/delete
+  dmaap_dr_delete_endpoint: http://dmaap-dr-node:8080/delete
   streams_publishes:
     dmaap_publisher:
       type: message_router
@@ -160,6 +160,11 @@
         location: san-francisco
         delivery_url: http://dcae-pm-mapper:8081/delivery
 
+applicationEnv:
+  #CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml'
+  #Temporary Dummy CBS Port Value until internal SDK library is updated
+  CONFIG_BINDING_SERVICE_SERVICE_PORT: '0000'
+
 # DataRouter Feed Configuration
 drFeedConfig:
   - feedName: bulk_pm_feed
diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml
index d9fd33f..dcbedf4 100644
--- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml
@@ -132,12 +132,14 @@
   collector.rcc.inputQueue.maxPending: '8096'
   tomcat.maxthreads: '200'
   collector.rcc.service.port: '8080'
-  collector.rcc.service.secure.port: '8687'
-  collector.rcc.keystore.file.location: /opt/app/dcae-certificate/cert.jks
-  collector.rcc.keystore.passwordfile: /opt/app/dcae-certificate/jks.pass
-  collector.rcc.keystore.alias: dynamically generated
-  collector.rcc.truststore.file.location: /opt/app/dcae-certificate/trust.jks
-  collector.rcc.truststore.passwordfile: /opt/app/dcae-certificate/trust.pass
+  # Disabling of secure port not working (DCAEGEN2-3336)
+  collector.rcc.service.secure.port: '0'
+  #collector.rcc.service.secure.port: '8687'
+  #collector.rcc.keystore.file.location: /opt/app/dcae-certificate/cert.jks
+  #collector.rcc.keystore.passwordfile: /opt/app/dcae-certificate/jks.pass
+  #collector.rcc.keystore.alias: dynamically generated
+  #collector.rcc.truststore.file.location: /opt/app/dcae-certificate/trust.jks
+  #collector.rcc.truststore.passwordfile: /opt/app/dcae-certificate/trust.pass
   #collector.keystore.file.location: /opt/app/dcae-certificate/external/cert.jks
   #collector.keystore.passwordfile: /opt/app/dcae-certificate/external/jks.pass
   collector.header.authflag: '0'
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
index e0b2b12..9e9750a 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
@@ -59,7 +59,7 @@
 # TLS role -- set to true if microservice acts as server
 # If true, an init container will retrieve a server cert
 # and key from AAF and mount them in certDirectory.
-tlsServer: true
+tlsServer: false
 
 # CMPv2 certificate
 # It is used only when:
@@ -86,7 +86,6 @@
 # dependencies
 readinessCheck:
   wait_for:
-    - aaf-cm
     - message-router
 
 # probe configuration
@@ -141,7 +140,7 @@
   collector.service.port: "8080"
   collector.service.secure.port: "8443"
   event.transform.flag: "0"
-  auth.method: "certBasicAuth"
+  auth.method: "noAuth"
   header.authlist: "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6|demouser,$2a$10$1cc.COcqV/d3iT2N7BjPG.S6ZKv2jpb9a5MV.o7lMih/GpjJRX.Ce"
   services_calls: []
   streams_publishes:
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml
index 4f1f184..d2f73e6 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml
@@ -51,7 +51,7 @@
       port: *svc_port
 
 externalServices:
-  sdc_be_https: "sdc-be:8443"
+  sdc_be_https: "sdc-be:8080"
 
 schemaMap:
   filename: "schema-map.json"
@@ -103,7 +103,7 @@
       eventDomainPath: /event/structure/commonEventHeader/structure/domain/value
       eventSchemaReferencePath: /event/structure/stndDefinedFields/structure/schemaReference/value
     distribution:
-      sdcAddress: ${SDC_ADDRESS:sdc-be.onap:30204}
+      sdcAddress: ${SDC_ADDRESS:sdc-be.onap:8080}
       user: dcae
       password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
       pollingInterval: 20
diff --git a/kubernetes/dmaap/components/dmaap-bc/Chart.yaml b/kubernetes/dmaap/components/dmaap-bc/Chart.yaml
index 66f93cd..a15c2cf 100644
--- a/kubernetes/dmaap/components/dmaap-bc/Chart.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/Chart.yaml
@@ -1,7 +1,7 @@
 # Copyright © 2018  AT&T Intellectual Property.  All rights reserved.
 # Modifications Copyright © 2018 Amdocs,Bell Canada
 # Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021-2022 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -24,16 +24,16 @@
   - name: common
     version: ~12.x-0
     repository: '@local'
-  - name: certInitializer
-    version: ~12.x-0
-    repository: '@local'
   - name: postgres
     version: ~12.x-0
     repository: '@local'
-    condition: PG.enabled
+    condition: postgres.enabled
   - name: repositoryGenerator
     version: ~12.x-0
     repository: '@local'
   - name: serviceAccount
     version: ~12.x-0
     repository: '@local'
+  - name: readinessCheck
+    version: ~12.x-0
+    repository: '@local'
diff --git a/kubernetes/dmaap/components/dmaap-bc/README.md b/kubernetes/dmaap/components/dmaap-bc/README.md
deleted file mode 100644
index a611547..0000000
--- a/kubernetes/dmaap/components/dmaap-bc/README.md
+++ /dev/null
@@ -1,25 +0,0 @@
-# Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Helm Chart for ONAP DMaaP Applications
-
-ONAP includes the following Kubernetes services available in ONAP Beijing Release (more expected in future):
-
-1) message-router - a message bus for applications
-2) dmaap-prov - an API to provision DMaaP resources
-
-# Service Dependencies
-
-message-router depends on AAF
-dmaap-prov depends on AAF and Postgresql.
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env b/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env
index 2b2ea41..00c1fe8 100644
--- a/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env
+++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env
@@ -16,4 +16,3 @@
 
 # Environment settings for starting a container
 DMAAPBC_WAIT_TO_EXIT=Y
-DMAAPBC_KSTOREFILE=/opt/app/osaaf/local/org.onap.dmaap-bc.jks
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties
index d464428..e13098b 100644
--- a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties
+++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties
@@ -13,55 +13,50 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 */}}
-
-
 #####################################################
 #
 # Hooks for specific environment configurations
 #
 #####################################################
 # Indicator for whether to use AAF for authentication
-UseAAF: {{ .Values.global.aafEnabled }}
+UseAAF: false
 
-# Stub out southbound calls for Unit Test cases to run.  e.g. not timeout
-# Comment out in other environments to get default (No)
-#UnitTest: Yes
+#####################################################
+#
+# HTTP Server Configuration
+#
+#####################################################
 
+# Allow http access to dbcapi
+HttpAllowed: true
+
+# listen to http port within this container (server)
+IntHttpPort: 8080
+
+# listen to https port within this container (server)
+# set to 0 if no certificates are available.
+IntHttpsPort: 0
 
 #####################################################
 #
 # Settings for Southbound API: Datarouter
 #
 #####################################################
-
 # URI to retrieve dynamic DR configuration
 ProvisioningURI:  /internal/prov
 
 # indicator for handling feed delete:
 #  DeleteOnDR - means use the DR API to DELETE a feed.  (default for backwards compatibility)
 #  SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL.  Better for cloudify environments.
-Feed.deleteHandling: SimulateDelete
-
-###########################################################
-# The following properties default to match ONAP DR instance.
-# However, there are some non-ONAP DR instances that require other values.
-# Sets the X-DR-ON-BEHALF-OF HTTP Header value
-#DR.onBehalfHeader:
-# Value for the Content-Type Header in DR Feed API
-#DR.feedContentType:
-# Value for the Content-Type Header in DR Subscription API
-#DR.subContentType:
-#
-# END OF properties helpful for non-ONAP DR instance.
-############################################################
+Feed.deleteHandling: DeleteOnDR
 
 #####################################################
 #
 # Settings for Soutbound API: Postgresql
 #
 #####################################################
-# flag indicates if we are using postgresql
-UsePGSQL: {{ .Values.PG.enabled  }}
+# flag indicates if we are using postgresql or an in memory db
+UsePGSQL: {{ .Values.usePostgres  }}
 
 # postgres host name
 # Need to connect to PG primary service, designated by service.name2
@@ -69,14 +64,12 @@
 
 # postgres schema name
 #DB.schema: {{ .Values.postgres.config.pgDatabase }}
-
 # postgres user name
 DB.user: ${PG_USER}
 
 # postgres user password
 DB.cred: ${PG_PASSWORD}
 
-
 #####################################################
 #
 # Settings for Soutbound API: Message Router
@@ -88,8 +81,7 @@
 MR.multisite: false
 
 # FQDN of primary message router.
-# In ONAP Casablanca, there is only 1 message router service, so use that.
-# In a multi-site, MR cluster deployment, use the CNAME DNS entry which resolves to the primary central MR
+# In ONAP, there is only 1 message router service, so use that.
 MR.CentralCname: {{ .Values.dmaapMessageRouterService }}
 
 # Indicator for whether we want hostname verification on SSL connection to MR
@@ -101,117 +93,19 @@
 #  2 = delete from persistent store (DB) and authorization store (AAF)
 MR.ClientDeleteLevel: 1
 
-# namespace of MR Topic Factory
-MR.TopicFactoryNS: org.onap.dmaap.mr.topicFactory
-
-# AAF Role assigned to Topic Manager Identity
-MR.TopicMgrRole: org.onap.dmaap-bc-topic-mgr.client
-
-# MR topic ProjectID (used in certain topic name generation formats)
-MR.projectID:  mr
-
 # Use Basic Authentication when provisioning topics
-MR.authentication: basicAuth
+MR.authentication: none
 
-# MR topic name style (default is FQTN_LEGACY_FORMAT)
-#MR.topicStyle: FQTN_LEGACY_FORMAT
+ApiPermission.Class: org.onap.dmaap.dbcapi.authentication.AllowAll
 #
 # end of MR Related Properties
 ################################################################################
 
-
-#####################################################
-#
-# Settings for Southbound API: CADI
-#
-#####################################################
-# path to cadi.properties
-cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props
-
-#####################################################
-#
-# Settings for Southbound API: AAF proxy
-#
-#####################################################
-# URL of the AAF server
-aaf.URL: {{ .Values.aafURL }}
-
-# TopicMgr Identity
-aaf.TopicMgrUser: {{ .Values.topicMgrUser }}
-
-# Password for TopicMgr identity
-aaf.TopicMgrPassword: {{ .Values.topicMgrPwd }}
-
-# Buscontroller Admin Identity
-aaf.AdminUser: {{ .Values.adminUser }}
-
-# Admin Password
-aaf.AdminPassword: {{ .Values.adminPwd }}
-
-# Identity that is owner of any created namespaces for topics
-aaf.NsOwnerIdentity: {{ .Values.adminUser }}
-
-
-# this overrides the Class used for Decryption.
-# This allows for a plugin encryption/decryption method if needed.
-# Call this Class for decryption at runtime.
-#AafDecryption.Class: com.company.proprietaryDecryptor
-
-# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF
-# Not used in ONAP, but possibly used with Decryption override class.
-#CredentialCodeKeyfile: etc/LocalKey
-
-#
-# endof AAF Properties
-####################################################
-
-
-#####################################################
-#
-# Settings for authorization of DBCAPI
-#
-#####################################################
-# Namespace for URI values for the API used to create AAF permissions
-# e.g. if ApiNamespace is X.Y.dmaapbc.api then for URI /mr_clients we create AAF perm X.Y.dmaapbc.api.mr_clients
-ApiNamespace: org.onap.dmaap-bc.api
-
-# If API authorization is required, then implement a class to enforce it.
-# This overrides the Class used for API permission check.
-ApiPermission.Class: org.onap.dmaap.dbcapi.authentication.AllowAll
-
-#####################################################
-#
-# Settings for Southbound API: MirrorMaker provisioning
-#
-#####################################################
-# AAF Role of client publishing MM prov cmds
-MM.ProvRole: org.onap.dmaap-bc-mm-prov.prov
-
-# AAF identity when publishing MM prov cmds
-MM.ProvUserMechId: dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org
-
-# pwd for Identity used to publish MM prov cmds
-MM.ProvUserPwd: demo123456!
-
-# AAF Role of MirrorMaker agent subscribed to prov cmds.
-MM.AgentRole: org.onal.dmaap-bc-mm-prov.agent
-
 #####################################################
 #
 # Certificate Management
 #
 #####################################################
-
-# Indicates how we are expecting certificates to be provided:
-#  cadi - a set of artifacts will be downloaded from AAF at deployment time, and details will be in a cadi properties file
-#  legacy (default) - artifacts will be installed manually or some other way and details will be in this file
-CertificateManagement: cadi
-
-# When CertificateManagement is cadi, then this is where all the cadi properties will be.
-# Note that the cadi properties include where the cert is, and the encrypted passwords to read.
-cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props
-
-###########################################################################################
 # When CertificateManagement is legacy, we need to provide more details about cert handling:
 #CertificateManagement: legacy
 # the type of keystore for https (for legacy CertificateManagment only)
@@ -235,43 +129,4 @@
 #TrustStorePassword: changeit
 #
 # END OF legacy CertificateManagement properties
-###########################################################################################
-
-
-#####################################################
-#
-# HTTP Server Configuration
-#
-#####################################################
-
-# Allow http access to dbcapi
-HttpAllowed: true
-
-# listen to http port within this container (server)
-IntHttpPort: 8080
-
-# listen to https port within this container (server)
-# set to 0 if no certificates are available.
-IntHttpsPort: 8443
-
-
-
-inHttpsPort: 0
-
-#####################################################
-#
-# Deprecated
-#
-#####################################################
-# csit: stubs out some southbound APIs for csit  (deprecated)
-#csit: No
-# name of this DMaaP instance (deprecated)
-#DmaapName: demo
-# external port number for https taking port mapping into account  (deprecated)
-#ExtHttpsPort: 443
-# path to the file used to trigger an orderly shutdown (deprecated)
-#QuiesceFile: etc/SHUTDOWN
-# FQDN of DR Prov Server (deprecated)
-#DR.provhost: dcae-drps.domain.not.set
-# root of topic namespace (decrecated)
-#topicNsRoot: org.onap.dcae.dmaap
+##########################################################################################
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/dcaeLocations/san-francisco.json b/kubernetes/dmaap/components/dmaap-bc/resources/dcaeLocations/san-francisco.json
index ca1e740..6e8e15e 100644
--- a/kubernetes/dmaap/components/dmaap-bc/resources/dcaeLocations/san-francisco.json
+++ b/kubernetes/dmaap/components/dmaap-bc/resources/dcaeLocations/san-francisco.json
@@ -1,5 +1,4 @@
 {
-
   "dcaeLayer": "kubernetes-central",
   "dcaeLocationName": "san-francisco"
 }
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/dmaap/onap.json b/kubernetes/dmaap/components/dmaap-bc/resources/dmaap/onap.json
index 23b111c..b2295af 100644
--- a/kubernetes/dmaap/components/dmaap-bc/resources/dmaap/onap.json
+++ b/kubernetes/dmaap/components/dmaap-bc/resources/dmaap/onap.json
@@ -1,10 +1,6 @@
 {
-{{ if eq .Values.fixedTopicNamespace true }}
-  "dmaapName": "mr",
-{{- else -}}
   "dmaapName": "{{ include "common.namespace" . }}",
-{{- end}}
-  "drProvUrl": "https://dmaap-dr-prov",
+  "drProvUrl": "http://{{ .Values.dmaapDataRouterProvService }}:8080",
   "version": "1",
   "topicNsRoot": "org.onap.dmaap",
   "bridgeAdminTopic": "DCAE_MM_AGENT"
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/feeds/test_feed.json b/kubernetes/dmaap/components/dmaap-bc/resources/feeds/test_feed.json
new file mode 100644
index 0000000..d446f7f
--- /dev/null
+++ b/kubernetes/dmaap/components/dmaap-bc/resources/feeds/test_feed.json
@@ -0,0 +1,7 @@
+{
+  "feedName": "dmaapbc-test-feed",
+  "feedVersion": "1.0",
+  "feedDescription": "test provisioning feed",
+  "asprClassification": "unclassified",
+  "owner": "dmaapbc"
+}
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/log/logback.xml b/kubernetes/dmaap/components/dmaap-bc/resources/log/logback.xml
new file mode 100644
index 0000000..a827b09
--- /dev/null
+++ b/kubernetes/dmaap/components/dmaap-bc/resources/log/logback.xml
@@ -0,0 +1,346 @@
+
+<!--
+  ============LICENSE_START==========================================
+  org.onap.dmaap
+  ===================================================================
+  Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+  ===================================================================
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+         http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+  ============LICENSE_END============================================
+  ECOMP is a trademark and service mark of AT&T Intellectual Property.
+-->
+
+<configuration scan="false" scanPeriod="3 seconds">
+  <!--<jmxConfigurator /> -->
+  <!-- directory path for all other type logs -->
+  <property name="logDir" value="logs" />
+  <!--  specify the component name -->
+  <property name="componentName" value="ONAP"/>
+
+  <!--  log file names -->
+  <property name="generalLogName" value="application" />
+  <property name="securityLogName" value="security" />
+  <property name="performanceLogName" value="performance" />
+  <property name="serverLogName" value="server" />
+  <property name="policyLogName" value="policy" />
+  <property name="errorLogName" value="error" />
+  <property name="metricsLogName" value="metrics" />
+  <property name="auditLogName" value="audit" />
+  <property name="debugLogName" value="debug" />
+
+  <property name="defaultPattern" value="%date{ISO8601,UTC}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Timer}|%msg%n" />
+
+  <property name="auditLoggerPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n" />
+  <property name="metricsLoggerPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n" />
+  <property name="errorLoggerPattern" value="%date{ISO8601,UTC}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDescription}|%msg%n" />
+  <property name="debugLoggerPattern" value="%date{ISO8601,UTC}|%X{RequestId}|%thread|%msg%n" />
+
+  <property name="logDirectory" value="${logDir}/${componentName}" />
+
+  <!-- Example evaluator filter applied against console appender -->
+  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>${defaultPattern}</pattern>
+    </encoder>
+  </appender>
+
+  <!-- ============================================================================ -->
+  <!-- EELF Appenders -->
+  <!-- ============================================================================ -->
+
+  <!-- The EELFAppender is used to record events to the general application
+    log -->
+
+
+  <appender name="EELF"
+    class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${generalLogName}.log</file>
+    <rollingPolicy
+      class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+      <fileNamePattern>${logDirectory}/${generalLogName}.%i.log.zip
+      </fileNamePattern>
+      <minIndex>1</minIndex>
+      <maxIndex>9</maxIndex>
+    </rollingPolicy>
+    <triggeringPolicy
+      class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+      <maxFileSize>50MB</maxFileSize>
+    </triggeringPolicy>
+    <encoder>
+      <pattern>${defaultPattern}</pattern>
+    </encoder>
+  </appender>
+
+  <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELF" />
+  </appender>
+
+  <!-- EELF Security Appender. This appender is used to record security events
+    to the security log file. Security events are separate from other loggers
+    in EELF so that security log records can be captured and managed in a secure
+    way separate from the other logs. This appender is set to never discard any
+    events. -->
+  <appender name="EELFSecurity"
+    class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${securityLogName}.log</file>
+    <rollingPolicy
+      class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+      <fileNamePattern>${logDirectory}/${securityLogName}.%i.log.zip
+      </fileNamePattern>
+      <minIndex>1</minIndex>
+      <maxIndex>9</maxIndex>
+    </rollingPolicy>
+    <triggeringPolicy
+      class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+      <maxFileSize>50MB</maxFileSize>
+    </triggeringPolicy>
+    <encoder>
+      <pattern>${defaultPattern}</pattern>
+    </encoder>
+  </appender>
+
+  <appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>256</queueSize>
+    <discardingThreshold>0</discardingThreshold>
+    <appender-ref ref="EELFSecurity" />
+  </appender>
+
+  <!-- EELF Performance Appender. This appender is used to record performance
+    records. -->
+  <appender name="EELFPerformance"
+    class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${performanceLogName}.log</file>
+    <rollingPolicy
+      class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+      <fileNamePattern>${logDirectory}/${performanceLogName}.%i.log.zip
+      </fileNamePattern>
+      <minIndex>1</minIndex>
+      <maxIndex>9</maxIndex>
+    </rollingPolicy>
+    <triggeringPolicy
+      class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+      <maxFileSize>50MB</maxFileSize>
+    </triggeringPolicy>
+    <encoder>
+      <pattern>${defaultPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="asyncEELFPerformance" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELFPerformance" />
+  </appender>
+
+  <!-- EELF Server Appender. This appender is used to record Server related
+    logging events. The Server logger and appender are specializations of the
+    EELF application root logger and appender. This can be used to segregate Server
+    events from other components, or it can be eliminated to record these events
+    as part of the application root log. -->
+  <appender name="EELFServer"
+    class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${serverLogName}.log</file>
+    <rollingPolicy
+      class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+      <fileNamePattern>${logDirectory}/${serverLogName}.%i.log.zip
+      </fileNamePattern>
+      <minIndex>1</minIndex>
+      <maxIndex>9</maxIndex>
+    </rollingPolicy>
+    <triggeringPolicy
+      class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+      <maxFileSize>50MB</maxFileSize>
+    </triggeringPolicy>
+    <encoder>
+        <pattern>${defaultPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="asyncEELFServer" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELFServer" />
+  </appender>
+
+
+  <!-- EELF Policy Appender. This appender is used to record Policy engine
+    related logging events. The Policy logger and appender are specializations
+    of the EELF application root logger and appender. This can be used to segregate
+    Policy engine events from other components, or it can be eliminated to record
+    these events as part of the application root log. -->
+  <appender name="EELFPolicy"
+    class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${policyLogName}.log</file>
+    <rollingPolicy
+      class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+      <fileNamePattern>${logDirectory}/${policyLogName}.%i.log.zip
+      </fileNamePattern>
+      <minIndex>1</minIndex>
+      <maxIndex>9</maxIndex>
+    </rollingPolicy>
+    <triggeringPolicy
+      class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+      <maxFileSize>50MB</maxFileSize>
+    </triggeringPolicy>
+    <encoder>
+        <pattern>${defaultPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="asyncEELFPolicy" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELFPolicy" />
+  </appender>
+
+
+  <!-- EELF Audit Appender. This appender is used to record audit engine
+    related logging events. The audit logger and appender are specializations
+    of the EELF application root logger and appender. This can be used to segregate
+    Policy engine events from other components, or it can be eliminated to record
+    these events as part of the application root log. -->
+
+  <appender name="EELFAudit"
+    class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${auditLogName}.log</file>
+    <rollingPolicy
+      class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+      <fileNamePattern>${logDirectory}/${auditLogName}.%i.log.zip
+      </fileNamePattern>
+      <minIndex>1</minIndex>
+      <maxIndex>9</maxIndex>
+    </rollingPolicy>
+    <triggeringPolicy
+      class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+      <maxFileSize>50MB</maxFileSize>
+    </triggeringPolicy>
+    <encoder>
+    <pattern>${auditLoggerPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELFAudit" />
+  </appender>
+
+<appender name="EELFMetrics"
+    class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${metricsLogName}.log</file>
+    <rollingPolicy
+      class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+      <fileNamePattern>${logDirectory}/${metricsLogName}.%i.log.zip
+      </fileNamePattern>
+      <minIndex>1</minIndex>
+      <maxIndex>9</maxIndex>
+    </rollingPolicy>
+    <triggeringPolicy
+      class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+      <maxFileSize>50MB</maxFileSize>
+    </triggeringPolicy>
+    <encoder>
+      <pattern>${metricsLoggerPattern}</pattern>
+    </encoder>
+  </appender>
+
+
+  <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELFMetrics"/>
+  </appender>
+
+  <appender name="EELFError"
+    class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${errorLogName}.log</file>
+    <rollingPolicy
+      class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+      <fileNamePattern>${logDirectory}/${errorLogName}.%i.log.zip
+      </fileNamePattern>
+      <minIndex>1</minIndex>
+      <maxIndex>9</maxIndex>
+    </rollingPolicy>
+    <triggeringPolicy
+      class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+      <maxFileSize>50MB</maxFileSize>
+    </triggeringPolicy>
+    <encoder>
+      <pattern>${errorLoggerPattern}</pattern>
+    </encoder>
+  </appender>
+
+  <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELFError"/>
+  </appender>
+
+   <appender name="EELFDebug"
+    class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${debugLogName}.log</file>
+    <rollingPolicy
+      class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+      <fileNamePattern>${logDirectory}/${debugLogName}.%i.log.zip
+      </fileNamePattern>
+      <minIndex>1</minIndex>
+      <maxIndex>9</maxIndex>
+    </rollingPolicy>
+    <triggeringPolicy
+      class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+      <maxFileSize>50MB</maxFileSize>
+    </triggeringPolicy>
+    <encoder>
+      <pattern>${debugLoggerPattern}</pattern>
+    </encoder>
+  </appender>
+
+  <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELFDebug" />
+    <includeCallerData>true</includeCallerData>
+  </appender>
+
+
+  <!-- ============================================================================ -->
+  <!--  EELF loggers -->
+  <!-- ============================================================================ -->
+  <logger name="com.att.eelf" level="info" additivity="false">
+    <appender-ref ref="asyncEELF" />
+  </logger>
+  <logger name="com.att.eelf.security" level="info" additivity="false">
+    <appender-ref ref="asyncEELFSecurity" />
+  </logger>
+  <logger name="com.att.eelf.perf" level="info" additivity="false">
+    <appender-ref ref="asyncEELFPerformance" />
+  </logger>
+  <logger name="com.att.eelf.server" level="info" additivity="false">
+    <appender-ref ref="asyncEELFServer" />
+  </logger>
+  <logger name="com.att.eelf.policy" level="info" additivity="false">
+    <appender-ref ref="asyncEELFPolicy" />
+  </logger>
+
+  <logger name="com.att.eelf.audit" level="info" additivity="false">
+    <appender-ref ref="asyncEELFAudit" />
+  </logger>
+
+  <logger name="com.att.eelf.metrics" level="info" additivity="false">
+        <appender-ref ref="asyncEELFMetrics" />
+  </logger>
+
+
+   <logger name="com.att.eelf.error" level="error" additivity="false">
+  <appender-ref ref="asyncEELFError" />
+  </logger>
+
+   <logger name="com.att.eelf.debug" level="debug" additivity="false">
+        <appender-ref ref="asyncEELFDebug" />
+  </logger>
+
+  <root level="ERROR">
+    <appender-ref ref="asyncEELF" />
+    <appender-ref ref="STDOUT" />
+  </root>
+</configuration>
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/mr_clusters/san-francisco.json b/kubernetes/dmaap/components/dmaap-bc/resources/mr_clusters/san-francisco.json
index 9e732d2..05c8983 100644
--- a/kubernetes/dmaap/components/dmaap-bc/resources/mr_clusters/san-francisco.json
+++ b/kubernetes/dmaap/components/dmaap-bc/resources/mr_clusters/san-francisco.json
@@ -1,6 +1,6 @@
 {
   "dcaeLocationName": "san-francisco",
-  "fqdn": "message-router",
+  "fqdn": "{{ .Values.dmaapMessageRouterService }}",
   "topicProtocol": "http",
   "topicPort": "3904"
 }
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_READY.json b/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_READY.json
deleted file mode 100644
index 34197b9..0000000
--- a/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_READY.json
+++ /dev/null
@@ -1,17 +0,0 @@
-{
-  "topicName": "PNF_READY",
-  "topicDescription": "This topic will be used to publish the PNF_READY events generated by the PNF REgistration Handler service in the DCAE platform.",
-  "owner": "PNFRegistrationHandler",
-  "tnxEnabled": false,
-  "clients": [
-    {
-      "dcaeLocationName": "san-francisco",
-      "clientRole": "org.onap.dmaap.mr.PNF_READY.pub",
-      "action": [
-        "pub",
-        "view"
-      ]
-
-    }
-  ]
-}
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_REGISTRATION.json b/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_REGISTRATION.json
deleted file mode 100644
index e732579..0000000
--- a/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_REGISTRATION.json
+++ /dev/null
@@ -1,17 +0,0 @@
-{
-  "topicName": "PNF_REGISTRATION",
-  "topicDescription": "the VES collector will be publishing pnfRegistration events in this topic",
-  "owner": "VEScollector",
-  "tnxEnabled": false,
-  "clients": [
-    {
-      "dcaeLocationName": "san-francisco",
-      "clientRole": "org.onap.dmaap.mr.PNF_REGISTRATION.sub",
-      "action": [
-        "sub",
-        "view"
-      ]
-
-    }
-  ]
-}
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/topics/mirrormakeragent.json b/kubernetes/dmaap/components/dmaap-bc/resources/topics/mirrormakeragent.json
deleted file mode 100644
index fb2c54e..0000000
--- a/kubernetes/dmaap/components/dmaap-bc/resources/topics/mirrormakeragent.json
+++ /dev/null
@@ -1,37 +0,0 @@
-{
-  "topicName": "mirrormakeragent",
-  "topicDescription": "the topic used to provision the MM agent whitelist",
-  "replicationCase": "REPLICATION_NONE",
-  "owner": "dmaap",
-  "tnxEnabled": false,
-  "partitionCount": "1",
-  "clients": [
-    {
-      "dcaeLocationName": "san-francisco",
-      "clientIdentity": "dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org",
-      "action": [
-        "pub",
-        "sub",
-        "view"
-      ]
-    },
-    {
-      "dcaeLocationName": "san-francisco",
-      "clientIdentity": "dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org",
-      "action": [
-        "pub",
-        "sub",
-        "view"
-      ]
-    },
-    {
-      "dcaeLocationName": "san-francisco",
-      "clientIdentity": "demo@people.osaaf.org",
-      "action": [
-        "pub",
-        "sub",
-        "view"
-      ]
-    }
-  ]
-}
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/topics/test_topic.json b/kubernetes/dmaap/components/dmaap-bc/resources/topics/test_topic.json
new file mode 100644
index 0000000..6570ea5
--- /dev/null
+++ b/kubernetes/dmaap/components/dmaap-bc/resources/topics/test_topic.json
@@ -0,0 +1,13 @@
+{
+  "topicName": "dmaapbc-test-topic",
+  "topicDescription": "test provisioning topic",
+  "owner": "dmaapbc",
+  "clients": [{
+      "dcaeLocationName": "san-francisco",
+      "clientRole": "org.onap.dmaap.mr.test.pub",
+      "action": [
+        "pub",
+        "view"
+      ]}
+  ]
+}
diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/NOTES.txt b/kubernetes/dmaap/components/dmaap-bc/templates/NOTES.txt
deleted file mode 100644
index 050853c..0000000
--- a/kubernetes/dmaap/components/dmaap-bc/templates/NOTES.txt
+++ /dev/null
@@ -1,34 +0,0 @@
-# Copyright © 2018  AT&T Intellectual Property.  All rights reserved.
-# Modifications Copyright © 2018 Amdocs,Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}-prov)
-  export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml
index b7c52df..0dd75f3 100644
--- a/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml
@@ -18,13 +18,16 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
+  name: {{ include "common.fullname" . }}-log
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/log/logback.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
   name: {{ include "common.fullname" . }}-config
   namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
 data:
 {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
 ---
@@ -33,11 +36,6 @@
 metadata:
   name:  {{ include "common.fullname" . }}-dbc-dmaap
   namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
 data:
 {{ tpl (.Files.Glob "resources/dmaap/*.json").AsConfig . | indent 2 }}
 ---
@@ -46,11 +44,6 @@
 metadata:
   name:  {{ include "common.fullname" . }}-dbc-dcaelocations
   namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
 data:
 {{ tpl (.Files.Glob "resources/dcaeLocations/*.json").AsConfig . | indent 2 }}
 ---
@@ -59,11 +52,6 @@
 metadata:
   name:  {{ include "common.fullname" . }}-dr-nodes
   namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
 data:
 {{ tpl (.Files.Glob "resources/dr_nodes/*.json").AsConfig . | indent 2 }}
 ---
@@ -72,11 +60,6 @@
 metadata:
   name:  {{ include "common.fullname" . }}-feeds
   namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
 data:
 {{ tpl (.Files.Glob "resources/feeds/*.json").AsConfig . | indent 2 }}
 ---
@@ -85,11 +68,6 @@
 metadata:
   name:  {{ include "common.fullname" . }}-mr-clusters
   namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
 data:
 {{ tpl (.Files.Glob "resources/mr_clusters/*.json").AsConfig . | indent 2 }}
 ---
@@ -98,10 +76,5 @@
 metadata:
   name:  {{ include "common.fullname" . }}-topics
   namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
 data:
 {{ tpl (.Files.Glob "resources/topics/*.json").AsConfig . | indent 2 }}
diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml
index a0c3154..e7887cc 100644
--- a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml
@@ -24,68 +24,44 @@
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
       {{ include "common.podSecurityContext" . | indent 6 | trim}}
-{{- if .Values.PG.enabled }}
-      initContainers:
+      initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
+      {{- if .Values.usePostgres }}
       - command:
         - sh
         args:
         - -c
         - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
         env:
-        - name: PG_USER
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
-        - name: PG_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+          - name: PG_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }}
+          - name: PG_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }}
         volumeMounts:
-        - mountPath: /config-input
-          name: {{ include "common.name" . }}-config-input
-        - mountPath: /config
-          name: {{ include "common.name" . }}-config
+          - mountPath: /config-input
+            name: {{ include "common.name" . }}-config-input
+          - mountPath: /config
+            name: {{ include "common.name" . }}-config
+        name: {{ include "common.name" . }}-update-config
         image: {{ include "repositoryGenerator.image.envsubst" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | nindent 6 }}
-{{- if .Values.global.aafEnabled }}
-      - name: {{ include "common.name" . }}-permission-fixer
-        securityContext:
-          runAsUser: 0
-        image: {{ include "repositoryGenerator.image.busybox" . }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
-        command: ["chown","-Rf","1000:1001", "/opt/app/"]
-#       See AAF-425 for explanation of why this is needed.
-#       This artifact is provisioned in AAF for both pks12 and jks format and apparently
-#       the cadi library is not using the jks password on the jks keystore.
-#       So, this attempts to "fix" the credential property file until this is fixed properly.
-      - name: {{ include "common.name" . }}-cred-fixer
-        image: {{ include "repositoryGenerator.image.busybox" . }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
-        command: ["/bin/sh"]
-        args: [ "-c", "sed -i -e '/cadi_keystore_password=/d' -e '/cadi_keystore_password_jks/p' -e 's/cadi_keystore_password_jks/cadi_keystore_password/' -e 's/dmaap-bc.p12/dmaap-bc.jks/' /opt/app/osaaf/local/org.onap.dmaap-bc.cred.props" ]
-{{- end }}
-      - name: {{ include "common.name" . }}-postgres-readiness
-        securityContext:
-          runAsUser: 100
-          runAsGroup: 65533
-        command:
+      - command:
         - /app/ready.py
         args:
         - --container-name
         - {{ .Values.postgres.nameOverride }}
-        - --container-name
-        - message-router
-        - --container-name
-        - dmaap-dr-node
+        securityContext:
+          runAsUser: 100
+          runAsGroup: 65533
         env:
         - name: NAMESPACE
           valueFrom:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+        name: {{ include "common.name" . }}-postgres-readiness
         image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- end }}
+      {{- end }}
       containers:
         - name: {{ include "common.name" . }}
           image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -96,7 +72,6 @@
             httpGet:
               port: {{ .Values.liveness.port }}
               path: /webapi/topics
-              scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
             periodSeconds: {{ .Values.liveness.periodSeconds }}
           {{ end -}}
@@ -104,18 +79,19 @@
             httpGet:
               port: {{ .Values.readiness.port }}
               path: /webapi/topics
-              scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
-          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+          volumeMounts:
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
-# NOTE: on the following several configMaps, careful to include / at end
-#       since there may be more than one file in each mountPath
           - name: {{ include "common.name" . }}-config
             mountPath: /opt/app/config/conf/
-          resources: {{ include "common.resources" . | nindent 12 }}
+          - mountPath: /opt/app/dmaapbc/etc/logback.xml
+            name: {{ include "common.fullname" . }}-log-conf
+            subPath: logback.xml
+          resources:
+{{ include "common.resources" . }}
         {{- if .Values.nodeSelector }}
         nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
         {{- end -}}
@@ -123,15 +99,24 @@
         affinity: {{ toYaml .Values.affinity | nindent 10 }}
         {{- end }}
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
-      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+      volumes:
         - name: localtime
           hostPath:
             path: /etc/localtime
+        - name: {{ include "common.fullname" . }}-log-conf
+          configMap:
+            name: {{ include "common.fullname" . }}-log
+        {{- if .Values.usePostgres }}
         - name: {{ include "common.name" . }}-config-input
           configMap:
             name: {{ include "common.fullname" . }}-config
         - name: {{ include "common.name" . }}-config
           emptyDir:
             medium: Memory
+        {{- else }}
+        - name: {{ include "common.name" . }}-config
+          configMap:
+            name: {{ include "common.fullname" . }}-config
+        {{- end }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml
index ab6f573..0f6c8f9 100644
--- a/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml
@@ -1,3 +1,22 @@
+{{/*
+  # ============LICENSE_START===================================================
+  #  Copyright (C) 2022 Nordix Foundation
+  # ============================================================================
+  # Licensed under the Apache License, Version 2.0 (the "License");
+  # you may not use this file except in compliance with the License.
+  # You may obtain a copy of the License at
+  #
+  #      http://www.apache.org/licenses/LICENSE-2.0
+  #
+  # Unless required by applicable law or agreed to in writing, software
+  # distributed under the License is distributed on an "AS IS" BASIS,
+  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  # See the License for the specific language governing permissions and
+  # limitations under the License.
+  #
+  # SPDX-License-Identifier: Apache-2.0
+  # ============LICENSE_END=====================================================
+*/}}
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -18,7 +37,7 @@
         - /app/ready.py
         args:
         - --container-name
-        - dmaap-bc
+        - {{ include "common.name" . }}
         env:
         - name: NAMESPACE
           valueFrom:
@@ -27,17 +46,15 @@
               fieldPath: metadata.namespace
       containers:
       - name: dmaap-provisioning-job
-        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.clientImage }}
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbcClientImage }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         env:
         - name: DELAY
           value: "0"
-    {{- if or (include "common.onServiceMesh" .) .Values.global.allow_http }}
         - name: PROTO
           value: "http"
         - name: PORT
           value: "8080"
-    {{ end }}
         - name: REQUESTID
           value: "{{.Chart.Name}}-dmaap-provisioning"
         volumeMounts:
@@ -59,7 +76,8 @@
           mountPath: /opt/app/config/mr_clusters/
         - name:  {{ include "common.fullname" . }}-topics
           mountPath: /opt/app/config/topics/
-        resources: {{ include "common.resources" . | nindent 10 }}
+        resources:
+{{ include "common.resources" . }}
       {{ include "common.waitForJobContainer" . | indent 6 | trim }}
         {{- if .Values.nodeSelector }}
       nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/ingress.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/ingress.yaml
index 8f87c68..a90bf83 100644
--- a/kubernetes/dmaap/components/dmaap-bc/templates/ingress.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/templates/ingress.yaml
@@ -1 +1,18 @@
+{{/*
+# Copyright © 2018  AT&T Intellectual Property.  All rights reserved.
+# Modifications Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
 {{ include "common.ingress" . }}
diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml
index 7074e4d..b7a31c0 100644
--- a/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml
@@ -1,4 +1,3 @@
-
 # Modifications Copyright © 2019 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
diff --git a/kubernetes/dmaap/components/dmaap-bc/values.yaml b/kubernetes/dmaap/components/dmaap-bc/values.yaml
index 911fee8..1e23424 100644
--- a/kubernetes/dmaap/components/dmaap-bc/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/values.yaml
@@ -17,8 +17,11 @@
 # Global configuration defaults.
 #################################################################
 global:
-  nodePortPrefix: 302
+  persistence: {}
 
+#################################################################
+# Secrets metaconfig
+#################################################################
 secrets:
   - uid: pg-root-pass
     name: &pgRootPassSecretName '{{ include "common.release" . }}-dmaap-bc-pg-root-pass'
@@ -37,89 +40,64 @@
 #################################################################
 # Application configuration defaults.
 #################################################################
+# application images
+image: onap/dmaap/dmaap-bc:2.0.11
 pullPolicy: Always
 
-# application images
-image: onap/dmaap/dmaap-bc:2.0.10
-
+#DMaaP Bus Controller client image for provisioning at deploy time
+dbcClientImage: onap/dmaap/dbc-client:2.0.11
 
 # application configuration
-dmaapMessageRouterService: message-router
-
-# change the following value to point to Windriver instance maintained
-# by AAF team.
-# e.g.
-#aafURL: https://aaf-onap-test.osaaf.org:8095/proxy/
-aafURL: https://aaf-service:8100/
-aafLocateUrl: https://aaf-locate:8095
-topicMgrUser: dmaap-bc@dmaap-bc.onap.org
-topicMgrPwd: demo123456!
-adminUser: aaf_admin@people.osaaf.org
-adminPwd: demo123456!
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
-  nameOverride: dmaap-bc-cert-initializer
-  aafDeployFqi: deployer@people.osaaf.org
-  aafDeployPass: demo123456!
-  # aafDeployCredsExternalSecret: some secret
-  fqdn: dmaap-bc
-  fqi: dmaap-bc@dmaap-bc.onap.org
-  publicFqdn: dmaap-bc.onap.org
-  cadiLatitude: 0.0
-  cadiLongitude: 0.0
-  app_ns: org.osaaf.aaf
-  credsPath: /opt/app/osaaf/local
-
-persistence:
-  aafCredsPath: /opt/app/osaaf/local/
-
-# for Casablanca default deployment, leave this true to
-# get a topic namespace that matches MR.  When set to false,
-# it will compose the topic namespace using the kubernetes namespace value
-fixedTopicNamespace: true
-
-# for quicker deployments in dev, ability to disable using postgres
-PG:
-  enabled: true
+dmaapMessageRouterService: &mr_name message-router
+dmaapDataRouterProvService: &dr_prov_name dmaap-dr-prov
+dmaapDataRouterNodeService: &dr_node_name dmaap-dr-node
 
 nodeSelector: {}
 
 affinity: {}
 
+containerPort: &svc_port 8080
+
+service:
+  type: ClusterIP
+  name: &svc_name dmaap-bc
+  ports:
+    - name: &port http
+      port: *svc_port
+
+ingress:
+  enabled: false
+  service:
+    - baseaddr: "dmaap-bc-api"
+      name: *svc_name
+      port: *svc_port
+  config:
+    ssl: "redirect"
+
 # probe configuration parameters
 liveness:
   initialDelaySeconds: 10
   periodSeconds: 10
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
-  port: api
+  port: *svc_port
   enabled: true
 
 readiness:
   initialDelaySeconds: 10
   periodSeconds: 10
-  port: api
+  port: *svc_port
 
+usePostgres: &use_pg true
 
-service:
-  type: NodePort
-  name: dmaap-bc
-  ports:
-    - name: api
-      port: 8443
-      plain_port: 8080
-      port_protocol: http
-      nodePort: 42
-
-
-# application configuration override for postgres
 postgres:
-  nameOverride: dbc-pg
+# For Dev deployments, use in memory DB
+# postgres
+#   enabled: false
+  enabled: true
+  nameOverride: &pg_name dbc-postgres
   service:
-    name: dbc-postgres
+    name: *pg_name
     name2: dbc-pg-primary
     name3: dbc-pg-replica
   container:
@@ -135,23 +113,9 @@
     mountSubPath: dbc/data
     mountInitPath: dbc
 
-ingress:
-  enabled: false
-  service:
-    - baseaddr: "dmaap-bc-api"
-      name: "dmaap-bc"
-      port: 8443
-      plain_port: 8080
-  config:
-    ssl: "redirect"
-
 # Resource Limit flavor -By Default using small
 flavor: small
 
-securityContext:
-  user_id: 1000
-  group_id: 101
-
 # Segregation for Different environment (Small and Large)
 resources:
   small:
@@ -170,13 +134,21 @@
       memory: 2Gi
   unlimited: {}
 
+securityContext:
+  user_id: 1000
+  group_id: 101
+
 #Pods Service Account
 serviceAccount:
-  nameOverride: dmaap-bc
+  nameOverride: *svc_name
   roles:
     - read
 
+readinessCheck:
+  wait_for:
+    - *mr_name
+    - *dr_node_name
+
 wait_for_job_container:
   containers:
-    - 'dmaap-provisioning-job'
-
+    - 'dmaap-provisioning-job'
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/Chart.yaml b/kubernetes/dmaap/components/dmaap-dr-node/Chart.yaml
index c0a3039..57f664a 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/Chart.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/Chart.yaml
@@ -29,6 +29,6 @@
   - name: serviceAccount
     version: ~12.x-0
     repository: '@local'
-  - name: certInitializer
+  - name: readinessCheck
     version: ~12.x-0
     repository: '@local'
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml
deleted file mode 100644
index 6292be2..0000000
--- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml
+++ /dev/null
@@ -1,62 +0,0 @@
-{{/*
-# ============LICENSE_START=======================================================
-#  Copyright (C) 2019 The Nordix Foundation. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-
-# dmaap-dr-node filebeat.yml
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
-  #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
-  paths:
-    - /var/log/onap/*/*/*/*.log
-    - /var/log/onap/*/*/*.log
-    - /var/log/onap/*/*.log
-  #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
-  ignore_older: 48h
-  # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
-  clean_inactive: 96h
-
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
-  #List of logstash server ip addresses with port number.
-  #But, in our case, this will be the loadbalancer IP address.
-  #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
-  hosts: ["{{.Values.global.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.global.logstashPort}}"]
-  #If enable will do load balancing among available Logstash, automatically.
-  loadbalance: true
-
-  #The list of root certificates for server verifications.
-  #If certificate_authorities is empty or not set, the trusted
-  #certificate authorities of the host system are used.
-  #ssl.certificate_authorities: $ssl.certificate_authorities
-
-  #The path to the certificate for SSL client authentication. If the certificate is not specified,
-  #client authentication is not available.
-  #ssl.certificate: $ssl.certificate
-
-  #The client certificate key used for client authentication.
-  #ssl.key: $ssl.key
-
-  #The passphrase used to decrypt an encrypted key stored in the configured key file
-  #ssl.key_passphrase: $ssl.key_passphrase
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml
index 8b8c16c..7d77383 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml
@@ -211,7 +211,7 @@
   </logger>
 
 
-  <root level="{{.Values.config.dmaapDrNode.logLevel}}">
+  <root level="{{.Values.logLevel}}">
     <appender-ref ref="asyncAudit" />
     <appender-ref ref="asyncMetrics" />
     <appender-ref ref="asyncDebug" />
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
index 20030a7..21d7c20 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
+++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
@@ -28,23 +28,23 @@
 #
 #ProvisioningURL:    ${DRTR_PROV_INTURL}
 */}}
-ProvisioningURL=https://{{ .Values.global.dmaapDrProvName }}:{{ .Values.global.dmaapDrProvExtPort2 }}/internal/prov
+ProvisioningURL=http://{{ .Values.global.dmaapDrProvName }}:8080/internal/prov
 
 #
 #    URL to upload PUB/DEL/EXP logs
 #
 #LogUploadURL:    ${DRTR_LOG_URL}
-LogUploadURL=https://{{ .Values.global.dmaapDrProvName }}:{{ .Values.global.dmaapDrProvExtPort2 }}/internal/logs
+LogUploadURL=http://{{ .Values.global.dmaapDrProvName }}:8080/internal/logs
 
 #
 #    The port number for http as seen within the server
 #
 #IntHttpPort:    ${DRTR_NODE_INTHTTPPORT:-8080}
-IntHttpPort={{ include "common.getPort" (dict "global" . "name" "api" "getPlain" true) }}
+IntHttpPort={{ .Values.containerPort }}
 #
 #    The port number for https as seen within the server
 #
-IntHttpsPort={{ include "common.getPort" (dict "global" . "name" "api") }}
+IntHttpsPort={{ .Values.containerPort }}
 #
 #    The external port number for https taking port mapping into account
 #
@@ -90,6 +90,9 @@
 #    DR_NODE DEFAULT ENABLED TLS PROTOCOLS
 NodeHttpsProtocols = TLSv1.1|TLSv1.2
 #
+#    AAF CADI enabled flag
+CadiEnabled = false
+#
 #    AAF type to generate permission string
 AAFType = org.onap.dmaap-dr.feed
 #
@@ -99,8 +102,8 @@
 #    AAF action to generate permission string - default should be publish
 AAFAction = publish
 #
-#    AAF CADI enabled flag
-CadiEnabled = false
-#
 #    AAF Props file path
-AAFPropsFilePath = {{ .Values.certInitializer.credsPath }}/org.onap.dmaap-dr.props
+AAFPropsFilePath = /opt/app/osaaf/local/org.onap.dmaap-dr.props
+#
+#    https security required for publish request
+TlsEnabled = false
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt b/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt
deleted file mode 100644
index 62aeffb..0000000
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt
+++ /dev/null
@@ -1,33 +0,0 @@
-# Copyright © 2018  AT&T Intellectual Property.  All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{.Values.config.dmaapDrNode.externalPort}}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:{{ include "common.getPort" (dict "global" . "name" "api" "getPlain" true) }}
-{{- end }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml
index 597da17..ce64cab 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml
@@ -17,15 +17,10 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ include "common.fullname" . }}-configmap
+  name: {{ include "common.fullname" . }}-node-props
   namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
 data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/node.properties").AsConfig . | indent 2 }}
 ---
 apiVersion: v1
 kind: ConfigMap
@@ -34,18 +29,3 @@
   namespace: {{ include "common.namespace" . }}
 data:
 {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-dbc-drnodes
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/dr_nodes/*.json").AsConfig . | indent 2 }}
----
-{{ include "common.log.configMap" . }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/ingress.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/ingress.yaml
index 8f87c68..f288af9 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/ingress.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/ingress.yaml
@@ -1 +1,21 @@
+{{/*
+  # ============LICENSE_START===================================================
+  #  Copyright (C) 2022 Nordix Foundation, Orange.
+  # ============================================================================
+  # Licensed under the Apache License, Version 2.0 (the "License");
+  # you may not use this file except in compliance with the License.
+  # You may obtain a copy of the License at
+  #
+  #      http://www.apache.org/licenses/LICENSE-2.0
+  #
+  # Unless required by applicable law or agreed to in writing, software
+  # distributed under the License is distributed on an "AS IS" BASIS,
+  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  # See the License for the specific language governing permissions and
+  # limitations under the License.
+  #
+  # SPDX-License-Identifier: Apache-2.0
+  # ============LICENSE_END=====================================================
+*/}}
+
 {{ include "common.ingress" . }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
index 69f6fc1..f4167af 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
@@ -24,35 +24,18 @@
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
       {{ include "common.podSecurityContext" . | indent 6 | trim}}
-      initContainers: {{ include "common.certInitializer.initContainer" . | nindent 8 }}
-        - name: {{ include "common.name" . }}-readiness
-          securityContext:
-            runAsUser: 100
-            runAsGroup: 65533
-          image: {{ include "repositoryGenerator.image.readiness" . }}
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          command:
-          - /app/ready.py
-          args:
-          - --container-name
-          - dmaap-dr-prov
-          env:
-          - name: NAMESPACE
-            valueFrom:
-              fieldRef:
-                apiVersion: v1
-                fieldPath: metadata.namespace
+      initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 8 }}
         - name: {{ include "common.name" . }}-permission-fixer
           securityContext:
             runAsUser: 0
           image: {{ include "repositoryGenerator.image.busybox" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
-          - mountPath: {{ .Values.persistence.spool.path }}
-            name: {{ include "common.fullname" . }}-spool
-          - mountPath: {{ .Values.persistence.event.path }}
-            name: {{ include "common.fullname" . }}-event-logs
           command: ["chown","-Rf","1000:1001", "/opt/app/"]
+          volumeMounts:
+            - name: {{ include "common.fullname" . }}-spool
+              mountPath: {{ .Values.persistence.spool.path }}
+            - name: {{ include "common.fullname" . }}-event-logs
+              mountPath: {{ .Values.persistence.event.path }}
       containers:
         - name: {{ include "common.name" . }}
           image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -70,50 +53,44 @@
               port: {{.Values.readiness.port}}
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
-          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
-          - mountPath: {{ .Values.persistence.spool.path }}
-            name: {{ include "common.fullname" . }}-spool
-          - mountPath: {{ .Values.persistence.event.path }}
-            name: {{ include "common.fullname" . }}-event-logs
-          - mountPath: /etc/localtime
-            name: localtime
-            readOnly: false
-          - mountPath: /opt/app/datartr/etc/node.properties
-            name: {{ include "common.fullname" . }}-config
-            subPath: node.properties
-          - mountPath: /opt/app/datartr/etc/logback.xml
-            name: {{ include "common.fullname" . }}-log-conf
-            subPath: logback.xml
-          - mountPath: {{ .Values.global.loggingDirectory }}
-            name: logs
-          resources: {{ include "common.resources" . | nindent 12 }}
+          volumeMounts:
+            - mountPath: {{ .Values.persistence.spool.path }}
+              name: {{ include "common.fullname" . }}-spool
+            - mountPath: {{ .Values.persistence.event.path }}
+              name: {{ include "common.fullname" . }}-event-logs
+            - mountPath: /etc/localtime
+              name: localtime
+              readOnly: false
+            - mountPath: /opt/app/datartr/etc/node.properties
+              name: {{ include "common.fullname" . }}-config
+              subPath: node.properties
+            - mountPath: /opt/app/datartr/etc/logback.xml
+              name: {{ include "common.fullname" . }}-log-conf
+              subPath: logback.xml
+          resources:
+{{ include "common.resources" . }}
         {{- if .Values.nodeSelector }}
         nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
         {{- end -}}
         {{- if .Values.affinity }}
         affinity: {{ toYaml .Values.affinity | nindent 10 }}
         {{- end }}
-        # Filebeat sidecar container
-        {{ include "common.log.sidecar" . | nindent 8 }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
-      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+      volumes:
         - name: localtime
           hostPath:
             path: /etc/localtime
         - name: {{ include "common.fullname" . }}-config
           configMap:
-            name: {{ include "common.fullname" . }}-configmap
+            name: {{ include "common.fullname" . }}-node-props
             items:
             - key: node.properties
               path: node.properties
         - name: {{ include "common.fullname" . }}-log-conf
           configMap:
             name: {{ include "common.fullname" . }}-log
-        {{ include "common.log.volumes" . | nindent 8 }}
-        - name: logs
-          emptyDir: {}
       {{- if not .Values.persistence.enabled }}
         - name:  {{ include "common.fullname" . }}-event-logs
           emptyDir: {}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
index 6da3cda..d2f5945 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
@@ -16,42 +16,16 @@
 # Global configuration defaults.
 #################################################################
 global:
-  loggingDirectory: /var/log/onap/datarouter
   persistence: {}
-  aafEnabled: true
-  centralizedLoggingEnabled: true
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
-  nameOverride: dmaap-dr-node-cert-initializer
-  aafDeployFqi: deployer@people.osaaf.org
-  aafDeployPass: demo123456!
-  # aafDeployCredsExternalSecret: some secret
-  fqdn: dmaap-dr-node
-  fqi: dmaap-dr-node@dmaap-dr.onap.org
-  public_fqdn: dmaap-dr.onap.org
-  cadi_longitude: "0.0"
-  cadi_latitude: "0.0"
-  app_ns: org.osaaf.aaf
-  credsPath: /opt/app/osaaf/local
-  aaf_add_config: >
-    echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
-    echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop
+  dmaapDrProvName: dmaap-dr-prov
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/dmaap/datarouter-node:2.1.11
+image: onap/dmaap/datarouter-node:2.1.12
 pullPolicy: Always
 
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration - see parent values chart
-
 # default number of instances
 replicaCount: 1
 
@@ -59,6 +33,29 @@
 
 affinity: {}
 
+# application configuration - see parent values chart
+# dr uses the EELF Logging framework https://github.com/att/EELF
+# and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
+logLevel: "DEBUG"
+
+containerPort: &svc_port 8080
+
+service:
+  type: ClusterIP
+  name: dmaap-dr-node
+  ports:
+    - name: http
+      port: *svc_port
+
+ingress:
+  enabled: false
+  service:
+    - baseaddr: "dmaap-dr-node-api"
+      name: "dmaap-dr-node"
+      port: *svc_port
+  config:
+    ssl: "redirect"
+
 # probe configuration parameters
 liveness:
   initialDelaySeconds: 30
@@ -66,14 +63,14 @@
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
   enabled: true
-  port: api
+  port: *svc_port
 
 readiness:
   initialDelaySeconds: 30
   periodSeconds: 10
-  port: api
+  port: *svc_port
 
-## Persist data to a persitent volume
+## Persist data to a persistent volume
 persistence:
   enabled: true
   mountPath: /dockerdata-nfs
@@ -97,28 +94,9 @@
     labels:
       app.kubernetes.io/component: event-logs
 
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets: {}
-
-ingress:
-  enabled: false
-  service:
-    - baseaddr: "dmaap-dr-node-api"
-      name: "dmaap-dr-node"
-      port: 8443
-      plain_port: 8080
-  config:
-    ssl: "redirect"
-
 # Resource Limit flavor -By Default using small
 flavor: small
 
-securityContext:
-  user_id: 1000
-  group_id: 1000
-
 # Segregation for Different environment (Small and Large)
 resources:
   small:
@@ -137,33 +115,16 @@
       memory: 2Gi
   unlimited: {}
 
-service:
-  type: NodePort
-  name: dmaap-dr-node
-  useNodePortExt: true
-  both_tls_and_plain: true
-  annotations:
-    service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
-  ports:
-    - name: api
-      port: 8443
-      plain_port: 8080
-      port_protocol: http
-      nodePort: 94
-
-config:
-  # dr node server configuration
-  dmaapDrNode:
-    # dr uses the EELF Logging framework https://github.com/att/EELF
-    # and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
-    logLevel: "INFO"
-
 #Pods Service Account
 serviceAccount:
   nameOverride: dmaap-dr-node
   roles:
     - read
 
-#Log configuration
-log:
-  path: /var/log/onap
+securityContext:
+  user_id: 1000
+  group_id: 1000
+
+readinessCheck:
+  wait_for:
+    - dmaap-dr-prov
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/Chart.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/Chart.yaml
index 15c6e8b..67c4556 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/Chart.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/Chart.yaml
@@ -29,10 +29,10 @@
   - name: mariadb-init
     version: ~12.x-0
     repository: '@local'
-  - name: certInitializer
+  - name: repositoryGenerator
     version: ~12.x-0
     repository: '@local'
-  - name: repositoryGenerator
+  - name: readinessCheck
     version: ~12.x-0
     repository: '@local'
   - name: serviceAccount
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/log/filebeat/filebeat.yml b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/log/filebeat/filebeat.yml
deleted file mode 100644
index c8a173c..0000000
--- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/log/filebeat/filebeat.yml
+++ /dev/null
@@ -1,63 +0,0 @@
-{{/*
-# ============LICENSE_START=======================================================
-#  Copyright (C) 2019 The Nordix Foundation. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-
-# dmaap-dr-prov filebeat.yml
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
-  #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
-  paths:
-    - /var/log/onap/*/*/*/*.log
-    - /var/log/onap/*/*/*.log
-    - /var/log/onap/*/*.log
-    - /opt/app/datartr/logs/*.log
-  #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
-  ignore_older: 48h
-  # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
-  clean_inactive: 96h
-
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
-  #List of logstash server ip addresses with port number.
-  #But, in our case, this will be the loadbalancer IP address.
-  #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
-  hosts: ["{{.Values.global.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.global.logstashPort}}"]
-  #If enable will do load balancing among available Logstash, automatically.
-  loadbalance: true
-
-  #The list of root certificates for server verifications.
-  #If certificate_authorities is empty or not set, the trusted
-  #certificate authorities of the host system are used.
-  #ssl.certificate_authorities: $ssl.certificate_authorities
-
-  #The path to the certificate for SSL client authentication. If the certificate is not specified,
-  #client authentication is not available.
-  #ssl.certificate: $ssl.certificate
-
-  #The client certificate key used for client authentication.
-  #ssl.key: $ssl.key
-
-  #The passphrase used to decrypt an encrypted key stored in the configured key file
-  #ssl.key_passphrase: $ssl.key_passphrase
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml
index 73446ee..9a3c383 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml
@@ -369,15 +369,17 @@
         <appender-ref ref="asyncEELFDebug" />
     </logger>
 
+    <logger name="com.att.eelf.server" level="info" additivity="false">
+      <appender-ref ref="asyncEELFServer" />
+    </logger>
+
     <!-- logger name="com.att.eelf.security" level="info" additivity="false">
       <appender-ref ref="asyncEELFSecurity" />
     </logger>
     <logger name="com.att.eelf.perf" level="info" additivity="false">
       <appender-ref ref="asyncEELFPerformance" />
     </logger>
-    <logger name="com.att.eelf.server" level="info" additivity="false">
-      <appender-ref ref="asyncEELFServer" />
-    </logger>
+
     <logger name="com.att.eelf.policy" level="info" additivity="false">
       <appender-ref ref="asyncEELFPolicy" />
     </logger>
@@ -394,15 +396,11 @@
           <appender-ref ref="asyncEELFDebug" />
     </logger-->
 
-
-
-
-    <root level="{{.Values.config.dmaapDrProv.logLevel}}">
+    <root level="{{.Values.logLevel}}">
         <appender-ref ref="asyncEELF" />
         <appender-ref ref="asyncEELFError" />
         <appender-ref ref="asyncEELFjettylog" />
         <appender-ref ref="asyncEELFDebug" />
         <appender-ref ref="STDOUT" />
     </root>
-
 </configuration>
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
index 18ab419..a56de3c 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
@@ -25,35 +25,20 @@
 
 
 #Jetty Server properties
-org.onap.dmaap.datarouter.provserver.http.port           = {{.Values.config.dmaapDrProv.internalPort}}
-org.onap.dmaap.datarouter.provserver.https.port          = {{.Values.config.dmaapDrProv.internalPort2}}
+org.onap.dmaap.datarouter.provserver.http.port           = {{ .Values.containerPort }}
 org.onap.dmaap.datarouter.provserver.https.relaxation    = true
 
-org.onap.dmaap.datarouter.provserver.aafprops.path       = /opt/app/osaaf/local/org.onap.dmaap-dr.props
+org.onap.dmaap.datarouter.provserver.tlsenabled          = false
+org.onap.dmaap.datarouter.nodeserver.http.port           = 8080
 
 org.onap.dmaap.datarouter.provserver.accesslog.dir       = /opt/app/datartr/logs
 org.onap.dmaap.datarouter.provserver.spooldir            = /opt/app/datartr/spool
 org.onap.dmaap.datarouter.provserver.dbscripts           = /opt/app/datartr/etc/misc
 org.onap.dmaap.datarouter.provserver.logretention        = 30
 
-#DMAAP-597 (Tech Dept) REST request source IP auth
-# relaxation to accommodate OOM kubernetes deploy
-org.onap.dmaap.datarouter.provserver.isaddressauthenabled = false
-
 # Database access
 org.onap.dmaap.datarouter.db.driver   = org.mariadb.jdbc.Driver
 org.onap.dmaap.datarouter.db.url      = jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{index .Values "mariadb-galera" "db" "name"}}
 org.onap.dmaap.datarouter.db.login    = ${DB_USERNAME}
 org.onap.dmaap.datarouter.db.password = ${DB_PASSWORD}
 
-# PROV - DEFAULT ENABLED TLS PROTOCOLS
-org.onap.dmaap.datarouter.provserver.https.include.protocols = TLSv1.1|TLSv1.2
-
-# AAF config
-org.onap.dmaap.datarouter.provserver.cadi.enabled = false
-
-org.onap.dmaap.datarouter.provserver.aaf.feed.type        = org.onap.dmaap-dr.feed
-org.onap.dmaap.datarouter.provserver.aaf.sub.type         = org.onap.dmaap-dr.sub
-org.onap.dmaap.datarouter.provserver.aaf.instance         = legacy
-org.onap.dmaap.datarouter.provserver.aaf.action.publish   = publish
-org.onap.dmaap.datarouter.provserver.aaf.action.subscribe = subscribe
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/NOTES.txt b/kubernetes/dmaap/components/dmaap-dr-prov/templates/NOTES.txt
deleted file mode 100644
index 8d29cf9..0000000
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/NOTES.txt
+++ /dev/null
@@ -1,33 +0,0 @@
-# Copyright © 2018  AT&T Intellectual Property.  All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.config.dmaapDrProv.servicetype }}
-  export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.config.dmaapDrProv.servicetype }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{.Values.config.dmaapDrProv.externalPort}}
-{{- else if contains "ClusterIP" .Values.config.dmaapDrProv.servicetype }}
-  export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:{{.Values.config.dmaapDrProv.internalPort}}
-{{- end }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml
index 9031cce..1cd5244 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml
@@ -36,42 +36,3 @@
 {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
 ---
 {{ include "common.log.configMap" . }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-dbc-feeds
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/feeds/*.json").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-dbc-drpubs
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/dr_pubs/*.json").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-dbc-drsubs
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/dr_subs/*.json").AsConfig . | indent 2 }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
index 325ca9f..f44dd7b 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
@@ -15,93 +15,48 @@
 */}}
 apiVersion: apps/v1
 kind: Deployment
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
 spec:
-  selector:
-    matchLabels:
-      app: {{ include "common.name" . }}
-  replicas: {{ .Values.replicaCount }}
+  selector: {{- include "common.selectors" . | nindent 4 }}
   template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
+    metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
       {{ include "common.podSecurityContext" . | indent 6 | trim}}
-      hostname: {{ .Values.global.dmaapDrProvName }}
-      initContainers:
-        - name: {{ include "common.name" . }}-readiness
-          securityContext:
-            runAsUser: 100
-            runAsGroup: 65533
-          image: {{ include "repositoryGenerator.image.readiness" . }}
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          command:
-          - /app/ready.py
-          args:
-          - --job-name
-          - {{ include "common.release" . }}-dmaap-dr-mariadb-init-config-job
-          env:
-          - name: NAMESPACE
-            valueFrom:
-              fieldRef:
-                apiVersion: v1
-                fieldPath: metadata.namespace
-        {{- if .Values.global.aafEnabled }}
-
-        {{ include "common.certInitializer.initContainer" . | nindent 8 }}
-
-        - name: {{ include "common.name" . }}-permission-fixer
-          securityContext:
-            runAsUser: 0
-          image: {{ include "repositoryGenerator.image.busybox" . }}
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
-          command: ["chown","-Rf","1000:1001", "/opt/app/"]
-
-        {{ end }}
+      initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
       containers:
         - name: {{ include "common.name" . }}
           image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          ports:
-          - containerPort: {{ .Values.config.dmaapDrProv.internalPort }}
+          ports: {{ include "common.containerPorts" . | nindent 12  }}
           {{- if eq .Values.liveness.enabled true }}
           livenessProbe:
-            tcpSocket:
-              port: {{ .Values.config.dmaapDrProv.internalPort }}
+            httpGet:
+              port: {{ .Values.liveness.port }}
+              path: /internal/prov
             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
             periodSeconds: {{ .Values.liveness.periodSeconds }}
           {{ end -}}
           readinessProbe:
-            tcpSocket:
-              port: {{ .Values.config.dmaapDrProv.internalPort }}
-            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
-            periodSeconds: {{ .Values.readiness.periodSeconds }}
+            httpGet:
+              port: {{ .Values.liveness.port }}
+              path: /internal/prov
+            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.liveness.periodSeconds }}
           env:
           - name: DB_USERNAME
             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-credentials" "key" "login") | indent 12 }}
           - name: DB_PASSWORD
             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-credentials" "key" "password") | indent 12 }}
-          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
-          - mountPath: /etc/localtime
-            name: localtime
-            readOnly: false
-          - mountPath: /opt/app/datartr/etc/provserver.properties
-            name: {{ include "common.fullname" . }}-config
-            subPath: provserver.properties
-          - mountPath: /opt/app/datartr/etc/logback.xml
-            name: {{ include "common.fullname" . }}-log-conf
-            subPath: logback.xml
-          - mountPath: {{ .Values.global.loggingDirectory }}
-            name: logs
+          volumeMounts:
+            - mountPath: /etc/localtime
+              name: localtime
+              readOnly: false
+            - mountPath: /opt/app/datartr/etc/provserver.properties
+              name: {{ include "common.fullname" . }}-config
+              subPath: provserver.properties
+            - mountPath: /opt/app/datartr/etc/logback.xml
+              name: {{ include "common.fullname" . }}-log-conf
+              subPath: logback.xml
           resources:
 {{ include "common.resources" . }}
         {{- if .Values.nodeSelector }}
@@ -112,10 +67,8 @@
         affinity:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
-      # Filebeat sidecar container
-        {{ include "common.log.sidecar" . | nindent 8 }}
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
-      volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+      volumes:
       - name: localtime
         hostPath:
           path: /etc/localtime
@@ -128,8 +81,5 @@
       - name: {{ include "common.fullname" . }}-log-conf
         configMap:
           name: {{ include "common.fullname" . }}-log
-      {{ include "common.log.volumes" . | nindent 6 }}
-      - name: logs
-        emptyDir: {}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/ingress.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/ingress.yaml
index 8f87c68..f288af9 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/ingress.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/ingress.yaml
@@ -1 +1,21 @@
+{{/*
+  # ============LICENSE_START===================================================
+  #  Copyright (C) 2022 Nordix Foundation, Orange.
+  # ============================================================================
+  # Licensed under the Apache License, Version 2.0 (the "License");
+  # you may not use this file except in compliance with the License.
+  # You may obtain a copy of the License at
+  #
+  #      http://www.apache.org/licenses/LICENSE-2.0
+  #
+  # Unless required by applicable law or agreed to in writing, software
+  # distributed under the License is distributed on an "AS IS" BASIS,
+  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  # See the License for the specific language governing permissions and
+  # limitations under the License.
+  #
+  # SPDX-License-Identifier: Apache-2.0
+  # ============LICENSE_END=====================================================
+*/}}
+
 {{ include "common.ingress" . }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml
index 1a0143f..306b0f1 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml
@@ -14,51 +14,4 @@
 # limitations under the License.
 */}}
 
