Merge "[SDC] use of certInitializer template"
diff --git a/kubernetes/aai b/kubernetes/aai
index 1990a02..5a01a09 160000
--- a/kubernetes/aai
+++ b/kubernetes/aai
@@ -1 +1 @@
-Subproject commit 1990a02ce9295df7c94009401c24fa226a10f8e8
+Subproject commit 5a01a0953803b3d1b140a77c779a3b942e293228
diff --git a/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh b/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh
index 6c69694..71f32e2 100755
--- a/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh
+++ b/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh
@@ -18,6 +18,11 @@
 	esac
 done
 
+prepare_password()
+{
+	echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+}
+
 # usage: file_env VAR [DEFAULT]
 #    ie: file_env 'XYZ_DB_PASSWORD' 'example'
 # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
@@ -36,7 +41,7 @@
 	elif [ "${!fileVar:-}" ]; then
 		val="$(< "${!fileVar}")"
 	fi
-	val=`echo -n $val | sed -e "s/'/''/g"`
+	val=`prepare_password $val`
 	export "$var"="$val"
 	unset "$fileVar"
 }
diff --git a/kubernetes/common/common/templates/_createPassword.tpl b/kubernetes/common/common/templates/_createPassword.tpl
index 8b2f1e2..bfa96da 100644
--- a/kubernetes/common/common/templates/_createPassword.tpl
+++ b/kubernetes/common/common/templates/_createPassword.tpl
@@ -37,6 +37,18 @@
   {{ end }}
 {{- end -}}
 
+{{- define "common._defaultPasswordStrength" -}}
+  {{ if .Values.passwordStrengthOverride }}
+    {{- printf "%s" .Values.passwordStrengthOverride -}}
+  {{ else if .Values.global.passwordStrength }}
+    {{- printf "%s" .Values.global.passwordStrength -}}
+  {{ else if .Values.passwordStrength }}
+    {{- printf "%s" .Values.passwordStrength -}}
+  {{ else }}
+    {{- printf "long" }}
+  {{ end }}
+{{- end -}}
+
 {{/*
   Generate a new password based on masterPassword. The new password is not
   random, it is derived from masterPassword, fully qualified chart name and
@@ -59,7 +71,8 @@
 {{- define "common.createPassword" -}}
   {{- $dot := default . .dot -}}
   {{- $uid := default "onap" .uid -}}
-  {{- $strength := default "long" .strength -}}
+  {{- $defaultStrength := include "common._defaultPasswordStrength" $dot | trim -}}
+  {{- $strength := default $defaultStrength .strength -}}
   {{- $mp := include "common.masterPassword" $dot -}}
   {{- derivePassword 1 $strength $mp (include "common.fullname" $dot) $uid -}}
 {{- end -}}
diff --git a/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml
index 7e73420..9e826ae 100644
--- a/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml
+++ b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml
@@ -45,7 +45,7 @@
 {{- end }}
       containers:
         - name: {{ template "common.fullname" . }}-curator
-          image: {{printf "%s/%s:%s" (include "common.repository" .)  .Values.image.imageName  .Values.image.tag }}
+          image: {{printf "%s/%s" (include "common.repository" .)  .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
             - name: config-volume
diff --git a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml
index 901c0a5..ea769d1 100644
--- a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml
+++ b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml
@@ -74,7 +74,7 @@
           {{- end }}
           containers:
             - name: {{ template "common.fullname" . }}-curator
-              image: {{printf "%s/%s:%s" (include "common.repository" .)  .Values.image.imageName  .Values.image.tag }}
+              image: {{printf "%s/%s" (include "common.repository" .)  .Values.image }}
               imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
               volumeMounts:
                 - name: config-volume
diff --git a/kubernetes/common/elasticsearch/components/curator/values.yaml b/kubernetes/common/elasticsearch/components/curator/values.yaml
index 5e0d966..addd528 100644
--- a/kubernetes/common/elasticsearch/components/curator/values.yaml
+++ b/kubernetes/common/elasticsearch/components/curator/values.yaml
@@ -31,16 +31,14 @@
 ##
 enabled: false
 name: curator
-image:
-  imageName: bitnami/elasticsearch-curator
-  tag: 5.8.1-debian-9-r74
-  pullPolicy: IfNotPresent
-  ## Optionally specify an array of imagePullSecrets.
-  ## Secrets must be manually created in the namespace.
-  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-  ##
-  # pullSecrets:
-  #   - myRegistryKeySecretName
+image: bitnami/elasticsearch-curator:5.8.1-debian-9-r74
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+#   - myRegistryKeySecretName
 service:
   port: 9200
 cronjob:
diff --git a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml
index e1a56e3..aeb14a1 100644
--- a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml
+++ b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml
@@ -86,7 +86,7 @@
       {{- end }}
       containers:
         - name: {{ include "common.name" . }}-data
-          image: {{ printf "%s/%s:%s" (include "common.repository" .)  .Values.image.imageName  .Values.image.tag }}
+          image: {{ printf "%s/%s" (include "common.repository" .)  .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           {{- if .Values.securityContext.enabled }}
           securityContext:
@@ -94,7 +94,7 @@
           {{- end }}
           env:
             - name: BITNAMI_DEBUG
-              value: {{ ternary "true" "false" .Values.image.debug | quote }}
+              value: {{ ternary "true" "false" .Values.debug | quote }}
             - name: ELASTICSEARCH_CLUSTER_NAME
               value: {{include "elasticsearch.clustername" .}}
             - name: ELASTICSEARCH_CLUSTER_HOSTS
diff --git a/kubernetes/common/elasticsearch/components/data/values.yaml b/kubernetes/common/elasticsearch/components/data/values.yaml
index cfb7f51..5624bee 100644
--- a/kubernetes/common/elasticsearch/components/data/values.yaml
+++ b/kubernetes/common/elasticsearch/components/data/values.yaml
@@ -46,24 +46,22 @@
   - name: http-transport
     port: 9300
 
-image:
-  imageName: bitnami/elasticsearch
-  tag: 6.8.6-debian-9-r23
-  ## Specify a imagePullPolicy
-  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
-  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
-  ##
-  pullPolicy: IfNotPresent
-  ## Optionally specify an array of imagePullSecrets.
-  ## Secrets must be manually created in the namespace.
-  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-  ##
-  # pullSecrets:
-  #   - myRegistryKeySecretName
-  ## Set to true if you would like to see extra information on logs
-  ## ref:  https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
-  ##
-  debug: false
+image: bitnami/elasticsearch:6.8.6-debian-9-r23
+## Specify a imagePullPolicy
+## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+##
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+#   - myRegistryKeySecretName
+## Set to true if you would like to see extra information on logs
+## ref:  https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+##
+debug: false
 
 
 ## updateStrategy for ElasticSearch Data statefulset
diff --git a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml
index 1b5e305..626747f 100644
--- a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml
+++ b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml
@@ -84,7 +84,7 @@
       {{- end }}
       containers:
         - name: {{ include "common.name" . }}-master
-          image: {{ printf "%s/%s:%s" (include "common.repository" .)  .Values.image.imageName  .Values.image.tag }}
+          image: {{ printf "%s/%s" (include "common.repository" .)  .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           {{- if .Values.securityContext.enabled }}
           securityContext:
@@ -92,7 +92,7 @@
           {{- end }}
           env:
             - name: BITNAMI_DEBUG
-              value: {{ ternary "true" "false" .Values.image.debug | quote }}
+              value: {{ ternary "true" "false" .Values.debug | quote }}
             - name: ELASTICSEARCH_CLUSTER_NAME
               value: {{ include "elasticsearch.clustername" . }}
             - name: ELASTICSEARCH_CLUSTER_HOSTS
diff --git a/kubernetes/common/elasticsearch/components/master/values.yaml b/kubernetes/common/elasticsearch/components/master/values.yaml
index 2862692..22c4987 100644
--- a/kubernetes/common/elasticsearch/components/master/values.yaml
+++ b/kubernetes/common/elasticsearch/components/master/values.yaml
@@ -43,24 +43,22 @@
 ## master acts as master only node, choose 'no' if no further data nodes are deployed)
 dedicatednode: "yes"
 ## dedicatednode: "no"
-image:
-  imageName: bitnami/elasticsearch
-  tag: 6.8.6-debian-9-r23
-  ## Specify a imagePullPolicy
-  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
-  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
-  ##
-  pullPolicy: IfNotPresent
-  ## Optionally specify an array of imagePullSecrets.
-  ## Secrets must be manually created in the namespace.
-  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-  ##
-  # pullSecrets:
-  #   - myRegistryKeySecretName
-  ## Set to true if you would like to see extra information on logs
-  ## ref:  https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
-  ##
-  debug: false
+image: bitnami/elasticsearch:6.8.6-debian-9-r23
+## Specify a imagePullPolicy
+## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+##
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+#   - myRegistryKeySecretName
+## Set to true if you would like to see extra information on logs
+## ref:  https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+##
+debug: false
 
 ## String to partially override common.fullname template (will maintain the release name)
 ##
diff --git a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
index 1ab5b59..8ec3862 100644
--- a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
+++ b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
@@ -85,7 +85,7 @@
           {{- include "common.certInitializer.volumeMount" . | nindent 10 }}
 
         - name: {{ include "common.name" . }}-elasticsearch
-          image: {{ printf "%s/%s:%s" (include "common.repository" .)  .Values.image.imageName  .Values.image.tag }}
+          image: {{ printf "%s/%s" (include "common.repository" .)  .Values.image }}
           {{- if .Values.securityContext.enabled }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           securityContext:
@@ -93,7 +93,7 @@
           {{- end }}
           env:
             - name: BITNAMI_DEBUG
-              value: {{ ternary "true" "false" .Values.image.debug | quote }}
+              value: {{ ternary "true" "false" .Values.debug | quote }}
             - name: ELASTICSEARCH_CLUSTER_NAME
               value: {{ include "elasticsearch.clustername" .}}
             - name: ELASTICSEARCH_CLUSTER_HOSTS
diff --git a/kubernetes/common/elasticsearch/values.yaml b/kubernetes/common/elasticsearch/values.yaml
index f8b3be5..e6e532d 100644
--- a/kubernetes/common/elasticsearch/values.yaml
+++ b/kubernetes/common/elasticsearch/values.yaml
@@ -40,24 +40,22 @@
   enabled: true
 
 # application image
-image:
-  imageName: bitnami/elasticsearch
-  tag: 6.8.6-debian-9-r23
-  ## Specify a imagePullPolicy
-  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
-  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
-  ##
-  pullPolicy: IfNotPresent
-  ## Optionally specify an array of imagePullSecrets.
-  ## Secrets must be manually created in the namespace.
-  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-  ##
-  # pullSecrets:
-  #   - myRegistryKeySecretName
-  ## Set to true if you would like to see extra information on logs
-  ## ref:  https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
-  ##
-  debug: false
+image: bitnami/elasticsearch:6.8.6-debian-9-r23
+## Specify a imagePullPolicy
+## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+##
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+#   - myRegistryKeySecretName
+## Set to true if you would like to see extra information on logs
+## ref:  https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+##
+debug: false
 
 ## String to partially override common.fullname template (will maintain the release name)
 ##
diff --git a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh
index 42c5c89..6787617 100755
--- a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh
+++ b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh
@@ -32,8 +32,9 @@
 	mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql
 fi
 
-function prepare_password {
-	echo -n $1 | sed -e "s/'/''/g"
+prepare_password()
+{
+	echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
 }
 
 mysql_root_password=`prepare_password $MYSQL_ROOT_PASSWORD`
diff --git a/kubernetes/common/mariadb-init/templates/_mariadb.tpl b/kubernetes/common/mariadb-init/templates/_mariadb.tpl
index af9a4f5..5563fe7 100644
--- a/kubernetes/common/mariadb-init/templates/_mariadb.tpl
+++ b/kubernetes/common/mariadb-init/templates/_mariadb.tpl
@@ -1,5 +1,6 @@
 {{/*
 # Copyright © 2019 Orange
+# Copyright © 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -20,3 +21,15 @@
 {{- define "mariadbInit.mariadbClusterSecret" -}}
   {{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride)) -}}
 {{- end -}}
+
+{{- define "mariadbInit._updateSecrets" -}}
+  {{- if not .Values.secretsUpdated }}
+    {{- $global := . }}
+    {{- range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }}
+      {{- $item := dict "uid" $db "type" "basicAuth" "externalSecret" (default "" $dbInfos.externalSecret) "login" (default "" $dbInfos.user) "password" (default "" $dbInfos.password) "passwordPolicy" "required" }}
+      {{- $newList := append $global.Values.secrets $item }}
+      {{- $_ := set $global.Values "secrets" $newList }}
+    {{- end -}}
+    {{ $_ := set $global.Values "secretsUpdated" true }}
+  {{- end -}}
+{{- end -}}
diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml
index 3149f94..7de0a91 100644
--- a/kubernetes/common/mariadb-init/templates/job.yaml
+++ b/kubernetes/common/mariadb-init/templates/job.yaml
@@ -13,6 +13,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+{{ include "mariadbInit._updateSecrets" . -}}
+
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -38,7 +40,7 @@
         - /app/ready.py
         args:
         - --container-name
-        - {{ .Values.global.mariadbGalera.nameOverride }}
+        - {{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.containerName }}
         env:
         - name: NAMESPACE
           valueFrom:
@@ -56,21 +58,21 @@
         - /db_init/db_init.sh
         env:
         - name: DB_HOST
-          value: "{{ .Values.global.mariadbGalera.nameOverride }}"
+          value: "{{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.serviceName }}"
         - name: DB_PORT
-          value: "{{ .Values.global.mariadbGalera.servicePort }}"
+          value: "{{ default .Values.global.mariadbGalera.servicePort .Values.mariadbGalera.servicePort }}"
         - name: MYSQL_ROOT_PASSWORD
-          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }}
         - name: {{ printf "MYSQL_USER_%s" .Values.config.mysqlDatabase | upper }}
-          {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }}
         - name: {{ printf "MYSQL_PASSWORD_%s" .Values.config.mysqlDatabase | upper }}
-          {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }}
 {{- $root := . }}
 {{ range $db, $_values := .Values.config.mysqlAdditionalDatabases }}
         - name: {{ printf "MYSQL_USER_%s" $db | upper }}
-          {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "login") | indent 10 }}
+          {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "login") | indent 10 }}
         - name: {{ printf "MYSQL_PASSWORD_%s" $db | upper }}
-          {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "password") | indent 10 }}
+          {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "password") | indent 10 }}
 {{ end }}
         volumeMounts:
         - mountPath: /etc/localtime
diff --git a/kubernetes/common/mariadb-init/templates/secret.yaml b/kubernetes/common/mariadb-init/templates/secret.yaml
index 71a89d0..2db326f 100644
--- a/kubernetes/common/mariadb-init/templates/secret.yaml
+++ b/kubernetes/common/mariadb-init/templates/secret.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2017 Amdocs, Bell Canada, Orange
+# Copyright © 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,26 +13,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-{{- define "mariadb-init._update-secrets" -}}
-  {{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }}
-{{ printf "- uid: %s" $db }}
-{{ printf "  type: basicAuth" }}
-    {{- if $dbInfos.externalSecret }}
-{{ printf "  externalSecret: %s" $dbInfos.externalSecret }}
-    {{- end }}
-{{ printf "  login: %s" $dbInfos.user }}
-{{ printf "  password: %s" $dbInfos.password }}
-{{ printf "  passwordPolicy: required" }}
-  {{- end -}}
-{{- end -}}
+{{ include "mariadbInit._updateSecrets" . -}}
 
-{{ $global := . }}
-{{ $secretsString := .Values.secrets | toYaml | indent 2 }}
-{{ $additionalSecretsString := (include "mariadb-init._update-secrets" .) | indent 2 }}
-{{ $finalSecretsString := (cat "\nsecrets:\n" $secretsString $additionalSecretsString) | replace "   -" "  -" }}
-{{ $finalSecrets := ($finalSecretsString | fromYaml).secrets }}
-
-{{ $newValues := set $global.Values "secrets" $finalSecrets }}
-{{ $tmpGlobal := set $global "Values" $newValues }}
-
-{{ include "common.secret" $tmpGlobal }}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml
index 0f6d4f8..dd5d208 100644
--- a/kubernetes/common/mariadb-init/values.yaml
+++ b/kubernetes/common/mariadb-init/values.yaml
@@ -32,8 +32,8 @@
 secrets:
   - uid: root-password
     type: password
-    externalSecret: '{{ tpl (default (include "mariadbInit.mariadbClusterSecret" .) .Values.global.mariadbGalera.userRootSecret) . }}'
-    password: '{{ tpl (default "" .global.mariadbGalera.userRootPassword) . }}'
+    externalSecret: '{{ tpl (ternary (default "" .Values.mariadbGalera.userRootSecret) (default (include "mariadbInit.mariadbClusterSecret" .) .Values.global.mariadbGalera.userRootSecret) (not (empty (default "" .Values.mariadbGalera.serviceName)))) . }}'
+    password: '{{ tpl (ternary (default "" .Values.mariadbGalera.userRootPassword) (default "" .Values.global.mariadbGalera.userRootPassword) (not (empty (default "" .Values.mariadbGalera.serviceName)))) . }}'
   - uid: '{{ .Values.config.mysqlDatabase }}'
     type: basicAuth
     externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}'
@@ -51,6 +51,15 @@
 # Set it if you want to change the name of the different components
 # nameOverride:
 
+mariadbGalera: {}
+#  serviceName: some-name
+#  containerName: some-name
+#  servicePort: 3306
+#  userRootPassword: some-password
+#  userRootSecret: some-secret-name
+#  userRootSecretKey: password
+
+
 config:
   userPassword: Ci@shsOd3pky1Vji
   userName: u5WZ1GMSIS1wHZF
diff --git a/kubernetes/common/mongo/templates/statefulset.yaml b/kubernetes/common/mongo/templates/statefulset.yaml
index 111bc80..abc71b3 100644
--- a/kubernetes/common/mongo/templates/statefulset.yaml
+++ b/kubernetes/common/mongo/templates/statefulset.yaml
@@ -36,10 +36,15 @@
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
+{{ include "common.podSecurityContext" . | indent 6 }}
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ .Values.dockerHubRepository }}/{{ .Values.image }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          command:
+          - docker-entrypoint.sh
+          args:
+          - --nounixsocket
           env:
             - name: MONGO_INITDB_DATABASE
               value: "{{ .Values.config.dbName }}"
@@ -68,6 +73,7 @@
             mountPath: /var/lib/mongo
           resources:
 {{ include "common.resources" . | indent 12 }}
+{{ include "common.containerSecurityContext" . | indent 10 }}
         {{- if .Values.nodeSelector }}
         nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 10 }}
diff --git a/kubernetes/common/mongo/values.yaml b/kubernetes/common/mongo/values.yaml
index d272f70..d8988c3 100644
--- a/kubernetes/common/mongo/values.yaml
+++ b/kubernetes/common/mongo/values.yaml
@@ -83,6 +83,10 @@
   rpcbindPort: 111
   rpcbindUdpPort: 111
 
+securityContext:
+  user_id: 999
+  group_id: 999
+
 ingress:
   enabled: false
 
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml
index 8756d57..8b8c16c 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml
@@ -217,6 +217,7 @@
     <appender-ref ref="asyncDebug" />
     <appender-ref ref="asyncError" />
     <appender-ref ref="asyncJettyLog" />
+    <appender-ref ref="STDOUT" />
   </root>
 
 </configuration>
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml
index dba613c..73446ee 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml
@@ -402,6 +402,7 @@
         <appender-ref ref="asyncEELFError" />
         <appender-ref ref="asyncEELFjettylog" />
         <appender-ref ref="asyncEELFDebug" />
+        <appender-ref ref="STDOUT" />
     </root>
 
 </configuration>
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml
index f02a2db..ad2ce2b 100644
--- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml
+++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml
@@ -20,11 +20,6 @@
   <jmxConfigurator />
   <property name="logDirectory" value="${AJSC_HOME}/log" />
   <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
-    <filter class="ch.qos.logback.classic.filter.LevelFilter">
-      <level>ERROR</level>
-      <onMatch>ACCEPT</onMatch>
-      <onMismatch>DENY</onMismatch>
-    </filter>
     <encoder>
       <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
       </pattern>
diff --git a/kubernetes/esr/charts/esr-server/resources/config/logback.xml b/kubernetes/esr/charts/esr-server/resources/config/logback.xml
index c647f3d..fcc9f25 100644
--- a/kubernetes/esr/charts/esr-server/resources/config/logback.xml
+++ b/kubernetes/esr/charts/esr-server/resources/config/logback.xml
@@ -15,35 +15,38 @@
 # limitations under the License.
 -->
 
-<configuration scan="false" debug="true">
-    <property name="p_tim" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}"/>
-    <property name="p_lvl" value="%level"/>
-    <property name="p_log" value="%logger"/>
-    <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
-    <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
-    <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
-    <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
-    <property name="p_thr" value="%thread"/>
-    <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
+<configuration scan="{{ .Values.log.scan.enabled }}" debug="{{ .Values.log.debug }}">
 
-  <property name="logDir" value="/var/log/onap" />
-  <property name="debugDir" value="/var/log/onap" />
+  <property name="componentName" value='{{default "UNSET_COMPONENT" .Values.log.componentName}}'/>
+  <property name="subcomponentName" value='{{default "UNSET_SUBCOMPONENT" .Values.log.subcomponentName}}'/>
 
-  <property name="componentName" value="esr"></property>
-  <property name="subComponentName" value="esr-server"></property>
+  <property name="logDir" value="{{ .Values.log.logDir }}" />
+  <property name="queueSize" value="{{ .Values.log.queueSize }}"/>
+
+  <property name="p_tim" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}"/>
+  <property name="p_lvl" value="%level"/>
+  <property name="p_log" value="%logger"/>
+  <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
+  <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+  <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+  <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+  <property name="p_thr" value="%thread"/>
+  <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
 
   <property name="errorLogName" value="error" />
   <property name="metricsLogName" value="metrics" />
   <property name="auditLogName" value="audit" />
   <property name="debugLogName" value="debug" />
 
-  <property name="errorPattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
-  <property name="debugPattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}|%X{RequestId}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
-
+  <property name="errorPattern" value="${p_tim}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
+  <property name="debugPattern" value="${p_tim}|%X{RequestId}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
   <property name="auditPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||||||%msg%n" />
   <property name="metricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|||||%msg%n" />
+
   <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
-  <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
+
+  <!-- Console (human-readable) logging -->
+  <property name="consolePattern" value="%nopexception${p_log}\t${p_tim}\t${p_lvl}\t%message\t${p_mdc}\t%rootException\t${p_mak}\t${p_thr}%n"/>
 
   <appender name="EELFAudit"
             class="ch.qos.logback.core.rolling.RollingFileAppender">
@@ -57,7 +60,7 @@
   </appender>
 
   <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
-    <queueSize>256</queueSize>
+    <queueSize>${queueSize}</queueSize>
     <appender-ref ref="EELFAudit" />
   </appender>
 
@@ -73,7 +76,7 @@
   </appender>
 
   <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
-    <queueSize>256</queueSize>
+    <queueSize>${queueSize}</queueSize>
     <appender-ref ref="EELFMetrics"/>
   </appender>
 
@@ -93,16 +96,16 @@
   </appender>
 
   <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
-    <queueSize>256</queueSize>
+    <queueSize>${queueSize}</queueSize>
     <appender-ref ref="EELFError"/>
   </appender>
 
   <appender name="EELFDebug"
             class="ch.qos.logback.core.rolling.RollingFileAppender">
-    <file>${debugLogDirectory}/${debugLogName}.log</file>
+    <file>${logDirectory}/${debugLogName}.log</file>
     <rollingPolicy
             class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-      <fileNamePattern>${debugLogDirectory}/${debugLogName}.log.%d</fileNamePattern>
+      <fileNamePattern>${logDirectory}/${debugLogName}.log.%d</fileNamePattern>
     </rollingPolicy>
     <encoder>
       <pattern>${debugPattern}</pattern>
@@ -110,11 +113,17 @@
   </appender>
 
   <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
-    <queueSize>256</queueSize>
+    <queueSize>${queueSize}</queueSize>
     <appender-ref ref="EELFDebug" />
     <includeCallerData>true</includeCallerData>
   </appender>
 
+  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>${consolePattern}</pattern>
+    </encoder>
+  </appender>
+
   <logger name="com.att.eelf.audit" level="info" additivity="false">
     <appender-ref ref="asyncEELFAudit" />
   </logger>
@@ -127,9 +136,9 @@
     <appender-ref ref="asyncEELFError" />
   </logger>
 
-  <root level="INFO">
+  <root level="{{ .Values.log.root.level }}">
     <appender-ref ref="asyncEELFDebug" />
+    <appender-ref ref="STDOUT" />
   </root>
 
-</configuration>
-
+</configuration>
\ No newline at end of file
diff --git a/kubernetes/esr/charts/esr-server/values.yaml b/kubernetes/esr/charts/esr-server/values.yaml
index 6008f1f..0177690 100644
--- a/kubernetes/esr/charts/esr-server/values.yaml
+++ b/kubernetes/esr/charts/esr-server/values.yaml
@@ -64,6 +64,17 @@
 ingress:
   enabled: false
 
+log:
+  componentName: esr
+  subcomponentName: esr-server
+  debug: true
+  scan:
+    enabled: false
+  logDir: /var/log/onap
+  queueSize: 256
+  root:
+    level: INFO
+
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little
diff --git a/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml b/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml
index af0b2b9..3781d96 100644
--- a/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml
+++ b/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml
@@ -41,6 +41,12 @@
   <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
   <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
 
+  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>${errorPattern}</pattern>
+    </encoder>
+  </appender>
+
   <appender name="EELFAudit"
             class="ch.qos.logback.core.rolling.RollingFileAppender">
     <file>${logDirectory}/${auditLogName}.log</file>
@@ -125,6 +131,7 @@
   
   <root level="INFO">
     <appender-ref ref="asyncEELFDebug" />
+    <appender-ref ref="STDOUT" />
   </root>
 
 </configuration>
diff --git a/kubernetes/msb/charts/msb-eag/resources/config/logback.xml b/kubernetes/msb/charts/msb-eag/resources/config/logback.xml
index 49d5e64..6dc4443 100644
--- a/kubernetes/msb/charts/msb-eag/resources/config/logback.xml
+++ b/kubernetes/msb/charts/msb-eag/resources/config/logback.xml
@@ -41,6 +41,12 @@
   <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
   <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
 
+  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>${errorPattern}</pattern>
+    </encoder>
+  </appender>
+
   <appender name="EELFAudit"
             class="ch.qos.logback.core.rolling.RollingFileAppender">
     <file>${logDirectory}/${auditLogName}.log</file>
@@ -125,6 +131,7 @@
   
   <root level="INFO">
     <appender-ref ref="asyncEELFDebug" />
+    <appender-ref ref="STDOUT" />
   </root>
 
 </configuration>
diff --git a/kubernetes/msb/charts/msb-iag/resources/config/logback.xml b/kubernetes/msb/charts/msb-iag/resources/config/logback.xml
index bceefc5..65ff434 100644
--- a/kubernetes/msb/charts/msb-iag/resources/config/logback.xml
+++ b/kubernetes/msb/charts/msb-iag/resources/config/logback.xml
@@ -41,6 +41,12 @@
   <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
   <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
 
+  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>${errorPattern}</pattern>
+    </encoder>
+  </appender>
+
   <appender name="EELFAudit"
             class="ch.qos.logback.core.rolling.RollingFileAppender">
     <file>${logDirectory}/${auditLogName}.log</file>
@@ -125,6 +131,7 @@
   
   <root level="INFO">
     <appender-ref ref="asyncEELFDebug" />
+    <appender-ref ref="STDOUT" />
   </root>
 
 </configuration>
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 394c0b4..9928e93 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -89,6 +89,11 @@
   # flag to enable debugging - application support required
   debugEnabled: false
 
+  # default password complexity
+  # available options: phrase, name, pin, basic, short, medium, long, maximum security
+  # More datails: https://masterpassword.app/masterpassword-algorithm.pdf
+  passwordStrength: long
+
   # configuration to set log level to all components (the one that are using
   # "common.log.level" to set this)
   # can be overrided per components by setting logConfiguration.logLevelOverride
diff --git a/kubernetes/oof/Makefile b/kubernetes/oof/Makefile
index e27258a..a116386 100644
--- a/kubernetes/oof/Makefile
+++ b/kubernetes/oof/Makefile
@@ -15,3 +15,7 @@
 make-has:
 	cd charts && helm dep up oof-has
 	cd charts && helm dep up oof-cmso
+
+clean:
+	@find . -type f -name '*.tgz' -delete
+	@find . -type f -name '*.lock' -delete
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml
index 15ce71b..2f12eec 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -48,6 +49,20 @@
         image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
+      - name: {{ include "common.name" . }}-db-config-readiness
+        command:
+        - /app/ready.py
+        args:
+        - -j
+        - "{{ include "common.release" . }}-cmso-db-config-config-job"
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
       - name: {{ include "common.name" . }}-chown
         command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
         image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
@@ -64,11 +79,11 @@
         - name: DB_PORT
           value: {{ .Values.config.db.port | quote}}
         - name: DB_USERNAME
-          value: {{ .Values.config.db.root }}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
         - name: DB_SCHEMA
           value: {{ .Values.config.db.mysqlDatabase }}
         - name: DB_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
         terminationMessagePolicy: File
         volumeMounts:
         - name: {{ include "common.fullname" . }}-config
@@ -85,11 +100,11 @@
         - name: DB_PORT
           value: {{ .Values.config.db.port | quote}}
         - name: DB_USERNAME
-          value: {{ .Values.config.db.root }}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
         - name: DB_SCHEMA
           value: {{ .Values.config.db.mysqlDatabase }}
         - name: DB_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
         - name: JAVA_TRUSTSTORE
           value: /share/etc/certs/{{ .Values.global.truststoreFile }}
         - name: SSL_KEYSTORE
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml
index 5de87f5..e511728 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2019 AT&T
+# Copyright (C) 2020 Wipro Limited.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -39,11 +40,6 @@
 # Secrets metaconfig
 #################################################################
 secrets:
-  - uid: cmso-db-root-password
-    type: password
-    password: '{{ .Values.config.db.rootPassword }}'
-    externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
-    policy: required
   - uid: cmso-db-user-secret
     type: basicAuth
     externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
@@ -88,7 +84,6 @@
 config:
   db:
     port: 3306
-    root: root
 #    rootPassword: pass
 #    rootPasswordExternalSecret: some secret
 #    user: cmso-admin
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml
index ff37e8f..cb7a76f 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml
@@ -1,4 +1,5 @@
 # Copyright (c) 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -48,6 +49,20 @@
         image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
+      - name: {{ include "common.name" . }}-db-config-readiness
+        command:
+        - /app/ready.py
+        args:
+        - -j
+        - "{{ include "common.release" . }}-cmso-db-config-config-job"
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
       - name: {{ include "common.name" . }}-chown
         command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
         image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
@@ -64,11 +79,11 @@
         - name: DB_PORT
           value: {{ .Values.config.db.port | quote}}
         - name: DB_USERNAME
-          value: {{ .Values.config.db.root }}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
         - name: DB_SCHEMA
           value: {{ .Values.config.db.mysqlDatabase }}
         - name: DB_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
         terminationMessagePolicy: File
         volumeMounts:
         - name: {{ include "common.fullname" . }}-config
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml
index f832627..d086411 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2018-2019 AT&T
+# Copyright (C) 2020 Wipro Limited.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -39,11 +40,6 @@
 # Secrets metaconfig
 #################################################################
 secrets:
-  - uid: cmso-db-root-password
-    type: password
-    password: '{{ .Values.config.db.rootPassword }}'
-    externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
-    policy: required
   - uid: cmso-db-user-secret
     type: basicAuth
     externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
@@ -88,7 +84,6 @@
 config:
   db:
     port: 3306
-    root: root
 #    rootPassword: pass
 #    rootPasswordExternalSecret: some secret
 #    user: cmso-admin
diff --git a/kubernetes/oof/charts/oof-cmso/requirements.yaml b/kubernetes/oof/charts/oof-cmso/requirements.yaml
index d95b2e7..e631333 100644
--- a/kubernetes/oof/charts/oof-cmso/requirements.yaml
+++ b/kubernetes/oof/charts/oof-cmso/requirements.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -22,3 +23,6 @@
   - name: mariadb-galera
     version: ~6.x-0
     repository: '@local'
+  - name: mariadb-init
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/oof/charts/oof-cmso/values.yaml b/kubernetes/oof/charts/oof-cmso/values.yaml
index b1c3561..d712965 100644
--- a/kubernetes/oof/charts/oof-cmso/values.yaml
+++ b/kubernetes/oof/charts/oof-cmso/values.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,24 +18,31 @@
 #################################################################
 secrets:
   - uid: cmso-db-root-password
-    name: '{{ include "common.release" . }}-cmso-db-root-password'
+    name: &rootPassword '{{ include "common.release" . }}-cmso-db-root-password'
     type: password
     password: ''
     policy: generate
-  - uid: cmso-db-secret
-    name: '{{ include "common.release" . }}-cmso-db-secret'
+  - uid: cmso-service-db-secret
+    name: &serviceDbCreds '{{ include "common.release" . }}-cmso-service-db-secret'
     type: basicAuth
-    externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
-    login: '{{ .Values.config.db.userName }}'
-    password: '{{ .Values.config.db.userPassword }}'
+    externalSecret: '{{ tpl (default "" .Values.config.db.service.userCredentialsExternalSecret) . }}'
+    login: '{{ .Values.config.db.service.userName }}'
+    password: '{{ .Values.config.db.service.userPassword }}'
+    passwordPolicy: generate
+  - uid: cmso-db-secret
+    name: &optimizerDbCreds '{{ include "common.release" . }}-cmso-optimizer-db-secret'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.db.optimizer.userCredentialsExternalSecret) . }}'
+    login: '{{ .Values.config.db.optimizer.userName }}'
+    password: '{{ .Values.config.db.optimizer.userPassword }}'
     passwordPolicy: generate
 
 mariadb-galera:
   replicaCount: 1
-  nameOverride: cmso-db
+  nameOverride: &containerName cmso-db
   service:
     type: ClusterIP
-    name: oof-cmso-dbhost
+    name: &serviceName oof-cmso-dbhost
     portName: cmso-dbhost
   nfsprovisionerPrefix: cmso
   sdnctlPrefix: cmso
@@ -43,9 +51,9 @@
     enabled: true
   disableNfsProvisioner: true
   config:
-    mariadbRootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
-    userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
-    mysqlDatabase: cmso
+    mariadbRootPasswordExternalSecret: *rootPassword
+    #    userCredentialsExternalSecret: *dbCreds
+    #    mysqlDatabase: cmso
   externalConfig: |
     [mysqld]
     lower_case_table_names = 1
@@ -62,6 +70,20 @@
   busyBoxImage: busybox:1.30
   busyBoxRepository: docker.io
 
+mariadb-init:
+  mariadbGalera:
+    containerName: *containerName
+    serviceName: *serviceName
+    servicePort: 3306
+    userRootSecret: *rootPassword
+  config:
+    userCredentialsExternalSecret: *serviceDbCreds
+    mysqlDatabase: cmso
+    mysqlAdditionalDatabases:
+      optimizer:
+        externalSecret: *optimizerDbCreds
+  nameOverride: cmso-db-config
+
 flavor: small
 
 config:
@@ -69,15 +91,17 @@
     logstashServiceName: log-ls
     logstashPort: 5044
   db:
-    # userCredentialsExternalsecret: some secret
-    userName: cmso-admin
-    # userPassword: password
+    service:
+      # userCredentialsExternalsecret: some secret
+      userName: cmso-admin
+      # userPassword: password
+    optimizer:
+      userName: cmso-optimizer
 
 oof-cmso-service:
   config:
     db:
-      userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
-      rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
+      userCredentialsExternalSecret: *serviceDbCreds
       host: oof-cmso-dbhost
       container: cmso-db
       mysqlDatabase: cmso
@@ -85,8 +109,7 @@
 oof-cmso-optimizer:
   config:
     db:
-      userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
-      rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
+      userCredentialsExternalSecret: *optimizerDbCreds
       host: oof-cmso-dbhost
       container: cmso-db
       mysqlDatabase: optimizer
diff --git a/kubernetes/pomba/charts/pomba-search-data/resources/config/log/logback.xml b/kubernetes/pomba/charts/pomba-search-data/resources/config/log/logback.xml
index bfca544..f84d1bb 100644
--- a/kubernetes/pomba/charts/pomba-search-data/resources/config/log/logback.xml
+++ b/kubernetes/pomba/charts/pomba-search-data/resources/config/log/logback.xml
@@ -163,6 +163,7 @@
 
         <root>
                 <appender-ref ref="asyncEELF" />
+                <appender-ref ref="STDOUT" />
                 <!-- <appender-ref ref="asyncEELFDebug" /> -->
         </root>
 
diff --git a/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties
new file mode 100644
index 0000000..f114a9c
--- /dev/null
+++ b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties
@@ -0,0 +1,35 @@
+TransportType=HTTPNOAUTH
+Latitude =50.000000
+Longitude =-100.000000
+Version =1.0
+ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events
+Environment =TEST
+Partner =
+routeOffer=MR1
+SubContextPath =/
+Protocol =http
+MethodType =GET
+username =UNUSED
+password =UNUSED
+contenttype =application/json
+authKey=UNUSED
+authDate=UNUSED
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+topic=RAN-Slice-Mgmt
+group=users
+id=sdnc1
+timeout=15000
+limit=1000
+filter=
+AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler
+AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler
+AFT_DME2_REQ_TRACE_ON=true
+AFT_ENVIRONMENT=AFTUAT
+AFT_DME2_EP_CONN_TIMEOUT=15000
+AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000
+AFT_DME2_EP_READ_TIMEOUT_MS=50000
+sessionstickinessrequired=NO
+DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
+sdnc.odl.user=${ODL_USER}
+sdnc.odl.password=${ODL_PASSWORD}
+sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
diff --git a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml
index 4c288b2..e3dfa86 100644
--- a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml
+++ b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml
@@ -104,6 +104,9 @@
         - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-oofpcipoc.properties
           name: properties
           subPath: dmaap-consumer-oofpcipoc.properties
+        - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-RANSlice.properties
+          name: properties
+          subPath: dmaap-consumer-RANSlice.properties
         resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/values.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/values.yaml
index 20f5de8..12bc8d3 100644
--- a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/values.yaml
+++ b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/values.yaml
@@ -18,8 +18,7 @@
 global:
   nodePortPrefixExt: 304
   repository: nexus3.onap.org:10001
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
+  readinessImage: onap/oom/readiness:3.0.1
   persistence:
     mountPath: /dockerdata-nfs