Merge "[COMMON] Make our common charts compatible with helm 3.7+"
diff --git a/.ci/check-bashisms.sh b/.ci/check-bashisms.sh
new file mode 100755
index 0000000..0dae225
--- /dev/null
+++ b/.ci/check-bashisms.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# Copyright © 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+if ! which checkbashisms >/dev/null && ! sudo yum install devscripts-minimal && ! sudo apt-get install devscripts
+then
+    printf "checkbashisms command not found - please install it \n\
+            (e.g. sudo apt-get install devscripts | yum install devscripts-minimal )\n" >&2
+    exit 2
+fi
+find . -not -path '*/.*' -name '*.sh' -exec checkbashisms {} + || exit 3
+find . -not -path '*/.*' -name '*.failover' -exec checkbashisms -f \{\} + || exit 4
+! find . -not -path '*/.*' -name '*.sh' -exec grep 'local .*=' {} + || exit 5
+! find . -not -path '*/.*' -name '*.failover' -exec grep 'local .*=' {} + || exit 6
+exit 0
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 6bfce7a..980093a 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -6,7 +6,7 @@
       - id: trailing-whitespace
         #exclude: '^ordmodels/'
   - repo: https://github.com/jorisroovers/gitlint
-    rev: v0.15.1
+    rev: v0.17.0
     hooks:
       - id: gitlint
         stages: [commit-msg]
diff --git a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
index 4dcebc8..f9f6273 100644
--- a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
+++ b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
@@ -29,7 +29,8 @@
 
 # "sed -i", but without "mv" (which doesn't work on a bind-mounted file, for example)
 _sed_in_place() {
-        local filename="$1"; shift
+        local filename
+        filename="$1"; shift
         local tempFile
         tempFile="$(mktemp)"
         sed "$@" "$filename" > "$tempFile"
diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
index ecd7129..b1e85c0 100644
--- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml
+++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
@@ -84,12 +84,19 @@
   env:
     - name: APP_FQI
       value: "{{ $initRoot.fqi }}"
+  {{- if $initRoot.aaf_namespace }}
     - name: aaf_locate_url
-      value: "https://aaf-locate.{{ $dot.Release.Namespace}}:8095"
-    - name: aaf_locator_container
-      value: "oom"
+      value: "https://aaf-locate.{{ $initRoot.aaf_namespace }}:8095"
+    - name: aaf_locator_container_ns
+      value: "{{ $initRoot.aaf_namespace }}"
+  {{- else }}
+    - name: aaf_locate_url
+      value: "https://aaf-locate.{{ $dot.Release.Namespace }}:8095"
     - name: aaf_locator_container_ns
       value: "{{ $dot.Release.Namespace }}"
+  {{- end }}
+    - name: aaf_locator_container
+      value: "oom"
     - name: aaf_locator_fqdn
       value: "{{ $initRoot.fqdn }}"
     - name: aaf_locator_app_ns
diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml
index bc9273f..769c9b7 100644
--- a/kubernetes/common/mariadb-galera/values.yaml
+++ b/kubernetes/common/mariadb-galera/values.yaml
@@ -50,7 +50,7 @@
   clusterDomain: cluster.local
   metrics: {}
 
-image: bitnami/mariadb-galera:10.5.8
+image: bitnami/mariadb-galera:10.6.5
 ## Specify a imagePullPolicy
 ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
 ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
diff --git a/kubernetes/common/mongo/templates/statefulset.yaml b/kubernetes/common/mongo/templates/statefulset.yaml
index 1160205..e156db2 100644
--- a/kubernetes/common/mongo/templates/statefulset.yaml
+++ b/kubernetes/common/mongo/templates/statefulset.yaml
@@ -39,6 +39,23 @@
 {{ include "common.podSecurityContext" . | indent 6 }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
+      initContainers:
+        # we shouldn't need this but for unknown reason, it's fsGroup is not
+        # applied
+        - name: fix-permission
+          command:
+            - /bin/sh
+          args:
+            - -c
+            - |
+              chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /data
+          image: {{ include "repositoryGenerator.image.busybox" . }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          securityContext:
+            runAsUser: 0
+          volumeMounts:
+            - name: {{ include "common.fullname" . }}-data
+              mountPath: /data
       containers:
         - name: {{ include "common.name" . }}
           image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
@@ -72,7 +89,7 @@
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-data
-            mountPath: /var/lib/mongo
+            mountPath: /data/db
           resources: {{ include "common.resources" . | nindent 12 }}
 {{ include "common.containerSecurityContext" . | indent 10 }}
         {{- if .Values.nodeSelector }}
diff --git a/kubernetes/common/mongo/values.yaml b/kubernetes/common/mongo/values.yaml
index ee1d8c7..caab718 100644
--- a/kubernetes/common/mongo/values.yaml
+++ b/kubernetes/common/mongo/values.yaml
@@ -24,7 +24,7 @@
 # Application configuration defaults.
 #################################################################
 
-image: library/mongo:4.0.8
+image: library/mongo:4.4.10
 pullPolicy: Always
 
 # application configuration
diff --git a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
index 71201a1..90c278e 100644
--- a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
+++ b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
@@ -83,10 +83,14 @@
   {{- end }}
   env:
   - name: NAMESPACE
+  {{- if $subchartDot.Values.namespace }}
+    value: {{ $subchartDot.Values.namespace }}
+  {{- else }}
     valueFrom:
       fieldRef:
         apiVersion: v1
         fieldPath: metadata.namespace
+  {{- end }}
   resources:
     limits:
       cpu: {{ $subchartDot.Values.limits.cpu }}
diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml
index e2fe1ff..ee56577 100644
--- a/kubernetes/common/repositoryGenerator/values.yaml
+++ b/kubernetes/common/repositoryGenerator/values.yaml
@@ -32,7 +32,7 @@
   jreImage: onap/integration-java11:7.1.0
   kubectlImage: bitnami/kubectl:1.19
   loggingImage: beats/filebeat:5.5.0
-  mariadbImage: bitnami/mariadb:10.5.8
+  mariadbImage: bitnami/mariadb:10.6.5
   nginxImage: bitnami/nginx:1.18-debian-10
   postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1
   readinessImage: onap/oom/readiness:3.0.1
diff --git a/kubernetes/config/prepull_docker.sh b/kubernetes/config/prepull_docker.sh
index 596ace6..bfd679b 100755
--- a/kubernetes/config/prepull_docker.sh
+++ b/kubernetes/config/prepull_docker.sh
@@ -27,8 +27,15 @@
 #calling syntax: parse_yaml <yaml_file_name>
 
 parse_yaml () {
-   local prefix=$2
-   local s='[[:space:]]*' w='[a-zA-Z0-9_]*' fs=$(echo @|tr @ '\034')
+   local prefix
+   prefix=$2
+   local s
+   s='[[:space:]]*'
+   local w
+   w='[a-zA-Z0-9_]*'
+   local fs
+   fs=$(echo @|tr @ '\034')
+
    sed -ne "s|^\($s\):|\1|" \
         -e "s|^\($s\)\($w\)$s:$s[\"']\(.*\)[\"']$s\$|\1$fs\2$fs\3|p" \
         -e "s|^\($s\)\($w\)$s:$s\(.*\)$s\$|\1$fs\2$fs\3|p"  $1 |
diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh
index 3c66fee..294ae0a 100755
--- a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh
+++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh
@@ -49,10 +49,13 @@
 
 list_node_with_external_addrs()
 {
-    local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}')
+    local WORKER_NODES
+    WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}')
     for worker in $WORKER_NODES; do
-        local external_ip=$(kubectl get no $worker  -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }')
-        local internal_ip=$(kubectl get no $worker  -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }')
+        local external_ip
+        external_ip=$(kubectl get no $worker  -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }')
+        local internal_ip
+        internal_ip=$(kubectl get no $worker  -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }')
         if [ $internal_ip != $external_ip ]; then
             echo $external_ip
             break
@@ -61,7 +64,8 @@
 }
 
 ingress_controller_ip() {
-    local metal_ns=$(kubectl get ns --no-headers --output=custom-columns=NAME:metadata.name |grep metallb-system)
+    local metal_ns
+    metal_ns=$(kubectl get ns --no-headers --output=custom-columns=NAME:metadata.name |grep metallb-system)
     if [ -z $metal_ns ]; then
         echo $CLUSTER_IP
     else
@@ -70,13 +74,16 @@
 }
 
 deploy() {
-    local ingress_ip=$(ingress_controller_ip)
+    local ingress_ip
+    ingress_ip=$(ingress_controller_ip)
     initdir = $(pwd)
     cd $SPATH/bind9dns
     if [ $# -eq 0 ]; then
-        local cl_domain="simpledemo.onap.org"
+        local cl_domain
+        cl_domain="simpledemo.onap.org"
     else
-        local cl_domain=$1
+        local cl_domain
+        cl_domain=$1
         shift
     fi
     if [ $# -ne 0 ]; then
diff --git a/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh b/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh
index c62e2a5..495d540 100755
--- a/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh
+++ b/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh
@@ -29,10 +29,13 @@
 
 find_nodes_with_external_addrs()
 {
-    local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}')
+    local WORKER_NODES
+    WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}')
     for worker in $WORKER_NODES; do
-        local external_ip=$(kubectl get no $worker  -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }')
-        local internal_ip=$(kubectl get no $worker  -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }')
+        local external_ip
+        external_ip=$(kubectl get no $worker  -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }')
+        local internal_ip
+        internal_ip=$(kubectl get no $worker  -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }')
         if [ $internal_ip != $external_ip ]; then
             echo $external_ip
         fi
diff --git a/kubernetes/contrib/tools/registry-initialize.sh b/kubernetes/contrib/tools/registry-initialize.sh
index 75b36bb..45ee44f 100755
--- a/kubernetes/contrib/tools/registry-initialize.sh
+++ b/kubernetes/contrib/tools/registry-initialize.sh
@@ -21,9 +21,9 @@
 
 usage()
 {
-    echo "Chart Base directory must be provided as input!!"
+    echo "Chart Base directory or helm chart from local repo must be provided as input!!"
     echo "Usage: registry-initialize.sh  -d chartdirectory \
-<-n namespace override> <-r helmrelease override>"
+<-n namespace override> <-r helmrelease override> <-p chart name prefix> | <-h helm charts from local repo>"
     exit 1
 }
 
@@ -36,8 +36,10 @@
 RLS_NAME=onap
 LOGIN=""
 PASSWORD=""
+PREF=""
+HELM_REPO=local
 
-while getopts ":d:n:r:" opt; do
+while getopts ":d:n:r:p:h:c:" opt; do
     case $opt in
         d) BASEDIR="$OPTARG"
         ;;
@@ -45,20 +47,52 @@
         ;;
         r) RLS_NAME="$OPTARG"
         ;;
+        p) PREF="$OPTARG"
+        ;;
+        h) HELM_CHART="$OPTARG"
+        ;;
+        c) HELM_REPO="$OPTARG"
+        ;;
         \?) echo "Invalid option -$OPTARG" >&2
         usage
         ;;
    esac
 done
 
-if [ -z "$BASEDIR" ]; then
-    exit "Chart base directory provided $BASEDIR is empty"
+
+if  [ -z "$BASEDIR" ] && [ -z "$HELM_CHART" ] ; then
+    echo "Chart base directory provided $BASEDIR and helm chart from local repo is empty"
+    exit
 fi
 
-if [ "$(find $BASEDIR -maxdepth 1 -name '*tgz' -print -quit)" ]; then
-    echo "$BASEDIR valid"
-else
-    exit "No chart package on $BASEDIR provided"
+if  [ -n "$BASEDIR" ] && [ -n "$HELM_CHART" ] ; then
+    echo "Both chart base directory $BASEDIR and helm chart from local repo $HELM_CHART cannot be used at the same time "
+    exit
+fi
+
+if  [ -n "$BASEDIR" ]; then
+    if [ "$(find $BASEDIR -maxdepth 1 -name '*tgz' -print -quit)" ]; then
+        echo "$BASEDIR valid"
+    else
+        echo "No chart package on $BASEDIR provided"
+        exit
+    fi
+fi
+
+if  [ -n "$HELM_CHART" ]; then
+    tmp_location=$(mktemp -d)
+    helm pull $HELM_REPO/$HELM_CHART -d $tmp_location
+    if [ $? -eq 0 ]; then
+        echo "Helm chart $HELM_CHART has been pulled out from in $HELM_REPO repo"
+        BASEDIR=$tmp_location
+    else
+        echo "No chart package $HELM_CHART on $HELM_REPO repo"
+        exit
+    fi
+fi
+
+if  [ -z "$PREF" ] && [ -z "$HELM_CHART" ] ; then
+    PREF=dcae
 fi
 
 LOGIN=$(kubectl -n "$NAMESPACE" get secret \
@@ -77,7 +111,7 @@
 # Expose cluster port via port-forwarding
 kubectl -n $NAMESPACE port-forward service/chart-museum 27017:80 &
 if [ $? -ne 0 ]; then
-    echo "Error in portforwarding; registry cannot be added!!"
+    echo "Error in port forwarding; registry cannot be added!!"
     exit 1
 fi
 
@@ -96,7 +130,7 @@
 
 # Initial scope is pushing only dcae charts
 # can be expanded to include all onap charts if required
-for file in $BASEDIR/dcae*tgz; do
+for file in $BASEDIR/$PREF*tgz; do
     # use helm plugin to push charts
     helm push $file k8s-registry
     if [ $? -eq 0 ]; then
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
index aac0f4b..5ba7d29 100644
--- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
@@ -229,10 +229,12 @@
 {{- $policy := default dict .Values.policies -}}
 {{- $policyRls := default $commonRelease $policy.policyRelease -}}
 {{- $drFeedConfig := default "" .Values.drFeedConfig -}}
-
+{{- $dcaeName := print (include "common.fullname" .) }}
+{{- $dcaeLabel := (dict "dcaeMicroserviceName" $dcaeName) -}}
+{{- $dot := . -}}
 apiVersion: apps/v1
 kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+metadata: {{- include "common.resourceMetadata" (dict "dot" $dot "labels" $dcaeLabel) | nindent 2 }}
 spec:
   replicas: 1
   selector: {{- include "common.selectors" . | nindent 4 }}
diff --git a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/deployment.yaml
index 2b3ab32..4a51c7f 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/deployment.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/deployment.yaml
@@ -59,6 +59,8 @@
               value: {{ include "common.namespace" . }}
             - name: HELM_RELEASE
               value: {{ include "common.release" . }}
+            - name: DEPLOY_LABEL
+              value: {{ .Values.deployLabel }}
       volumes:
         - name: {{ include "common.fullname" . }}-expected-components
           configMap:
diff --git a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml
index 58ae706..3b47e7f 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml
@@ -31,6 +31,11 @@
     - port: 8080
       name: http
 
+# Label on DCAE microservice deployments
+# (Used by healthcheck code to find deployments
+# created after initial DCAE installation)
+deployLabel: dcaeMicroserviceName
+
 # probe configuration parameters
 liveness:
   initialDelaySeconds: 10
@@ -43,7 +48,7 @@
   initialDelaySeconds: 10
   periodSeconds: 10
 # application image
-image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.3.0
+image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.4.0
 
 # Resource Limit flavor -By Default using small
 flavor: small
diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
index 1e60d24..54dcda8 100644
--- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
@@ -38,6 +38,11 @@
     login: '{{ .Values.aafCreds.identity }}'
     password: '{{ .Values.aafCreds.password }}'
     passwordPolicy: required
+  - uid: &cpsCredsUID cpscreds
+    type: basicAuth
+    login: '{{ .Values.cpsCreds.identity }}'
+    password: '{{ .Values.cpsCreds.password }}'
+    passwordPolicy: required
   - uid: &pgUserCredsSecretUid pg-user-creds
     name: &pgUserCredsSecretName '{{ include "common.release" . }}-sonhms-pg-user-creds'
     type: basicAuth
@@ -70,7 +75,7 @@
 # TLS role -- set to true if microservice acts as server
 # If true, an init container will retrieve a server cert
 # and key from AAF and mount them in certDirectory.
-tlsServer: true
+tlsServer: false
 
 # Policy configuraiton properties
 # if present, policy-sync side car will be deployed
@@ -92,7 +97,7 @@
   periodSeconds: 15
   timeoutSeconds: 1
   path: /healthcheck
-  scheme: HTTPS
+  scheme: HTTP
   port: 8080
 
 # Service Configuration
@@ -108,6 +113,9 @@
 aafCreds:
   identity: dcae@dcae.onap.org
   password: demo123456!
+cpsCreds:
+  identity: cps
+  password: cpsr0cks!
 
 credentials:
 - name: AAF_IDENTITY
@@ -116,6 +124,12 @@
 - name: AAF_PASSWORD
   uid: *aafCredsUID
   key: password
+- name: CPS_IDENTITY
+  uid: *cpsCredsUID
+  key: login
+- name: CPS_PASSWORD
+  uid: *cpsCredsUID
+  key: password
 - name: PG_USERNAME
   uid:  *pgUserCredsSecretUid
   key: login
@@ -130,6 +144,8 @@
   postgres.port: 5432
   postgres.username: ${PG_USERNAME}
   postgres.password: ${PG_PASSWORD}
+  cps.username: ${CPS_IDENTITY}
+  cps.password: ${CPS_PASSWORD}
   sonhandler.pollingInterval: 20
   sonhandler.pollingTimeout: 60
   cbsPollingInterval: 60
@@ -145,6 +161,12 @@
   sonhandler.bufferTime: 60
   sonhandler.cg: sonhms-cg
   sonhandler.cid: sonhms-cid
+  sonhandler.clientType: cps
+  cps.service.url: http://cps-tbdmt:8080
+  cps.get.celldata: execute/cps-ran-schemaset/get-cell-data
+  cps.get.nbr.list.url: execute/cps-ran-schemaset/get-nbr-list
+  cps.get.pci.url: execute/ran-network-schemaset/get-pci
+  cps.get.pnf.url: execute/ran-network-schemaset/get-pnf
   sonhandler.configDb.service: http://configdb:8080
   sonhandler.oof.service: https://oof-osdf:8698
   sonhandler.oof.endpoint: /api/oof/v1/pci
diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml
index 8134e0d..67312d7 100644
--- a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml
@@ -42,7 +42,7 @@
   initialDelaySeconds: 10
   periodSeconds: 10
 # application image
-image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.3.0
+image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.4.0
 
 # Resource Limit flavor -By Default using small
 flavor: small
diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml
index bbc72a5..73661ac 100644
--- a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml
@@ -42,7 +42,7 @@
   initialDelaySeconds: 10
   periodSeconds: 10
 # application image
-image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.2.0
+image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.4.0
 
 # Resource Limit flavor -By Default using small
 flavor: small
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql
index 8199845..e5eecb1 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql
@@ -22,12 +22,10 @@
 
 \encoding UTF8;
 
-/******************DELETE OLD TABLE AND CREATE NEW***************************/
+/******************CREATE NEW TABLE***************************/
 \c ${DB_NAME};
 
-DROP TABLE IF EXISTS ALARM_INFO;
-
-CREATE TABLE ALARM_INFO (
+CREATE TABLE IF NOT EXISTS ALARM_INFO (
   EVENTID VARCHAR(150) NOT NULL,
   EVENTNAME VARCHAR(150) NOT NULL,
   ALARMISCLEARED SMALLINT NOT NULL,
@@ -36,7 +34,8 @@
   LASTEPOCHMICROSEC BIGINT NOT NULL,
   SOURCEID VARCHAR(150)  NOT NULL,
   SOURCENAME VARCHAR(150)  NOT NULL,
-  PRIMARY KEY (EVENTID)
+  SEQUENCE SMALLINT NOT NULL,
+  PRIMARY KEY (EVENTID, SEQUENCE, SOURCENAME)
 );
 
 CREATE TABLE IF NOT EXISTS ENGINE_ENTITY (
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 133e59f..aecac0f 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -97,7 +97,7 @@
   loggingImage: beats/filebeat:5.5.0
 
   # mariadb client image
-  mariadbImage: bitnami/mariadb:10.5.8
+  mariadbImage: bitnami/mariadb:10.6.5
 
   # nginx server image
   nginxImage: bitnami/nginx:1.18-debian-10
diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
index a363ab3..ddaf099 100644
--- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
+++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
@@ -5,7 +5,8 @@
 
 # logging functions
 mysql_log() {
-    local type="$1"; shift
+    local type
+    type="$1"; shift
     printf '%s [%s] [Entrypoint]: %s\n' "$(date --rfc-3339=seconds)" "$type" "$*"
 }
 mysql_note() {
@@ -24,13 +25,17 @@
 # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
 #  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
 file_env() {
-    local var="$1"
-    local fileVar="${var}_FILE"
-    local def="${2:-}"
+    local var
+    var="$1"
+    local fileVar
+    fileVar="${var}_FILE"
+    local def
+    def="${2:-}"
     if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
         mysql_error "Both $var and $fileVar are set (but are exclusive)"
     fi
-    local val="$def"
+    local val
+    val="$def"
     # val="${!var}"
     # val="$(< "${!fileVar}")"
     # eval replacement of the bashism equivalents above presents no security issue here
@@ -45,13 +50,6 @@
     unset "$fileVar"
 }
 
-# check to see if this file is being run or sourced from another script
-_is_sourced() {
-    # https://unix.stackexchange.com/a/215279
-    [ "${#FUNCNAME[@]}" -ge 2 ] \
-        && [ "${FUNCNAME[0]}" = '_is_sourced' ] \
-        && [ "${FUNCNAME[1]}" = 'source' ]
-}
 
 # usage: docker_process_init_files [file [file [...]]]
 #    ie: docker_process_init_files /always-initdb.d/*
@@ -85,7 +83,9 @@
 }
 
 mysql_check_config() {
-    local toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) errors
+    local toRun
+    local errors
+    toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" )
     if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
         mysql_error "$(printf 'mysqld failed while attempting to check config\n\tcommand was: ')${toRun[*]}$(printf'\n\t')$errors"
     fi
@@ -95,7 +95,8 @@
 # We use mysqld --verbose --help instead of my_print_defaults because the
 # latter only show values present in config files, and not server defaults
 mysql_get_config() {
-    local conf="$1"; shift
+    local conf
+    conf="$1"; shift
     "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \
         | awk -v conf="$conf" '$1 == conf && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
     # match "datadir      /some/path with/spaces in/it here" but not "--xyz=abc\n     datadir (xyz)"
@@ -141,7 +142,8 @@
 # creates folders for the database
 # also ensures permission for user mysql of run as root
 docker_create_db_directories() {
-    local user; user="$(id -u)"
+    local user
+    user="$(id -u)"
 
     # TODO other directories that are used by default? like /var/lib/mysql-files
     # see https://github.com/docker-library/mysql/issues/562
@@ -216,7 +218,8 @@
             # Aria in 10.4+ is slow due to "transactional" (crash safety)
             # https://jira.mariadb.org/browse/MDEV-23326
             # https://github.com/docker-library/mariadb/issues/262
-            local tztables=( time_zone time_zone_leap_second time_zone_name time_zone_transition time_zone_transition_type )
+            local tztables
+            tztables=( time_zone time_zone_leap_second time_zone_name time_zone_transition time_zone_transition_type )
             for table in "${tztables[@]}"; do
                 echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=0 */;"
             done
@@ -237,7 +240,8 @@
         mysql_note "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
     fi
     # Sets root password and creates root users for non-localhost hosts
-    local rootCreate=
+    local rootCreate
+    rootCreate=
     # default root to listen for connections from anywhere
     if [ -n "$MYSQL_ROOT_HOST" ] && [ "$MYSQL_ROOT_HOST" != 'localhost' ]; then
         # no, we don't care if read finds a terminating character in this heredoc
@@ -367,6 +371,7 @@
 }
 
 # If we are sourced from elsewhere, don't perform any further actions
-if ! _is_sourced; then
+# https://stackoverflow.com/questions/2683279/how-to-detect-if-a-script-is-being-sourced/2942183#2942183
+if [ "$(basename $0)" = "docker-entrypoint.sh" ]; then
     _main "$@"
 fi
diff --git a/kubernetes/robot/demo-k8s.sh b/kubernetes/robot/demo-k8s.sh
index 4393905..3cbfb76 100755
--- a/kubernetes/robot/demo-k8s.sh
+++ b/kubernetes/robot/demo-k8s.sh
@@ -23,11 +23,32 @@
     echo "Usage: demo-k8s.sh <namespace> <command> [<parameters>] [execscript]"
     echo " "
     echo "       demo-k8s.sh <namespace> init"
-    echo "               - Execute both init_customer + distribute"
+    echo "               - Execute both init_customer + distribute + registrySynch"
     echo " "
     echo "       demo-k8s.sh <namespace> init_customer"
     echo "               - Create demo customer (Demonstration) and services, etc."
     echo " "
+    echo "       demo-k8s.sh <namespace> registrySynch [ repo  <chart name>  | path [ <path to helm charts> ]"
+    echo "               [ <chart prefix> ] ]"
+    echo "               - Synchronize chart museum inside of onap k8s cluster with"
+    echo "                 onap helm charts git repository (OOM)"
+    echo "                 By default following charts are synchronized:"
+    echo "                 - oom/kubernetes/dcaegen2-services/charts/,"
+    echo "                 - oom/kubernetes/common/common/charts,"
+    echo "                 - oom/kubernetes/common/postgres/charts/,"
+    echo "                 - oom/kubernetes/common/repositoryGenerator/charts/,"
+    echo "                 - oom/kubernetes/common/readinessCheck/charts/,"
+    echo "                 User is able also to synchronize custom helm charts by providing"
+    echo "                 flag 'path' and path to charts into command and chart name/s prefix for example:"
+    echo "                 demo-k8s.sh onap registrySynch /home/ubuntu/oom/kubernetes/common/postgres/charts/ postgres"
+    echo "               - Synchronize chart museum inside of onap k8s cluster with"
+    echo "                 onap installation server 'local' helm charts repository"
+    echo "                 By default following charts are synchronized:"
+    echo "                 - local/certInitializer"
+    echo "                 User is able also to synchronize custom helm charts by providing"
+    echo "                 flag 'repo' and chart name in 'local' repo into command for example:"
+    echo "                 demo-k8s.sh onap registrySynch repo certInitializer"
+    echo " "
     echo "       demo-k8s.sh <namespace> distribute  [<prefix>]"
     echo "               - Distribute demo models (demoVFW and demoVLB)"
     echo " "
@@ -45,17 +66,17 @@
     echo " "
     echo "       demo-k8s.sh <namespace> instantiateVFWdirectso  csar_filename"
     echo "               - Instantiate vFW module using direct SO interface using previously distributed model "
-        echo "                 that is in /tmp/csar in robot container"
+    echo "                 that is in /tmp/csar in robot container"
     echo " "
-        echo "       demo-k8s.sh <namespace> instantiateVLB_CDS"
-        echo "               - Instantiate vLB module using CDS with a preloaded CBA "
-        echo " "
+    echo "       demo-k8s.sh <namespace> instantiateVLB_CDS"
+    echo "               - Instantiate vLB module using CDS with a preloaded CBA "
+    echo " "
     echo "       demo-k8s.sh <namespace> deleteVNF <module_name from instantiateVFW>"
     echo "               - Delete the module created by instantiateVFW"
     echo " "
     echo "       demo-k8s.sh <namespace> vfwclosedloop <pgn-ip-address>"
-        echo "               - vFWCL: Sets the packet generator to high and low rates, and checks whether the policy "
-        echo "                 kicks in to modulate the rates back to medium"
+    echo "               - vFWCL: Sets the packet generator to high and low rates, and checks whether the policy "
+    echo "                 kicks in to modulate the rates back to medium"
     echo " "
     echo "       demo-k8s.sh <namespace> <command> [<parameters>] execscript"
     echo "               - Optional parameter to execute user custom scripts located in scripts/demoscript directory"
@@ -74,7 +95,7 @@
 echo "Number of parameters:"
 echo $#
 
-if [ $# -lt 2 ];then
+if [ $# -lt 2 ]; then
     usage
     exit
 fi
@@ -112,6 +133,7 @@
             ;;
         init)
             TAG="InitDemo"
+            dcaeRegistrySynch=true
             shift
             ;;
         vescollector)
@@ -209,6 +231,26 @@
                         VARIABLES="$VARIABLES -v PACKET_GENERATOR_HOST:$1 -v pkg_host:$1"
                         shift
                         ;;
+       registrySynch)
+                        dcaeRegistrySynch=true
+                        echo $dcaeRegistrySynch
+                        shift
+                        echo $1
+                        if [ "$1" = "path"  ]; then
+                          shift
+                          customHelmChartsPath=$1
+                          shift
+                          customHelmChartsPref=$1
+                          shift
+                        elif [ "$1" = "repo"  ]; then
+                          shift
+                          customHelmChartFromLocalRepo=$1
+                          echo $customHelmChartFromLocalRepo
+                          shift
+                        else
+                          echo "demo-k8s.sh <namespace> registrySynch { repo  <chart name>  | path [ <path to helm charts> ] [ <chart prefix> ] }"
+                        fi
+                        ;;
         *)
             usage
             exit
@@ -218,6 +260,7 @@
 set -x
 
 POD=$(kubectl --namespace $NAMESPACE get pods | sed 's/ .*//'| grep robot)
+HELM_RELEASE=$(kubectl --namespace onap get pods | sed 's/ .*//' | grep robot | sed 's/-.*//')
 
 DIR=$(dirname "$0")
 SCRIPTDIR=scripts/demoscript
@@ -234,6 +277,29 @@
 OUTPUT_FOLDER=$(printf %04d $GLOBAL_BUILD_NUMBER)_demo_$key
 DISPLAY_NUM=$(($GLOBAL_BUILD_NUMBER + 90))
 
-VARIABLEFILES="-V /share/config/robot_properties.py"
+if [ $dcaeRegistrySynch ]; then
+   CURRENT_DIR=$PWD
+   PARENT_PATH=${0%/*}
+   cd $PARENT_PATH
+   cd ../contrib/tools
+   if [ -n "$customHelmChartsPath"  ]; then
+     ./registry-initialize.sh -d $customHelmChartsPath -n $NAMESPACE -r $HELM_RELEASE -p customHelmChartsPref
+   elif [ -n "$customHelmChartFromLocalRepo"  ]; then
+     ./registry-initialize.sh -h $customHelmChartFromLocalRepo -n $NAMESPACE -r $HELM_RELEASE
+   else
+     ./registry-initialize.sh -d ../../dcaegen2-services/charts/ -n $NAMESPACE -r $HELM_RELEASE
+     ./registry-initialize.sh -d ../../dcaegen2-services/charts/ -n $NAMESPACE -r $HELM_RELEASE -p common
+     ./registry-initialize.sh -h certInitializer -n $NAMESPACE -r $HELM_RELEASE
+     ./registry-initialize.sh -h repositoryGenerator -n $NAMESPACE -r $HELM_RELEASE
+     ./registry-initialize.sh -h readinessCheck -n $NAMESPACE -r $HELM_RELEASE
+     ./registry-initialize.sh -h dcaegen2-services-common -n $NAMESPACE -r $HELM_RELEASE
+     ./registry-initialize.sh -h postgres -n $NAMESPACE -r $HELM_RELEASE
+     ./registry-initialize.sh -h serviceAccount -n $NAMESPACE -r $HELM_RELEASE
+   fi
+   cd $CURRENT_DIR
+fi
 
-kubectl --namespace $NAMESPACE exec ${POD} -- ${ETEHOME}/runTags.sh ${VARIABLEFILES} ${VARIABLES} -d /share/logs/${OUTPUT_FOLDER} -i ${TAG} --display $DISPLAY_NUM 2> ${TAG}.out
+if [ -n "$TAG" ]; then
+  VARIABLEFILES="-V /share/config/robot_properties.py"
+  kubectl --namespace $NAMESPACE exec ${POD} -- ${ETEHOME}/runTags.sh ${VARIABLEFILES} ${VARIABLES} -d /share/logs/${OUTPUT_FOLDER} -i ${TAG} --display $DISPLAY_NUM 2> ${TAG}.out
+fi
\ No newline at end of file
diff --git a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py
index 5b51b70..9076a1f 100644
--- a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py
+++ b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py
@@ -230,6 +230,16 @@
 GLOBAL_DEPLOYMENT_HANDLER_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "deployment-handler") }}'
 GLOBAL_DEPLOYMENT_HANDLER_SERVER_PROTOCOL = "https"
 GLOBAL_DEPLOYMENT_HANDLER_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "deployment-handler" "port" 8443) }}'
+GLOBAL_K8S_CHART_REPOSTORY_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "chart-museum") }}'
+GLOBAL_K8S_CHART_REPOSTORY_SERVER_PROTOCOL = "http"
+GLOBAL_K8S_CHART_REPOSTORY_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "chart-museum" "port" 80) }}'
+GLOBAL_K8S_CHART_REPOSTORY_SERVER_USERNAME = '{{ .Values.k8sChartRepoUsername }}'
+GLOBAL_K8S_CHART_REPOSTORY_SERVER_PASSWORD = '{{ .Values.k8sChartRepoPassword }}'
+# consul info
+GLOBAL_CONSUL_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "consul-server-ui") }}'
+GLOBAL_CONSUL_SERVER_PROTOCOL = "http"
+GLOBAL_CONSUL_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "consul-server-ui" "port" 8500) }}'
+
 # dcae mod info
 GLOBAL_DCAEMOD_ONBOARDING_API_SERVER_PROTOCOL = "http"
 GLOBAL_DCAEMOD_ONBOARDING_API_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcaemod-onboarding-api" "port" 8080) }}'
diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml
index 087fc85..89d83c8 100644
--- a/kubernetes/robot/values.yaml
+++ b/kubernetes/robot/values.yaml
@@ -375,6 +375,10 @@
 oofHomingUsername: "admin1"
 oofHomingPassword: "plan.15"
 
+#K8S chart repository - ChartMuseum
+k8sChartRepoUsername: "onapinitializer"
+k8sChartRepoPassword: "demo123456!"
+
 
 # default number of instances
 replicaCount: 1
diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.failover b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.failover
index d9133e8..1a74c1e 100755
--- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.failover
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.failover
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 {{/*
 
 # Copyright © 2018 Amdocs
@@ -30,7 +30,7 @@
 APP_BIN=/app/bin
 
 debugLog(){
-  if [ "$enableDebugLogging" == true ]; then
+  if [ "$enableDebugLogging" = true ]; then
      if [ $# -eq 0 ]; then
        echo "" >> $LOGFILE
      else
@@ -41,7 +41,7 @@
 
 EXC_SIMPLE_FAILOVER=`${APP_BIN}/switchVoting.sh`
 
-if [ "$EXC_SIMPLE_FAILOVER" == "success" ]; then
+if [ "$EXC_SIMPLE_FAILOVER" = "success" ]; then
    debugLog "Simple failover success. SDNC failover completed."
 else
    # Simple failover failed. Trying catastrophic failover ...
diff --git a/tox.ini b/tox.ini
index bbd00f8..6388e88 100644
--- a/tox.ini
+++ b/tox.ini
@@ -57,14 +57,17 @@
 
 [testenv:checkbashisms]
 deps =
-whitelist_externals = sh
-                      find
-                      checkbashisms
+whitelist_externals =
+    {toxinidir}/.ci/check-bashisms.sh
 commands =
-    sh -c 'which checkbashisms>/dev/null  || sudo yum install devscripts-minimal || sudo apt-get install devscripts \
-        || (echo "checkbashisms command not found - please install it (e.g. sudo apt-get install devscripts | \
-        yum install devscripts-minimal )" >&2 && exit 1)'
-    find . -not -path '*/\.*' -name *.sh -exec checkbashisms \{\} +
+    {toxinidir}/.ci/check-bashisms.sh
+
+[testenv:shellcheck]
+basepython = python3
+deps = shellcheck-py
+whitelist_externals = find
+commands =
+    find . -not -path '*/\.*' -name *.sh -exec shellcheck \{\} +
 
 [testenv:autopep8]
 deps =
@@ -109,3 +112,9 @@
     # As a result, the line above is always skipped in jenkins CI since there cannot be a .git/COMMIT_EDITMSG file.
     # A dedicated gitlint profile for CI is proposed above. Also to behave fine locally, this profile must have access
     # to the HOME variable so that Gitlint can retrieve Git user settings.
+
+[testenv:pre-commit-autoupdate]
+basepython = python3
+deps = pre-commit
+commands =
+    pre-commit autoupdate