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ default "dmaap-dr-prov" .Values.global.dmaapDrProvName }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
-    msb.onap.org/service-info: '[
-      {
-          "serviceName": "{{ .Values.global.dmaapDrProvName }}",
-          "version": "v1",
-          "url": "/",
-          "protocol": "REST",
-          "port": "{{ .Values.global.dmaapDrProvExtPort2 }}",
-          "visualRange":"1"
-      }
-      ]'
-
-spec:
-  type: {{ .Values.config.dmaapDrProv.servicetype }}
-  ports:
-    {{- if eq .Values.config.dmaapDrProv.servicetype "NodePort" -}}
-    {{- if .Values.global.allow_http }}
-    - port: {{ .Values.global.dmaapDrProvExtPort }}
-      targetPort: {{ .Values.config.dmaapDrProv.internalPort }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.config.dmaapDrProv.nodePort }}
-      name: {{ .Values.config.dmaapDrProv.portName }}
-    {{- end}}
-    - port: {{ .Values.global.dmaapDrProvExtPort2 }}
-      targetPort: {{ .Values.config.dmaapDrProv.internalPort2 }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.config.dmaapDrProv.nodePort2 }}
-      name: {{ .Values.config.dmaapDrProv.portName }}2
-    {{- else -}}
-    - port: {{ .Values.global.dmaapDrProvExtPort }}
-      targetPort: {{ .Values.config.dmaapDrProv.internalPort }}
-      name: {{ .Values.config.dmaapDrProv.portName }}
-    - port: {{ .Values.global.dmaapDrProvExtPort2 }}
-      targetPort: {{ .Values.config.dmaapDrProv.internalPort2 }}
-      name: {{ .Values.config.dmaapDrProv.portName }}2
-    {{- end}}
-  selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
+{{ include "common.service" . }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
index 59b0765..6af498d 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
@@ -16,10 +16,6 @@
 # Global configuration defaults.
 #################################################################
 global:
-  nodePortPrefix: 302
-  loggingDirectory: /opt/app/datartr/logs
-  persistence: {}
-  centralizedLoggingEnabled: true
   mariadbGalera: &mariadbGalera
     #This flag allows DMAAP-DR to instantiate its own mariadb-galera cluster
     localCluster: false
@@ -42,14 +38,9 @@
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/dmaap/datarouter-prov:2.1.11
+image: onap/dmaap/datarouter-prov:2.1.12
 pullPolicy: Always
 
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration - see parent values chart
-
 # default number of instances
 replicaCount: 1
 
@@ -57,48 +48,46 @@
 
 affinity: {}
 
-# probe configuration parameters
-liveness:
-  initialDelaySeconds: 30
-  periodSeconds: 10
-  # necessary to disable liveness probe when setting breakpoints
-  # in debugger so K8s doesn't restart unresponsive container
-  enabled: true
+containerPort: &svc_port 8080
 
-readiness:
-  initialDelaySeconds: 30
-  periodSeconds: 10
-
-## Persist data to a persitent volume
-persistence:
-  enabled: true
-  volumeReclaimPolicy: Retain
-  accessMode: ReadWriteOnce
-  mountPath: /dockerdata-nfs
+service:
+  type: ClusterIP
+  name: dmaap-dr-prov
+  ports:
+    - name: &port http
+      port: *svc_port
 
 ingress:
   enabled: false
   service:
     - baseaddr: "dmaap-dr-prov-api"
       name: "dmaap-dr-prov"
-      port: 8443
-      plain_port: 8080
+      port: *svc_port
   config:
     ssl: "redirect"
 
-config:
-  # dr provisioning server configuration
-  dmaapDrProv:
-    servicetype: NodePort
-    internalPort: 8080
-    internalPort2: 8443
-    portName: dr-prov-port
-    portName2: dr-prov-port2
-    nodePort: 59
-    nodePort2: 69
-    # dr uses the EELF Logging framework https://github.com/att/EELF
-    # and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
-    logLevel: "INFO"
+readinessCheck:
+  wait_for:
+    jobs:
+      - '{{ include "common.release" . }}-dmaap-dr-mariadb-init-config-job'
+
+# dr uses the EELF Logging framework https://github.com/att/EELF
+# and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
+logLevel: "DEBUG"
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 60
+  periodSeconds: 10
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: true
+  port: *svc_port
+
+readiness:
+  initialDelaySeconds: 60
+  periodSeconds: 10
+  port: *svc_port
 
 # mariadb-galera configuration
 mariadb-galera:
@@ -124,30 +113,9 @@
     mysqlDatabase: *mysqlDbName
   nameOverride: dmaap-dr-mariadb-init
 
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
-  nameOverride: dmaap-dr-prov-cert-initializer
-  aafDeployFqi: deployer@people.osaaf.org
-  aafDeployPass: demo123456!
-# aafDeployCredsExternalSecret: some secret
-  fqdn: dmaap-dr-prov
-  fqi: dmaap-dr-prov@dmaap-dr.onap.org
-  publicFqdn: dmaap-dr.onap.org
-  cadiLatitude: 0.0
-  cadiLongitude: 0.0
-  app_ns: org.osaaf.aaf
-  credsPath: /opt/app/osaaf/local
-
-
 # Resource Limit flavor -By Default using small
 flavor: small
 
-securityContext:
-  user_id: 1000
-  group_id: 1000
-
 # Segregation for Different environment (Small and Large)
 resources:
   small:
@@ -166,12 +134,13 @@
       memory: 2Gi
   unlimited: {}
 
+#Pods Security Context
+securityContext:
+  user_id: 1000
+  group_id: 1000
+
 #Pods Service Account
 serviceAccount:
   nameOverride: dmaap-dr-prov
   roles:
     - read
-
-#Log configuration
-log:
-  path: /var/log/onap
diff --git a/kubernetes/dmaap/components/message-router/Chart.yaml b/kubernetes/dmaap/components/message-router/Chart.yaml
index ba7beaf..c221dff 100644
--- a/kubernetes/dmaap/components/message-router/Chart.yaml
+++ b/kubernetes/dmaap/components/message-router/Chart.yaml
@@ -27,9 +27,6 @@
     # a part of this chart's package and will not
     # be published independently to a repo (at this point)
     repository: '@local'
-  - name: certInitializer
-    version: ~12.x-0
-    repository: '@local'
   - name: repositoryGenerator
     version: ~12.x-0
     repository: '@local'
diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties b/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties
index a9b0a01..2dea84d 100755
--- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties
+++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties
@@ -30,7 +30,7 @@
 ##        if you want to change request.required.acks it can take this one value
 #kafka.request.required.acks=-1
 kafka.metadata.broker.list={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
-config.zk.servers=127.0.0.1:{{ .Values.global.zkTunnelService.internalPort }}
+config.zk.servers=127.0.0.1:{{ .Values.zkTunnelService.internalPort }}
 consumer.timeout.ms=100
 zookeeper.connection.timeout.ms=6000
 zookeeper.session.timeout.ms=20000
@@ -124,26 +124,10 @@
 #100mb
 maxcontentlength=10000
 
-
 ##############################################################################
-#AAF Properties
-msgRtr.namespace.aaf=org.onap.dmaap.mr.topic
-msgRtr.topicfactory.aaf=org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:
-enforced.topic.name.AAF=org.onap.dmaap.mr
+##AAF Properties
 forceAAF=false
 useCustomAcls=false
-transidUEBtopicreqd=false
-defaultNSforUEB=org.onap.dmaap.mr
-##############################################################################
-#Mirror Maker Agent
-
-msgRtr.mirrormakeradmin.aaf=org.onap.dmaap.mr.mirrormaker|*|admin
-msgRtr.mirrormakeruser.aaf=org.onap.dmaap.mr.mirrormaker|*|user
-msgRtr.mirrormakeruser.aaf.create=org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:
-msgRtr.mirrormaker.timeout=15000
-msgRtr.mirrormaker.topic=org.onap.dmaap.mr.mirrormakeragent
-msgRtr.mirrormaker.consumergroup=mmagentserver
-msgRtr.mirrormaker.consumerid=1
 
 kafka.max.poll.interval.ms=300000
 kafka.heartbeat.interval.ms=60000
diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/jmx-mrservice-prometheus.yml b/kubernetes/dmaap/components/message-router/resources/config/dmaap/jmx-mrservice-prometheus.yml
deleted file mode 100644
index 3ee9fc5..0000000
--- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/jmx-mrservice-prometheus.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.prometheus.jmx.targetPort }}/jmxrmi
-lowercaseOutputName: true
-lowercaseOutputLabelNames: true
-ssl: false
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/sys-props.properties b/kubernetes/dmaap/components/message-router/resources/config/dmaap/sys-props.properties
deleted file mode 100644
index cd88565..0000000
--- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/sys-props.properties
+++ /dev/null
@@ -1,165 +0,0 @@
-###############################################################################
-#  ============LICENSE_START=======================================================
-#  org.onap.dmaap
-#  ================================================================================
-#  Copyright (c) 2017-201 AT&T Intellectual Property. All rights reserved.
-#  Copyright (c) 2021 Orange Intellectual Property. All rights reserved.
-#  ================================================================================
-#  Licensed under the Apache License, Version 2.0 (the "License");
-#  you may not use this file except in compliance with the License.
-#  You may obtain a copy of the License at
-#        http://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
-#  ============LICENSE_END=========================================================
-#
-#  ECOMP is a trademark and service mark of AT&T Intellectual Property.
-#
-###############################################################################
-#This file is used for defining AJSC system properties for different configuration schemes and is necessary for the AJSC to run properly.
-#The sys-props.properties file is used for running locally. The template.sys-props.properties file will be used when deployed
-#to a SOA/CSI Cloud node. For more information,
-
-#AJSC System Properties. The following properties are required for ALL AJSC services. If you are adding System Properties for your
-#particular service, please add them AFTER all AJSC related System Properties.
-
-#For Cadi Authorization, use value="authentication-scheme-1
-CadiAuthN=authentication-scheme-1
-
-#For Basic Authorization, use value="authentication-scheme-1
-authN=authentication-scheme-2
-
-#Persistence used for AJSC meta-data storage. For most environments, "file" should be used.
-ajscPersistence=file
-
-# If using hawtio for local development, these properties will allow for faster server startup and usage for local development
-hawtio.authenticationEnabled=false
-hawtio.config.pullOnStartup=false
-
-#Removes the extraneous restlet console output
-org.restlet.engine.loggerFacadeClass=org.restlet.ext.slf4j.Slf4jLoggerFacade
-
-#server.host property to be enabled for local DME2 related testing
-#server.host=<Your network IP address>
-
-#Enable/disable SSL (values=true/false). This property also determines which protocol to use (https if true, http otherwise), to register services into GRM through DME2.
-enableSSL=false
-
-#Enable/disable csi logging (values=true/false). This can be disabled during local development
-csiEnable=false
-
-#Enable/disable CAET This can be disabled during local development
-isCAETEnable=true
-
-#Enable/disable EJB Container
-ENABLE_EJB=false
-
-#Enable/disable OSGI
-isOSGIEnable=false
-
-#Configure JMS Queue (WMQ/TIBCO)
-JMS_BROKER=WMQ
-
-#Generate/Skip api docs
-isApiDoc=false
-
-
-#WMQ connectivity
-JMS_WMQ_PROVIDER_URL=aftdsc://AFTUAT/34.07/-84.28
-JMS_WMQ_CONNECTION_FACTORY_NAME=aftdsc://AFTUAT/?service=CSILOG,version=1.0,bindingType=fusionBus,envContext=Q,Q30A=YES
-JMS_WMQ_INITIAL_CONNECTION_FACTORY_NAME=com.att.aft.jms.FusionCtxFactory
-JMS_WMQ_AUDIT_DESTINATION_NAME=queue:///CSILOGQL.M2E.DASHBOARD01.NOT.Q30A
-JMS_WMQ_PERF_DESTINATION_NAME=queue:///CSILOGQL.M2E.PERFORMANCE01.NOT.Q30A
-
-#CSI related variables for CSM framework
-csm.hostname=d1a-m2e-q112m2e1.edc.cingular.net
-
-#Enable/disable endpoint level logging (values=true/false). This can be disabled during local development
-endpointLogging=false
-
-#Enable/disable trail logging and trail logging summary
-enableTrailLogging=false
-enableTrailLoggingSummary=false
-
-#SOA_CLOUD_ENV is used to register your service with dme2 and can be turned off for local development (values=true/false).
-SOA_CLOUD_ENV=false
-
-#CONTINUE_ON_LISTENER_EXCEPTION will exit the application if there is a DME2 exception at the time of registration.
-CONTINUE_ON_LISTENER_EXCEPTION=false
-
-#Jetty Container ThreadCount Configuration Variables
-AJSC_JETTY_ThreadCount_MIN=1
-AJSC_JETTY_ThreadCount_MAX=200
-AJSC_JETTY_IDLETIME_MAX=3000
-
-#Camel Context level default threadPool Profile configuration
-CAMEL_POOL_SIZE=10
-CAMEL_MAX_POOL_SIZE=20
-CAMEL_KEEP_ALIVE_TIME=60
-CAMEL_MAX_QUEUE_SIZE=1000
-
-#File Monitor configurations
-ssf_filemonitor_polling_interval=5
-ssf_filemonitor_threadpool_size=10
-
-#GRM/DME2 System Properties
-AFT_DME2_CONN_IDLE_TIMEOUTMS=5000
-AJSC_ENV=SOACLOUD
-
-SOACLOUD_NAMESPACE=org.onap.dmaap.dev
-SOACLOUD_ENV_CONTEXT=TEST
-SOACLOUD_PROTOCOL=http
-SOACLOUD_ROUTE_OFFER=DEFAULT
-
-AFT_LATITUDE=23.4
-AFT_LONGITUDE=33.6
-AFT_ENVIRONMENT=AFTUAT
-
-#Restlet Component Default Properties
-RESTLET_COMPONENT_CONTROLLER_DAEMON=true
-RESTLET_COMPONENT_CONTROLLER_SLEEP_TIME_MS=100
-RESTLET_COMPONENT_INBOUND_BUFFER_SIZE=8192
-RESTLET_COMPONENT_MIN_THREADS=1
-RESTLET_COMPONENT_MAX_THREADS=10
-RESTLET_COMPONENT_LOW_THREADS=8
-RESTLET_COMPONENT_MAX_QUEUED=0
-RESTLET_COMPONENT_MAX_CONNECTIONS_PER_HOST=-1
-RESTLET_COMPONENT_MAX_TOTAL_CONNECTIONS=-1
-RESTLET_COMPONENT_OUTBOUND_BUFFER_SIZE=8192
-RESTLET_COMPONENT_PERSISTING_CONNECTIONS=true
-RESTLET_COMPONENT_PIPELINING_CONNECTIONS=false
-RESTLET_COMPONENT_THREAD_MAX_IDLE_TIME_MS=60000
-RESTLET_COMPONENT_USE_FORWARDED_HEADER=false
-RESTLET_COMPONENT_REUSE_ADDRESS=true
-
-#Externalized jar and properties file location. In CSI environments, there are a few libs that have been externalized to aid
-#in CSTEM maintenance of the versions of these libs. The most important to the AJSC is the DME2 lib. Not only is this lib necessary
-#for proper registration of your AJSC service on a node, but it is also necessary for running locally as well. Another framework
-#used in CSI envs is the CSM framework. These 2 framework libs are shown as "provided" dependencies within the pom.xml. These
-#dependencies will be copied into the target/commonLibs folder with the normal "mvn clean package" goal of the AJSC. They will
-#then be added to the classpath via AJSC_EXTERNAL_LIB_FOLDERS system property. Any files (mainly property files) that need
-#to be on the classpath should be added to the AJSC_EXTERNAL_PROPERTIES_FOLDERS system property. The default scenario when
-#testing your AJSC service locally will utilize the target/commonLibs directory for DME2 and CSM related artifacts and 2
-#default csm properties files will be used for local testing with anything CSM knorelated.
-#NOTE: we are using maven-replacer-plugin to replace "(doubleUnderscore)basedir(doubleUnderscore)" with ${basedir} within the
-#target directory for running locally. Multiple folder locations can be separated by the pipe ("|") character.
-#Please, NOTE: for running locally, we are setting this system property in the antBuild/build.xml "runLocal" target and in the
-#"runAjsc" profile within the pom.xml. This is to most effectively use maven variables (${basedir}, most specifically. Therefore,
-#when running locally, the following 2 properties should be set within the profile(s) themselves.
-#Example: target/commonLibs|target/otherLibs
-#AJSC_EXTERNAL_LIB_FOLDERS=__basedir__/target/commonLibs
-#AJSC_EXTERNAL_PROPERTIES_FOLDERS=__basedir__/ajsc-shared-config/etc
-#End of AJSC System Properties
-
-#Service System Properties. Please, place any Service related System Properties below.
-
-#msgrtr content length and error message
-#100mb
-maxcontentlength=10000
-msg_size_exceeds=Message size exceeds the default size.
-forceAAF=false
-cadi_prop_files={{.Values.certInitializer.appMountPath}}/local/{{.Values.certInitializer.fqi_namespace}}.properties
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/message-router/resources/config/etc/ajsc-jetty.xml b/kubernetes/dmaap/components/message-router/resources/config/etc/ajsc-jetty.xml
deleted file mode 100644
index 49196e4..0000000
--- a/kubernetes/dmaap/components/message-router/resources/config/etc/ajsc-jetty.xml
+++ /dev/null
@@ -1,138 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- {{/*
-    ============LICENSE_START=======================================================
-    org.onap.dmaap
-    ================================================================================
-    Copyright © 2017-2021 AT&T Intellectual Property. All rights reserved.
-    Copyright © 2021 Orange Intellectual Property. All rights reserved.
-    ================================================================================
-    Licensed under the Apache License, Version 2.0 (the "License");
-    you may not use this file except in compliance with the License.
-    You may obtain a copy of the License at
-          http://www.apache.org/licenses/LICENSE-2.0
-    Unless required by applicable law or agreed to in writing, software
-    distributed under the License is distributed on an "AS IS" BASIS,
-    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-    See the License for the specific language governing permissions and
-    limitations under the License.
-    ============LICENSE_END=========================================================
-    ECOMP is a trademark and service mark of AT&T Intellectual Property.
-*/}}
--->
-
-<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
-<Configure id="ajsc-server" class="org.eclipse.jetty.server.Server">
-  <!-- DO NOT REMOVE!!!! This is setting up the AJSC Context -->
-  <New id="ajscContext" class="org.eclipse.jetty.webapp.WebAppContext">
-    <Set name="contextPath"><SystemProperty name="AJSC_CONTEXT_PATH" /></Set>
-    <Set name="extractWAR">true</Set>
-    <Set name="tempDirectory"><SystemProperty name="AJSC_TEMP_DIR" /></Set>
-    <Set name="war"><SystemProperty name="AJSC_WAR_PATH" /></Set>
-    <Set name="descriptor"><SystemProperty name="AJSC_HOME" />/etc/runner-web.xml</Set>
-    <Set name="overrideDescriptor"><SystemProperty name="AJSC_HOME" />/etc/ajsc-override-web.xml</Set>
-    <Set name="throwUnavailableOnStartupException">true</Set>
-    <Set name="extraClasspath"><SystemProperty name="AJSC_HOME" />/extJars/json-20131018.jar</Set>
-    <Set name="servletHandler">
-      <New class="org.eclipse.jetty.servlet.ServletHandler">
-        <Set name="startWithUnavailable">false</Set>
-      </New>
-    </Set>
-  </New>
-
-  <Set name="handler">
-    <New id="Contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection">
-      <Set name="Handlers">
-        <Array type="org.eclipse.jetty.webapp.WebAppContext">
-          <Item>
-            <Ref refid="ajscContext" />
-          </Item>
-        </Array>
-      </Set>
-    </New>
-  </Set>
-
-  <Call name="addBean">
-    <Arg>
-      <New id="DeploymentManager" class="org.eclipse.jetty.deploy.DeploymentManager">
-        <Set name="contexts">
-          <Ref refid="Contexts" />
-        </Set>
-        <Call id="extAppHotDeployProvider" name="addAppProvider">
-          <Arg>
-            <New class="org.eclipse.jetty.deploy.providers.WebAppProvider">
-              <Set name="monitoredDirName"><SystemProperty name="AJSC_HOME" />/extApps</Set>
-              <Set name="scanInterval">10</Set>
-              <Set name="extractWars">true</Set>
-            </New>
-          </Arg>
-        </Call>
-      </New>
-    </Arg>
-  </Call>
-
-  <Call name="addConnector">
-    <Arg>
-      <New class="org.eclipse.jetty.server.ServerConnector">
-        <Arg name="server">
-          <Ref refid="ajsc-server" />
-        </Arg>
-        <Set name="port"><SystemProperty name="AJSC_HTTP_PORT" default="8080" /></Set>
-      </New>
-    </Arg>
-  </Call>
-
-
-  <!-- SSL Keystore configuration -->
-
-  <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
-    <Set name="KeyStorePath">{{.Values.certInitializer.appMountPath}}/local/{{.Values.certInitializer.fqi_namespace}}.jks</Set>
-    <Set name="KeyStorePassword">${KEYSTORE_PASSWORD}</Set>
-    <Set name="KeyManagerPassword">${KEYSTORE_PASSWORD}</Set>
-    <Set name="WantClientAuth">true</Set>
-  </New>
-  <Call id="sslConnector" name="addConnector">
-    <Arg>
-      <New class="org.eclipse.jetty.server.ServerConnector">
-        <Arg name="server">
-          <Ref refid="ajsc-server" />
-        </Arg>
-        <Arg name="factories">
-          <Array type="org.eclipse.jetty.server.ConnectionFactory">
-            <Item>
-              <New class="org.eclipse.jetty.server.SslConnectionFactory">
-                <Arg name="next">http/1.1</Arg>
-                <Arg name="sslContextFactory">
-                  <Ref refid="sslContextFactory" />
-                </Arg>
-              </New>
-            </Item>
-            <Item>
-              <New class="org.eclipse.jetty.server.HttpConnectionFactory">
-                <Arg name="config">
-                  <New class="org.eclipse.jetty.server.HttpConfiguration">
-                    <Call name="addCustomizer">
-                      <Arg>
-                        <New class="org.eclipse.jetty.server.SecureRequestCustomizer" />
-                      </Arg>
-                    </Call>
-                  </New>
-                </Arg>
-              </New>
-            </Item>
-          </Array>
-        </Arg>
-        <Set name="port"><SystemProperty name="AJSC_HTTPS_PORT" default="0" /></Set>
-        <Set name="idleTimeout">30000</Set>
-      </New>
-    </Arg>
-  </Call>
-
-
-  <Get name="ThreadPool">
-    <Set name="minThreads"><SystemProperty name="AJSC_JETTY_ThreadCount_MIN" /></Set>
-    <Set name="maxThreads"><SystemProperty name="AJSC_JETTY_ThreadCount_MAX" /></Set>
-    <Set name="idleTimeout"><SystemProperty name="AJSC_JETTY_IDLETIME_MAX" /></Set>
-    <Set name="detailedDump">false</Set>
-  </Get>
-
-</Configure>
diff --git a/kubernetes/dmaap/components/message-router/resources/config/etc/cadi.properties b/kubernetes/dmaap/components/message-router/resources/config/etc/cadi.properties
deleted file mode 100644
index 596a316..0000000
--- a/kubernetes/dmaap/components/message-router/resources/config/etc/cadi.properties
+++ /dev/null
@@ -1,19 +0,0 @@
-aaf_locate_url=https://aaf-locate.onap:8095
-aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
-aaf_env=DEV
-aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm
-
-cadi_truststore={{ .Values.certInitializer.appMountPath }}/local/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-cadi_truststore_password=${TRUSTSTORE_PASSWORD}
-
-cadi_keyfile={{ .Values.certInitializer.appMountPath }}/local/{{ .Values.certInitializer.fqi_namespace }}.keyfile
-
-cadi_alias={{ .Values.certInitializer.fqi }}
-cadi_keystore={{ .Values.certInitializer.appMountPath }}/local/{{ .Values.certInitializer.fqi_namespace }}.p12
-cadi_keystore_password=${KEYSTORE_PASSWORD_P12}
-cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
-
-cadi_loglevel=INFO
-cadi_protocols=TLSv1.1,TLSv1.2
-cadi_latitude=37.78187
-cadi_longitude=-122.26147
diff --git a/kubernetes/dmaap/components/message-router/resources/config/etc/runner-web.xml b/kubernetes/dmaap/components/message-router/resources/config/etc/runner-web.xml
deleted file mode 100644
index 116c524..0000000
--- a/kubernetes/dmaap/components/message-router/resources/config/etc/runner-web.xml
+++ /dev/null
@@ -1,108 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<!--{{/*
-    ============LICENSE_START=======================================================
-    org.onap.dmaap
-    ================================================================================
-    Copyright c 2017 AT&T Intellectual Property. All rights reserved.
-    Copyright c 2021 Orange Intellectual Property. All rights reserved.
-    ================================================================================
-    Licensed under the Apache License, Version 2.0 (the "License");
-    you may not use this file except in compliance with the License.
-    You may obtain a copy of the License at
-          http://www.apache.org/licenses/LICENSE-2.0
-
-    Unless required by applicable law or agreed to in writing, software
-    distributed under the License is distributed on an "AS IS" BASIS,
-    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-    See the License for the specific language governing permissions and
-    limitations under the License.
-    ============LICENSE_END=========================================================
-
-    ECOMP is a trademark and service mark of AT&T Intellectual Property.*/}}
--->
-<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" metadata-complete="false" version="3.0">
-
-  <context-param>
-    <param-name>contextConfigLocation</param-name>
-    <param-value>/WEB-INF/spring-servlet.xml,
-          classpath:applicationContext.xml
-</param-value>
-  </context-param>
-
-  <context-param>
-    <param-name>spring.profiles.default</param-name>
-    <param-value>nooauth</param-value>
-  </context-param>
-
-  <listener>
-    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
-  </listener>
-
-  <servlet>
-    <servlet-name>ManagementServlet</servlet-name>
-    <servlet-class>ajsc.ManagementServlet</servlet-class>
-  </servlet>
-
-  <filter>
-    <filter-name>WriteableRequestFilter</filter-name>
-    <filter-class>com.att.ajsc.csi.writeablerequestfilter.WriteableRequestFilter</filter-class>
-  </filter>
-
-  <filter>
-    <filter-name>InterceptorFilter</filter-name>
-    <filter-class>ajsc.filters.InterceptorFilter</filter-class>
-    <init-param>
-      <param-name>preProcessor_interceptor_config_file</param-name>
-      <param-value>/etc/PreProcessorInterceptors.properties</param-value>
-    </init-param>
-    <init-param>
-      <param-name>postProcessor_interceptor_config_file</param-name>
-      <param-value>/etc/PostProcessorInterceptors.properties</param-value>
-    </init-param>
-
-  </filter>
-
-  <!-- Content length filter for Msgrtr -->
-  <filter>
-    <display-name>DMaaPAuthFilter</display-name>
-    <filter-name>DMaaPAuthFilter</filter-name>
-    <filter-class>org.onap.dmaap.util.DMaaPAuthFilter</filter-class>
-    <init-param>
-      <param-name>cadi_prop_files</param-name>
-      <param-value>{{.Values.certInitializer.appMountPath}}/local/cadi.properties</param-value>
-    </init-param>
-  </filter>
-
-  <!-- End Content length filter for Msgrtr -->
-  <servlet>
-    <servlet-name>RestletServlet</servlet-name>
-    <servlet-class>ajsc.restlet.RestletSpringServlet</servlet-class>
-    <init-param>
-      <param-name>org.restlet.component</param-name>
-      <param-value>restletComponent</param-value>
-    </init-param>
-  </servlet>
-
-  <servlet>
-    <servlet-name>CamelServlet</servlet-name>
-    <servlet-class>ajsc.servlet.AjscCamelServlet</servlet-class>
-  </servlet>
-
-
-  <filter>
-    <filter-name>springSecurityFilterChain</filter-name>
-    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
-  </filter>
-
-  <servlet>
-    <servlet-name>spring</servlet-name>
-    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
-    <load-on-startup>1</load-on-startup>
-  </servlet>
-
-  <servlet-mapping>
-    <servlet-name>spring</servlet-name>
-    <url-pattern>/</url-pattern>
-  </servlet-mapping>
-
-</web-app>
diff --git a/kubernetes/dmaap/components/message-router/templates/NOTES.txt b/kubernetes/dmaap/components/message-router/templates/NOTES.txt
deleted file mode 100644
index a44d0f7..0000000
--- a/kubernetes/dmaap/components/message-router/templates/NOTES.txt
+++ /dev/null
@@ -1,34 +0,0 @@
-# Copyright © 2018  AT&T Intellectual Property.  All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/dmaap/components/message-router/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/templates/configmap.yaml
index c999b79..3f786ad 100644
--- a/kubernetes/dmaap/components/message-router/templates/configmap.yaml
+++ b/kubernetes/dmaap/components/message-router/templates/configmap.yaml
@@ -40,45 +40,4 @@
     heritage: {{ .Release.Service }}
 data:
 {{ tpl (.Files.Glob "resources/config/dmaap/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-etc
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/etc/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-sys-props
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/dmaap/sys-props.properties").AsConfig . | indent 2 }}
----
-{{- if  .Values.prometheus.jmx.enabled }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-prometheus-configmap
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/dmaap/jmx-mrservice-prometheus.yml").AsConfig . | indent 2 }}
----
-{{ end }}
+
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml b/kubernetes/dmaap/components/message-router/templates/ingress.yaml
similarity index 77%
rename from kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml
rename to kubernetes/dmaap/components/message-router/templates/ingress.yaml
index 9a3f011..a90bf83 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml
+++ b/kubernetes/dmaap/components/message-router/templates/ingress.yaml
@@ -1,5 +1,6 @@
 {{/*
-# Copyright © 2020 Orange
+# Copyright © 2018  AT&T Intellectual Property.  All rights reserved.
+# Modifications Copyright © 2018 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,4 +15,4 @@
 # limitations under the License.
 */}}
 
-{{ include "common.secretFast" . }}
+{{ include "common.ingress" . }}
diff --git a/kubernetes/dmaap/components/message-router/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/templates/secrets.yaml
deleted file mode 100644
index 50dda8a..0000000
--- a/kubernetes/dmaap/components/message-router/templates/secrets.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-# Modifications Copyright © 2021-2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-secret
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-data:
-{{ (.Files.Glob "resources/config/dmaap/mykey").AsSecrets | indent 2 }}
-type: Opaque
----
-{{ include "common.secretFast" . }}
diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
index 904c160..bb42561 100644
--- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
@@ -22,103 +22,14 @@
 spec:
   selector: {{- include "common.selectors" . | nindent 4 }}
   serviceName: {{ include "common.servicename" . }}
-  replicas: {{ .Values.replicaCount }}
+  replicas: 1
   template:
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
-      initContainers:
-      {{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
-      {{- if  .Values.global.aafEnabled }}
-      - name: {{ include "common.name" . }}-update-config
-        command:
-        - sh
-        args:
-        - -c
-        - |
-          export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0);
-          cd /config-input  && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done
-        volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
-        - mountPath: /config
-          name: jetty
-        - mountPath: /config-input
-          name: etc
-        image: {{ include "repositoryGenerator.image.envsubst" . }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-      {{- end }}
       containers:
-      {{- if .Values.prometheus.jmx.enabled }}
-        - name: prometheus-jmx-exporter
-          image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          command:
-          - java
-          - -XX:+UnlockExperimentalVMOptions
-          - -XX:+UseCGroupMemoryLimitForHeap
-          - -XX:MaxRAMFraction=1
-          - -XshowSettings:vm
-          - -jar
-          - jmx_prometheus_httpserver.jar
-          - {{ .Values.prometheus.jmx.port | quote }}
-          - /etc/jmx-kafka/jmx-mrservice-prometheus.yml
-          ports:
-          - containerPort: {{ .Values.prometheus.jmx.port }}
-          resources:
-          volumeMounts:
-          - name: jmx-config
-            mountPath: /etc/jmx-kafka
-      {{- end }}
-        - name: srimzi-zk-entrance
-          image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.zookeeper.entrance.image }}
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          command:
-            - /opt/stunnel/stunnel_run.sh
-          ports:
-            - containerPort: {{ .Values.global.zkTunnelService.internalPort }}
-              name: zoo
-              protocol: TCP
-          env:
-            - name: LOG_LEVEL
-              value: debug
-            - name: STRIMZI_ZOOKEEPER_CONNECT
-              value: '{{ include "common.release" . }}-strimzi-zookeeper-client:{{ .Values.global.zkTunnelService.internalPort }}'
-          livenessProbe:
-            exec:
-              command:
-                - /opt/stunnel/stunnel_healthcheck.sh
-                - '{{ .Values.global.zkTunnelService.internalPort }}'
-            failureThreshold: 3
-            initialDelaySeconds: 15
-            periodSeconds: 10
-            successThreshold: 1
-            timeoutSeconds: 5
-          readinessProbe:
-            exec:
-              command:
-                - /opt/stunnel/stunnel_healthcheck.sh
-                - '{{ .Values.global.zkTunnelService.internalPort }}'
-            failureThreshold: 3
-            initialDelaySeconds: 15
-            periodSeconds: 10
-            successThreshold: 1
-            timeoutSeconds: 5
-          volumeMounts:
-            - mountPath: /etc/cluster-operator-certs/
-              name: cluster-operator-certs
-            - mountPath: /etc/cluster-ca-certs/
-              name: cluster-ca-certs
         - name: {{ include "common.name" . }}
           image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          {{- if  .Values.global.aafEnabled }}
-          command:
-          - sh
-          args:
-          - -c
-          - |
-            cp /jetty-config/ajsc-jetty.xml /appl/dmaapMR1/etc/
-            cp /jetty-config/cadi.properties {{ .Values.certInitializer.appMountPath }}/local/cadi.properties
-            /bin/sh /appl/startup.sh
-          {{- end }}
           ports: {{ include "common.containerPorts" . | nindent 10  }}
           {{- if eq .Values.liveness.enabled true }}
           livenessProbe:
@@ -148,58 +59,78 @@
             failureThreshold: {{ .Values.startup.failureThreshold }}
           env:
           - name: JAASLOGIN
-            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "mr-kafka-admin-secret" "key" "sasl.jaas.config") | indent 12 }}
+            valueFrom:
+              secretKeyRef:
+                name: strimzi-kafka-admin
+                key: sasl.jaas.config
           - name: SASLMECH
             value: scram-sha-512
           - name: enableCadi
-            value: "{{ .Values.global.aafEnabled }}"
+            value: "true"
           - name: useZkTopicStore
             value: "false"
-          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
-          - mountPath: /etc/localtime
-            name: localtime
-            readOnly: true
-          - mountPath: /appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties
-            subPath: MsgRtrApi.properties
-            name: appprops
-          - mountPath: /appl/dmaapMR1/bundleconfig/etc/logback.xml
-            subPath: logback.xml
-            name: logback
-          {{- if  .Values.global.aafEnabled }}
-          - mountPath: /appl/dmaapMR1/etc/runner-web.xml
-            subPath: runner-web.xml
-            name: etc
-          - mountPath: /appl/dmaapMR1/bundleconfig/etc/sysprops/sys-props.properties
-            subPath: sys-props.properties
-            name: sys-props
-          - mountPath: /jetty-config
-            name: jetty
-          {{- end }}
-          resources: {{ include "common.resources" . | nindent 12 }}
+          volumeMounts:
+            - mountPath: /etc/localtime
+              name: localtime
+              readOnly: true
+            - mountPath: /appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties
+              subPath: MsgRtrApi.properties
+              name: appprops
+            - mountPath: /appl/dmaapMR1/bundleconfig/etc/logback.xml
+              subPath: logback.xml
+              name: logback
+          resources:
+{{ include "common.resources" . }}
+        - name: {{ .Values.zkTunnelService.name }}
+          image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.zkTunnelService.image }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          command:
+            - /opt/stunnel/stunnel_run.sh
+          ports:
+            - containerPort: {{ .Values.zkTunnelService.internalPort }}
+              name: {{ .Values.zkTunnelService.portName }}
+              protocol: {{ .Values.zkTunnelService.protocol }}
+          env:
+            - name: LOG_LEVEL
+              value: {{ .Values.zkTunnelService.logLevel }}
+            - name: STRIMZI_ZOOKEEPER_CONNECT
+              value: '{{ include "common.release" . }}-strimzi-zookeeper-client:{{ .Values.zkTunnelService.internalPort }}'
+          livenessProbe:
+            exec:
+              command:
+                - /opt/stunnel/stunnel_healthcheck.sh
+                - '{{ .Values.zkTunnelService.internalPort }}'
+            failureThreshold: 3
+            initialDelaySeconds: 15
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            exec:
+              command:
+                - /opt/stunnel/stunnel_healthcheck.sh
+                - '{{ .Values.zkTunnelService.internalPort }}'
+            failureThreshold: 3
+            initialDelaySeconds: 15
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          volumeMounts:
+            - mountPath: /etc/cluster-operator-certs/
+              name: cluster-operator-certs
+            - mountPath: /etc/cluster-ca-certs/
+              name: cluster-ca-certs
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
-      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+      volumes:
         - name: localtime
           hostPath:
             path: /etc/localtime
         - name: appprops
           configMap:
             name: {{ include "common.fullname" . }}-msgrtrapi-prop-configmap
-        - name: etc
-          configMap:
-            name: {{ include "common.fullname" . }}-etc
         - name: logback
           configMap:
             name: {{ include "common.fullname" . }}-logback-xml-configmap
-        {{- if .Values.prometheus.jmx.enabled }}
-        - name: jmx-config
-          configMap:
-            name: {{ include "common.fullname" . }}-prometheus-configmap
-        {{- end }}
-        - name: sys-props
-          configMap:
-            name: {{ include "common.fullname" . }}-sys-props
-        - name: jetty
-          emptyDir: {}
         - name: cluster-operator-certs
           secret:
             defaultMode: 288
@@ -226,7 +157,7 @@
         matchLabels:
           app.kubernetes.io/name: {{ include "common.name" . }}
     ports:
-    - port: {{ .Values.global.zkTunnelService.internalPort }}
-      protocol: TCP
+    - port: {{ .Values.zkTunnelService.internalPort }}
+      protocol: {{ .Values.zkTunnelService.protocol }}
   policyTypes:
   - Ingress
diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml
index 80460ba..c68a91c 100644
--- a/kubernetes/dmaap/components/message-router/values.yaml
+++ b/kubernetes/dmaap/components/message-router/values.yaml
@@ -18,52 +18,7 @@
 # Global configuration defaults.
 #################################################################
 global:
-  nodePortPrefix: 302
-  zkTunnelService:
-    type: ClusterIP
-    name: zk-tunnel-svc
-    portName: tcp-zk-tunnel
-    internalPort: 2181
-
-zookeeper:
-  entrance:
-    image: scholzj/zoo-entrance:latest
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
-  nameOverride: dmaap-mr-cert-initializer
-  aafDeployFqi: deployer@people.osaaf.org
-  aafDeployPass: demo123456!
-  # aafDeployCredsExternalSecret: some secret
-  fqdn: dmaap-mr
-  fqi: dmaapmr@mr.dmaap.onap.org
-  public_fqdn: mr.dmaap.onap.org
-  cadi_longitude: "-122.26147"
-  cadi_latitude: "37.78187"
-  app_ns: org.osaaf.aaf
-  credsPath: /opt/app/osaaf/local
-  appMountPath: /appl/dmaapMR1/bundleconfig/etc/sysprops
-  fqi_namespace: org.onap.dmaap.mr
-  aaf_add_config: |
-    cd {{ .Values.credsPath }}
-    echo "*** change jks password into shell safe one"
-    export KEYSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
-    keytool -storepasswd -new "${KEYSTORE_PASSWD}" \
-      -storepass "${cadi_keystore_password_jks}" \
-      -keystore {{ .Values.fqi_namespace }}.jks
-    echo "*** set key password as same password as jks keystore password"
-      keytool -keypasswd -new "${KEYSTORE_PASSWD}" \
-        -keystore {{ .Values.fqi_namespace }}.jks \
-        -keypass "${cadi_keystore_password_jks}" \
-        -storepass "${KEYSTORE_PASSWD}" -alias {{ .Values.fqi }}
-    echo "*** store the passwords"
-    echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWD}" > mycreds.prop
-    echo "KEYSTORE_PASSWORD_P12=${cadi_keystore_password_p12}" >> mycreds.prop
-    echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> mycreds.prop
-    echo "*** give ownership of files to the user"
-    chown -R 1000 .
+  persistence: {}
 
 #################################################################
 # Application configuration defaults.
@@ -72,29 +27,39 @@
 image: onap/dmaap/dmaap-mr:1.4.3
 pullPolicy: Always
 
-secrets:
-  - uid: mr-kafka-admin-secret
-    externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
-    type: genericKV
-    envs:
-      - name: sasl.jaas.config
-        value: '{{ .Values.config.someConfig }}'
-        policy: generate
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
-  someConfig: blah
-
-# default number of instances
-replicaCount: 1
+#Strimzi zookeeper_tunnel config
+zkTunnelService:
+    type: ClusterIP
+    name: zk-tunnel-svc
+    portName: tcp-zk-tunnel
+    protocol: TCP
+    internalPort: 2181
+    logLevel: debug
+    image: scholzj/zoo-entrance:latest
 
 nodeSelector: {}
 
 affinity: {}
 
+containerPort: &svc_port 3904
+
+service:
+  type: ClusterIP
+  name: message-router
+  ports:
+    - name: api
+      port: *svc_port
+      port_protocol: http
+
+ingress:
+  enabled: false
+  service:
+    - baseaddr: "dmaap-mr-api"
+      name: "message-router"
+      port: *svc_port
+  config:
+    ssl: "redirect"
+
 # probe configuration parameters
 liveness:
   initialDelaySeconds: 10
@@ -104,7 +69,7 @@
   failureThreshold: 3
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
-  port: api
+  port: *svc_port
   enabled: true
 
 readiness:
@@ -113,7 +78,7 @@
   timeoutSeconds: 1
   successThreshold: 1
   failureThreshold: 3
-  port: api
+  port: *svc_port
 
 startup:
   initialDelaySeconds: 10
@@ -121,43 +86,7 @@
   timeoutSeconds: 1
   successThreshold: 1
   failureThreshold: 70
-  port: api
-
-service:
-  type: NodePort
-  name: message-router
-  both_tls_and_plain: true
-  msb:
-    - port: 3904
-      url: "/"
-      version: "v1"
-      protocol: "REST"
-      visualRange: "1"
-  ports:
-    - name: api
-      port: 3905
-      plain_port: 3904
-      port_protocol: http
-      nodePort: 26
-
-prometheus:
-  jmx:
-    enabled: false
-    image: solsson/kafka-prometheus-jmx-exporter@sha256
-    imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143
-    port: 5556
-    targetPort: 5555
-
-ingress:
-  enabled: false
-  service:
-    - baseaddr: "dmaap-mr-api"
-      name: "message-router"
-      port: 3905
-      plain_port: 3904
-  config:
-    ssl: "redirect"
-
+  port: *svc_port
 
 # Resource Limit flavor -By Default using small
 flavor: small
diff --git a/kubernetes/dmaap/resources/config/log/filebeat/filebeat.yml b/kubernetes/dmaap/resources/config/log/filebeat/filebeat.yml
deleted file mode 100644
index 8540903..0000000
--- a/kubernetes/dmaap/resources/config/log/filebeat/filebeat.yml
+++ /dev/null
@@ -1,62 +0,0 @@
-{{/*
-# ============LICENSE_START=======================================================
-#  Copyright (C) 2019 The Nordix Foundation. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
-  #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
-  paths:
-    - /var/log/onap/*/*/*/*.log
-    - /var/log/onap/*/*/*.log
-    - /var/log/onap/*/*.log
-    - /opt/app/datartr/logs/*.log
-  #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
-  ignore_older: 48h
-  # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
-  clean_inactive: 96h
-
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
-  #List of logstash server ip addresses with port number.
-  #But, in our case, this will be the loadbalancer IP address.
-  #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
-  hosts: ["{{.Values.global.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.global.logstashPort}}"]
-  #If enable will do load balancing among available Logstash, automatically.
-  loadbalance: true
-
-  #The list of root certificates for server verifications.
-  #If certificate_authorities is empty or not set, the trusted
-  #certificate authorities of the host system are used.
-  #ssl.certificate_authorities: $ssl.certificate_authorities
-
-  #The path to the certificate for SSL client authentication. If the certificate is not specified,
-  #client authentication is not available.
-  #ssl.certificate: $ssl.certificate
-
-  #The client certificate key used for client authentication.
-  #ssl.key: $ssl.key
-
-  #The passphrase used to decrypt an encrypted key stored in the configured key file
-  #ssl.key_passphrase: $ssl.key_passphrase
\ No newline at end of file
diff --git a/kubernetes/dmaap/values.yaml b/kubernetes/dmaap/values.yaml
index 1cb537b..4536f2b 100644
--- a/kubernetes/dmaap/values.yaml
+++ b/kubernetes/dmaap/values.yaml
@@ -18,41 +18,19 @@
 # Global configuration defaults.
 #################################################################
 global:
-  nodePortPrefix: 302
-  nodePortPrefixExt: 304
-  clientImage: onap/dmaap/dbc-client:2.0.10
-
-#Global DMaaP app config
-  allow_http: false
-
-  #Logstash config
-  logstashServiceName: log-ls
-  logstashPort: 5044
-
-  #dmaap-dr-prov server configuration
-  dmaapDrProvName: dmaap-dr-prov
-  dmaapDrProvExtPort2: 443
-  dmaapDrProvExtPort: 80
-
-  #AAF global config overrides
-  aafEnabled: true
-
-  #Strimzi config
-  kafkaStrimziAdminUser: strimzi-kafka-admin
-
+  persistence: {}
 #Component overrides
 message-router:
   enabled: true
-  config:
-    jaasConfExternalSecret: '{{ .Values.global.kafkaStrimziAdminUser }}'
 dmaap-bc:
   enabled: true
+  usePostgres: true
+  postgres:
+    enabled: true
 dmaap-dr-node:
   enabled: true
 dmaap-dr-prov:
   enabled: true
-dmaap-strimzi:
-  enabled: true
 
 #Pods Service Account
 serviceAccount:
diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml
index 6a246a6..fb60be2 100644
--- a/kubernetes/nbi/templates/deployment.yaml
+++ b/kubernetes/nbi/templates/deployment.yaml
@@ -109,7 +109,7 @@
               value: {{ .Values.so_authorization }}
             {{- end }}
             - name: DMAAP_HOST
-              value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}://message-router.{{ include "common.namespace" . }}:{{ if (include "common.needTLS" .) }}3905{{ else }}3904{{ end }}"
+              value: "http://message-router.{{ include "common.namespace" . }}:3904"
             - name: LOGGING_LEVEL_ORG_ONAP_NBI
               value: {{ .Values.config.loglevel }}
             - name: MSB_ENABLED
diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml
index 6888604..00e7b2a 100644
--- a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml
@@ -22,6 +22,16 @@
     # enable all component's Ingress interfaces
     enable_all: true
     # All http requests via ingress will be redirected
+    virtualhost:
+      # Default Ingress base URL
+      # can be overwritten in component by setting ingress.baseurlOverride
+      baseurl: "simpledemo.onap.org"
+      # prefix for baseaddr
+      # can be overwritten in component by setting ingress.preaddrOverride
+      preaddr: ""
+      # postfix for baseaddr
+      # can be overwritten in component by setting ingress.postaddrOverride
+      postaddr: ""
     config:
       ssl: "redirect"
     # you can set an own Secret containing a certificate
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 15097ed..fe14c03 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -150,11 +150,23 @@
     enabled: false
     # enable all component's Ingress interfaces
     enable_all: false
-    # default Ingress base URL
-    # can be overwritten in component vy setting ingress.baseurlOverride
+
+    # default Ingress base URL and preAddr- and postAddr settings
+    # Ingress URLs result:
+    # <preaddr><component.ingress.service.baseaddr><postaddr>.<baseurl>
     virtualhost:
+      # Default Ingress base URL
+      # can be overwritten in component by setting ingress.baseurlOverride
       baseurl: "simpledemo.onap.org"
-    # All http requests via ingress will be redirected on Ingress controller
+      # prefix for baseaddr
+      # can be overwritten in component by setting ingress.preaddrOverride
+      preaddr: ""
+      # postfix for baseaddr
+      # can be overwritten in component by setting ingress.postaddrOverride
+      postaddr: ""
+
+    # All http (port 80) requests via ingress will be redirected
+    # to port 443 on Ingress controller
     # only valid for Istio Gateway (ServiceMesh enabled)
     config:
       ssl: "redirect"
diff --git a/kubernetes/oof/resources/config/conf/common_config.yaml b/kubernetes/oof/resources/config/conf/common_config.yaml
index d349676..5ee95c0 100644
--- a/kubernetes/oof/resources/config/conf/common_config.yaml
+++ b/kubernetes/oof/resources/config/conf/common_config.yaml
@@ -113,6 +113,17 @@
                 resources:
                     - nst
 
+    nsst_selection:
+        policy_fetch: by_scope
+        policy_scope:
+            -
+                scope:
+                    - OSDF_GUILIN
+                services:
+                    - nsst
+                resources:
+                    - nsst
+
     subnet_selection:
         policy_fetch: by_scope
         policy_scope:
diff --git a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
index 7614a8c..9136b6e 100755
--- a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
+++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
@@ -28,14 +28,14 @@
         "topicSources" : [{
             "topic" : "POLICY-PDP-PAP",
             "servers" : [ "message-router" ],
-            "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
+            "useHttps" : "false",
             "fetchTimeout": 15000,
             "topicCommInfrastructure" : "dmaap"
         }],
         "topicSinks" : [{
             "topic" : "POLICY-PDP-PAP",
             "servers" : [ "message-router" ],
-            "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
+            "useHttps" : "false",
             "topicCommInfrastructure" : "dmaap"
         }]
     }
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml
index 51d4b47..d26ad6c 100644
--- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml
@@ -59,13 +59,13 @@
             - ${topicServer:message-router}
           topicCommInfrastructure: dmaap
           fetchTimeout: 15000
-          useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+          useHttps: "false"
       topicSinks:
         - topic: POLICY-ACRUNTIME-PARTICIPANT
           servers:
             - ${topicServer:message-router}
           topicCommInfrastructure: dmaap
-          useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+          useHttps: "false"
 # If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
 #    clampAutomationCompositionTopics:
 #      topicSources:
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml
index bbe905b..a3b82e7 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml
@@ -62,14 +62,14 @@
             - ${topicServer:message-router}
           topicCommInfrastructure: dmaap
           fetchTimeout: 15000
-          useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+          useHttps: "false"
       topicSinks:
         -
           topic: POLICY-ACRUNTIME-PARTICIPANT
           servers:
             - ${topicServer:message-router}
           topicCommInfrastructure: dmaap
-          useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+          useHttps: "false"
 
 # If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
 #    clampAutomationCompositionTopics:
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml
index f24e0ff..3ea4ac2 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml
@@ -78,14 +78,14 @@
             - ${topicServer:message-router}
           topicCommInfrastructure: dmaap
           fetchTimeout: 15000
-          useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+          useHttps: "false"
       topicSinks:
         -
           topic: POLICY-ACRUNTIME-PARTICIPANT
           servers:
             - ${topicServer:message-router}
           topicCommInfrastructure: dmaap
-          useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+          useHttps: "false"
 
 # If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
 #    clampAutomationCompositionTopics:
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml
index 3d192f4..4a2bcf3 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml
@@ -85,7 +85,7 @@
         servers:
           - ${topicServer:message-router}
         topicCommInfrastructure: dmaap
-        useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+        useHttps: "false"
         fetchTimeout: 15000
     topicSinks:
       -
@@ -93,7 +93,7 @@
         servers:
           - ${topicServer:message-router}
         topicCommInfrastructure: dmaap
-        useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+        useHttps: "false"
 
 # If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
 #  topicParameterGroup:
diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
index 22168e8..a0b8bc7 100755
--- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
@@ -98,7 +98,7 @@
 # Open DMaaP
 
 DMAAP_SERVERS=message-router
-DMAAP_HTTPS={{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+DMAAP_HTTPS="false"
 
 # AAI
 
diff --git a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
index b68e8d6..fdcbf92 100644
--- a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
+++ b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
@@ -76,7 +76,7 @@
     - topic: POLICY-PDP-PAP
       servers:
       - message-router
-      useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+      useHttps: false
       fetchTimeout: 15000
       topicCommInfrastructure: dmaap
     - topic: POLICY-HEARTBEAT
@@ -84,19 +84,19 @@
       consumerGroup: policy-pap
       servers:
       - message-router
-      useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+      useHttps: false
       fetchTimeout: 15000
       topicCommInfrastructure: dmaap
     topicSinks:
     - topic: POLICY-PDP-PAP
       servers:
       - message-router
-      useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+      useHttps: false
       topicCommInfrastructure: dmaap
     - topic: POLICY-NOTIFICATION
       servers:
       - message-router
-      useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+      useHttps: false
       topicCommInfrastructure: dmaap
 # If Strimzi Kafka to be used for communication, replace following configuration for topicSources and topicSinks
 #          servers:
@@ -124,8 +124,8 @@
     basePath: healthcheck
   - clientName: dmaap
     hostname: message-router
-    port: {{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }}
-    useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+    port: 3904
+    useHttps: false
     basePath: topics
 
 management:
diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json
index 0f1744a..d049626 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json
+++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json
@@ -45,14 +45,14 @@
         "topicSources" : [{
             "topic" : "POLICY-PDP-PAP",
             "servers" : [ "message-router" ],
-            "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
+            "useHttps" : "false",
             "fetchTimeout" : 15000,
             "topicCommInfrastructure" : "dmaap"
         }],
         "topicSinks" : [{
             "topic" : "POLICY-PDP-PAP",
             "servers" : [ "message-router" ],
-            "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
+            "useHttps" : "false",
             "topicCommInfrastructure" : "dmaap"
         }]
     }
diff --git a/kubernetes/policy/resources/config/db.sh b/kubernetes/policy/resources/config/db.sh
index 866d422..36574bc 100755
--- a/kubernetes/policy/resources/config/db.sh
+++ b/kubernetes/policy/resources/config/db.sh
@@ -17,12 +17,12 @@
 # limitations under the License.
 */}}
 
-mysql() { /usr/bin/mysql  -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; };
+mysqlcmd() { mysql  -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; };
 
 for db in migration pooling policyadmin policyclamp operationshistory clampacm
 do
-    mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
-    mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
+    mysqlcmd -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
+    mysqlcmd -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
 done
 
 mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "FLUSH PRIVILEGES;"
diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml
index 0df2656..eb5968a 100755
--- a/kubernetes/policy/templates/job.yaml
+++ b/kubernetes/policy/templates/job.yaml
@@ -50,7 +50,7 @@
               fieldPath: metadata.namespace
       containers:
       - name: {{ include "common.name" . }}-galera-config
-        image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.mariadb.image }}
+        image: {{ include "repositoryGenerator.image.mariadb" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - mountPath: /dbcmd-config/db.sh
@@ -76,7 +76,7 @@
 {{ include "common.resources" . }}
       {{- if (include "common.onServiceMesh" .) }}
       - name: policy-service-mesh-wait-for-job-container
-        image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0
+        image: {{ include "repositoryGenerator.image.quitQuit" . }}
         imagePullPolicy: Always
         command:
         - /bin/sh
@@ -125,7 +125,7 @@
       initContainers: {{ if .Values.global.postgres.localCluster }}{{ include "common.readinessCheck.waitFor" . | nindent 6 }}{{ end }}
       containers:
       - name: {{ include "common.name" . }}-pg-config
-        image: {{ .Values.repository }}/{{ .Values.postgresImage }}
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.postgresImage }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
           - mountPath: /docker-entrypoint-initdb.d/db-pg.sh
@@ -153,7 +153,7 @@
 {{ include "common.resources" . }}
       {{- if (include "common.onServiceMesh" .) }}
       - name: policy-service-mesh-wait-for-job-container
-        image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0
+        image: {{ include "repositoryGenerator.image.quitQuit" . }}
         imagePullPolicy: Always
         command:
         - /bin/sh
@@ -246,7 +246,7 @@
 {{ include "common.resources" . }}
       {{- if (include "common.onServiceMesh" .) }}
       - name: policy-service-mesh-wait-for-job-container
-        image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0
+        image: {{ include "repositoryGenerator.image.quitQuit" . }}
         imagePullPolicy: Always
         command:
         - /bin/sh
@@ -341,7 +341,7 @@
 {{ include "common.resources" . }}
       {{- if (include "common.onServiceMesh" .) }}
       - name: policy-service-mesh-wait-for-job-container
-        image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0
+        image: {{ include "repositoryGenerator.image.quitQuit" . }}
         imagePullPolicy: Always
         command:
         - /bin/sh
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index c9e236a..1ee31c2 100755
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -168,12 +168,6 @@
 # DB configuration defaults.
 #################################################################
 
-repository: nexus3.onap.org:10001
-pullPolicy: Always
-
-mariadb:
-  image: mariadb:10.5.8
-
 dbmigrator:
   image: onap/policy-db-migrator:2.5.1
   schema: policyadmin
diff --git a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py
index 5accf38..c57685a 100644
--- a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py
+++ b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py
@@ -25,8 +25,6 @@
 GLOBAL_INJECTED_DCAE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-healthcheck") }}'
 GLOBAL_INJECTED_DCAE_MS_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-ms-healthcheck") }}'
 GLOBAL_INJECTED_DCAE_VES_HOST = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-ves-collector") }}'
-GLOBAL_INJECTED_DMAAP_DR_PROV_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-prov") }}'
-GLOBAL_INJECTED_DMAAP_DR_NODE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-node") }}'
 GLOBAL_INJECTED_DNS_IP_ADDR = 'N/A'
 GLOBAL_INJECTED_DOCKER_VERSION = '1.2-STAGING-latest'
 GLOBAL_INJECTED_EXTERNAL_DNS = 'N/A'
@@ -44,8 +42,6 @@
 GLOBAL_INJECTED_POMBA_ELASTIC_SEARCH_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "pomba-es") }}'
 GLOBAL_INJECTED_POMBA_CONTEX_TAGGREGATOR_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "pomba-contextaggregator") }}'
 GLOBAL_INJECTED_KEYSTONE = '{{ .Values.openStackKeyStoneUrl }}'
-GLOBAL_INJECTED_MR_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "message-router") }}'
-GLOBAL_INJECTED_BC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-bc") }}'
 GLOBAL_INJECTED_MUSIC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "music") }}'
 GLOBAL_INJECTED_NBI_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "nbi") }}'
 GLOBAL_INJECTED_NETWORK = '{{ .Values.openStackPrivateNetId }}'
@@ -164,22 +160,32 @@
 # dcae hv-ves info
 GLOBAL_DCAE_HVVES_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-hv-ves-collector") }}'
 GLOBAL_DCAE_HVVES_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-hv-ves-collector" "port" 6061) }}'
-# data router info - everything is from the private oam network (also called onap private network)
-GLOBAL_DMAAP_DR_PROV_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
-GLOBAL_DMAAP_DR_PROV_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-dr-prov" "port" 443) }}'
-GLOBAL_DMAAP_DR_NODE_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
-GLOBAL_DMAAP_DR_NODE_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmapp-dr-node" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}'
-# dmaap message router info
+
+#DMAAP
+# message router info - everything is from the private oam network (also called onap private network)
+GLOBAL_MR_SERVER_PROTOCOL = "http"
+GLOBAL_MR_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router" "port" 3904) }}'
+GLOBAL_INJECTED_MR_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "message-router") }}'
 GLOBAL_DMAAP_MESSAGE_ROUTER_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "message-router") }}'
 GLOBAL_DMAAP_MESSAGE_ROUTER_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router" "port" 3904) }}'
-# dmaap kafka info
-GLOBAL_DMAAP_KAFKA_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "message-router-kafka") }}'
-GLOBAL_DMAAP_KAFKA_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router-kafka" "port" 9092) }}'
-GLOBAL_DMAAP_KAFKA_JAAS_USERNAME = '{{ .Values.kafkaJaasUsername }}'
-GLOBAL_DMAAP_KAFKA_JAAS_PASSWORD = '{{ .Values.kafkaJaasPassword }}'
+# bus controller info
+GLOBAL_INJECTED_BC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-bc") }}'
+GLOBAL_BC_SERVER_PROTOCOL = 'http'
+GLOBAL_BC_HTTPS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-bc" "port" 8080) }}'
+GLOBAL_BC_USERNAME = '{{ .Values.bcUsername }}'
+GLOBAL_BC_PASSWORD = '{{ .Values.bcPassword }}'
+# data router info - everything is from the private oam network (also called onap private network)
+GLOBAL_DMAAP_DR_PROV_SERVER_PROTOCOL = 'http'
+GLOBAL_DMAAP_DR_PROV_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-dr-prov" "port" 8080) }}'
+GLOBAL_INJECTED_DMAAP_DR_PROV_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-prov") }}'
+GLOBAL_DMAAP_DR_NODE_SERVER_PROTOCOL = 'http'
+GLOBAL_DMAAP_DR_NODE_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmapp-dr-node" "port" 8080) }}'
+GLOBAL_INJECTED_DMAAP_DR_NODE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-node") }}'
+
 # strimzi kafka
 GLOBAL_KAFKA_BOOTSTRAP_SERVICE = '{{ include "common.release" . }}-strimzi-kafka-bootstrap:9092'
-GLOBAL_KAFKA_USER = '{{ .Values.strimziKafkaJaasUsername }}'
+GLOBAL_KAFKA_USER = '{{ .Values.strimziKafkaUsername }}'
+
 # DROOL server port and credentials
 GLOBAL_DROOLS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "policy-drools-pdp" "port" 9696) }}'
 GLOBAL_DROOLS_USERNAME = '{{ .Values.droolsUsername }}'
@@ -207,14 +213,7 @@
 # microservice bus info - everything is from the private oam network (also called onap private network)
 GLOBAL_MSB_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
 GLOBAL_MSB_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "msb-iag" "port" ( ternary 443 80 (eq "true" (include "common.needTLS" . )))) }}'
-# message router info - everything is from the private oam network (also called onap private network)
-GLOBAL_MR_SERVER_PROTOCOL = "http"
-GLOBAL_MR_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router" "port" 3904) }}'
-# bus controller info
-GLOBAL_BC_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
-GLOBAL_BC_HTTPS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-bc" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}'
-GLOBAL_BC_USERNAME = '{{ .Values.bcUsername }}'
-GLOBAL_BC_PASSWORD = '{{ .Values.bcPassword }}'
+
 # dcae inventory and deployment handler info
 GLOBAL_INVENTORY_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "inventory") }}'
 GLOBAL_INVENTORY_SERVER_PROTOCOL = "https"
diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml
index 87b117d..599234e 100644
--- a/kubernetes/robot/values.yaml
+++ b/kubernetes/robot/values.yaml
@@ -57,13 +57,20 @@
       dcae_ves_colector_https:
         enabled: false
         https: true
+      message_router:
+        enabled: false
+        https: false
+      dmaap_bc:
+        enabled: true
+        https: false
+        hostname: dmaapbc
       dmaap_dr_prov:
         enabled: true
-        https: true
+        https: false
         hostname: dmaapdrprov
       dmaap_dr_node:
         enabled: true
-        https: true
+        https: false
         hostname: dmaapdrnode
       log_es:
         enabled: false
@@ -91,13 +98,6 @@
         enabled: false
       pomba_contextaggregator:
         enabled: false
-      message_router:
-        enabled: false
-        https: true
-      dmaap_bc:
-        enabled: true
-        https: true
-        hostname: dmaapbc
       music:
         enabled: false
         https: true
@@ -186,8 +186,6 @@
         hostname: blueprintsprocessorhttp
       dcae_hv_ves_collector:
         enabled: false
-      message_router_kafka:
-        enabled: false
       inventory:
         enabled: false
         https: true
@@ -350,16 +348,13 @@
 vidPassword: "Kp8bJ4SXszM0WX"
 vidHealthUsername: "Default"
 vidHealthPassword: "AppPassword!1"
+
 # DMAAP BC
 bcUsername: "dmaap-bc@dmaap-bc.onap.org"
 bcPassword: "demo123456!"
 
-# DMAAP KAFKA JAAS
-kafkaJaasUsername: "admin"
-kafkaJaasPassword: "admin_secret"
-
-# STRIMZI KAFKA JAAS
-strimziKafkaJaasUsername: "strimzi-kafka-admin"
+# STRIMZI KAFKA
+strimziKafkaUsername: "strimzi-kafka-admin"
 
 #OOF
 oofUsername: "oof@oof.onap.org"
diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/05-create-cnfm-db.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/05-create-cnfm-db.sh
new file mode 100644
index 0000000..cb343bc
--- /dev/null
+++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/05-create-cnfm-db.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+{{/*
+# ============LICENSE_START=======================================================
+#  Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+echo "Creating cnfm database . . ." 1>/tmp/mariadb-cnfmdb.log 2>&1
+
+prepare_password()
+{
+    echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+}
+
+CNFM_DB_PASSWORD=`prepare_password $CNFM_DB_PASSWORD`
+
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+CREATE DATABASE /*!32312 IF NOT EXISTS*/ cnfm /*!40100 DEFAULT CHARACTER SET latin1 */;
+DROP USER IF EXISTS '${CNFM_DB_USER}';
+CREATE USER '${CNFM_DB_USER}';
+GRANT ALL on cnfm.* to '${CNFM_DB_USER}' identified by '${CNFM_DB_PASSWORD}' with GRANT OPTION;
+FLUSH PRIVILEGES;
+EOF
+
+echo "Created cnfm database . . ." 1>>/tmp/mariadb-cnfmdb.log 2>&1
\ No newline at end of file
diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh
index 33c4b32..bf8ae78 100755
--- a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh
+++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh
@@ -4,6 +4,7 @@
 # ============LICENSE_START==========================================
 # ===================================================================
 # Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright (C) 2022/23 Nordix Foundation
 # ===================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -40,6 +41,7 @@
 GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON catalogdb.* TO '${DB_USER}'@'%';
 GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON camundabpmn.* TO '${DB_USER}'@'%';
 GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON nfvo.* TO '${DB_USER}'@'%';
+GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON cnfm.* TO '${DB_USER}'@'%';
 FLUSH PRIVILEGES;
 EOF
 
diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh
index 069556f..74b869c 100755
--- a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh
+++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh
@@ -4,6 +4,7 @@
 # ============LICENSE_START==========================================
 # ===================================================================
 # Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright (C) 2022/23 Nordix Foundation
 # ===================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -40,6 +41,7 @@
 GRANT ALL PRIVILEGES ON requestdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
 GRANT ALL PRIVILEGES ON catalogdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
 GRANT ALL PRIVILEGES ON nfvo.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
+GRANT ALL PRIVILEGES ON cnfm.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
 FLUSH PRIVILEGES;
 EOF
 
diff --git a/kubernetes/so/components/so-mariadb/templates/job.yaml b/kubernetes/so/components/so-mariadb/templates/job.yaml
index d9c6009..60c40b6 100644
--- a/kubernetes/so/components/so-mariadb/templates/job.yaml
+++ b/kubernetes/so/components/so-mariadb/templates/job.yaml
@@ -1,5 +1,6 @@
 {{/*
 # Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright (C) 2022/23 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -56,7 +57,7 @@
         - |
           {{- if include "common.onServiceMesh" . }}
           echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
-          mysqldump -vv --user=${DB_USER} --password=${DB_PASS} --host=${DB_HOST} --port=${DB_PORT} --databases --single-transaction --quick --lock-tables=false catalogdb requestdb nfvo > /var/data/mariadb/backup-`date +%s`.sql
+          mysqldump -vv --user=${DB_USER} --password=${DB_PASS} --host=${DB_HOST} --port=${DB_PORT} --databases --single-transaction --quick --lock-tables=false catalogdb requestdb nfvo cnfm > /var/data/mariadb/backup-`date +%s`.sql
         volumeMounts:
         - mountPath: /etc/localtime
           name: localtime
@@ -149,6 +150,10 @@
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nfvo-db-creds" "key" "login") | indent 10 }}
         - name: NFVO_DB_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nfvo-db-creds" "key" "password") | indent 10 }}
+        - name: CNFM_DB_USER
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cnfm-db-creds" "key" "login") | indent 10 }}
+        - name: CNFM_DB_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cnfm-db-creds" "key" "password") | indent 10 }}
         volumeMounts:
         - mountPath: /etc/localtime
           name: localtime
diff --git a/kubernetes/so/components/so-mariadb/values.yaml b/kubernetes/so/components/so-mariadb/values.yaml
index 13dd086..bf546a2 100755
--- a/kubernetes/so/components/so-mariadb/values.yaml
+++ b/kubernetes/so/components/so-mariadb/values.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright (C) 2022-23 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -89,6 +90,11 @@
     externalSecret: '{{ tpl (default "" .Values.db.nfvo.dbCredsExternalSecret) . }}'
     login: '{{ .Values.db.nfvo.userName }}'
     password: '{{ .Values.db.nfvo.password }}'
+  - uid: cnfm-db-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.db.cnfm.dbCredsExternalSecret) . }}'
+    login: '{{ .Values.db.cnfm.userName }}'
+    password: '{{ .Values.db.cnfm.password }}'
 
 #################################################################
 # Application configuration defaults.
@@ -127,6 +133,9 @@
   nfvo:
     userName: nfvouser
     # dbCredsExternalSecret: some secret
+  cnfm:
+    userName: cnfmuser
+    # dbCredsExternalSecret: some secret
 
 # application configuration
 config: