Merge "[MODELING] Update modeling/etsicatalog image"
diff --git a/docs/environments_onap_demo.yaml b/docs/environments_onap_demo.yaml
index cbb8f01..9862cea 100644
--- a/docs/environments_onap_demo.yaml
+++ b/docs/environments_onap_demo.yaml
@@ -44,6 +44,8 @@
   enabled: false
 consul: # Consul Health Check Monitoring
   enabled: false
+cps:
+  enabled: false
 dcaegen2:
   enabled: false
 esr:
diff --git a/docs/helm-search.txt b/docs/helm-search.txt
index 4ec41fd..774ea34 100644
--- a/docs/helm-search.txt
+++ b/docs/helm-search.txt
@@ -10,6 +10,7 @@
 local/common              	7.0.0        	        Common templates for inclusion in other charts
 local/consul              	7.0.0        	        ONAP Consul Agent
 local/contrib             	7.0.0        	        ONAP optional tools
+local/cps                 	7.0.0        	        ONAP Configuration Persistene Service (CPS)
 local/dcaegen2            	7.0.0        	        ONAP DCAE Gen2
 local/dgbuilder           	7.0.0        	        D.G. Builder application
 local/dmaap               	7.0.0        	        ONAP DMaaP components
diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml
index 533826e..63c668f 100644
--- a/kubernetes/aai/components/aai-graphadmin/values.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/values.yaml
@@ -118,7 +118,7 @@
 
 
 # application image
-image: onap/aai-graphadmin:1.7.1
+image: onap/aai-graphadmin:1.8.0
 pullPolicy: Always
 restartPolicy: Always
 flavor: small
diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml
index ade5935..37af7a7 100644
--- a/kubernetes/aai/components/aai-resources/values.yaml
+++ b/kubernetes/aai/components/aai-resources/values.yaml
@@ -154,7 +154,7 @@
   truststoreAllPassword: changeit
 
 # application image
-image: onap/aai-resources:1.7.2
+image: onap/aai-resources:1.8.2
 pullPolicy: Always
 restartPolicy: Always
 flavor: small
diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml
index 5fe5b13..50bd6c3 100644
--- a/kubernetes/aai/components/aai-schema-service/values.yaml
+++ b/kubernetes/aai/components/aai-schema-service/values.yaml
@@ -74,7 +74,7 @@
         - aai_keystore
 
 # application image
-image: onap/aai-schema-service:1.8.5
+image: onap/aai-schema-service:1.8.6
 pullPolicy: Always
 restartPolicy: Always
 flavorOverride: small
diff --git a/kubernetes/aai/components/aai-sparky-be/requirements.yaml b/kubernetes/aai/components/aai-sparky-be/requirements.yaml
index 42641a2..498f1b8 100644
--- a/kubernetes/aai/components/aai-sparky-be/requirements.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/requirements.yaml
@@ -21,6 +21,9 @@
     # a part of this chart's package and will not
     # be published independently to a repo (at this point)
     repository: '@local'
+  - name: certInitializer
+    version: ~7.x-0
+    repository: '@local'
   - name: repositoryGenerator
     version: ~7.x-0
     repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-default.properties
similarity index 100%
rename from kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties
rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-default.properties
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-override.properties
similarity index 100%
rename from kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties
rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-override.properties
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties
similarity index 72%
rename from kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties
rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties
index 094c815..b6c5f68 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties
@@ -15,14 +15,14 @@
 */}}
 
 oxm.schemaNodeDir=/opt/app/sparky/onap/oxm
-#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config 
+#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config
 oxm.schemaServiceTranslatorList=config
 # The end point for onap is https://<hostname>:<port>/onap/schema-service/v1/
 oxm.schemaServiceBaseUrl=https://<schema-service/config>/aai/schema-service/v1/
-oxm.schemaServiceKeystore=file:${CONFIG_HOME}/auth/aai-client-cert.p12
-oxm.schemaServiceTruststore=file:${CONFIG_HOME}/auth/tomcat_keystore
-oxm.schemaServiceKeystorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o
-oxm.schemaServiceTruststorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o
+oxm.schemaServiceKeystore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+oxm.schemaServiceTruststore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+oxm.schemaServiceKeystorePassword=${KEYSTORE_PASSWORD}
+oxm.schemaServiceTruststorePassword=${KEYSTORE_PASSWORD}
 
 
 
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties
similarity index 70%
rename from kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties
index 59c0349..2143bf8 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties
@@ -19,4 +19,7 @@
 resources.authType=SSL_BASIC
 resources.basicAuthUserName=aai@aai.onap.org
 resources.basicAuthPassword=1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek
-resources.trust-store=tomcat_keystore
+resources.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+resources.trust-store-password=${TRUSTSTORE_PASSWORD}
+resources.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+resources.client-cert-password=${KEYSTORE_PASSWORD}
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties
similarity index 66%
rename from kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties
rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties
index 26565bb..073e9d3 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties
@@ -15,8 +15,8 @@
 */}}
 
 server.port=8000
-server.ssl.key-store=file:${CONFIG_HOME}/auth/org.onap.aai.p12
-server.ssl.key-store-password=OBF:1cqc1l4h1qhu1j751p3j1kmy1ncw1o6g1hf418571g7i1d9r1dan1ga8185f1hfy1o461ncu1kjo1p671j7x1qjg1l8t1cne
+server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+server.ssl.key-store-password=${KEYSTORE_PASSWORD}
 server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
-server.ssl.trust-store=file:${CONFIG_HOME}/auth/truststoreONAPall.jks
-server.ssl.trust-store-password=OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
+server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+server.ssl.trust-store-password=${KEYSTORE_PASSWORD}
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-sync.properties
similarity index 100%
rename from kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties
rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application-sync.properties
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties
similarity index 76%
rename from kubernetes/aai/components/aai-sparky-be/resources/config/application.properties
rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties
index 1ae00d9..a9e5908 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties
@@ -27,11 +27,11 @@
 spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,portal,aai-proxy
 
 portal.cadiFileLocation={{.Values.config.cadiFileLocation}}
-portal.cadiFileLocation={{.Values.config.cadiFileLocation}}
 searchservice.hostname={{.Values.global.searchData.serviceName}}
 searchservice.port=9509
-searchservice.client-cert=client-cert-onap.p12
-searchservice.client-cert-password=1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-searchservice.truststore=tomcat_keystore
+searchservice.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+searchservice.client-cert-password=${KEYSTORE_PASSWORD}
+searchservice.truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+searchservice.truststore-password=${TRUSTSTORE_PASSWORD}
 
 schema.ingest.file=${CONFIG_HOME}/schemaIngest.properties
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml b/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml
new file mode 100644
index 0000000..cd5338f
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml
@@ -0,0 +1,187 @@
+<configuration scan="true" scanPeriod="3 seconds" debug="false">
+    <!--{{/*
+    # Copyright © 2018 AT&T
+    # Copyright © 2021 Orange
+    #
+    # Licensed under the Apache License, Version 2.0 (the "License");
+    # you may not use this file except in compliance with the License.
+    # You may obtain a copy of the License at
+    #
+    #       http://www.apache.org/licenses/LICENSE-2.0
+    #
+    # Unless required by applicable law or agreed to in writing, software
+    # distributed under the License is distributed on an "AS IS" BASIS,
+    # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    # See the License for the specific language governing permissions and
+    # limitations under the License.
+    */}}-->
+  <!--<jmxConfigurator /> -->
+  <!-- directory path for all other type logs -->
+
+  <property name="logDir" value="/var/log/onap" />
+
+  <!-- <ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy"
+          | "SDNC" | "AC" -->
+  <property name="componentName" value="AAI-UI"></property>
+
+  <!-- default eelf log file names -->
+  <property name="generalLogName" value="error" />
+  <property name="metricsLogName" value="metrics" />
+  <property name="auditLogName" value="audit" />
+  <property name="debugLogName" value="debug" />
+
+  <property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|AAIUI|%mdc{PartnerName}|%logger|%.-5level|%msg%n" />
+  <property name="auditMetricPattern" value="%m%n" />
+
+  <property name="logDirectory" value="${logDir}/${componentName}" />
+
+
+  <!-- Example evaluator filter applied against console appender -->
+  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>${errorLogPattern}</pattern>
+    </encoder>
+  </appender>
+
+  <!-- ============================================================================ -->
+  <!-- EELF Appenders -->
+  <!-- ============================================================================ -->
+
+  <!-- The EELFAppender is used to record events to the general application
+          log -->
+
+  <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${generalLogName}.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip
+</fileNamePattern>
+      <maxHistory>60</maxHistory>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${errorLogPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
+    <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
+    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+      <level>INFO</level>
+    </filter>
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELF" />
+  </appender>
+
+
+  <!-- EELF Audit Appender. This appender is used to record audit engine related
+          logging events. The audit logger and appender are specializations of the
+          EELF application root logger and appender. This can be used to segregate
+          Policy engine events from other components, or it can be eliminated to record
+          these events as part of the application root log. -->
+
+  <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${auditLogName}.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip
+</fileNamePattern>
+      <maxHistory>60</maxHistory>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${auditMetricPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELFAudit" />
+  </appender>
+
+  <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${metricsLogName}.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip
+</fileNamePattern>
+      <maxHistory>60</maxHistory>
+    </rollingPolicy>
+    <encoder>
+      <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> -->
+      <pattern>${auditMetricPattern}</pattern>
+    </encoder>
+  </appender>
+
+
+  <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELFMetrics" />
+  </appender>
+
+  <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${debugLogName}.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip
+</fileNamePattern>
+      <maxHistory>60</maxHistory>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${errorLogPattern}</pattern>
+    </encoder>
+  </appender>
+
+  <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELFDebug" />
+    <includeCallerData>false</includeCallerData>
+  </appender>
+
+  <!-- ============================================================================ -->
+  <!-- EELF loggers -->
+  <!-- ============================================================================ -->
+  <logger name="com.att.eelf" level="info" additivity="false">
+    <appender-ref ref="asyncEELF" />
+    <appender-ref ref="asyncEELFDebug" />
+    <appender-ref ref="STDOUT" />
+  </logger>
+
+  <logger name="com.att.eelf.audit" level="info" additivity="false">
+    <appender-ref ref="asyncEELFAudit" />
+  </logger>
+  <logger name="com.att.eelf.metrics" level="info" additivity="false">
+    <appender-ref ref="asyncEELFMetrics" />
+  </logger>
+
+  <!-- Spring related loggers -->
+  <logger name="org.springframework" level="WARN" />
+  <logger name="org.springframework.beans" level="WARN" />
+  <logger name="org.springframework.web" level="WARN" />
+  <logger name="com.blog.spring.jms" level="WARN" />
+
+  <!-- Sparky loggers -->
+  <logger name="org.onap" level="INFO">
+    <appender-ref ref="STDOUT" />
+  </logger>
+
+  <!-- Other Loggers that may help troubleshoot -->
+  <logger name="net.sf" level="WARN" />
+  <logger name="org.apache.commons.httpclient" level="WARN" />
+  <logger name="org.apache.commons" level="WARN" />
+  <logger name="org.apache.coyote" level="WARN" />
+  <logger name="org.apache.jasper" level="WARN" />
+
+  <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
+          May aid in troubleshooting) -->
+  <logger name="org.apache.camel" level="WARN" />
+  <logger name="org.apache.cxf" level="WARN" />
+  <logger name="org.apache.camel.processor.interceptor" level="WARN" />
+  <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" />
+  <logger name="org.apache.cxf.service" level="WARN" />
+  <logger name="org.restlet" level="WARN" />
+  <logger name="org.apache.camel.component.restlet" level="WARN" />
+
+  <!-- logback internals logging -->
+  <logger name="ch.qos.logback.classic" level="WARN" />
+  <logger name="ch.qos.logback.core" level="WARN" />
+
+  <root>
+    <appender-ref ref="asyncEELF" />
+    <appender-ref ref="STDOUT" />
+    <!-- <appender-ref ref="asyncEELFDebug" /> -->
+  </root>
+
+</configuration>
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/roles.config b/kubernetes/aai/components/aai-sparky-be/resources/config/application/roles.config
similarity index 100%
rename from kubernetes/aai/components/aai-sparky-be/resources/config/roles.config
rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/roles.config
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/users.config b/kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config
similarity index 100%
rename from kubernetes/aai/components/aai-sparky-be/resources/config/users.config
rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12 b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12
deleted file mode 100644
index aa4ae74..0000000
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12 b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12
deleted file mode 100644
index b2449c6..0000000
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties
index 2592e5c..7a0fb82 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties
@@ -46,4 +46,4 @@
 ext_req_read_timeout=20000
 
 #Add AAF namespace if the app is centralized
-auth_namespace={{.Values.config.aafNamespace}}
+auth_namespace={{ .Values.certInitializer.fqi_namespace }}
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties
index 1f154b6..baefd98 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties
@@ -6,14 +6,18 @@
 # AAF Environment Designation
 
 #if you are running aaf service from a docker image you have to use aaf service IP and port number
-aaf_id={{.Values.config.aafUsername}}
+aaf_id={{ .Values.certInitializer.fqi }}
 #Encrypt the password using AAF Jar
-aaf_password={{.Values.config.aafPassword}}
+aaf_password={{ .Values.certInitializer.aafDeployPass }}
 # Sample CADI Properties, from CADI 1.4.2
 #hostname=org.onap.aai.orr
 csp_domain=PROD
 # Add Absolute path to Keyfile
-cadi_keyfile={{.Values.config.cadiKeyFile}}
+cadi_keyfile={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.keyfile
+cadi_keystore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+cadi_keystore_password=${KEYSTORE_PASSWORD}
+
+cadi_alias={{ .Values.certInitializer.fqi }}
 
 # This is required to accept Certificate Authentication from Certman certificates.
 # can be TEST, IST or PROD
@@ -23,9 +27,9 @@
 cadi_loglevel=DEBUG
 
 # Add Absolute path to truststore2018.jks
-cadi_truststore={{.Values.config.cadiTrustStore}}
+cadi_truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
 # Note: This is the ONLY password that doesn't have to be encrypted. All Java's TrustStores are this passcode by default, because they are public certs
-cadi_truststore_password={{.Values.config.cadiTrustStorePassword}}
+cadi_truststore_password=${TRUSTSTORE_PASSWORD}
 
 # how to turn on SSL Logging
 #javax.net.debug=ssl
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml
index 162e96b..fee07d8 100644
--- a/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml
@@ -14,25 +14,6 @@
 # limitations under the License.
 */}}
 
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-prop
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/application-resources.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/application-ssl.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/application-oxm-default.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/application-oxm-override.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/application-oxm-schema-prod.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/roles.config").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/users.config").AsConfig . | indent 2 }}
 ---
 apiVersion: v1
 kind: ConfigMap
@@ -45,7 +26,7 @@
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application/*").AsConfig . | indent 2 }}
 ---
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
index 6e74526..51d577b 100644
--- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
@@ -38,7 +38,29 @@
         release: {{ include "common.release" . }}
       name: {{ include "common.name" . }}
     spec:
-      initContainers:
+      initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+      - command:
+        - sh
+        args:
+        - -c
+        - |
+          echo "*** retrieve Truststore and Keystore password"
+          export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop \
+            | xargs -0)
+          echo "*** write them in portal part"
+          cd /config-input
+          for PFILE in `ls -1 .`
+            do
+              envsubst <${PFILE} >/config/${PFILE}
+          done
+        volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+        - mountPath: /config-input
+          name: portal-config-input
+        - mountPath: /config
+          name: portal-config
+        image: {{ include "repositoryGenerator.image.envsubst" . }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ include "common.name" . }}-update-config
       - command:
         - /app/ready.py
         args:
@@ -57,68 +79,56 @@
       - name: {{ include "common.name" . }}
         image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
-        volumeMounts:
+        command:
+        - sh
+        args:
+        - -c
+        - |
+          echo "*** retrieve Truststore and Keystore password"
+          export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop \
+            | xargs -0)
+          echo "*** actual launch of AAI Sparky BE"
+          /opt/app/sparky/bin/start.sh
+        volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
         - mountPath: /etc/localtime
           name: localtime
           readOnly: true
-        - mountPath: /opt/app/sparky/config/auth/client-cert-onap.p12
-          name: {{ include "common.fullname" . }}-auth-config
-          subPath: client-cert-onap.p12
-
         - mountPath: /opt/app/sparky/config/auth/csp-cookie-filter.properties
-          name: {{ include "common.fullname" . }}-auth-config
+          name: auth-config
           subPath: csp-cookie-filter.properties
-
-        - mountPath: /opt/app/sparky/config/auth/org.onap.aai.p12
-          name: {{ include "common.fullname" . }}-auth-config
-          subPath: org.onap.aai.p12
-
-        - mountPath: /opt/app/sparky/config/auth/truststoreONAPall.jks
-          name: aai-common-aai-auth-mount
-          subPath: truststoreONAPall.jks
-
         - mountPath: /opt/app/sparky/config/portal/
-          name: {{ include "common.fullname" . }}-portal-config
-
+          name: portal-config
         - mountPath: /opt/app/sparky/config/portal/BOOT-INF/classes/
-          name: {{ include "common.fullname" . }}-portal-config-props
-
+          name: portal-config-props
         - mountPath: /var/log/onap
-          name: {{ include "common.fullname" . }}-logs
-
+          name: logs
         - mountPath:  /opt/app/sparky/config/application.properties
-          name: {{ include "common.fullname" . }}-properties
+          name: config
           subPath: application.properties
-
         - mountPath:  /opt/app/sparky/config/application-resources.properties
-          name: {{ include "common.fullname" . }}-properties
+          name: config
           subPath: application-resources.properties
-
         - mountPath:  /opt/app/sparky/config/application-ssl.properties
-          name: {{ include "common.fullname" . }}-properties
+          name: config
           subPath: application-ssl.properties
-
         - mountPath:  /opt/app/sparky/config/application-oxm-default.properties
-          name: {{ include "common.fullname" . }}-properties
+          name: config
           subPath: application-oxm-default.properties
-
         - mountPath:  /opt/app/sparky/config/application-oxm-override.properties
-          name: {{ include "common.fullname" . }}-properties
+          name: config
           subPath: application-oxm-override.properties
-
         - mountPath:  /opt/app/sparky/config/application-oxm-schema-prod.properties
-          name: {{ include "common.fullname" . }}-properties
+          name: config
           subPath: application-oxm-schema-prod.properties
-
         - mountPath:  /opt/app/sparky/config/roles.config
-          name: {{ include "common.fullname" . }}-properties
+          name: config
           subPath: roles.config
-
         - mountPath:  /opt/app/sparky/config/users.config
-          name: {{ include "common.fullname" . }}-properties
+          name: config
           subPath: users.config
-
+        - mountPath:  /opt/app/sparky/config/logging/logback.xml
+          name: config
+          subPath: logback.xml
         ports:
         - containerPort: {{ .Values.service.internalPort }}
         # disable liveness probe when breakpoints set in debugger
@@ -155,45 +165,35 @@
           subPath: filebeat.yml
           name: filebeat-conf
         - mountPath: /var/log/onap
-          name: {{ include "common.fullname" . }}-logs
+          name: logs
         - mountPath: /usr/share/filebeat/data
           name: aai-sparky-filebeat
         resources:
 {{ include "common.resources" . }}
 
-      volumes:
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
       - name: localtime
         hostPath:
           path: /etc/localtime
-
-      - name: {{ include "common.fullname" . }}-properties
-        configMap:
-          name: {{ include "common.fullname" . }}-prop
-
-      - name: {{ include "common.fullname" . }}-config
+      - name: config
         configMap:
           name: {{ include "common.fullname" . }}
-
-      - name: {{ include "common.fullname" . }}-portal-config
+      - name: portal-config
+        emptyDir:
+          medium: Memory
+      - name: portal-config-input
         configMap:
           name: {{ include "common.fullname" . }}-portal
-
-      - name: {{ include "common.fullname" . }}-portal-config-props
+      - name: portal-config-props
         configMap:
           name: {{ include "common.fullname" . }}-portal-props
-
-      - name: {{ include "common.fullname" . }}-auth-config
+      - name: auth-config
         secret:
           secretName: {{ include "common.fullname" . }}
-
-      - name: aai-common-aai-auth-mount
-        secret:
-          secretName: aai-common-aai-auth
-
       - name: filebeat-conf
         configMap:
           name: aai-filebeat
-      - name: {{ include "common.fullname" . }}-logs
+      - name: logs
         emptyDir: {}
       - name: aai-sparky-filebeat
         emptyDir: {}
diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml
index ed21030..147feb1 100644
--- a/kubernetes/aai/components/aai-sparky-be/values.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/values.yaml
@@ -27,6 +27,45 @@
   searchData:
     serviceName: aai-search-data
 
+
+#################################################################
+# Certificate configuration
+#################################################################
+certInitializer:
+  nameOverride: aai-sparky-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: "aai"
+  app_ns: "org.osaaf.aaf"
+  fqi_namespace: "org.onap.aai"
+  fqi: "aai@aai.onap.org"
+  public_fqdn: "aaf.osaaf.org"
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: |
+    echo "*** changing passwords into shell safe ones"
+    export KEYSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+    export TRUSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+    cd {{ .Values.credsPath }}
+    keytool -storepasswd -new "${KEYSTORE_PASSWD}" \
+      -storepass "${cadi_keystore_password_jks}" \
+      -keystore {{ .Values.fqi_namespace }}.jks
+    keytool -storepasswd -new "${TRUSTORE_PASSWD}" \
+      -storepass "${cadi_truststore_password}" \
+      -keystore {{ .Values.fqi_namespace }}.trust.jks
+    echo "*** set key password as same password as keystore password"
+    keytool -keypasswd -new "${KEYSTORE_PASSWD}" \
+      -keystore {{ .Values.fqi_namespace }}.jks \
+      -keypass "${cadi_keystore_password_jks}" \
+      -storepass "${KEYSTORE_PASSWD}" -alias {{ .Values.fqi }}
+    echo "*** save the generated passwords"
+    echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWD}" > mycreds.prop
+    echo "TRUSTSTORE_PASSWORD=${TRUSTORE_PASSWD}" >> mycreds.prop
+    echo "*** change ownership of certificates to targeted user"
+    chown -R 1000 {{ .Values.credsPath }}
+
 # application image
 image: onap/sparky-be:2.0.2
 pullPolicy: Always
@@ -44,13 +83,7 @@
   portalPassword: OBF:1t2v1vfv1unz1vgz1t3b
   portalCookieName: UserId
   portalAppRoles: ui_view
-  aafUsername: aai@aai.onap.org
-  aafNamespace: org.onap.aai
-  aafPassword: enc:xxYw1FqXU5UpianbPeH5Rezg0YfjzuwQrSiLcCmJGfz
-  cadiKeyFile: /opt/app/sparky/config/portal/keyFile
-  cadiTrustStore: /opt/app/sparky/config/auth/truststoreONAPall.jks
   cadiFileLocation: /opt/app/sparky/config/portal/cadi.properties
-  cadiTrustStorePassword: changeit
   cookieDecryptorClass: org.onap.aai.sparky.security.BaseCookieDecryptor
 
 # ONAP Cookie Processing - During initial development, the following flag, if true, will
diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml
index 69222db..1e3a962 100644
--- a/kubernetes/aai/components/aai-traversal/values.yaml
+++ b/kubernetes/aai/components/aai-traversal/values.yaml
@@ -140,7 +140,7 @@
   truststoreAllPassword: changeit
 
 # application image
-image: onap/aai-traversal:1.7.2
+image: onap/aai-traversal:1.8.0
 pullPolicy: Always
 restartPolicy: Always
 flavor: small
diff --git a/kubernetes/common/common/templates/_pod.tpl b/kubernetes/common/common/templates/_pod.tpl
index de25485..b38a7f1 100644
--- a/kubernetes/common/common/templates/_pod.tpl
+++ b/kubernetes/common/common/templates/_pod.tpl
@@ -36,13 +36,13 @@
 {{- $global := . }}
 {{-   range $index, $port := $ports }}
 {{-     if (include "common.needTLS" $global) }}
-- containerPort: {{ $port.port }}
+- containerPort: {{ default $port.port $port.internal_port }}
 {{-     else }}
-- containerPort: {{ default $port.port $port.plain_port }}
+- containerPort: {{ default (default $port.port $port.internal_port) (default $port.plain_port $port.internal_plain_port) }}
 {{-     end }}
   name: {{ $port.name }}
 {{-     if (and $port.plain_port (and (include "common.needTLS" $global) $both_tls_and_plain))  }}
-- containerPort: {{ $port.plain_port }}
+- containerPort: {{ default $port.plain_port $port.internal_plain_port }}
   name: {{ $port.name }}-plain
 {{-     end }}
 {{-   end }}
@@ -67,4 +67,3 @@
   privileged: false
   allowPrivilegeEscalation: false
 {{- end }}
-
diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml
index f815847..07bb5c4 100644
--- a/kubernetes/common/postgres/values.yaml
+++ b/kubernetes/common/postgres/values.yaml
@@ -41,6 +41,9 @@
 # Application configuration defaults.
 #################################################################
 
+# bitnami image doesn't support well single quote in password
+passwordStrengthOverride: basic
+
 pullPolicy: Always
 
 # application configuration
diff --git a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
index 95de6ec..71201a1 100644
--- a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
+++ b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
@@ -67,6 +67,9 @@
 - name: {{ include "common.name" $dot }}{{ ternary "" (printf "-%s" $namePart) (empty $namePart) }}-readiness
   image: {{ include "repositoryGenerator.image.readiness" $subchartDot }}
   imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
+  securityContext:
+    runAsUser: {{ $subchartDot.Values.user }}
+    runAsGroup: {{ $subchartDot.Values.group }}
   command:
   - /app/ready.py
   args:
diff --git a/kubernetes/common/readinessCheck/values.yaml b/kubernetes/common/readinessCheck/values.yaml
index b15b1c2..128c505 100644
--- a/kubernetes/common/readinessCheck/values.yaml
+++ b/kubernetes/common/readinessCheck/values.yaml
@@ -15,6 +15,9 @@
 global:
   pullPolicy: Always
 
+user: 100
+group: 65533
+
 limits:
   cpu: 100m
   memory: 100Mi
diff --git a/kubernetes/cps/.helmignore b/kubernetes/cps/.helmignore
new file mode 100644
index 0000000..80b47d2
--- /dev/null
+++ b/kubernetes/cps/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+components/
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties b/kubernetes/cps/Chart.yaml
similarity index 65%
copy from kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
copy to kubernetes/cps/Chart.yaml
index 59c0349..c723bae 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
+++ b/kubernetes/cps/Chart.yaml
@@ -1,5 +1,4 @@
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#  Copyright (C) 2021 Pantheon.tech
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,11 +11,8 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-*/}}
 
-resources.hostname=aai
-resources.port=8443
-resources.authType=SSL_BASIC
-resources.basicAuthUserName=aai@aai.onap.org
-resources.basicAuthPassword=1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek
-resources.trust-store=tomcat_keystore
+apiVersion: v1
+description: Configuration Persistance Service (CPS)
+name: cps
+version: 7.0.0
diff --git a/kubernetes/cps/README.md b/kubernetes/cps/README.md
new file mode 100644
index 0000000..4b578c4
--- /dev/null
+++ b/kubernetes/cps/README.md
@@ -0,0 +1,22 @@
+# ============LICENSE_START==========================================
+# ===================================================================
+#  Copyright (C) 2021 Pantheon.tech
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#============LICENSE_END============================================
+
+# Helm Chart for CPS Applications
+
+ONAP Configuration Persistence Service (CPS) includes the following Kubernetes services:
+
+1) Cps and xNF - Configuration Persistence Service together with Nf Configuration Persistence Service
\ No newline at end of file
diff --git a/kubernetes/cps/requirements.yaml b/kubernetes/cps/requirements.yaml
new file mode 100644
index 0000000..ce06a4d
--- /dev/null
+++ b/kubernetes/cps/requirements.yaml
@@ -0,0 +1,30 @@
+#  Copyright (C) 2021 Pantheon.tech, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~7.x-0
+    repository: '@local'
+  - name: postgres
+    version: ~7.x-0
+    repository: '@local'
+  - name: readinessCheck
+    version: ~7.x-0
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~7.x-0
+    repository: '@local'
+  - name: serviceAccount
+    version: ~7.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/cps/resources/config/application.yml b/kubernetes/cps/resources/config/application.yml
new file mode 100644
index 0000000..983a754
--- /dev/null
+++ b/kubernetes/cps/resources/config/application.yml
@@ -0,0 +1,68 @@
+{{/*
+  #  Copyright (C) 2021 Pantheon.tech
+  #  Modifications Copyright (C) 2020 Bell Canada. All rights reserved.
+  #
+  # Licensed under the Apache License, Version 2.0 (the "License");
+  # you may not use this file except in compliance with the License.
+  # You may obtain a copy of the License at
+  #
+  #     http://www.apache.org/licenses/LICENSE-2.0
+  #
+  # Unless required by applicable law or agreed to in writing, software
+  # distributed under the License is distributed on an "AS IS" BASIS,
+  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  # See the License for the specific language governing permissions and
+  # limitations under the License.
+*/}}
+---
+server:
+  port: 8080
+
+rest:
+  api:
+    cps-base-path: /cps/api
+    xnf-base-path: /cps-nf-proxy/api
+
+spring:
+  main:
+    banner-mode: "off"
+  jpa:
+    ddl-auto: create
+    open-in-view: false
+    properties:
+      hibernate:
+        enable_lazy_load_no_trans: true
+        dialect: org.hibernate.dialect.PostgreSQLDialect
+
+  datasource:
+    url: jdbc:postgresql://{{ .Values.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }}
+    username: ${DB_USERNAME}
+    password: ${DB_PASSWORD}
+    driverClassName: org.postgresql.Driver
+    initialization-mode: always
+
+  cache:
+    type: caffeine
+    cache-names: yangSchema
+    caffeine:
+      spec: maximumSize=10000,expireAfterAccess=10m
+# Actuator
+management:
+  endpoints:
+    web:
+      base-path: /manage
+    exposure:
+      include: info,health,loggers
+  endpoint:
+    health:
+      show-details: always
+      # kubernetes probes: liveness and readiness
+      probes:
+        enabled: true
+    loggers:
+      enabled: true
+
+logging:
+  level:
+    org:
+      springframework: {{ .Values.logging.level }}
diff --git a/kubernetes/cps/resources/config/logback.xml b/kubernetes/cps/resources/config/logback.xml
new file mode 100644
index 0000000..56ffc88
--- /dev/null
+++ b/kubernetes/cps/resources/config/logback.xml
@@ -0,0 +1,34 @@
+<!--
+  ============LICENSE_START=======================================================
+   Copyright (C) 2020 Bell Canada. All rights reserved.
+  ================================================================================
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+       http://www.apache.org/licenses/LICENSE-2.0
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+  SPDX-License-Identifier: Apache-2.0
+  ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <pattern>%d - %highlight(%-5level) [%-20.20thread] %cyan(%logger{36}) - %msg%n</pattern>
+        </encoder>
+    </appender>
+    <appender name="AsyncSysOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="STDOUT" />
+    </appender>
+
+    <root level="INFO">
+        <appender-ref ref="AsyncSysOut" />
+    </root>
+
+</configuration>
+
diff --git a/kubernetes/cps/templates/NOTES.txt b/kubernetes/cps/templates/NOTES.txt
new file mode 100644
index 0000000..09d22df
--- /dev/null
+++ b/kubernetes/cps/templates/NOTES.txt
@@ -0,0 +1,35 @@
+# Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+  http://{{ . }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  export SERVICE_PORT=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.spec.ports[0].port}')
+  echo http://$SERVICE_IP:$SERVICE_PORT
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export POD_PORT=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl port-forward $POD_NAME 8080:$POD_PORT
+{{- end }}
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties b/kubernetes/cps/templates/configmap.yaml
similarity index 66%
copy from kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
copy to kubernetes/cps/templates/configmap.yaml
index 59c0349..eeb057c 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
+++ b/kubernetes/cps/templates/configmap.yaml
@@ -1,5 +1,5 @@
 {{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Copyright (C) 2021 Pantheon.tech
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,9 +14,7 @@
 # limitations under the License.
 */}}
 
-resources.hostname=aai
-resources.port=8443
-resources.authType=SSL_BASIC
-resources.basicAuthUserName=aai@aai.onap.org
-resources.basicAuthPassword=1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek
-resources.trust-store=tomcat_keystore
+apiVersion: v1
+kind: ConfigMap
+metadata:  {{- include "common.resourceMetadata" . | nindent 2 }}
+data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | nindent 2 }}
diff --git a/kubernetes/cps/templates/deployment.yaml b/kubernetes/cps/templates/deployment.yaml
new file mode 100644
index 0000000..e15ae71
--- /dev/null
+++ b/kubernetes/cps/templates/deployment.yaml
@@ -0,0 +1,96 @@
+{{/*
+# Copyright (C) 2021 Pantheon.tech, Orange
+# Modifications Copyright (C) 2020 Bell Canada. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector: {{- include "common.selectors" . | nindent 4 }}
+  template:
+    metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+    spec:
+      {{ include "common.podSecurityContext" . | indent 6 | trim}}
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
+      initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
+      - name: {{ include "common.name" . }}-update-config
+        image: {{ include "repositoryGenerator.image.envsubst" . }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+            - sh
+        args:
+          - -c
+          - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
+        env:
+          - name: DB_USERNAME
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }}
+          - name: DB_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }}
+        volumeMounts:
+          - mountPath: /config-input
+            name: init-data-input
+          - mountPath: /config
+            name: init-data
+      containers:
+      - name: {{ include "common.name" . }}
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        ports: {{ include "common.containerPorts" . | nindent 10  }}
+        {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+        # disable liveness probe when breakpoints set in debugger
+        # so K8s doesn't restart unresponsive container
+        {{- if eq .Values.liveness.enabled true }}
+        livenessProbe:
+          httpGet:
+            port: {{ .Values.liveness.port }}
+            path: {{ .Values.liveness.path }}
+          initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.liveness.periodSeconds }}
+        {{ end -}}
+        readinessProbe:
+          httpGet:
+            port: {{ .Values.readiness.port }}
+            path: {{ .Values.readiness.path }}
+          initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.readiness.periodSeconds }}
+        resources: {{ include "common.resources" . | nindent 10 }}
+        {{- if .Values.nodeSelector }}
+        nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }}
+        {{- end }}
+        {{- if .Values.affinity }}
+        affinity: {{ toYaml .Values.affinity | nindent 12 }}
+        {{- end }}
+        volumeMounts:
+          - mountPath: /app/resources/application.yml
+            subPath: application.yml
+            name: init-data
+          - mountPath: /app/resources/logback.xml
+            subPath: logback.xml
+            name: init-data
+          - mountPath: /tmp
+            name: init-temp
+      volumes:
+        - name: init-data-input
+          configMap:
+            name: {{ include "common.fullname" . }}
+        - name: init-data
+          emptyDir:
+            medium: Memory
+        - name: init-temp
+          emptyDir: {}
+      imagePullSecrets:
+        - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties b/kubernetes/cps/templates/ingress.yaml
similarity index 66%
copy from kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
copy to kubernetes/cps/templates/ingress.yaml
index 59c0349..16f9440 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
+++ b/kubernetes/cps/templates/ingress.yaml
@@ -1,5 +1,5 @@
 {{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Copyright (C) 2021 Pantheon.tech
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,9 +14,4 @@
 # limitations under the License.
 */}}
 
-resources.hostname=aai
-resources.port=8443
-resources.authType=SSL_BASIC
-resources.basicAuthUserName=aai@aai.onap.org
-resources.basicAuthPassword=1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek
-resources.trust-store=tomcat_keystore
+{{ include "common.ingress" . }}
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties b/kubernetes/cps/templates/secrets.yaml
similarity index 66%
copy from kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
copy to kubernetes/cps/templates/secrets.yaml
index 59c0349..f25044d 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
+++ b/kubernetes/cps/templates/secrets.yaml
@@ -1,5 +1,5 @@
 {{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Copyright (C) 2021 Pantheon.tech
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,9 +14,4 @@
 # limitations under the License.
 */}}
 
-resources.hostname=aai
-resources.port=8443
-resources.authType=SSL_BASIC
-resources.basicAuthUserName=aai@aai.onap.org
-resources.basicAuthPassword=1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek
-resources.trust-store=tomcat_keystore
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/cps/templates/service.yaml b/kubernetes/cps/templates/service.yaml
new file mode 100644
index 0000000..bfcaabc
--- /dev/null
+++ b/kubernetes/cps/templates/service.yaml
@@ -0,0 +1,17 @@
+{{/*
+  #  Copyright (C) 2021 Pantheon.tech, Orange
+  #
+  # Licensed under the Apache License, Version 2.0 (the "License");
+  # you may not use this file except in compliance with the License.
+  # You may obtain a copy of the License at
+  #
+  #       http://www.apache.org/licenses/LICENSE-2.0
+  #
+  # Unless required by applicable law or agreed to in writing, software
+  # distributed under the License is distributed on an "AS IS" BASIS,
+  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  # See the License for the specific language governing permissions and
+  # limitations under the License.
+  */}}
+
+{{ include "common.service" . }}
diff --git a/kubernetes/cps/values.yaml b/kubernetes/cps/values.yaml
new file mode 100644
index 0000000..ee797a5
--- /dev/null
+++ b/kubernetes/cps/values.yaml
@@ -0,0 +1,143 @@
+#  Copyright (C) 2021 Pantheon.tech, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Secrets.
+#################################################################
+secrets:
+  - uid: pg-root-pass
+    name: &pgRootPassSecretName '{{ include "common.release" . }}-cps-pg-root-pass'
+    type: password
+    externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "cps-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+    password: '{{ .Values.postgres.config.pgRootpassword }}'
+    policy: generate
+  - uid: pg-user-creds
+    name: &pgUserCredsSecretName '{{ include "common.release" . }}-cps-pg-user-creds'
+    type: basicAuth
+    externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "cps-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+    login: '{{ .Values.postgres.config.pgUserName }}'
+    password: '{{ .Values.postgres.config.pgUserPassword }}'
+    passwordPolicy: generate
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+
+# bitnami image doesn't support well single quote in password
+passwordStrengthOverride: basic
+global:
+  ingress:
+    virtualhost:
+      baseurl: "simpledemo.onap.org"
+
+image: onap/cps-and-nf-proxy:0.0.1
+containerPort: &svc_port 8080
+
+service:
+  type: ClusterIP
+  name: cps
+  ports:
+    - name: &port http
+      port: *svc_port
+
+pullPolicy: Always
+# flag to enable debugging - application support required
+debugEnabled: false
+nodeSelector: {}
+affinity: {}
+# Resource Limit flavor -By Default using small
+flavor: small
+# default number of instances
+replicaCount: 1
+# Segregation for Different environment (Small and Large)
+resources:
+  small:
+    limits:
+      cpu: 2
+      memory: 2Gi
+    requests:
+      cpu: 1
+      memory: 1Gi
+  large:
+    limits:
+      cpu: 4
+      memory: 4Gi
+    requests:
+      cpu: 2
+      memory: 2Gi
+  unlimited: {}
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 20
+  periodSeconds: 20
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: true
+  path: /manage/health
+  port: *port
+
+readiness:
+  initialDelaySeconds: 15
+  periodSeconds: 15
+  path: /manage/health
+  port: *port
+
+ingress:
+  enabled: true
+  service:
+    - baseaddr: "cps"
+      path: "/"
+      name: "cps"
+      port: *svc_port
+
+serviceAccount:
+  nameOverride: cps
+  roles:
+    - read
+
+securityContext:
+  user_id: 100
+  group_id: 655533
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+logging:
+  level: INFO
+  path: /tmp
+#################################################################
+# Postgres overriding defaults in the postgres
+#################################################################
+postgres:
+  nameOverride: &postgresName cps-postgres
+  service:
+    name: *postgresName
+    name2: cps-pg-primary
+    name3: cps-pg-replica
+  container:
+    name:
+      primary: cps-pg-primary
+      replica: cps-pg-replica
+  persistence:
+    mountSubPath: cps/data
+    mountInitPath: cps
+  config:
+    pgUserName: cps
+    pgDatabase: cpsdb
+    pgUserExternalSecret: *pgUserCredsSecretName
+    pgRootPasswordExternalSecret: *pgRootPassSecretName
+
+readinessCheck:
+  wait_for:
+    - cps-postgres
\ No newline at end of file
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
index 6412bf8..458ec10 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
@@ -104,7 +104,7 @@
   disableNfsProvisioner: true
 
 # application image
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.0.0
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.0.2
 default_k8s_location: central
 
 # DCAE component images to be deployed via Cloudify Manager
diff --git a/kubernetes/onap/requirements.yaml b/kubernetes/onap/requirements.yaml
index 3e96bdf..4f46962 100755
--- a/kubernetes/onap/requirements.yaml
+++ b/kubernetes/onap/requirements.yaml
@@ -54,6 +54,10 @@
     version: ~7.x-0
     repository: '@local'
     condition: global.addTestingComponents
+  - name: cps
+    version: ~7.x-0
+    repository: '@local'
+    condition: cps.enabled
   - name: dcaegen2
     version: ~7.x-0
     repository: '@local'
diff --git a/kubernetes/onap/resources/environments/core-onap.yaml b/kubernetes/onap/resources/environments/core-onap.yaml
index 027bc7b..9932691 100644
--- a/kubernetes/onap/resources/environments/core-onap.yaml
+++ b/kubernetes/onap/resources/environments/core-onap.yaml
@@ -67,6 +67,8 @@
   enabled: false
 contrib:
   enabled: false
+cps:
+  enabled: false
 dcaegen2:
   enabled: false
 dmaap:
diff --git a/kubernetes/onap/resources/environments/dev.yaml b/kubernetes/onap/resources/environments/dev.yaml
index dd22d8f..8471349 100644
--- a/kubernetes/onap/resources/environments/dev.yaml
+++ b/kubernetes/onap/resources/environments/dev.yaml
@@ -71,6 +71,8 @@
   enabled: false
 contrib:
   enabled: false
+cps:
+  enabled: false
 dcaegen2:
   enabled: false
 dmaap:
diff --git a/kubernetes/onap/resources/environments/disable-allcharts.yaml b/kubernetes/onap/resources/environments/disable-allcharts.yaml
index 27588fa..c7dcdfc 100644
--- a/kubernetes/onap/resources/environments/disable-allcharts.yaml
+++ b/kubernetes/onap/resources/environments/disable-allcharts.yaml
@@ -41,6 +41,8 @@
   enabled: false
 contrib:
   enabled: false
+cps:
+  enabled: false
 dcaegen2:
   enabled: false
 dmaap:
diff --git a/kubernetes/onap/resources/environments/minimal-onap.yaml b/kubernetes/onap/resources/environments/minimal-onap.yaml
index 336e937..0186a9c 100644
--- a/kubernetes/onap/resources/environments/minimal-onap.yaml
+++ b/kubernetes/onap/resources/environments/minimal-onap.yaml
@@ -62,6 +62,8 @@
   enabled: false
 contrib:
   enabled: false
+cps:
+  enabled: false
 dcaegen2:
   enabled: false
 dmaap:
diff --git a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
index be05299..2481623 100644
--- a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
+++ b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
@@ -94,6 +94,8 @@
   enabled: false
 contrib:
   enabled: false
+cps:
+  enabled: false
 dcaegen2:
   enabled: false
 dmaap:
diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
index 997bca9..63a8a74 100644
--- a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
@@ -36,6 +36,8 @@
   enabled: true
 contrib:
   enabled: true
+cps:
+  enabled: true
 dcaegen2:
   enabled: true
 dmaap:
diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml
index 13b90ac..c8551cb 100644
--- a/kubernetes/onap/resources/overrides/onap-all.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all.yaml
@@ -44,6 +44,8 @@
   enabled: *testing
 consul:
   enabled: true
+cps:
+  enabled: true
 dcaegen2:
   enabled: true
 dcaemod:
diff --git a/kubernetes/onap/resources/overrides/sm-onap.yaml b/kubernetes/onap/resources/overrides/sm-onap.yaml
index 7966431..bd8ed9d 100644
--- a/kubernetes/onap/resources/overrides/sm-onap.yaml
+++ b/kubernetes/onap/resources/overrides/sm-onap.yaml
@@ -66,10 +66,10 @@
   enabled: false
 contrib:
   enabled: false
+cps:
+  enabled: false
 dcaegen2:
   enabled: false
-dmaap:
-  enabled: true
 esr:
   enabled: false
 log:
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 0920222..d5d3e10 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -301,6 +301,8 @@
 # addTestingComponents
 contrib:
   enabled: *testing
+cps:
+  enabled: false
 dcaegen2:
   enabled: false
 dcaemod: