Merge "Add schemaIngest properties resource to aai-gizmo"
diff --git a/.gitreview b/.gitreview
index eabfdc6..8f5c6a0 100644
--- a/.gitreview
+++ b/.gitreview
@@ -2,4 +2,4 @@
 host=gerrit.onap.org
 port=29418
 project=oom
-defaultbranch=master
+defaultbranch=beijing
diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst
index eb5d373..9672a0e 100644
--- a/docs/oom_quickstart_guide.rst
+++ b/docs/oom_quickstart_guide.rst
@@ -16,7 +16,7 @@
 
 **Step 1.** Clone the OOM repository from ONAP gerrit::
 
-  > git clone http://gerrit.onap.org/r/oom
+  > git clone -b beijing http://gerrit.onap.org/r/oom
   > cd oom/kubernetes
 
 
diff --git a/docs/oom_user_guide.rst b/docs/oom_user_guide.rst
index e63120f..f79de59 100644
--- a/docs/oom_user_guide.rst
+++ b/docs/oom_user_guide.rst
@@ -108,7 +108,7 @@
 
 To prepare your system for an installation of ONAP, you'll need to::
 
-  > git clone http://gerrit.onap.org/r/oom
+  > git clone -b beijing http://gerrit.onap.org/r/oom
   > cd oom/kubernetes
 
 
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index 57a1fab..3cb547c 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -19,7 +19,7 @@
 * [`OOM-6 <https://jira.onap.org/browse/OOM-6>`_] - Automated platform deployment on Docker/Kubernetes
 * [`OOM-7 <https://jira.onap.org/browse/OOM-7>`_] - Platform monitoring and auto-healing
 * [`OOM-8 <https://jira.onap.org/browse/OOM-8>`_] - Automated platform scalability
-* [`OOM-9 <https://jira.onap.org/browse/OOM-9>`_] - Platform upgradability&rollbacks
+* [`OOM-9 <https://jira.onap.org/browse/OOM-9>`_] - Platform upgradability & rollbacks
 * [`OOM-10 <https://jira.onap.org/browse/OOM-10>`_] - Platform configuration management
 * [`OOM-46 <https://jira.onap.org/browse/OOM-46>`_] - Platform infrastructure deployment with TOSCA
 * [`OOM-109 <https://jira.onap.org/browse/OOM-109>`_] - Platform Centralized Logging
@@ -181,7 +181,6 @@
 * [`OOM-624 <https://jira.onap.org/browse/OOM-624>`_] - CII security badging: cleartext password for keystone and docker repo creds
 * [`OOM-726 <https://jira.onap.org/browse/OOM-726>`_] - Mirror AAI docker version changes into OOM from AAI-791
 * [`OOM-772 <https://jira.onap.org/browse/OOM-772>`_] - Remove old DCAE from Release
-* [`OOM-793 <https://jira.onap.org/browse/OOM-793>`_] - Document OOM-722 health/ete script changes for onap-discuss/wiki/rtd/integration team
 * [`OOM-801 <https://jira.onap.org/browse/OOM-801>`_] - Policy docker images rename - key off new name in POLICY-674
 * [`OOM-810 <https://jira.onap.org/browse/OOM-810>`_] - Improve emsdriver code
 * [`OOM-819 <https://jira.onap.org/browse/OOM-819>`_] - expose log/logstash 5044 as nodeport for external log producers outside of the kubernetes cluster
@@ -191,6 +190,7 @@
 * [`OOM-975 <https://jira.onap.org/browse/OOM-975>`_] - Notes are missing in multicloud
 * [`OOM-1031 <https://jira.onap.org/browse/OOM-1031>`_] - Config Changes for consul to make vid, so, log health checks pass
 * [`OOM-1032 <https://jira.onap.org/browse/OOM-1032>`_] - Making consul Stateful
+* [`OOM-1122 <https://jira.onap.org/browse/OOM-1122>`_] - Update APPC OOM chart to use Beijing release artifacts
 
 Bug
 ***
@@ -268,7 +268,7 @@
 * [`OOM-874 <https://jira.onap.org/browse/OOM-874>`_] - Inconsistent repository references in ONAP charts
 * [`OOM-875 <https://jira.onap.org/browse/OOM-875>`_] - Cannot retrieve robot logs
 * [`OOM-876 <https://jira.onap.org/browse/OOM-876>`_] - Some containers ignore the repository setting
-* [`OOM-878 <https://jira.onap.org/browse/OOM-878>`_] - MySQL slave nodes don't deploy when mysql.replicaCount>1
+* [`OOM-878 <https://jira.onap.org/browse/OOM-878>`_] - MySQL slave nodes don't deploy when mysql.replicaCount > 1
 * [`OOM-881 <https://jira.onap.org/browse/OOM-881>`_] - SDN-C Portal pod fails to come up
 * [`OOM-882 <https://jira.onap.org/browse/OOM-882>`_] - Some SDNC service names should be prefixed with the helm release name
 * [`OOM-884 <https://jira.onap.org/browse/OOM-884>`_] - VID-VID mariadb pv is pointing to a wrong location
@@ -313,7 +313,6 @@
 * [`OOM-964 <https://jira.onap.org/browse/OOM-964>`_] - SDC Healthcheck failure on sdc-be and sdc-kb containers down
 * [`OOM-968 <https://jira.onap.org/browse/OOM-968>`_] - warning on default deployment values.yaml
 * [`OOM-969 <https://jira.onap.org/browse/OOM-969>`_] - oomk8s images have no Dockerfile's
-* [`OOM-970 <https://jira.onap.org/browse/OOM-970>`_] - Can't configure mysql password for sdnctl user
 * [`OOM-971 <https://jira.onap.org/browse/OOM-971>`_] - Common service name template should allow for chart name override
 * [`OOM-974 <https://jira.onap.org/browse/OOM-974>`_] - Cassandra bootstrap is done incorrectly
 * [`OOM-977 <https://jira.onap.org/browse/OOM-977>`_] - The esr-gui annotations should include a "path" param when register to MSB
@@ -347,7 +346,6 @@
 * [`OOM-1039 <https://jira.onap.org/browse/OOM-1039>`_] - Service distribution to SO fails
 * [`OOM-1041 <https://jira.onap.org/browse/OOM-1041>`_] - aai-service was renamed, but old references remain
 * [`OOM-1042 <https://jira.onap.org/browse/OOM-1042>`_] - portalapps service was renamed, but old references remain
-* [`OOM-1044 <https://jira.onap.org/browse/OOM-1044>`_] - Fix image/table warning during deploy - since helm install switch a month ago - non-affecting - but check the yaml
 * [`OOM-1045 <https://jira.onap.org/browse/OOM-1045>`_] - top level values.yaml missing entry for dmaap chart
 * [`OOM-1049 <https://jira.onap.org/browse/OOM-1049>`_] - SDNC_UEB_LISTENER db
 * [`OOM-1050 <https://jira.onap.org/browse/OOM-1050>`_] - Impossible to deploy consul using cache docker registry
@@ -359,12 +357,33 @@
 * [`OOM-1064 <https://jira.onap.org/browse/OOM-1064>`_] - Improve docker registry secret management
 * [`OOM-1066 <https://jira.onap.org/browse/OOM-1066>`_] - Updating TOSCA blueprint to sync up with helm configuration changes (add dmaap and oof/delete message-router)
 * [`OOM-1068 <https://jira.onap.org/browse/OOM-1068>`_] - Update SO with new AAI cert
-* [`OOM-1070 <https://jira.onap.org/browse/OOM-1070>`_] - SO logs partially going to /var/log/ecomp/MSO
 * [`OOM-1076 <https://jira.onap.org/browse/OOM-1076>`_] - some charts still using readiness check image from amsterdam 1.x
 * [`OOM-1077 <https://jira.onap.org/browse/OOM-1077>`_] - AAI resources and traversal deployment failure on non-rancher envs
 * [`OOM-1079 <https://jira.onap.org/browse/OOM-1079>`_] - Robot charts dont allow over ride of pub_key, dcae_collector_ip and dcae_collector_port
-* [`OOM-1081 <https://jira.onap.org/browse/OOM-1081>`_] - Remove component'mock'from TOSCA deployment
+* [`OOM-1081 <https://jira.onap.org/browse/OOM-1081>`_] - Remove component 'mock' from TOSCA deployment
 * [`OOM-1082 <https://jira.onap.org/browse/OOM-1082>`_] - Wrong pv location of dcae postgres
+* [`OOM-1085 <https://jira.onap.org/browse/OOM-1085>`_] - appc hostname is incorrect in url
+* [`OOM-1086 <https://jira.onap.org/browse/OOM-1086>`_] - clamp deployment changes /dockerdata-nfs/ReleaseName dir permissions
+* [`OOM-1088 <https://jira.onap.org/browse/OOM-1088>`_] - APPC returns error for vCPE restart message from Policy
+* [`OOM-1089 <https://jira.onap.org/browse/OOM-1089>`_] - DCAE pods are not getting purged
+* [`OOM-1093 <https://jira.onap.org/browse/OOM-1093>`_] - Line wrapping issue in redis-cluster-config.sh script
+* [`OOM-1094 <https://jira.onap.org/browse/OOM-1094>`_] - Fix postgres startup
+* [`OOM-1095 <https://jira.onap.org/browse/OOM-1095>`_] - common makefile builds out of order
+* [`OOM-1096 <https://jira.onap.org/browse/OOM-1096>`_] - node port conflict SDNC (Geo enabled) & other charts
+* [`OOM-1097 <https://jira.onap.org/browse/OOM-1097>`_] - Nbi needs dep-nbi - crash on make all
+* [`OOM-1099 <https://jira.onap.org/browse/OOM-1099>`_] - Add External Interface NBI project into OOM TOSCA
+* [`OOM-1102 <https://jira.onap.org/browse/OOM-1102>`_] - Incorrect AAI services
+* [`OOM-1103 <https://jira.onap.org/browse/OOM-1103>`_] - Cannot disable NBI
+* [`OOM-1104 <https://jira.onap.org/browse/OOM-1104>`_] - Policy DROOLS configuration across container restarts
+* [`OOM-1110 <https://jira.onap.org/browse/OOM-1110>`_] - Clamp issue when connecting Policy
+* [`OOM-1111 <https://jira.onap.org/browse/OOM-1111>`_] - Please revert to using VNFSDK Postgres container
+* [`OOM-1114 <https://jira.onap.org/browse/OOM-1114>`_] - APPC is broken in latest helm chart
+* [`OOM-1115 <https://jira.onap.org/browse/OOM-1115>`_] - SDNC DGBuilder cant operate on DGs in database - need NodePort
+* [`OOM-1116 <https://jira.onap.org/browse/OOM-1116>`_] - Correct values needed by NBI chart
+* [`OOM-1124 <https://jira.onap.org/browse/OOM-1124>`_] - Update OOM APPC chart to enhance AAF support
+* [`OOM-1126 <https://jira.onap.org/browse/OOM-1126>`_] - Incorrect Port mapping between CDT Application and APPC main application
+* [`OOM-1127 <https://jira.onap.org/browse/OOM-1127>`_] - SO fails healthcheck
+* [`OOM-1128 <https://jira.onap.org/browse/OOM-1128>`_] - AAF CS fails to start in OpenLab
 
 Sub-task
 ********
@@ -377,12 +396,10 @@
 * [`OOM-655 <https://jira.onap.org/browse/OOM-655>`_] - Create alternate prepull script which provides more user feedback and logging
 * [`OOM-753 <https://jira.onap.org/browse/OOM-753>`_] - Create Helm Sub-Chart for SO's embedded mariadb
 * [`OOM-754 <https://jira.onap.org/browse/OOM-754>`_] - Create Helm Chart for SO
-* [`OOM-763 <https://jira.onap.org/browse/OOM-763>`_] - Work with Robot team to minimize/optimize configuration requirements
 * [`OOM-774 <https://jira.onap.org/browse/OOM-774>`_] - Create Helm Sub-Chart for APPC's embedded mySQL database
 * [`OOM-775 <https://jira.onap.org/browse/OOM-775>`_] - Create Helm Chart for APPC
 * [`OOM-778 <https://jira.onap.org/browse/OOM-778>`_] - Replace NFS Provisioner with configurable PV storage solution
 * [`OOM-825 <https://jira.onap.org/browse/OOM-825>`_] - Apache 2 License updation for All sqls and .js file
-* [`OOM-833 <https://jira.onap.org/browse/OOM-833>`_] - Apache 2 license addition for all configuration
 * [`OOM-849 <https://jira.onap.org/browse/OOM-849>`_] - Policy Nexus component needs persistent volume for /sonatype-work
 * [`OOM-991 <https://jira.onap.org/browse/OOM-991>`_] - Adjust SDC-BE init job timing from 10 to 30s to avoid restarts on single node systems
 * [`OOM-1036 <https://jira.onap.org/browse/OOM-1036>`_] - update helm from 2.7.2 to 2.8.2 wiki/rtd
diff --git a/kubernetes/aaf/values.yaml b/kubernetes/aaf/values.yaml
index 19250d8..9a51839 100644
--- a/kubernetes/aaf/values.yaml
+++ b/kubernetes/aaf/values.yaml
@@ -38,7 +38,7 @@
   csServiceName: aaf-cass
   # gerrit branch where the latest aaf/auth/sample/public code exists
   gerritProject: http://gerrit.onap.org/r/aaf/authz.git
-  gerritBranch: master
+  gerritBranch: 2.0.0-ONAP
 
 # default number of instances
 replicaCount: 1
diff --git a/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml
index c1b2c3c..b459646 100644
--- a/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml
+++ b/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml
@@ -46,7 +46,7 @@
         - name: KEYSTORE_PASSWORD
           value: {{ .Values.config.keyStorePassword }}
         - name: SPARKY_SSL_ENABLED
-          value: 'true'
+          value: 'false'
         - name: SPARKY_PORTAL_ENABLED
           value: 'false'
         volumeMounts:
@@ -83,13 +83,13 @@
         {{- if eq .Values.liveness.enabled true }}
         livenessProbe:
           tcpSocket:
-            port: {{ .Values.service.internalPort2 }}
+            port: {{ .Values.service.internalPort }}
           initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
           periodSeconds: {{ .Values.liveness.periodSeconds }}
         {{ end -}}
         readinessProbe:
           tcpSocket:
-            port: {{ .Values.service.internalPort2 }}
+            port: {{ .Values.service.internalPort }}
           initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
           periodSeconds: {{ .Values.readiness.periodSeconds }}
         resources:
diff --git a/kubernetes/aai/charts/aai-sparky-be/templates/service.yaml b/kubernetes/aai/charts/aai-sparky-be/templates/service.yaml
index e342a9a..385cdea 100644
--- a/kubernetes/aai/charts/aai-sparky-be/templates/service.yaml
+++ b/kubernetes/aai/charts/aai-sparky-be/templates/service.yaml
@@ -21,5 +21,4 @@
   {{- end}}
   selector:
     app: {{ include "common.name" . }}
-    release: {{ .Release.Name }}
-  clusterIP: None
+    release: {{ .Release.Name }}
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-sparky-be/values.yaml b/kubernetes/aai/charts/aai-sparky-be/values.yaml
index c87ec5b..65aa79a 100644
--- a/kubernetes/aai/charts/aai-sparky-be/values.yaml
+++ b/kubernetes/aai/charts/aai-sparky-be/values.yaml
@@ -25,7 +25,7 @@
   elasticsearchHttpPort: 9200
   keyStorePassword: OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o
   keystoreAliasPassword: OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o
-  gerritBranch: master
+  gerritBranch: 2.0.0-ONAP
   gerritProject: http://gerrit.onap.org/r/aai/test-config
   portalUsername: aaiui
   portalPassword: 1t2v1vfv1unz1vgz1t3b
@@ -61,9 +61,10 @@
   periodSeconds: 10
 
 service:
-  type: ClusterIP
+  type: NodePort
   portName: aai-sparky-be
   internalPort: 9517
+  nodePort: 20
   internalPort2: 8000
 
 ingress:
diff --git a/kubernetes/aai/resources/config/haproxy/haproxy.cfg b/kubernetes/aai/resources/config/haproxy/haproxy.cfg
index b9721ae..e90f737 100644
--- a/kubernetes/aai/resources/config/haproxy/haproxy.cfg
+++ b/kubernetes/aai/resources/config/haproxy/haproxy.cfg
@@ -22,6 +22,9 @@
         log     global
         mode    http
         option  httplog
+        option  ssl-hello-chk
+        option  httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ QUFJOkFBSQ==
+        default-server init-addr none
 #       option  dontlognull
 #       errorfile 400 /etc/haproxy/errors/400.http
 #       errorfile 403 /etc/haproxy/errors/403.http
@@ -95,7 +98,8 @@
         balance roundrobin
         http-request set-header X-Forwarded-Port %[src_port]
         http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
-        server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}:8447  port 8447 ssl verify none
+        server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
+
 
 #######################
 # BACKEND 8446#########
@@ -105,7 +109,7 @@
         balance roundrobin
         http-request set-header X-Forwarded-Port %[src_port]
         http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
-        server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}:8446  port 8446 ssl verify none
+        server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
 
 listen IST_AAI_STATS
         mode http
diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml
index 017d0c2..b07048e 100644
--- a/kubernetes/aai/values.yaml
+++ b/kubernetes/aai/values.yaml
@@ -56,7 +56,7 @@
 
 # application image
 dockerhubRepository: registry.hub.docker.com
-image: aaionap/haproxy:1.2.3
+image: aaionap/haproxy:1.2.4
 pullPolicy: Always
 
 # flag to enable debugging - application support required
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh
new file mode 100755
index 0000000..544358c
--- /dev/null
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh
@@ -0,0 +1,15 @@
+#!/bin/bash -x
+
+startODL_status=$(ps -e | grep startODL | wc -l)
+waiting_bundles=$(/opt/opendaylight/current/bin/client bundle:list | grep Waiting | wc -l)
+run_level=$(/opt/opendaylight/current/bin/client system:start-level)
+
+  if [ "$run_level" == "Level 100" ] && [ "$startODL_status" -lt "1" ] && [ "$waiting_bundles" -lt "1" ]
+  then
+    echo APPC is healthy.
+  else
+    echo APPC is not healthy.
+    exit 1
+  fi
+
+exit 0
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
index a990739..18a2783 100755
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
@@ -55,6 +55,9 @@
 SLEEP_TIME=${SLEEP_TIME:-120}
 MYSQL_PASSWD=${MYSQL_PASSWD:-{{.Values.config.dbRootPassword}}}
 ENABLE_ODL_CLUSTER=${ENABLE_ODL_CLUSTER:-false}
+ENABLE_AAF=${ENABLE_AAF:-false}
+AAF_EXT_IP=${AAF_EXT_IP:-{{.Values.config.aafExtIP}}}
+AAF_EXT_FQDN=${AAF_EXT_FQDN:-{{.Values.config.aafExtFQDN}}}
 
 appcInstallStartTime=$(date +%s)
 
@@ -143,8 +146,13 @@
         echo "" >> ${ODL_HOME}/etc/system.properties
 
         echo "Copying the aaa shiro configuration into opendaylight"
-        cp ${APPC_HOME}/data/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml
-
+        if $ENABLE_AAF
+        then
+             echo "${AAF_EXT_IP} ${AAF_EXT_FQDN}" >> /etc/hosts
+             cp ${APPC_HOME}/data/properties/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml
+        else
+             cp ${APPC_HOME}/data/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml
+        fi
 
         echo "Restarting OpenDaylight"
         ${ODL_HOME}/bin/stop
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaa-app-config.xml b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaa-app-config.xml
new file mode 100644
index 0000000..31bc4e3
--- /dev/null
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaa-app-config.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" ?>
+<!--
+###
+# ============LICENSE_START=======================================================
+# APPC
+# ================================================================================
+# Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+ -->
+
+<shiro-configuration xmlns="urn:opendaylight:aaa:app:config">
+
+    <!--
+      ================================= TokenAuthRealm ==================================
+      =                                                                                 =
+      = Use org.onap.aaf.cadi.shiro.AAFRealm to enable AAF authentication               =
+      = Use org.opendaylight.aaa.shiro.realm.TokenAuthRealm                             =
+      ===================================================================================
+    -->
+    <main>
+        <pair-key>tokenAuthRealm</pair-key>
+<!--        <pair-value>org.opendaylight.aaa.shiro.realm.TokenAuthRealm</pair-value> -->
+        <pair-value>org.onap.aaf.cadi.shiro.AAFRealm</pair-value>
+    </main>
+
+
+    <!-- add tokenAuthRealm as the only default realm -->
+    <main>
+        <pair-key>securityManager.realms</pair-key>
+        <pair-value>$tokenAuthRealm</pair-value>
+    </main>
+
+    <!-- Used to support OAuth2 use case. -->
+    <main>
+        <pair-key>authcBasic</pair-key>
+        <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter</pair-value>
+    </main>
+
+    <!-- in order to track AAA challenge attempts -->
+    <main>
+        <pair-key>accountingListener</pair-key>
+        <pair-value>org.opendaylight.aaa.shiro.filters.AuthenticationListener</pair-value>
+    </main>
+    <main>
+        <pair-key>securityManager.authenticator.authenticationListeners</pair-key>
+        <pair-value>$accountingListener</pair-value>
+    </main>
+
+    <!-- Model based authorization scheme supporting RBAC for REST endpoints -->
+    <main>
+        <pair-key>dynamicAuthorization</pair-key>
+        <pair-value>org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter</pair-value>
+    </main>
+
+
+    <!--
+      ===================================================================================
+      =                                      URLS                                       =
+      = For AAF use <pair-value> authcBasic, roles[org.onap.appc.odl|odl-api\*]         =
+      = org.onap.appc.odl|odl-api|* can be replaced with other AAF permissions          =
+      = For default <pair-value> authcBasic, roles[admin]                               =
+      ===================================================================================
+    -->
+
+    <!-- restrict access to some endpoints by default -->
+    <urls>
+        <pair-key>/auth/**</pair-key>
+<!--        <pair-value>authcBasic, roles[admin], dynamicAuthorization</pair-value> -->
+        <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value>
+    </urls>
+    <urls>
+        <pair-key>/restconf/config/aaa-cert-mdsal**</pair-key>
+<!--        <pair-value>authcBasic, roles[admin]</pair-value> -->
+        <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value>
+    </urls>
+    <urls>
+        <pair-key>/restconf/operational/aaa-cert-mdsal**</pair-key>
+<!--        <pair-value>authcBasic, roles[admin]</pair-value> -->
+        <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value>
+    </urls>
+    <urls>
+        <pair-key>/restconf/operations/aaa-cert-rpc**</pair-key>
+<!--        <pair-value>authcBasic, roles[admin]</pair-value> -->
+        <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value>
+    </urls>
+    <urls>
+        <pair-key>/restconf/config/aaa-authn-model**</pair-key>
+<!--        <pair-value>authcBasic, roles[admin]</pair-value> -->
+        <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value>
+    </urls>
+    <urls>
+        <pair-key>/restconf/operational/aaa-authn-model**</pair-key>
+<!--        <pair-value>authcBasic, roles[admin]</pair-value> -->
+        <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value>
+    </urls>
+    <urls>
+        <pair-key>/restconf/operations/cluster-admin**</pair-key>
+<!--        <pair-value>authcBasic, roles[admin]</pair-value> -->
+        <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value>
+    </urls>
+    <urls>
+        <pair-key>/**</pair-key>
+<!--        <pair-value>authcBasic, roles[admin]</pair-value> -->
+        <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value>
+    </urls>
+</shiro-configuration>
+
diff --git a/kubernetes/appc/templates/statefulset.yaml b/kubernetes/appc/templates/statefulset.yaml
index d2da2ec..791d933 100644
--- a/kubernetes/appc/templates/statefulset.yaml
+++ b/kubernetes/appc/templates/statefulset.yaml
@@ -45,8 +45,9 @@
           - containerPort: {{ .Values.service.internalPort }}
           - containerPort: {{ .Values.service.externalPort2 }}
           readinessProbe:
-            tcpSocket:
-              port: {{ .Values.service.internalPort }}
+            exec:
+              command:
+              - /opt/appc/bin/health_check.sh
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           env:
@@ -61,6 +62,8 @@
               value: "{{ .Values.config.configDir }}"
             - name: DMAAP_TOPIC_ENV
               value: "{{ .Values.config.dmaapTopic }}"
+            - name: ENABLE_AAF
+              value: "{{ .Values.config.enableAAF }}"
             - name: ENABLE_ODL_CLUSTER
               value: "{{ .Values.config.enableClustering }}"
             - name: APPC_REPLICAS
@@ -81,6 +84,9 @@
           - mountPath: /opt/onap/appc/data/properties/aaiclient.properties
             name: onap-appc-data-properties
             subPath: aaiclient.properties
+          - mountPath: /opt/onap/appc/data/properties/aaa-app-config.xml
+            name: onap-appc-data-properties
+            subPath: aaa-app-config.xml
           - mountPath: /opt/onap/appc/svclogic/config/svclogic.properties
             name: onap-appc-svclogic-config
             subPath: svclogic.properties
@@ -93,6 +99,9 @@
           - mountPath: /opt/onap/appc/bin/installAppcDb.sh
             name: onap-appc-bin
             subPath: installAppcDb.sh
+          - mountPath: /opt/onap/appc/bin/health_check.sh
+            name: onap-appc-bin
+            subPath: health_check.sh
           - mountPath: /opt/onap/ccsdk/data/properties/dblib.properties
             name: onap-sdnc-data-properties
             subPath: dblib.properties
diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml
index 4b47c63..1c20977 100644
--- a/kubernetes/appc/values.yaml
+++ b/kubernetes/appc/values.yaml
@@ -29,7 +29,7 @@
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/appc-image:1.3.0
+image: onap/appc-image:1.4.0-SNAPSHOT-latest
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -37,7 +37,10 @@
 
 # application configuration
 config:
+  aafExtIP: 127.0.0.1
+  aafExtFQDN: aaf-onap-beijing-test.osaaf.org
   dbRootPassword: openECOMP1.0
+  enableAAF: false
   enableClustering: true
   configDir: /opt/onap/appc/data/properties
   dmaapTopic: SUCCESS
diff --git a/kubernetes/common/dgbuilder/resources/config/svclogic.properties b/kubernetes/common/dgbuilder/resources/config/svclogic.properties
index dc3980d..82eeec5 100644
--- a/kubernetes/common/dgbuilder/resources/config/svclogic.properties
+++ b/kubernetes/common/dgbuilder/resources/config/svclogic.properties
@@ -2,4 +2,4 @@
 org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/sdnctl
 org.onap.ccsdk.sli.jdbc.database=sdnctl
 org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password=gamma
+org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}}
diff --git a/kubernetes/common/dgbuilder/resources/scripts/createReleaseDir.sh b/kubernetes/common/dgbuilder/resources/scripts/createReleaseDir.sh
index 76d1770..961792b 100755
--- a/kubernetes/common/dgbuilder/resources/scripts/createReleaseDir.sh
+++ b/kubernetes/common/dgbuilder/resources/scripts/createReleaseDir.sh
@@ -19,7 +19,7 @@
 dbPort="3306"
 dbName="sdnctl"
 dbUser="sdnctl"
-dbPassword="gamma"
+dbPassword="{{.Values.config.dbSdnctlPassword}}"
 gitLocalRepository="$4"
 
 lastPort=$(find "releases/" -name "customSettings.js" |xargs grep uiPort|cut -d: -f2|sed -e s/,//|sort|tail -1)
@@ -99,7 +99,7 @@
 	echo "org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{.Release.Namespace}}:3306/sdnctl" >>$svclogicPropFile
 	echo "org.onap.ccsdk.sli.jdbc.database=sdnctl" >>$svclogicPropFile
 	echo "org.onap.ccsdk.sli.jdbc.user=sdnctl" >>$svclogicPropFile
-	echo "org.onap.ccsdk.sli.jdbc.password=gamma" >>$svclogicPropFile
+	echo "org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}}" >>$svclogicPropFile
 fi
 if [ ! -e "${appDir}/flowShareUsers.js" ]
 then
diff --git a/kubernetes/common/dgbuilder/resources/scripts/customSettings.js b/kubernetes/common/dgbuilder/resources/scripts/customSettings.js
index 22810ba..e3349b9 100644
--- a/kubernetes/common/dgbuilder/resources/scripts/customSettings.js
+++ b/kubernetes/common/dgbuilder/resources/scripts/customSettings.js
@@ -27,25 +27,25 @@
     "userDir": "releases/sdnc1.0",
     "httpAuth": {
         "user": "dguser",
-        "pass": "cc03e747a6afbbcbf8be7668acfebee5"
+        "pass": "{{.Values.config.dgUserPassword}}"
     },
     "dbHost": "{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}",
     "dbPort": "3306",
     "dbName": "sdnctl",
     "dbUser": "sdnctl",
-    "dbPassword": "gamma",
+    "dbPassword": "{{.Values.config.dbSdnctlPassword}}",
     "gitLocalRepository": "",
     "httpRoot": "/",
     "disableEditor": false,
     "httpAdminRoot": "/",
     "httpAdminAuth": {
         "user": "dguser",
-        "pass": "cc03e747a6afbbcbf8be7668acfebee5"
+        "pass": "{{.Values.config.dgUserPassword}}"
     },
     "httpNodeRoot": "/",
     "httpNodeAuth": {
         "user": "dguser",
-        "pass": "cc03e747a6afbbcbf8be7668acfebee5"
+        "pass": "{{.Values.config.dgUserPassword}}"
     },
     "uiHost": "0.0.0.0",
     "version": "0.9.1",
diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml
index e2d0c10..759b940 100644
--- a/kubernetes/common/dgbuilder/values.yaml
+++ b/kubernetes/common/dgbuilder/values.yaml
@@ -42,9 +42,11 @@
 # application configuration
 config:
   dbRootPassword: openECOMP1.0
+  dbSdnctlPassword: gamma
   dbPodName: mysql-db
   dbServiceName: sdnc-dbhost
-
+  # MD5 hash of dguser password ( default: test123 )
+  dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5
 
 # default number of instances
 replicaCount: 1
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/values.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/values.yaml
index d6a8c2c..b2b454d 100644
--- a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/values.yaml
+++ b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/values.yaml
@@ -43,7 +43,7 @@
 # application configuration
 config:
   # gerrit branch where the latest code is checked in
-  gerritBranch: master
+  gerritBranch: 2.0.0-ONAP
   # gerrit project where the latest code is checked in
   gerritProject: http://gerrit.onap.org/r/dmaap/messagerouter/messageservice.git
 
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/values.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/values.yaml
index a71b14a..3810cdf 100644
--- a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/values.yaml
+++ b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/values.yaml
@@ -39,7 +39,7 @@
 # application configuration
 config:
   # gerrit branch where the latest code is checked in
-  gerritBranch: master
+  gerritBranch: 2.0.0-ONAP
   # gerrit project where the latest code is checked in
   gerritProject: http://gerrit.onap.org/r/dmaap/messagerouter/messageservice.git
 
diff --git a/kubernetes/policy/charts/drools/charts/nexus/values.yaml b/kubernetes/policy/charts/drools/charts/nexus/values.yaml
index 03a03cc..add7a7c 100644
--- a/kubernetes/policy/charts/drools/charts/nexus/values.yaml
+++ b/kubernetes/policy/charts/drools/charts/nexus/values.yaml
@@ -46,14 +46,14 @@
 
 # probe configuration parameters
 liveness:
-  initialDelaySeconds: 10
+  initialDelaySeconds: 180
   periodSeconds: 10
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
   enabled: true
 
 readiness:
-  initialDelaySeconds: 10
+  initialDelaySeconds: 60
   periodSeconds: 10
   path: /nexus/service/local/status
 
diff --git a/kubernetes/policy/charts/mariadb/values.yaml b/kubernetes/policy/charts/mariadb/values.yaml
index 7703234..a3dd767 100644
--- a/kubernetes/policy/charts/mariadb/values.yaml
+++ b/kubernetes/policy/charts/mariadb/values.yaml
@@ -45,14 +45,14 @@
 
 # probe configuration parameters
 liveness:
-  initialDelaySeconds: 10
+  initialDelaySeconds: 120
   periodSeconds: 10
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
   enabled: true
 
 readiness:
-  initialDelaySeconds: 10
+  initialDelaySeconds: 120
   periodSeconds: 10
 
 ## Persist data to a persitent volume
diff --git a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml
index f242c41..5500163 100644
--- a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml
+++ b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml
@@ -33,21 +33,16 @@
   limitations under the License.
 
   ============LICENSE_END============================================
-
-  ECOMP is a trademark and service mark of AT&T Intellectual Property.
   -->
 
 <!DOCTYPE xml>
 <configuration scan="true" scanPeriod="3 seconds" debug="true">
-	<!-- Log-back files for the ECOMP Portal are created in directory
-		${catalina.base}/logs/${componentName}; e.g., apache-tomcat-8.0.35/logs/onapportal/application.log -->
-	<!--<jmxConfigurator /> -->
 
 	<!-- specify the component name -->
 	<property name="componentName" value="onapportal"></property>
 
 	<!-- specify the base path of the log directory -->
-	<property name="logDirPrefix" value="${catalina.base}/logs"></property>
+	<property name="logDirPrefix" value="/var/log/onap"></property>
 
 	<!-- The directories where logs are written -->
 	<property name="logDirectory" value="${logDirPrefix}/${componentName}" />
diff --git a/kubernetes/portal/charts/portal-mariadb/values.yaml b/kubernetes/portal/charts/portal-mariadb/values.yaml
index 49fc36f..fe41734 100644
--- a/kubernetes/portal/charts/portal-mariadb/values.yaml
+++ b/kubernetes/portal/charts/portal-mariadb/values.yaml
@@ -48,7 +48,7 @@
   # application's front end hostname.  Must be resolvable on the client side environment
   vidHostName: "vid.api.simpledemo.onap.org"
   # aai sparky ui assignment for port 8080
-  aaiSparkyPort: "" # TODO: populate with
+  aaiSparkyPort: "30220"
   # application's front end hostname.  Must be resolvable on the client side environment
   aaiSparkyHostName: "aai.api.sparky.simpledemo.onap.org"
   # cli ui  assignment for port 8080
diff --git a/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml b/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml
index 864a8b9..d1465c5 100644
--- a/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml
+++ b/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml
@@ -34,19 +34,13 @@
 
   ============LICENSE_END============================================
 
-  ECOMP is a trademark and service mark of AT&T Intellectual Property.
   -->
 <configuration scan="true" scanPeriod="3 seconds" debug="true">
-  <!--
-  Logback files for the ONAP Portal SDK Application
-  are created in directory ${catalina.base}/logs/${componentName}
-  e.g., apache-tomcat-8.0.35/logs/onapsdk/application.log
-  -->
   <!--<jmxConfigurator /> -->
   <!--  specify the component name -->
   <property name="componentName" value="onapsdk"></property>
   <!--  specify the base path of the log directory -->
-  <property name="logDirPrefix" value="${catalina.base}/logs"></property>
+  <property name="logDirPrefix" value="/var/log/onap"></property>
   <!-- The directories where logs are written -->
   <property name="logDirectory" value="${logDirPrefix}/${componentName}" />
   <!-- Can easily relocate debug logs by modifying this path. -->
@@ -223,4 +217,4 @@
   <root level="DEBUG">
     <appender-ref ref="asyncEELF" />
   </root>
-</configuration>
\ No newline at end of file
+</configuration>
diff --git a/kubernetes/portal/docker/init/mariadb-client/Dockerfile b/kubernetes/portal/docker/init/mariadb-client/Dockerfile
index 009f2fa..e64b1e2 100644
--- a/kubernetes/portal/docker/init/mariadb-client/Dockerfile
+++ b/kubernetes/portal/docker/init/mariadb-client/Dockerfile
@@ -1,6 +1,6 @@
 FROM boxfuse/flyway:5.0.7-alpine
 
-ARG branch=master
+ARG branch=2.0.0-ONAP
 ENV no_proxy "localhost,127.0.0.1,.cluster.local,$KUBERNETES_SERVICE_HOST"
 # Setup Corporate proxy
 ENV https_proxy ${HTTP_PROXY}
diff --git a/kubernetes/robot/resources/config/eteshare/config/vm_properties.py b/kubernetes/robot/resources/config/eteshare/config/vm_properties.py
index 261d345..62f0b63 100755
--- a/kubernetes/robot/resources/config/eteshare/config/vm_properties.py
+++ b/kubernetes/robot/resources/config/eteshare/config/vm_properties.py
@@ -12,7 +12,7 @@
 GLOBAL_INJECTED_DNS_IP_ADDR = "N/A"
 GLOBAL_INJECTED_DOCKER_VERSION = "1.2-STAGING-latest"
 GLOBAL_INJECTED_EXTERNAL_DNS = "N/A"
-GLOBAL_INJECTED_GERRIT_BRANCH = "master"
+GLOBAL_INJECTED_GERRIT_BRANCH = "2.0.0-ONAP"
 GLOBAL_INJECTED_LOG_ELASTICSEARCH_IP_ADDR = "log-es.{{include "common.namespace" .}}"
 GLOBAL_INJECTED_LOG_KIBANA_IP_ADDR = "log-kibana.{{include "common.namespace" .}}"
 GLOBAL_INJECTED_LOG_LOGSTASH_IP_ADDR = "log-ls-http.{{include "common.namespace" .}}"
@@ -67,7 +67,7 @@
     "GLOBAL_INJECTED_DNS_IP_ADDR" : "N/A",
     "GLOBAL_INJECTED_DOCKER_VERSION" : "1.2-STAGING-latest",
     "GLOBAL_INJECTED_EXTERNAL_DNS" : "N/A",
-    "GLOBAL_INJECTED_GERRIT_BRANCH" : "master",
+    "GLOBAL_INJECTED_GERRIT_BRANCH" : "2.0.0-ONAP",
     "GLOBAL_INJECTED_KEYSTONE" : "{{ .Values.openStackKeyStoneUrl }}",
     "GLOBAL_INJECTED_LOG_ELASTICSEARCH_IP_ADDR" : "log-es.{{include "common.namespace" .}}",
     "GLOBAL_INJECTED_LOG_KIBANA_IP_ADDR" : "log-kibana.{{include "common.namespace" .}}",
diff --git a/kubernetes/robot/templates/deployment.yaml b/kubernetes/robot/templates/deployment.yaml
index 0b65809..e5cc1d3 100644
--- a/kubernetes/robot/templates/deployment.yaml
+++ b/kubernetes/robot/templates/deployment.yaml
@@ -77,12 +77,14 @@
           subPath: sdngc_interface.robot
         - name: robot-resources
           mountPath: /var/opt/OpenECOMP_ETE/robot/resources/oof_interface.robot
-          subPath: oof_interface.robot         
+          subPath: oof_interface.robot
         - name: robot-lighttpd-authorization
           mountPath: /etc/lighttpd/authorization
           subPath: authorization
         - name: demodir
           mountPath: /share
+        - name: robot-logs
+          mountPath: /share/logs
         resources:
 {{ toYaml .Values.resources | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -94,6 +96,13 @@
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
       volumes:
+    {{- if .Values.persistence.enabled }}
+      - name: robot-logs
+        persistentVolumeClaim:
+          claimName: {{ include "common.fullname" . }}
+    {{- else }}
+        emptyDir: {}
+    {{- end }}
       - name: localtime
         hostPath:
           path: /etc/localtime
diff --git a/kubernetes/robot/templates/pv.yaml b/kubernetes/robot/templates/pv.yaml
new file mode 100644
index 0000000..184728f
--- /dev/null
+++ b/kubernetes/robot/templates/pv.yaml
@@ -0,0 +1,37 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+    name: {{ include "common.fullname" . }}
+spec:
+  capacity:
+    storage: {{ .Values.persistence.size}}
+  accessModes:
+    - {{ .Values.persistence.accessMode }}
+  persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+  hostPath:
+    path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
+{{- end -}}
diff --git a/kubernetes/robot/templates/pvc.yaml b/kubernetes/robot/templates/pvc.yaml
new file mode 100644
index 0000000..e27c331
--- /dev/null
+++ b/kubernetes/robot/templates/pvc.yaml
@@ -0,0 +1,48 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+{{- if .Values.persistence.annotations }}
+  annotations:
+{{ toYaml .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+  selector:
+    matchLabels:
+      name: {{ include "common.fullname" . }}
+  accessModes:
+    - {{ .Values.persistence.accessMode }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size }}
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+  storageClassName: ""
+{{- else }}
+  storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
+{{- end -}}
diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml
index cc81b9d..aea67c8 100644
--- a/kubernetes/robot/values.yaml
+++ b/kubernetes/robot/values.yaml
@@ -18,6 +18,7 @@
 global: # global defaults
   nodePortPrefix: 302
   ubuntuInitRepository: registry.hub.docker.com
+  persistence: {}
 
 # application image
 repository: nexus3.onap.org:10001
@@ -38,7 +39,7 @@
   # Password of the lighthttpd server.  Used for HTML auth for webpage access
   lightHttpdPassword: robot
   # gerrit branch where the latest heat code is checked in
-  gerritBranch: master
+  gerritBranch: 2.0.0-ONAP
   # gerrit project where the latest heat code is checked in
   gerritProject: http://gerrit.onap.org/r/demo.git
 
@@ -79,7 +80,7 @@
 openStackOamNetworkCidrPrefix: "10.0"
 # Override with Pub Key for access to VNF
 vnfPubKey: "FILL_IN_WITH_PUB_KEY"
-# Override with DCAE VES Collector external IP 
+# Override with DCAE VES Collector external IP
 dcaeCollectorIp: "FILL_IN_WITH_DCAE_VES_COLLECTOR_IP"
 
 # default number of instances
@@ -133,3 +134,26 @@
 #  requests:
 #    cpu: 2
 #    memory: 4Gi
+
+## Persist data to a persitent volume
+persistence:
+  enabled: true
+
+  ## A manually managed Persistent Volume and Claim
+  ## Requires persistence.enabled: true
+  ## If defined, PVC must be created manually before volume will be bound
+  # existingClaim:
+  volumeReclaimPolicy: Retain
+
+  ## database data Persistent Volume Storage Class
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is
+  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+  ##   GKE, AWS & OpenStack)
+  ##
+  # storageClass: "-"
+  accessMode: ReadWriteMany
+  size: 2Gi
+  mountPath: /dockerdata-nfs
+  mountSubPath: robot/logs
\ No newline at end of file
diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml
index f69ae0f..ca70893 100644
--- a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml
+++ b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml
@@ -49,7 +49,7 @@
 
 # probe configuration parameters
 liveness:
-  initialDelaySeconds: 60
+  initialDelaySeconds: 180
   periodSeconds: 10
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
diff --git a/kubernetes/sdnc/charts/sdnc-portal/resources/config/admportal.json b/kubernetes/sdnc/charts/sdnc-portal/resources/config/admportal.json
index f6d202e..a6950fd 100644
--- a/kubernetes/sdnc/charts/sdnc-portal/resources/config/admportal.json
+++ b/kubernetes/sdnc/charts/sdnc-portal/resources/config/admportal.json
@@ -36,7 +36,7 @@
   "dbFabricPassword": "admin",
   "dbFabricDB": "mysql",
   "dbUser": "sdnctl",
-  "dbPassword": "gamma",
+  "dbPassword": "{{.Values.config.dbSdnctlPassword}}",
   "dbName": "sdnctl",
   "odlProtocol": "http",
   "odlHost": "sdnc.{{.Release.Namespace}}",
diff --git a/kubernetes/sdnc/charts/sdnc-portal/resources/config/dblib.properties b/kubernetes/sdnc/charts/sdnc-portal/resources/config/dblib.properties
index 9e4c88a..68357ba 100644
--- a/kubernetes/sdnc/charts/sdnc-portal/resources/config/dblib.properties
+++ b/kubernetes/sdnc/charts/sdnc-portal/resources/config/dblib.properties
@@ -22,7 +22,7 @@
 org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
 org.onap.ccsdk.sli.jdbc.database=sdnctl
 org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password=gamma
+org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}}
 org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
 org.onap.ccsdk.sli.jdbc.connection.timeout=50
 org.onap.ccsdk.sli.jdbc.request.timeout=100
diff --git a/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties b/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties
index e0e3295..cc13a9d 100644
--- a/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties
+++ b/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties
@@ -2,4 +2,4 @@
 org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb01:3306/sdnctl
 org.openecomp.sdnctl.sli.jdbc.database = sdnctl
 org.openecomp.sdnctl.sli.jdbc.user = sdnctl
-org.openecomp.sdnctl.sli.jdbc.password = gamma
\ No newline at end of file
+org.openecomp.sdnctl.sli.jdbc.password = {{.Values.config.dbSdnctlPassword}}
\ No newline at end of file
diff --git a/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties.sdnctldb02 b/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties.sdnctldb02
index e665a56..c75c603 100644
--- a/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties.sdnctldb02
+++ b/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties.sdnctldb02
@@ -2,4 +2,4 @@
 org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb02:3306/sdnctl
 org.openecomp.sdnctl.sli.jdbc.database = sdnctl
 org.openecomp.sdnctl.sli.jdbc.user = sdnctl
-org.openecomp.sdnctl.sli.jdbc.password = gamma
\ No newline at end of file
+org.openecomp.sdnctl.sli.jdbc.password = {{.Values.config.dbSdnctlPassword}}
\ No newline at end of file
diff --git a/kubernetes/sdnc/charts/sdnc-portal/values.yaml b/kubernetes/sdnc/charts/sdnc-portal/values.yaml
index e741db3..147d391 100644
--- a/kubernetes/sdnc/charts/sdnc-portal/values.yaml
+++ b/kubernetes/sdnc/charts/sdnc-portal/values.yaml
@@ -37,6 +37,7 @@
 config:
   mysqlChartName: sdnc-db
   dbRootPassword: openECOMP1.0
+  dbSdnctlPassword: gamma
   sdncChartName: sdnc
   configDir: /opt/onap/sdnc/data/properties
   odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
@@ -50,7 +51,7 @@
 
 # probe configuration parameters
 liveness:
-  initialDelaySeconds: 60
+  initialDelaySeconds: 180
   periodSeconds: 10
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
diff --git a/kubernetes/sdnc/resources/config/conf/dblib.properties b/kubernetes/sdnc/resources/config/conf/dblib.properties
index 362726a..dd2bcab 100644
--- a/kubernetes/sdnc/resources/config/conf/dblib.properties
+++ b/kubernetes/sdnc/resources/config/conf/dblib.properties
@@ -22,7 +22,7 @@
 org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
 org.onap.ccsdk.sli.jdbc.database=sdnctl
 org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password=gamma
+org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}}
 org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
 org.onap.ccsdk.sli.jdbc.connection.timeout=50
 org.onap.ccsdk.sli.jdbc.request.timeout=100
diff --git a/kubernetes/sdnc/resources/config/conf/svclogic.properties b/kubernetes/sdnc/resources/config/conf/svclogic.properties
index 99f6cf8..e564012 100644
--- a/kubernetes/sdnc/resources/config/conf/svclogic.properties
+++ b/kubernetes/sdnc/resources/config/conf/svclogic.properties
@@ -23,5 +23,5 @@
 org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.mysql.service.name}}.{{.Release.Namespace}}:{{.Values.mysql.service.internalPort}}/sdnctl
 org.onap.ccsdk.sli.jdbc.database = sdnctl
 org.onap.ccsdk.sli.jdbc.user = sdnctl
-org.onap.ccsdk.sli.jdbc.password = gamma
+org.onap.ccsdk.sli.jdbc.password = {{.Values.config.dbSdnctlPassword}}
 
diff --git a/kubernetes/sdnc/templates/secrets.yaml b/kubernetes/sdnc/templates/secrets.yaml
index 754f117..a900132 100644
--- a/kubernetes/sdnc/templates/secrets.yaml
+++ b/kubernetes/sdnc/templates/secrets.yaml
@@ -25,3 +25,17 @@
 type: Opaque
 data:
   odl-password: {{ .Values.config.odlPassword | b64enc | quote }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-sdnctl
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.fullname" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+type: Opaque
+data:
+  db-sdnctl-password: {{ .Values.config.dbSdnctlPassword | b64enc | quote }}
diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index 69816df..03ae880 100644
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -74,6 +74,11 @@
                 secretKeyRef:
                   name: {{ template "common.fullname" . }}-odl
                   key: odl-password
+            - name: SDNC_DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "common.fullname" . }}-sdnctl
+                  key: db-sdnctl-password
             - name: SDNC_CONFIG_DIR
               value: "{{ .Values.config.configDir }}"
             - name: ENABLE_ODL_CLUSTER
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index 58adf48..0c602e5 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -40,6 +40,7 @@
 config:
   odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
   dbRootPassword: openECOMP1.0
+  dbSdnctlPassword: gamma
   enableClustering: true
   binDir: /opt/onap/sdnc/bin
   geoEnabled: false
@@ -83,6 +84,7 @@
     mysqlChartName: sdnc-db
     configDir: /opt/onap/sdnc/data/properties
     dbRootPassword: openECOMP1.0
+    dbSdnctlPassword: gamma
     odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
 
 sdnc-ansible-server:
@@ -112,6 +114,8 @@
     dbPodName: sdnc-db
     dbServiceName: sdnc-dbhost
     dbRootPassword: openECOMP1.0
+    dbSdnctlPassword: gamma
+    dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5
   service:
     name: sdnc-dgbuilder
     nodePort: "03"
diff --git a/kubernetes/so/charts/mariadb/values.yaml b/kubernetes/so/charts/mariadb/values.yaml
index a46b31a..693e3dd 100644
--- a/kubernetes/so/charts/mariadb/values.yaml
+++ b/kubernetes/so/charts/mariadb/values.yaml
@@ -32,7 +32,7 @@
 config:
   mariadbRootPassword: password
   # gerrit branch where the latest heat code is checked in
-  gerritBranch: master
+  gerritBranch: 2.0.0-ONAP
   # gerrit project where the latest heat code is checked in
   gerritProject: http://gerrit.onap.org/r/so/docker-config.git