Merge "[A1P] Increase resource limits for "small" flavour"
diff --git a/docs/sections/guides/access_guides/oom_access_info.rst b/docs/sections/guides/access_guides/oom_access_info.rst
index 4e98667..ebc2f65 100644
--- a/docs/sections/guides/access_guides/oom_access_info.rst
+++ b/docs/sections/guides/access_guides/oom_access_info.rst
@@ -15,10 +15,43 @@
 .. figure:: ../../resources/images/oom_logo/oomLogoV2-medium.png
    :align: right
 
-Access via NodePort/Loadbalancer
-********************************
+Access via Ingress (production)
+*******************************
 
-The ONAP deployment created by OOM operates in a private IP network that isn't
+Using Ingress as access method requires the installation of an Ingress
+controller and the configuration of the ONAP deployment to use it.
+
+For "ONAP on ServiceMesh" you can find the instructions in:
+
+- :ref:`oom_base_optional_addons`
+- :ref:`oom_customize_overrides`
+
+In the ServiceMesh deployment the Istio IngressGateway is the only access point
+for ONAP component interfaces.
+Usually the Ingress is accessed via a LoadBalancer IP (<ingress-IP>),
+which is used as central address.
+All APIs/UIs are provided via separate URLs which are routed to the component service.
+To use these URLs they need to be resolvable via DNS or via /etc/hosts.
+
+The domain name is usually defined in the `global` section of the ONAP helm-charts,
+`virtualhost.baseurl` (here "simpledemo.onap.org") whereas the hostname of
+the service (e.g. "sdc-fe-ui") is defined in the component's chart.
+
+.. code-block:: none
+
+  <ingress-IP> kiali.simpledemo.onap.org
+  <ingress-IP> cds-ui.simpledemo.onap.org
+  <ingress-IP> sdc-fe-ui.simpledemo.onap.org
+  ...
+
+To access e.g. the SDC UI now the new ssl-encrypted URL:
+
+``https://sdc-fe-ui.simpledemo.onap.org/sdc1``
+
+Access via NodePort/Loadbalancer (development)
+**********************************************
+
+In the development setop OOM operates in a private IP network that isn't
 publicly accessible (i.e. OpenStack VMs with private internal network) which
 blocks access to the ONAP User Interfaces.
 To enable direct access to a service from a user's own environment (a laptop etc.)
@@ -34,56 +67,32 @@
 When using  the `Loadbalancer` as `service:type` `Kubernetes LoadBalancer`_ object
 which gets a separate IP address.
 
-.. note::
-  The following example uses the `ONAP Portal`, which is not actively maintained
-  in Kohn and will be replaced in the future
-
-When e.g. the `portal-app` chart is deployed a Kubernetes service is created that
+When e.g. the `sdc-fe` chart is deployed a Kubernetes service is created that
 instantiates a load balancer.  The LB chooses the private interface of one of
 the nodes as in the example below (10.0.0.4 is private to the K8s cluster only).
 Then to be able to access the portal on port 8989 from outside the K8s &
 OpenStack environment, the user needs to assign/get the floating IP address that
 corresponds to the private IP as follows::
 
-  > kubectl -n onap get services|grep "portal-app"
-  portal-app  LoadBalancer   10.43.142.201   10.0.0.4   8989:30215/TCP,8006:30213/TCP,8010:30214/TCP   1d   app=portal-app,release=dev
+  > kubectl -n onap get services|grep "sdc-fe"
+  sdc-fe  LoadBalancer   10.43.142.201   10.0.0.4   8181:30207/TCP
 
 
-In this example, use the 11.0.0.4 private address as a key find the
+In this example, use the 10.0.0.4 private address as a key find the
 corresponding public address which in this example is 10.12.6.155. If you're
 using OpenStack you'll do the lookup with the horizon GUI or the OpenStack CLI
 for your tenant (openstack server list).  That IP is then used in your
 `/etc/hosts` to map the fixed DNS aliases required by the ONAP Portal as shown
 below::
 
-  10.12.6.155 portal.api.simpledemo.onap.org
-  10.12.6.155 vid.api.simpledemo.onap.org
-  10.12.6.155 sdc.api.fe.simpledemo.onap.org
-  10.12.6.155 sdc.workflow.plugin.simpledemo.onap.org
-  10.12.6.155 sdc.dcae.plugin.simpledemo.onap.org
-  10.12.6.155 portal-sdk.simpledemo.onap.org
-  10.12.6.155 policy.api.simpledemo.onap.org
-  10.12.6.155 aai.api.sparky.simpledemo.onap.org
-  10.12.6.155 cli.api.simpledemo.onap.org
-  10.12.6.155 msb.api.discovery.simpledemo.onap.org
-  10.12.6.155 msb.api.simpledemo.onap.org
-  10.12.6.155 clamp.api.simpledemo.onap.org
-  10.12.6.155 so.api.simpledemo.onap.org
-  10.12.6.155 sdc.workflow.plugin.simpledemo.onap.org
+  10.43.142.201 sdc.fe.simpledemo.onap.org
 
 Ensure you've disabled any proxy settings the browser you are using to access
 the portal and then simply access now the new ssl-encrypted URL:
-``https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm``
+``http://sdc.fe.simpledemo.onap.org:30207sdc1/portal``
 
 .. note::
-  Using the HTTPS based Portal URL the Browser needs to be configured to accept
-  unsecure credentials.
-  Additionally when opening an Application inside the Portal, the Browser
-  might block the content, which requires to disable the blocking and reloading
-  of the page
-
-.. note::
-  Besides the ONAP Portal the Components can deliver additional user interfaces,
+  Besides the ONAP SDC the Components can deliver additional user interfaces,
   please check the Component specific documentation.
 
 .. note::
@@ -141,36 +150,3 @@
 
   kubectl get svc -n onap -o go-template='{{range .items}}{{range.spec.ports}}{{if .nodePort}}{{.nodePort}}{{.}}{{"\n"}}{{end}}{{end}}{{end}}'
 
-
-(Optional) Access via Ingress
-*****************************
-
-Using Ingress as access method requires the installation of an Ingress
-controller and the configuration of the ONAP deployment to use it.
-
-For "ONAP on ServiceMesh" you can find the instructions in:
-
-- :ref:`oom_base_optional_addons`
-- :ref:`oom_customize_overrides`
-
-In the ServiceMesh deployment the Istio IngressGateway is the only access point
-for ONAP component interfaces.
-Usually the Ingress is accessed via a LoadBalancer IP (<ingress-IP>),
-which is used as central address.
-All APIs/UIs are provided via separate URLs which are routed to the component service.
-To use these URLs they need to be resolvable via DNS or via /etc/hosts.
-
-The domain name is usually defined in the `global` section of the ONAP helm-charts,
-`virtualhost.baseurl` (here "simpledemo.onap.org") whereas the hostname of
-the service (e.g. "sdc-fe-ui") is defined in the component's chart.
-
-.. code-block:: none
-
-  <ingress-IP> kiali.simpledemo.onap.org
-  <ingress-IP> cds-ui.simpledemo.onap.org
-  <ingress-IP> sdc-fe-ui.simpledemo.onap.org
-  ...
-
-To access e.g. the SDC UI now the new ssl-encrypted URL:
-
-``https://sdc-fe-ui.simpledemo.onap.org/sdc1``
diff --git a/docs/sections/guides/deployment_guides/oom_customize_overrides.rst b/docs/sections/guides/deployment_guides/oom_customize_overrides.rst
index 90a2061..f3e3113 100644
--- a/docs/sections/guides/deployment_guides/oom_customize_overrides.rst
+++ b/docs/sections/guides/deployment_guides/oom_customize_overrides.rst
@@ -32,7 +32,8 @@
 
 
 Enabling/Disabling Components
-*****************************
+=============================
+
 Here is an example of the nominal entries that need to be provided.
 Different values files are available for different contexts.
 
@@ -43,20 +44,30 @@
 
 |
 
-(Optional) "ONAP on Service Mesh"
-*********************************
+ONAP "Production" Setup
+=======================
 
-To enable "ONAP on Service Mesh" both "ServiceMesh" and "Ingress"
-configuration entries need to be configured before deployment.
+The production setup deploys ONAP components exposing its external services
+via Ingress with TLS termination.
+Internal traffic encryption will be ensured by using Istio ServiceMesh.
 
-Global settings relevant for ServiceMesh:
+For external access we start to establish Authentication via Oauth2-proxy
+and Keycloak, which will be completed in the coming release.
+
+To enable both "ServiceMesh" and "Ingress" configuration entries need
+to be set before deployment.
+
+Service Mesh and Ingress configuration
+--------------------------------------
+
+Global settings relevant for ServiceMesh and Ingress:
 
 .. code-block:: yaml
 
   global:
     ingress:
       # generally enable ingress for ONAP components
-      enabled: false
+      enabled: true
       # enable all component's Ingress interfaces
       enable_all: false
       # default Ingress base URL
@@ -88,6 +99,7 @@
       tls: true
       # be aware that linkerd is not well tested
       engine: "istio" # valid value: istio or linkerd
+  ...
     aafEnabled: false
     cmpv2Enabled: false
     tlsEnabled: false
@@ -118,5 +130,24 @@
 - namespace: istio-ingress → (optional) overrides the namespace of the ingress gateway which is used for the created SSL certificate
 
 .. note::
-  For "ONAP on Istio" an example override file (`onap-all-ingress-istio.yaml`)
+  For the Ingress setup an example override file (`onap-all-ingress-istio.yaml`)
   can be found in the `oom/kubernetes/onap/resources/overrides/` directory.
+
+External Authentication configuration
+-------------------------------------
+
+For enabling of external authentication via Oauth2-Proxy and Keycloak
+the following settings have to be done in the ONAP values override.
+It will enable the deployment of the ONAP Realm to Keycloak and
+installation and integration of the Oauth2-Proxy as external Auth-Provider.
+
+.. code-block:: yaml
+
+  platform:
+    enabled: true
+    cmpv2-cert-service:
+      enabled: false
+    keycloak-init:
+      enabled: true
+    oauth2-proxy:
+      enabled: true
\ No newline at end of file
diff --git a/docs/sections/guides/deployment_guides/oom_dev_testing_local_deploy.rst b/docs/sections/guides/deployment_guides/oom_dev_testing_local_deploy.rst
index 50701dd..b0deff0 100644
--- a/docs/sections/guides/deployment_guides/oom_dev_testing_local_deploy.rst
+++ b/docs/sections/guides/deployment_guides/oom_dev_testing_local_deploy.rst
@@ -33,11 +33,7 @@
 
 Chart museum is required to host the helm charts locally when deploying in a development environment::
 
-  > curl -LO https://s3.amazonaws.com/chartmuseum/release/latest/bin/linux/amd64/chartmuseum
-
-  > chmod +x ./chartmuseum
-
-  > mv ./chartmuseum /usr/local/bin
+  > curl https://raw.githubusercontent.com/helm/chartmuseum/main/scripts/get-chartmuseum | bash
 
 **Step 4.** To setup a local Helm server to store the ONAP charts::
 
diff --git a/docs/sections/guides/deployment_guides/oom_helm_testing_repo_deploy.rst b/docs/sections/guides/deployment_guides/oom_helm_testing_repo_deploy.rst
index a0dafce..e931238 100644
--- a/docs/sections/guides/deployment_guides/oom_helm_testing_repo_deploy.rst
+++ b/docs/sections/guides/deployment_guides/oom_helm_testing_repo_deploy.rst
@@ -17,7 +17,7 @@
 This is helm repo contains:
 
     * The `latest` charts built from the head of the `OOM`_ project's master
-      branch, tagged with the version number of the current development cycle (ie. 11.0.0).
+      branch, tagged with the version number of the current development cycle (ie. 12.0.0).
 
 
 Add the OOM testing repo & Deploy
diff --git a/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst b/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst
index 1b9db50..0d22710 100644
--- a/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst
+++ b/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst
@@ -50,7 +50,7 @@
   ==============     ===========  =======  ========  ========  =============  ========
   Jakarta            1.22.4       3.6.3    1.22.4    20.10.x   1.8.0          0.28.0
   Kohn               1.23.8       3.8.2    1.23.8    20.10.x   1.8.0          0.32.0
-  London             1.23.8       3.8.2    1.23.x    20.10.x   1.11.1         0.35.0
+  London             1.23.8       3.8.2    1.23.x    20.10.x   1.12.2         0.35.0
   ==============     ===========  =======  ========  ========  =============  ========
 
 .. table:: OOM Software Requirements (production)
diff --git a/docs/sections/guides/infra_guides/oom_infra_ingres_controller_setup.rst b/docs/sections/guides/infra_guides/oom_infra_ingres_controller_setup.rst
index 1fb7baa..3fb68f8 100644
--- a/docs/sections/guides/infra_guides/oom_infra_ingres_controller_setup.rst
+++ b/docs/sections/guides/infra_guides/oom_infra_ingres_controller_setup.rst
@@ -13,7 +13,10 @@
 ============================
 
 .. warning::
-    This guide should prob go in the Optional addons section
+    This guide does not describe the Istio Ingress Gateway configuration
+    required for the ONAP Production Setup in London
+    The installation of Istio Ingress (and Gateway-API) is described in
+    :ref:`OOM Base Platform<oom_base_setup_guide>`
 
 This optional guide provides instruction how to setup experimental ingress controller
 feature. For this, we are hosting our cluster on OpenStack VMs and using the
diff --git a/docs/sections/guides/user_guides/oom_user_guide.rst b/docs/sections/guides/user_guides/oom_user_guide.rst
index 449d5de..d31c818 100644
--- a/docs/sections/guides/user_guides/oom_user_guide.rst
+++ b/docs/sections/guides/user_guides/oom_user_guide.rst
@@ -23,7 +23,7 @@
 
 .. warning::
 
-    **THIS PAGE NEEDS TO BE EITHER REWRITTEN OR SOMETING AS SOME INFO IS NO LONGER RELEVANT**
+    **THIS PAGE NEEDS TO BE EITHER REWRITTEN OR SOMETHING AS SOME INFO IS NO LONGER RELEVANT**
 
 The ONAP Operations Manager (OOM) provide the ability to manage the entire
 life-cycle of an ONAP installation, from the initial deployment to final
@@ -186,7 +186,7 @@
   dependencies:
   <...>
     - name: so
-      version: ~11.0.0
+      version: ~12.0.0
       repository: '@local'
       condition: so.enabled
   <...>
@@ -334,10 +334,10 @@
 
   > helm list
     NAME                    REVISION        UPDATED                         STATUS          CHART                   APP VERSION     NAMESPACE
-    dev                     1               Wed Oct 14 13:49:52 2020        DEPLOYED        onap-11.0.0             Kohn          onap
-    dev-cassandra           5               Thu Oct 15 14:45:34 2020        DEPLOYED        cassandra-11.0.0                         onap
-    dev-contrib             1               Wed Oct 14 13:52:53 2020        DEPLOYED        contrib-11.0.0                           onap
-    dev-mariadb-galera      1               Wed Oct 14 13:55:56 2020        DEPLOYED        mariadb-galera-11.0.0                    onap
+    dev                     1               Wed Oct 14 13:49:52 2020        DEPLOYED        onap-12.0.0             london          onap
+    dev-cassandra           5               Thu Oct 15 14:45:34 2020        DEPLOYED        cassandra-12.0.0                         onap
+    dev-contrib             1               Wed Oct 14 13:52:53 2020        DEPLOYED        contrib-12.0.0                           onap
+    dev-mariadb-galera      1               Wed Oct 14 13:55:56 2020        DEPLOYED        mariadb-galera-12.0.0                    onap
 
 Here the Name column shows the RELEASE NAME, In our case we want to try the
 scale operation on cassandra, thus the RELEASE NAME would be dev-cassandra.
@@ -351,10 +351,10 @@
 
   > helm search cassandra
     NAME                    CHART VERSION   APP VERSION     DESCRIPTION
-    local/cassandra         11.0.0                          ONAP cassandra
-    local/portal-cassandra  11.0.0                          Portal cassandra
-    local/aaf-cass          11.0.0                          ONAP AAF cassandra
-    local/sdc-cs            11.0.0                          ONAP Service Design and Creation Cassandra
+    local/cassandra         12.0.0                          ONAP cassandra
+    local/portal-cassandra  12.0.0                          Portal cassandra
+    local/aaf-cass          12.0.0                          ONAP AAF cassandra
+    local/sdc-cs            12.0.0                          ONAP Service Design and Creation Cassandra
 
 Here the Name column shows the chart name. As we want to try the scale
 operation for cassandra, thus the corresponding chart name is local/cassandra
@@ -416,7 +416,7 @@
 
   > helm list
   NAME REVISION UPDATED                  STATUS    CHART     NAMESPACE
-  so   1        Mon Feb 5 10:05:22 2020  DEPLOYED  so-11.0.0 onap
+  so   1        Mon Feb 5 10:05:22 2020  DEPLOYED  so-12.0.0 onap
 
 When upgrading a cluster a parameter controls the minimum size of the cluster
 during the upgrade while another parameter controls the maximum number of nodes
@@ -439,21 +439,21 @@
 For example, to upgrade a container by changing configuration, specifically an
 environment value::
 
-  > helm upgrade so onap/so --version 11.0.1 --set enableDebug=true
+  > helm upgrade so onap/so --version 12.0.1 --set enableDebug=true
 
 Issuing this command will result in the appropriate container being stopped by
 Kubernetes and replaced with a new container with the new environment value.
 
 To upgrade a component to a new version with a new configuration file enter::
 
-  > helm upgrade so onap/so --version 11.0.1 -f environments/demo.yaml
+  > helm upgrade so onap/so --version 12.0.1 -f environments/demo.yaml
 
 To fetch release history enter::
 
   > helm history so
   REVISION UPDATED                  STATUS     CHART     DESCRIPTION
-  1        Mon Jul 5 10:05:22 2022  SUPERSEDED so-11.0.0 Install complete
-  2        Mon Jul 5 10:10:55 2022  DEPLOYED   so-11.0.1 Upgrade complete
+  1        Mon Jul 5 10:05:22 2022  SUPERSEDED so-12.0.0 Install complete
+  2        Mon Jul 5 10:10:55 2022  DEPLOYED   so-12.0.1 Upgrade complete
 
 Unfortunately, not all upgrades are successful.  In recognition of this the
 lineup of pods within an ONAP deployment is tagged such that an administrator
@@ -475,9 +475,9 @@
 
   > helm history so
   REVISION UPDATED                  STATUS     CHART     DESCRIPTION
-  1        Mon Jul 5 10:05:22 2022  SUPERSEDED so-11.0.0 Install complete
-  2        Mon Jul 5 10:10:55 2022  SUPERSEDED so-11.0.1 Upgrade complete
-  3        Mon Jul 5 10:14:32 2022  DEPLOYED   so-11.0.0 Rollback to 1
+  1        Mon Jul 5 10:05:22 2022  SUPERSEDED so-12.0.0 Install complete
+  2        Mon Jul 5 10:10:55 2022  SUPERSEDED so-12.0.1 Upgrade complete
+  3        Mon Jul 5 10:14:32 2022  DEPLOYED   so-12.0.0 Rollback to 1
 
 .. note::
 
diff --git a/docs/sections/oom_project_description.rst b/docs/sections/oom_project_description.rst
index 71af2d4..c2a0899 100644
--- a/docs/sections/oom_project_description.rst
+++ b/docs/sections/oom_project_description.rst
@@ -11,7 +11,7 @@
 
 .. warning::
 
-    THIS PAGE PROB NEEDS A REWRITE ALSO
+    THIS PAGE PROB NEEDS A REWRITE AS IT IS OUTDATED
 
 The ONAP Operations Manager (OOM) is responsible for life-cycle management of
 the ONAP platform itself; components such as SO, SDNC, etc. It is not
diff --git a/docs/sections/resources/csv/nodeports.csv b/docs/sections/resources/csv/nodeports.csv
index b1c6fb5..096e25e 100644
--- a/docs/sections/resources/csv/nodeports.csv
+++ b/docs/sections/resources/csv/nodeports.csv
@@ -1,35 +1,21 @@
 NodePort,Component,Service name,targetPort,Port
-30200,VID,vid,8443,8443
 30201,SDNC,sdnc-portal,8443,8443
 30203,SDNC,sdnc-dgbuilder,3100,3000
 30204,SDC,sdc-be-external,8443,8443
 30207,SDC,sdc-fe,9443,9443
 30209,ROBOT,robot,443,443
 30210,AAI,aai-modelloader,8080,8080
-30211,APPC,appc,9191,9090
-30212,PORTAL,portal-sdk,8443,8443
 30218,POLICY,pap,9091,9091
 30219,POLICY,pap,8443,8443
 30220,AAI,aai-sparky-be,8000,8000
-30222,DCAE,xdcae-hv-ves-collector,6061,6061
-30225,PORTAL,portal-app,8443,8443
+30222,DCAE,dcae-hv-ves-collector,6061,6061
 30226,DMAAP,message-router-external,3905,3905
-30228,APPC,appc-dgbuilder,3100,3000
 30229,AAI,aai-modelloader,8443,8443
-30230,APPC,appc,8443,8443
-30231,APPC,appc,1830,1830
 30233,AAI,aai,8443,8443
-30234,POMBA*),pomba-kibana,5601,5601
 30242,DMAAP,dmaap-bc,8443,8443
 30248,OOF,oof-osdf,8699,8698
-30249,POMBA*),pomba-data-router,9502,9502
-30251,AAF,aaf-gui,8200,8200
-30253,LOG*),log-kibana,5601,5601
-30254,LOG*),log-es,9200,9200
-30255,LOG*),log-ls,5044,5044
 30256,SDC,sdc-wfd-fe,8443,8443
 30257,SDC,sdc-wfd-be,8443,8443
-30258,CLAMP,clamp-external,2443,2443
 30260,CLI,cli,443,443
 30264,DCAE,sdc-dcae-fe,9444,9444
 30266,DCAE,sdc-dcae-dt,9446,9446
@@ -42,19 +28,13 @@
 30279,AAI,aai-babel,9516,9516
 30283,MSB,msb-iag,443,443
 30284,MSB,msb-eag,443,443
-30288,SNIRO*),sniro-emulator,9999,80
-30289,APPC,appc-cdt,18080,18080
-30290,CLAMP,cdash-kibana,5601,5601
 30297,VNFSDK,refrepo,8703,8703
-30299,POMBA*),pomba-networkdiscovery,8443,9531
 30398,UUI,uui,8443,8443
 30399,UUI,uui-server,8082,8082
 30406,SO,so-vnfm-adapter,9092,9092
 30407,MUSIC,music,8443,8443
 30417,DCAE,xdcae-ves-collector,8443,8443
 30418,DCAE,dashboard,8443,8443
-30420,NETBOX,netbox-nginx,8080,8080
-30478,AWX,awx-web,8080,80
 30490,DMAAP,message-router-kafka-0,9091,9091
 30491,DMAAP,message-router-kafka-1,9091,9091
 30492,DMAAP,message-router-kafka-2,9091,9091
diff --git a/docs/sections/resources/helm/helm-search.txt b/docs/sections/resources/helm/helm-search.txt
index 76b8617..fbca944 100644
--- a/docs/sections/resources/helm/helm-search.txt
+++ b/docs/sections/resources/helm/helm-search.txt
@@ -1,41 +1,29 @@
 NAME                    CHART VERSION    APP VERSION    DESCRIPTION
-local/onap                    11.0.0     Kohn           Open Network Automation Platform (ONAP)
-local/aaf                     11.0.0                    ONAP Application Authorization Framework
-local/aai                     11.0.0                    ONAP Active and Available Inventory
-local/cassandra               11.0.0                    ONAP cassandra
-local/cds                     11.0.0                    ONAP Controller Design Studio (CDS)
-local/clamp                   11.0.0                    ONAP Clamp
-local/cli                     11.0.0                    ONAP Command Line Interface
-local/common                  11.0.0                    Common templates for inclusion in other charts
-local/consul                  11.0.0                    ONAP Consul Agent
-local/contrib                 11.0.0                    ONAP optional tools
-local/cps                     11.0.0                    ONAP Configuration Persistene Service (CPS)
-local/dcaegen2                11.0.0                    ONAP DCAE Gen2
-local/dgbuilder               11.0.0                    D.G. Builder application
-local/dmaap                   11.0.0                    ONAP DMaaP components
-local/log                     11.0.0                    ONAP Logging ElasticStack
-local/mariadb-galera          11.0.0                    Chart for MariaDB Galera cluster
-local/mongo                   11.0.0                    MongoDB Server
-local/msb                     11.0.0                    ONAP MicroServices Bus
-local/multicloud              11.0.0                    ONAP multicloud broker
-local/music                   11.0.0                    MUSIC - Multi-site State Coordination Service
-local/mysql                   11.0.0                    MySQL Server
-local/nbi                     11.0.0                    ONAP Northbound Interface
-local/network-name-gen        11.0.0                    Name Generation Micro Service
-local/nfs-provisioner         11.0.0                    NFS provisioner
-local/oof                     11.0.0                    ONAP Optimization Framework
-local/policy                  11.0.0                    ONAP Policy Administration Point
-local/pomba                   11.0.0                    ONAP Post Orchestration Model Based Audit
-local/portal                  11.0.0                    ONAP Web Portal
-local/postgres                11.0.0                    ONAP Postgres Server
-local/robot                   11.0.0                    A helm Chart for kubernetes-ONAP Robot
-local/sdc                     11.0.0                    Service Design and Creation Umbrella Helm charts
-local/sdnc                    11.0.0                    SDN Controller
-local/sdnc-prom               11.0.0                    ONAP SDNC Policy Driven Ownership Management
-local/sniro-emulator          11.0.0                    ONAP Mock Sniro Emulator
-local/so                      11.0.0                    ONAP Service Orchestrator
-local/strimzi                 11.0.0                    ONAP Strimzi Apache Kafka
-local/uui                     11.0.0                    ONAP uui
-local/vfc                     11.0.0                    ONAP Virtual Function Controller (VF-C)
-local/vid                     11.0.0                    ONAP Virtual Infrastructure Deployment
-local/vnfsdk                  11.0.0                    ONAP VNF SDK
+local/onap                    12.0.0     London         Open Network Automation Platform (ONAP)
+local/a1policymanagement      12.0.0                    ONAP A1 Policy Management
+local/aai                     12.0.0                    ONAP Active and Available Inventory
+local/cassandra               12.0.0                    ONAP cassandra
+local/cds                     12.0.0                    ONAP Controller Design Studio (CDS)
+local/cli                     12.0.0                    ONAP Command Line Interface
+local/common                  12.0.0                    Common templates for inclusion in other charts
+local/cps                     12.0.0                    ONAP Configuration Persistene Service (CPS)
+local/dcaegen2                12.0.0                    ONAP DCAE Gen2
+local/dmaap                   12.0.0                    ONAP DMaaP components
+local/mariadb-galera          12.0.0                    Chart for MariaDB Galera cluster
+local/msb                     12.0.0                    ONAP MicroServices Bus
+local/multicloud              12.0.0                    ONAP multicloud broker
+local/nbi                     12.0.0                    ONAP Northbound Interface
+local/nfs-provisioner         12.0.0                    NFS provisioner
+local/oof                     12.0.0                    ONAP Optimization Framework
+local/policy                  12.0.0                    ONAP Policy Administration Point
+local/postgres                12.0.0                    ONAP Postgres Server
+local/robot                   12.0.0                    A helm Chart for kubernetes-ONAP Robot
+local/sdc                     12.0.0                    Service Design and Creation Umbrella Helm charts
+local/sdnc                    12.0.0                    SDN Controller
+local/sdnc-prom               12.0.0                    ONAP SDNC Policy Driven Ownership Management
+local/sniro-emulator          12.0.0                    ONAP Mock Sniro Emulator
+local/so                      12.0.0                    ONAP Service Orchestrator
+local/strimzi                 12.0.0                    ONAP Strimzi Apache Kafka
+local/uui                     12.0.0                    ONAP uui
+local/vfc                     12.0.0                    ONAP Virtual Function Controller (VF-C)
+local/vnfsdk                  12.0.0                    ONAP VNF SDK
diff --git a/docs/sections/resources/yaml/environments_onap_demo.yaml b/docs/sections/resources/yaml/environments_onap_demo.yaml
index 88befa2..492e5d2 100644
--- a/docs/sections/resources/yaml/environments_onap_demo.yaml
+++ b/docs/sections/resources/yaml/environments_onap_demo.yaml
@@ -32,34 +32,22 @@
 # Enable/disable and configure helm charts (ie. applications)
 # to customize the ONAP deployment.
 #################################################################
-aaf:
-  enabled: false
 aai:
   enabled: false
-clamp:
-  enabled: true
 cli:
   enabled: false
-consul: # Consul Health Check Monitoring
-  enabled: false
 cps:
   enabled: false
 dcaegen2:
   enabled: false
-log:
-  enabled: false
 message-router:
   enabled: false
-mock:
-  enabled: false
 msb:
   enabled: false
 multicloud:
   enabled: false
 policy:
   enabled: false
-portal:
-  enabled: false
 robot: # Robot Health Check
   enabled: true
 sdc:
@@ -95,7 +83,5 @@
   enabled: false
 vfc:
   enabled: false
-vid:
-  enabled: false
 vnfsdk:
   enabled: false
diff --git a/docs/sections/resources/yaml/istiod.yaml b/docs/sections/resources/yaml/istiod.yaml
index 4738012..792f686 100644
--- a/docs/sections/resources/yaml/istiod.yaml
+++ b/docs/sections/resources/yaml/istiod.yaml
@@ -17,5 +17,4 @@
       headersToDownstreamOnDeny: ["content-type", "set-cookie"]
 pilot:
   env:
-    PILOT_ENABLE_MYSQL_FILTER: true
     PILOT_HTTP10: true
\ No newline at end of file
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index c845991..0456ce5 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -163,7 +163,6 @@
     namespace: istio-ingress
 
   # Global Service Mesh configuration
-  # POC Mode, don't use it in production
   serviceMesh:
     enabled: false
     tls: true
diff --git a/kubernetes/sdnc/components/dmaap-listener/templates/authorizationpolicy.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000..7158c02
--- /dev/null
+++ b/kubernetes/sdnc/components/dmaap-listener/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
diff --git a/kubernetes/sdnc/components/dmaap-listener/values.yaml b/kubernetes/sdnc/components/dmaap-listener/values.yaml
index e23969e..7b7b327 100644
--- a/kubernetes/sdnc/components/dmaap-listener/values.yaml
+++ b/kubernetes/sdnc/components/dmaap-listener/values.yaml
@@ -112,6 +112,11 @@
     - name: http
       port: 80
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: message-router-read
+
 #Resource limit flavor -By default using small
 flavor: small
 #Segregation for different environment (small and large)
diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/templates/authorizationpolicy.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000..7158c02
--- /dev/null
+++ b/kubernetes/sdnc/components/sdnc-ansible-server/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml
index e9aeaf7..5cf7b9c 100644
--- a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml
+++ b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml
@@ -109,6 +109,10 @@
 ingress:
   enabled: false
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals: []
+
 #Resource Limit flavor -By default using small
 flavor: small
 
diff --git a/kubernetes/sdnc/components/sdnc-web/templates/authorizationpolicy.yaml b/kubernetes/sdnc/components/sdnc-web/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000..7158c02
--- /dev/null
+++ b/kubernetes/sdnc/components/sdnc-web/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
diff --git a/kubernetes/sdnc/components/sdnc-web/values.yaml b/kubernetes/sdnc/components/sdnc-web/values.yaml
index 3563eb7..391ef04 100644
--- a/kubernetes/sdnc/components/sdnc-web/values.yaml
+++ b/kubernetes/sdnc/components/sdnc-web/values.yaml
@@ -81,6 +81,12 @@
     name: "sdnc-web"
     port: 8080
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: istio-ingress
+        namespace: istio-ingress
+
 #Resource limit flavor -By default using small
 flavor: small
 #segregation for different environment (small and large)
diff --git a/kubernetes/sdnc/components/ueb-listener/templates/authorizationpolicy.yaml b/kubernetes/sdnc/components/ueb-listener/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000..7158c02
--- /dev/null
+++ b/kubernetes/sdnc/components/ueb-listener/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
diff --git a/kubernetes/sdnc/components/ueb-listener/values.yaml b/kubernetes/sdnc/components/ueb-listener/values.yaml
index 51c74b9..493c684 100644
--- a/kubernetes/sdnc/components/ueb-listener/values.yaml
+++ b/kubernetes/sdnc/components/ueb-listener/values.yaml
@@ -123,6 +123,10 @@
 ingress:
   enabled: false
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals: []
+
 #Resource limit flavor -By default using small
 flavor: small
 #Segregation for different environment (small and large)
diff --git a/kubernetes/sdnc/templates/authorizationpolicy.yaml b/kubernetes/sdnc/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000..672ddf0
--- /dev/null
+++ b/kubernetes/sdnc/templates/authorizationpolicy.yaml
@@ -0,0 +1,61 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
+---
+{{- $dot := default . .dot -}}
+{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}}
+{{- $authorizedPrincipalsSdnHosts := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsSdnHosts -}}
+{{- $defaultOperationMethods := list "GET" "POST" "PUT" "PATCH" "DELETE" -}}
+{{- $relName := include "common.release" . -}}
+{{- if (include "common.useAuthorizationPolicies" .) }}
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  name: sdnhost-{{ include "common.servicename" . }}-authz
+  namespace: {{ include "common.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      app: sdnhost-{{ include "common.name" . }}
+  action: ALLOW
+  rules:
+{{-   if $authorizedPrincipalsSdnHosts }}
+{{-     range $principal := $authorizedPrincipalsSdnHosts }}
+  - from:
+    - source:
+        principals:
+{{-       $namespace := default "onap" $principal.namespace -}}
+{{-       if eq "onap" $namespace }}
+        - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}"
+{{-       else }}
+        - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}"
+{{-       end }}
+    to:
+    - operation:
+        methods:
+{{-       if $principal.allowedOperationMethods }}
+{{-         range $method := $principal.allowedOperationMethods }}
+        - {{ $method }}
+{{-         end }}
+{{-       else }}
+{{-         range $method := $defaultOperationMethods }}
+        - {{ $method }}
+{{-         end }}
+{{-       end }}
+{{-     end }}
+{{-   end }}
+{{- end }}
\ No newline at end of file
diff --git a/kubernetes/sdnc/templates/service.yaml b/kubernetes/sdnc/templates/service.yaml
index 3490dff..c5ae5d5 100644
--- a/kubernetes/sdnc/templates/service.yaml
+++ b/kubernetes/sdnc/templates/service.yaml
@@ -105,6 +105,7 @@
   name: sdnhost-{{ include "common.servicename" . }}-0
   namespace: {{ .Release.Namespace }}
   labels:
+    app: sdnhost-{{ include "common.name" . }}
     statefulset.kubernetes.io/pod-name: {{ include "common.fullname" . }}-0
 spec:
   ports:
@@ -126,6 +127,7 @@
   name: sdnhost-{{ include "common.servicename" . }}-1
   namespace: {{ .Release.Namespace }}
   labels:
+    app: sdnhost-{{ include "common.name" . }}
     statefulset.kubernetes.io/pod-name: {{ include "common.fullname" . }}-1
 spec:
   ports:
@@ -147,6 +149,7 @@
   name: sdnhost-{{ include "common.servicename" . }}-2
   namespace: {{ .Release.Namespace }}
   labels:
+    app: sdnhost-{{ include "common.name" . }}
     statefulset.kubernetes.io/pod-name: {{ include "common.fullname" . }}-2
 spec:
   ports:
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index f02bc0b..ee8b2e5 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -586,6 +586,26 @@
   config:
     ssl: "redirect"
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: a1policymanagement-read
+      - serviceAccount: cds-blueprints-processor-read
+      - serviceAccount: consul-read
+      - serviceAccount: ncmp-dmi-plugin-read
+      - serviceAccount: policy-drools-pdp-read
+      - serviceAccount: robot-read
+      - serviceAccount: sdnc-ansible-server-read
+      - serviceAccount: sdnc-dmaap-listener-read
+      - serviceAccount: sdnc-prom-read
+      - serviceAccount: sdnc-ueb-listener-read
+      - serviceAccount: sdnc-web-read
+      - serviceAccount: so-sdnc-adapter-read
+      - serviceAccount: istio-ingress
+        namespace: istio-ingress
+    authorizedPrincipalsSdnHosts:
+      - serviceAccount: sdnc-read
+
 #Resource Limit flavor -By Default using small
 flavor: small
 #segregation for different envionment (Small and Large)