diff --git a/kubernetes/common/common/templates/_secret.yaml b/kubernetes/common/common/templates/_secret.yaml
index e24a2e4..9f41906 100644
--- a/kubernetes/common/common/templates/_secret.yaml
+++ b/kubernetes/common/common/templates/_secret.yaml
@@ -22,6 +22,7 @@
   The template takes two arguments:
     - .global: environment (.)
     - .name: name of the secret
+    - .annotations: annotations which should be used
 
   Example call:
     {{ include "common.secret._header" (dict "global" . "name" "myFancyName") }}
@@ -39,6 +40,9 @@
     chart: {{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}
     release: {{ include "common.release" $global }}
     heritage: {{ $global.Release.Service }}
+{{- if .annotations }}
+  annotations: {{- include "common.tplValue" (dict "value" .annotations "context" $global) | nindent 4 }}
+{{- end }}
 type: Opaque
 {{- end -}}
 
@@ -204,6 +208,8 @@
     - name:
         Overrides default secret name generation and allows to set immutable
         and globaly unique name
+    - annotations:
+        List of annotations to be used while defining a secret
 
   To allow sharing a secret between the components and allow to pre-deploy secrets
   before ONAP deployment it is possible to use already existing secret instead of
@@ -239,11 +245,12 @@
   {{- range $secret := .Values.secrets }}
     {{- $uid := tpl (default "" $secret.uid) $global }}
     {{- $name := include "common.secret.genName" (dict "global" $global "uid" $uid "name" $secret.name) }}
+    {{- $annotations := default "" $secret.annotations }}
     {{- $type := default "generic" $secret.type }}
     {{- $externalSecret := tpl (default "" $secret.externalSecret) $global }}
     {{- if not $externalSecret }}
 ---
-      {{ include "common.secret._header" (dict "global" $global "name" $name) }}
+      {{ include "common.secret._header" (dict "global" $global "name" $name "annotations" $annotations) }}
 
       {{- if eq $type "generic" }}
 data:
diff --git a/kubernetes/common/common/templates/_storage.tpl b/kubernetes/common/common/templates/_storage.tpl
index ae93359..45c8b75 100644
--- a/kubernetes/common/common/templates/_storage.tpl
+++ b/kubernetes/common/common/templates/_storage.tpl
@@ -15,6 +15,13 @@
 */}}
 
 {{/*
+  Give the root folder for ONAP when using host pathes
+*/}}
+{{- define "common.persistencePath" -}}
+{{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
+{{- end -}}
+
+{{/*
   Expand the name of the storage class.
   The value "common.fullname"-data is used by default,
   unless either override mechanism is used.
@@ -55,6 +62,31 @@
 {{- end -}}
 
 {{/*
+  Generate a PV
+*/}}
+{{- define "common.PV" -}}
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+{{- if (include "common.needPV" .) -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: {{ include "common.fullname" . }}-data
+  namespace: {{ include "common.namespace" . }}
+  labels: {{- include "common.labels" . | nindent 4 }}
+spec:
+  capacity:
+    storage: {{ .Values.persistence.size }}
+  accessModes:
+    - {{ .Values.persistence.accessMode }}
+  storageClassName: "{{ include "common.fullname" . }}-data"
+  persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+  hostPath:
+    path: {{ include "common.persistencePath" . }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
   Generate N PV for a statefulset
 */}}
 {{- define "common.replicaPV" -}}
@@ -77,8 +109,30 @@
   persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
   storageClassName: "{{ include "common.fullname" $global }}-data"
   hostPath:
-    path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}}
+    path: {{ include "common.persistencePath" $global }}-{{$i}}
 {{- end -}}
 {{- end -}}
 {{- end -}}
 {{- end -}}
+
+{{/*
+  Generate a PVC
+*/}}
+{{- define "common.PVC" -}}
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+{{- if .Values.persistence.annotations }}
+  annotations:
+{{ toYaml .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+  accessModes:
+    - {{ .Values.persistence.accessMode }}
+  storageClassName: {{ include "common.storageClass" . }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size }}
+{{- end -}}
+{{- end -}}
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json
index e505742..a0ec3b4 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json
@@ -1,6 +1,6 @@
 #============LICENSE_START========================================================
 #=================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
 # Modifications Copyright © 2018 Amdocs, Bell Canada
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,6 +34,7 @@
     {
       "cert_path": "/opt/app/osaaf",
       "image": "{{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}",
+      "component_cert_dir": "/opt/dcae/cacert",
       "component_ca_cert_path": "/opt/dcae/cacert/cacert.pem",
       "ca_cert_configmap": "{{ include "common.fullname" . }}-dcae-cacert"
     }
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
index 7a28812..a36164d 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
@@ -53,8 +53,11 @@
           - dcae-config-binding-service
           - --container-name
           - dcae-db
+          - --container-name
+          - dcae-inventory-api
           - "-t"
           - "15"
+
         env:
         - name: NAMESPACE
           valueFrom:
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
index cfdff5a..872d01d 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
@@ -109,7 +109,7 @@
 
 # application image
 repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.10.0
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.0
 default_k8s_location: central
 
 # DCAE component images to be deployed via Cloudify Manager
@@ -118,8 +118,7 @@
   holmes_rules: onap/holmes/rule-management:1.2.7
   holmes_engine: onap/holmes/engine-management:1.2.6
   tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.2.2
-  #placeholder until tca-gen2 release image is available
-  #tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.0
+  tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.0
   ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.5.3
   snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
   prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.0
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
index 673b017..d2bda88 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
@@ -46,7 +46,7 @@
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.cm-container:2.0.2
+image: onap/org.onap.dcaegen2.deployments.cm-container:2.1.0
 pullPolicy: Always
 
 # name of shared ConfigMap with kubeconfig for multiple clusters
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
index 22076e5..9d38659 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
@@ -1,6 +1,6 @@
 #============LICENSE_START========================================================
 # ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -44,7 +44,7 @@
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.3.0
+image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.3.1
 pullPolicy: Always
 
 # probe configuration parameters
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml
index f056079..6769c00 100644
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml
@@ -52,6 +52,8 @@
                 fieldPath: metadata.namespace
         - name: init-tls
           env:
+          - name: aaf_locator_fqdn
+            value: dcae
           - name: POD_IP
             valueFrom:
               fieldRef:
@@ -61,7 +63,7 @@
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           resources: {}
           volumeMounts:
-            - mountPath: /opt/tls/shared
+            - mountPath: /opt/app/osaaf
               name: tls-info
       containers:
         - name: {{ include "common.name" . }}
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
index a6e5125..51af963 100644
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
@@ -25,7 +25,7 @@
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
   tlsRepository: nexus3.onap.org:10001
-  tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
+  tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
   repositoryCred:
     user: docker
     password: docker
diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml
index dfc4dbf..25ddfc7 100644
--- a/kubernetes/dcaegen2/values.yaml
+++ b/kubernetes/dcaegen2/values.yaml
@@ -19,8 +19,7 @@
 global:
   nodePortPrefix: 302
   tlsRepository: nexus3.onap.org:10001
-# Have to use locally-define tlsImage until inventory API can use 2.x.y
-#  tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+  tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
   consulLoaderRepository: nexus3.onap.org:10001
   consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
 redis:
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
index 871a422..84dadaf 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
@@ -22,7 +22,7 @@
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/dmaap/datarouter-node:2.1.4
+image: onap/dmaap/datarouter-node:2.1.5
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -69,7 +69,7 @@
 
 #AAF local config
 aafConfig:
-  aafDeployFqi: dmaap-dr@dmaap-dr.onap.org
+  aafDeployFqi: deployer@people.osaaf.org
   aafDeployPass: demo123456!
   fqdn: dmaap-dr-node
   fqi: dmaap-dr-node@dmaap-dr.onap.org
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
index 6165568..4619069 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
@@ -34,7 +34,7 @@
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/dmaap/datarouter-prov:2.1.4
+image: onap/dmaap/datarouter-prov:2.1.5
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -122,7 +122,7 @@
 
 #AAF local config
 aafConfig:
-  aafDeployFqi: dmaap-dr@dmaap-dr.onap.org
+  aafDeployFqi: deployer@people.osaaf.org
   aafDeployPass: demo123456!
   fqdn: dmaap-dr-prov
   fqi: dmaap-dr-prov@dmaap-dr.onap.org
diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml
index 5dac1c0..f02a2db 100644
--- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml
+++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml
@@ -6,207 +6,203 @@
      you may not use this file except in compliance with the License.
      You may obtain a copy of the License at
            http://www.apache.org/licenses/LICENSE-2.0
-     
+
      Unless required by applicable law or agreed to in writing, software
      distributed under the License is distributed on an "AS IS" BASIS,
      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      See the License for the specific language governing permissions and
      limitations under the License.
-     ============LICENSE_END=========================================================  
+     ============LICENSE_END=========================================================
  -->
 
 <configuration scan="true" scanPeriod="3 seconds" debug="false">
-	<contextName>${module.ajsc.namespace.name}</contextName>
-	<jmxConfigurator />
-	<property name="logDirectory" value="${AJSC_HOME}/log" />
-	<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
-		<filter class="ch.qos.logback.classic.filter.LevelFilter">
-			<level>ERROR</level>
-			<onMatch>ACCEPT</onMatch>
-			<onMismatch>DENY</onMismatch>
-		</filter>
-		<encoder>
-			<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
-			</pattern>
-		</encoder>
-	</appender>
+  <contextName>${module.ajsc.namespace.name}</contextName>
+  <jmxConfigurator />
+  <property name="logDirectory" value="${AJSC_HOME}/log" />
+  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>ERROR</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <encoder>
+      <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
+      </pattern>
+    </encoder>
+  </appender>
 
-	<appender name="INFO"
-		class="ch.qos.logback.core.ConsoleAppender">
-		<filter class="ch.qos.logback.classic.filter.LevelFilter">
-			<level>INFO</level>
-			<onMatch>ACCEPT</onMatch>
-			<onMismatch>DENY</onMismatch>
-		</filter>
-	</appender>
+  <appender name="INFO" class="ch.qos.logback.core.ConsoleAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>INFO</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+  </appender>
 
-	<appender name="DEBUG" class="ch.qos.logback.core.ConsoleAppender">
+  <appender name="DEBUG" class="ch.qos.logback.core.ConsoleAppender">
 
-		<encoder>
-			<pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
-		</encoder>
-	</appender>
+    <encoder>
+      <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+    </encoder>
+  </appender>
 
-	<appender name="ERROR" class="ch.qos.logback.core.ConsoleAppender">
-		class="ch.qos.logback.core.ConsoleAppender">
-		<filter class="ch.qos.logback.classic.filter.LevelFilter">
-			<level>ERROR</level>
-			<onMatch>ACCEPT</onMatch>
-			<onMismatch>DENY</onMismatch>
-		</filter>
-		<encoder>
-			<pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
-		</encoder>
-	</appender>
+  <appender name="ERROR" class="ch.qos.logback.core.ConsoleAppender"> class="ch.qos.logback.core.ConsoleAppender">
+    <filter class="ch.qos.logback.classic.filter.LevelFilter">
+      <level>ERROR</level>
+      <onMatch>ACCEPT</onMatch>
+      <onMismatch>DENY</onMismatch>
+    </filter>
+    <encoder>
+      <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+    </encoder>
+  </appender>
 
 
-	<!-- Msgrtr related loggers -->
-	<logger name="org.onap.dmaap.dmf.mr.service" level="INFO" />
-	<logger name="org.onap.dmaap.dmf.mr.service.impl" level="INFO" />
-	
-	<logger name="org.onap.dmaap.dmf.mr.resources" level="INFO" />
-	<logger name="org.onap.dmaap.dmf.mr.resources.streamReaders" level="INFO" />
-	
-	<logger name="org.onap.dmaap.dmf.mr.backends" level="INFO" />
-	<logger name="org.onap.dmaap.dmf.mr.backends.kafka" level="INFO" />
-	<logger name="org.onap.dmaap.dmf.mr.backends.memory" level="INFO" />
-	
-	<logger name="org.onap.dmaap.dmf.mr.beans" level="INFO" />
-	
-	<logger name="org.onap.dmaap.dmf.mr.constants" level="INFO" />
-	
-	<logger name="org.onap.dmaap.dmf.mr.exception" level="INFO" />
-	
-	<logger name="org.onap.dmaap.dmf.mr.listener" level="INFO" />
-	
-	<logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
-	
-	<logger name="org.onap.dmaap.dmf.mr.metrics.publisher" level="INFO" />
-	<logger name="org.onap.dmaap.dmf.mr.metrics.publisher.impl" level="INFO" />
-	
-	
-	
-	<logger name="org.onap.dmaap.dmf.mr.security" level="INFO" />
-	<logger name="org.onap.dmaap.dmf.mr.security.impl" level="INFO" />
-	
-	<logger name="org.onap.dmaap.dmf.mr.transaction" level="INFO" />
-	<logger name="com.att.dmf.mr.transaction.impl" level="INFO" />
-	
-	<logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
-	<logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
-	
-	<logger name="org.onap.dmaap.dmf.mr.utils" level="INFO" />
-	<logger name="org.onap.dmaap.mr.filter" level="INFO" /> 
-	
-	<!--<logger name="com.att.nsa.cambria.*" level="INFO" />-->
-	
-	<!-- Msgrtr loggers in ajsc -->
-	<logger name="org.onap.dmaap.service" level="INFO" />
-	<logger name="org.onap.dmaap" level="INFO" />
-	
-	
-	<!-- Spring related loggers -->
-	<logger name="org.springframework" level="WARN" additivity="false"/>
-	<logger name="org.springframework.beans" level="WARN" additivity="false"/>
-	<logger name="org.springframework.web" level="WARN" additivity="false" />
-	<logger name="com.blog.spring.jms" level="WARN" additivity="false" />
+  <!-- Msgrtr related loggers -->
+  <logger name="org.onap.dmaap.dmf.mr.service" level="INFO" />
+  <logger name="org.onap.dmaap.dmf.mr.service.impl" level="INFO" />
 
-	<!-- AJSC Services (bootstrap services) -->
-	<logger name="ajsc" level="WARN" additivity="false"/>
-	<logger name="ajsc.RouteMgmtService" level="INFO" additivity="false"/>
-	<logger name="ajsc.ComputeService" level="INFO" additivity="false" />
-	<logger name="ajsc.VandelayService" level="WARN" additivity="false"/>
-	<logger name="ajsc.FilePersistenceService" level="WARN" additivity="false"/>
-	<logger name="ajsc.UserDefinedJarService" level="WARN" additivity="false" />
-	<logger name="ajsc.UserDefinedBeansDefService" level="WARN" additivity="false" />
-	<logger name="ajsc.LoggingConfigurationService" level="WARN" additivity="false" />
+  <logger name="org.onap.dmaap.dmf.mr.resources" level="INFO" />
+  <logger name="org.onap.dmaap.dmf.mr.resources.streamReaders" level="INFO" />
 
-	<!-- AJSC related loggers (DME2 Registration, csi logging, restlet, servlet 
-		logging) -->
-	<logger name="ajsc.utils" level="WARN"  additivity="false"/>
-	<logger name="ajsc.utils.DME2Helper" level="INFO" additivity="false" />
-	<logger name="ajsc.filters" level="DEBUG" additivity="false" />
-	<logger name="ajsc.beans.interceptors" level="DEBUG" additivity="false" />
-	<logger name="ajsc.restlet" level="DEBUG" additivity="false"  />
-	<logger name="ajsc.servlet" level="DEBUG" additivity="false" />
-	<logger name="com.att" level="WARN" additivity="false"  />
-	<logger name="com.att.ajsc.csi.logging" level="WARN" additivity="false" />
-	<logger name="com.att.ajsc.filemonitor" level="WARN" additivity="false"/>
-	
-	<logger name="com.att.nsa.dmaap.util" level="INFO" additivity="false"/> 
-	<logger name="com.att.cadi.filter" level="INFO"  additivity="false" /> 
-	
+  <logger name="org.onap.dmaap.dmf.mr.backends" level="INFO" />
+  <logger name="org.onap.dmaap.dmf.mr.backends.kafka" level="INFO" />
+  <logger name="org.onap.dmaap.dmf.mr.backends.memory" level="INFO" />
 
-	<!-- Other Loggers that may help troubleshoot -->
-	<logger name="net.sf" level="WARN" additivity="false" />
-	<logger name="org.apache.commons.httpclient" level="WARN" additivity="false"/>
-	<logger name="org.apache.commons" level="WARN" additivity="false" />
-	<logger name="org.apache.coyote" level="WARN"  additivity="false"/>
-	<logger name="org.apache.jasper" level="WARN"  additivity="false"/>
+  <logger name="org.onap.dmaap.dmf.mr.beans" level="INFO" />
 
-	<!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. 
-		May aid in troubleshooting) -->
-	<logger name="org.apache.camel" level="WARN" additivity="false" />
-	<logger name="org.apache.cxf" level="WARN" additivity="false" />
-	<logger name="org.apache.camel.processor.interceptor" level="WARN"  additivity="false"/>
-	<logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" additivity="false" />
-	<logger name="org.apache.cxf.service" level="WARN" additivity="false" />
-	<logger name="org.restlet" level="DEBUG" additivity="false" />
-	<logger name="org.apache.camel.component.restlet" level="DEBUG" additivity="false" />
-	<logger name="org.apache.kafka" level="DEBUG" additivity="false" />
-	<logger name="org.apache.zookeeper" level="INFO" additivity="false" />
-	<logger name="org.I0Itec.zkclient" level="DEBUG" additivity="false" />
+  <logger name="org.onap.dmaap.dmf.mr.constants" level="INFO" />
 
-	<!-- logback internals logging -->
-	<logger name="ch.qos.logback.classic" level="INFO" additivity="false"/>
-	<logger name="ch.qos.logback.core" level="INFO" additivity="false" />
+  <logger name="org.onap.dmaap.dmf.mr.exception" level="INFO" />
 
-	<!-- logback jms appenders & loggers definition starts here -->
-	<!-- logback jms appenders & loggers definition starts here -->
-	<appender name="auditLogs"
-		class="ch.qos.logback.core.ConsoleAppender">
-		<filter class="ch.qos.logback.classic.filter.ThresholdFilter">
-		</filter>
-		<encoder>
-			<pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
-		</encoder>
-	</appender>
-	<appender name="perfLogs"
-		class="ch.qos.logback.core.ConsoleAppender">
-		<filter class="ch.qos.logback.classic.filter.ThresholdFilter">
-		</filter>
-		<encoder>
-			<pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
-		</encoder>
-	</appender>
-	<appender name="ASYNC-audit" class="ch.qos.logback.classic.AsyncAppender">
-		<queueSize>1000</queueSize>
-		<discardingThreshold>0</discardingThreshold>
-		<appender-ref ref="Audit-Record-Queue" />
-	</appender>
+  <logger name="org.onap.dmaap.dmf.mr.listener" level="INFO" />
 
-	<logger name="AuditRecord" level="INFO" additivity="FALSE">
-		<appender-ref ref="STDOUT" />
-	</logger>
-	<logger name="AuditRecord_DirectCall" level="INFO" additivity="FALSE">
-		<appender-ref ref="STDOUT" />
-	</logger>
-	<appender name="ASYNC-perf" class="ch.qos.logback.classic.AsyncAppender">
-		<queueSize>1000</queueSize>
-		<discardingThreshold>0</discardingThreshold>
-		<appender-ref ref="Performance-Tracker-Queue" />
-	</appender>
-	<logger name="PerfTrackerRecord" level="INFO" additivity="FALSE">
-		<appender-ref ref="ASYNC-perf" />
-		<appender-ref ref="perfLogs" />
-	</logger>
-	<!-- logback jms appenders & loggers definition ends here -->
+  <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
 
-	<root level="DEBUG">
-		<appender-ref ref="DEBUG" />
-		<appender-ref ref="ERROR" />
-		<appender-ref ref="INFO" />
-		<appender-ref ref="STDOUT" />
-	</root>
+  <logger name="org.onap.dmaap.dmf.mr.metrics.publisher" level="INFO" />
+  <logger name="org.onap.dmaap.dmf.mr.metrics.publisher.impl" level="INFO" />
 
-</configuration>
\ No newline at end of file
+
+
+  <logger name="org.onap.dmaap.dmf.mr.security" level="INFO" />
+  <logger name="org.onap.dmaap.dmf.mr.security.impl" level="INFO" />
+
+  <logger name="org.onap.dmaap.dmf.mr.transaction" level="INFO" />
+  <logger name="com.att.dmf.mr.transaction.impl" level="INFO" />
+
+  <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
+  <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
+
+  <logger name="org.onap.dmaap.dmf.mr.utils" level="INFO" />
+  <logger name="org.onap.dmaap.mr.filter" level="INFO" />
+
+  <!--<logger name="com.att.nsa.cambria.*" level="INFO" />-->
+
+  <!-- Msgrtr loggers in ajsc -->
+  <logger name="org.onap.dmaap.service" level="INFO" />
+  <logger name="org.onap.dmaap" level="INFO" />
+
+
+  <!-- Spring related loggers -->
+  <logger name="org.springframework" level="WARN" additivity="false"/>
+  <logger name="org.springframework.beans" level="WARN" additivity="false"/>
+  <logger name="org.springframework.web" level="WARN" additivity="false" />
+  <logger name="com.blog.spring.jms" level="WARN" additivity="false" />
+
+  <!-- AJSC Services (bootstrap services) -->
+  <logger name="ajsc" level="WARN" additivity="false"/>
+  <logger name="ajsc.RouteMgmtService" level="INFO" additivity="false"/>
+  <logger name="ajsc.ComputeService" level="INFO" additivity="false" />
+  <logger name="ajsc.VandelayService" level="WARN" additivity="false"/>
+  <logger name="ajsc.FilePersistenceService" level="WARN" additivity="false"/>
+  <logger name="ajsc.UserDefinedJarService" level="WARN" additivity="false" />
+  <logger name="ajsc.UserDefinedBeansDefService" level="WARN" additivity="false" />
+  <logger name="ajsc.LoggingConfigurationService" level="WARN" additivity="false" />
+
+  <!-- AJSC related loggers (DME2 Registration, csi logging, restlet, servlet
+    logging) -->
+  <logger name="ajsc.utils" level="WARN" additivity="false"/>
+  <logger name="ajsc.utils.DME2Helper" level="INFO" additivity="false" />
+  <logger name="ajsc.filters" level="DEBUG" additivity="false" />
+  <logger name="ajsc.beans.interceptors" level="DEBUG" additivity="false" />
+  <logger name="ajsc.restlet" level="DEBUG" additivity="false" />
+  <logger name="ajsc.servlet" level="DEBUG" additivity="false" />
+  <logger name="com.att" level="WARN" additivity="false" />
+  <logger name="com.att.ajsc.csi.logging" level="WARN" additivity="false" />
+  <logger name="com.att.ajsc.filemonitor" level="WARN" additivity="false"/>
+
+  <logger name="com.att.nsa.dmaap.util" level="INFO" additivity="false"/>
+  <logger name="com.att.cadi.filter" level="INFO" additivity="false" />
+
+
+  <!-- Other Loggers that may help troubleshoot -->
+  <logger name="net.sf" level="WARN" additivity="false" />
+  <logger name="org.apache.commons.httpclient" level="WARN" additivity="false"/>
+  <logger name="org.apache.commons" level="WARN" additivity="false" />
+  <logger name="org.apache.coyote" level="WARN" additivity="false"/>
+  <logger name="org.apache.jasper" level="WARN" additivity="false"/>
+
+  <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
+    May aid in troubleshooting) -->
+  <logger name="org.apache.camel" level="WARN" additivity="false" />
+  <logger name="org.apache.cxf" level="WARN" additivity="false" />
+  <logger name="org.apache.camel.processor.interceptor" level="WARN" additivity="false"/>
+  <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" additivity="false" />
+  <logger name="org.apache.cxf.service" level="WARN" additivity="false" />
+  <logger name="org.restlet" level="DEBUG" additivity="false" />
+  <logger name="org.apache.camel.component.restlet" level="DEBUG" additivity="false" />
+  <logger name="org.apache.kafka" level="DEBUG" additivity="false" />
+  <logger name="org.apache.zookeeper" level="INFO" additivity="false" />
+  <logger name="org.I0Itec.zkclient" level="DEBUG" additivity="false" />
+
+  <!-- logback internals logging -->
+  <logger name="ch.qos.logback.classic" level="INFO" additivity="false"/>
+  <logger name="ch.qos.logback.core" level="INFO" additivity="false" />
+
+  <!-- logback jms appenders & loggers definition starts here -->
+  <!-- logback jms appenders & loggers definition starts here -->
+  <appender name="auditLogs" class="ch.qos.logback.core.ConsoleAppender">
+    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+    </filter>
+    <encoder>
+      <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+    </encoder>
+  </appender>
+  <appender name="perfLogs" class="ch.qos.logback.core.ConsoleAppender">
+    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+    </filter>
+    <encoder>
+      <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+    </encoder>
+  </appender>
+  <appender name="ASYNC-audit" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>1000</queueSize>
+    <discardingThreshold>0</discardingThreshold>
+    <appender-ref ref="Audit-Record-Queue" />
+  </appender>
+
+  <logger name="AuditRecord" level="INFO" additivity="FALSE">
+    <appender-ref ref="STDOUT" />
+  </logger>
+  <logger name="AuditRecord_DirectCall" level="INFO" additivity="FALSE">
+    <appender-ref ref="STDOUT" />
+  </logger>
+  <appender name="ASYNC-perf" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>1000</queueSize>
+    <discardingThreshold>0</discardingThreshold>
+    <appender-ref ref="Performance-Tracker-Queue" />
+  </appender>
+  <logger name="PerfTrackerRecord" level="INFO" additivity="FALSE">
+    <appender-ref ref="ASYNC-perf" />
+    <appender-ref ref="perfLogs" />
+  </logger>
+  <!-- logback jms appenders & loggers definition ends here -->
+
+  <root level="DEBUG">
+    <appender-ref ref="DEBUG" />
+    <appender-ref ref="ERROR" />
+    <appender-ref ref="INFO" />
+    <appender-ref ref="STDOUT" />
+  </root>
+
+</configuration>
diff --git a/kubernetes/dmaap/components/message-router/resources/topics/mirrormakeragent.json b/kubernetes/dmaap/components/message-router/resources/topics/mirrormakeragent.json
index 7ae77cd..ff1a573 100644
--- a/kubernetes/dmaap/components/message-router/resources/topics/mirrormakeragent.json
+++ b/kubernetes/dmaap/components/message-router/resources/topics/mirrormakeragent.json
@@ -1,7 +1,7 @@
 {
   "topicName": "mirrormakeragent",
   "topicDescription": "the topic used to provision the MM agent whitelist",
- "replicationCase": "REPLICATION_NONE",
+  "replicationCase": "REPLICATION_NONE",
   "owner": "dmaap",
   "txenabled": false,
   "partitionCount": "1",
@@ -10,33 +10,28 @@
       "dcaeLocationName": "san-francisco",
       "clientIdentity": "dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org",
       "action": [
-        "pub", 
+        "pub",
         "sub",
-		"view"
+        "view"
       ]
- 
     },
-	{
+    {
       "dcaeLocationName": "san-francisco",
       "clientIdentity": "dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org",
       "action": [
-        "pub", 
+        "pub",
         "sub",
-		"view"
+        "view"
       ]
- 
     },
-	{
+    {
       "dcaeLocationName": "san-francisco",
       "clientIdentity": "demo@people.osaaf.org",
       "action": [
-        "pub", 
+        "pub",
         "sub",
-		"view"
+        "view"
       ]
- 
     }
-	
   ]
-}
-
+}
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/message-router/templates/service.yaml b/kubernetes/dmaap/components/message-router/templates/service.yaml
index 16fae2a..2b0b44e 100644
--- a/kubernetes/dmaap/components/message-router/templates/service.yaml
+++ b/kubernetes/dmaap/components/message-router/templates/service.yaml
@@ -13,43 +13,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "common.servicename" .  }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    msb.onap.org/service-info: '[
-      {
-          "serviceName": "{{ include "common.servicename" . }}",
-          "version": "v1",
-          "url": "/",
-          "protocol": "REST",
-          "port": "{{.Values.service.internalPort}}",
-          "visualRange":"1"
-      }
-      ]'
-
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    {{if eq .Values.service.type "NodePort" -}}
-    - port: {{ .Values.service.externalPort }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
-      name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
-    - port: {{ .Values.service.externalPort2 }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
-      name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
-    {{- else -}}
-    - port: {{ .Values.service.externalPort }}
-      targetPort: {{ .Values.service.internalPort }}
-      name: {{ .Values.service.portName }}
-    {{- end}}
-  selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
+{{ include "common.service" . }}
diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
index 35cc5e7..c17fda1 100644
--- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
@@ -12,23 +12,16 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-apiVersion: apps/v1beta1
+
+apiVersion: apps/v1
 kind: StatefulSet
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
 spec:
+  selector: {{- include "common.selectors" . | nindent 4 }}
+  serviceName: {{ include "common.servicename" . }}
   replicas: {{ .Values.replicaCount }}
   template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
+    metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
       initContainers:
       - command:
@@ -51,20 +44,18 @@
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          ports:
-          - containerPort: {{ .Values.service.externalPort }}
-          - containerPort: {{ .Values.service.externalPort2 }}
+          ports: {{ include "common.containerPorts" . | nindent 10  }}
           {{- if eq .Values.liveness.enabled true }}
           livenessProbe:
             tcpSocket:
-              port: {{ .Values.service.externalPort }}
+              port: {{ .Values.liveness.port }}
             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
             periodSeconds: {{ .Values.liveness.periodSeconds }}
             timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
           {{ end -}}
           readinessProbe:
             tcpSocket:
-              port: {{ .Values.service.externalPort }}
+              port: {{ .Values.readiness.port }}
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
             timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
@@ -87,8 +78,7 @@
           - mountPath: /appl/dmaapMR1/etc/keyfile
             subPath: mykey
             name: mykey
-          resources:
-{{ include "common.resources" . }}
+          resources: {{ include "common.resources" . | nindent 12 }}
       volumes:
         - name: localtime
           hostPath:
diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml
index 935c090..b14c35f 100644
--- a/kubernetes/dmaap/components/message-router/values.yaml
+++ b/kubernetes/dmaap/components/message-router/values.yaml
@@ -58,21 +58,31 @@
   timeoutSeconds: 1
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
+  port: api
   enabled: true
 
 readiness:
   initialDelaySeconds: 70
   periodSeconds: 10
   timeoutSeconds: 1
+  port: api
 
 service:
   type: NodePort
   name: message-router
-  portName: message-router
-  externalPort: 3904
-  nodePort: 27
-  externalPort2: 3905
-  nodePort2: 26
+  both_tls_and_plain: true
+  msb:
+   port: api
+   url: "/"
+   version: "v1"
+   protocol: "REST"
+   visualRange: "1"
+  ports:
+    - name: api
+      port: 3905
+      plain_port: 3904
+      port_protocol: http
+      nodePort: 26
 
 ingress:
   enabled: false
diff --git a/kubernetes/esr/charts/esr-server/values.yaml b/kubernetes/esr/charts/esr-server/values.yaml
index 354e8e3..f3f4f88 100644
--- a/kubernetes/esr/charts/esr-server/values.yaml
+++ b/kubernetes/esr/charts/esr-server/values.yaml
@@ -27,7 +27,7 @@
 
 # application image
 repository: nexus3.onap.org:10001
-image: onap/aai/esr-server:1.5.1
+image: onap/aai/esr-server:1.5.2
 pullPolicy: Always
 msbaddr: msb-iag.{{ include "common.namespace" . }}:443
 
diff --git a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml
index a714ba9..02947c6 100755
--- a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml
+++ b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml
@@ -289,6 +289,15 @@
   si:
     svc:
       types: PORT-MIRROR,PPROBE
+  dmaap:
+    host: http://message-router.{{ include "common.namespace" . }}:3904
+    timeout: 30000
+  lcm:
+    path: '/restconf/operations/LCM:'
+    actionTimeout: 300000
+    dmapp:
+      readTopic: SDNC-LCM-WRITE
+      writeTopic: SDNC-LCM-READ
 appc:
   client:
     topic:
diff --git a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml
index a20d217..6235bd2 100755
--- a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml
@@ -151,6 +151,7 @@
                     sdncurl7: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/L3UCPE-API:'
                     sdncurl8: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/NBNC-API:'
                     sdncurl9: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/NORTHBOUND-API:service-topology-operation'
+                    sdncurl20: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/LCM:'
                     service:
                         infra:
                             service-topology-infra-activate-operation: POST|90000|sdncurl9|sdnc-request-header|com:att:sdnctl:northbound-api:v1
@@ -160,6 +161,12 @@
                     vfmodule:
                         '':
                             query: GET|60000|sdncurl12|
+                    lcm:
+                      download-n-e-sw: POST|1800000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
+                      activate-n-e-sw: POST|300000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
+                      upgrade-pre-check: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
+                      upgrade-post-check: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
+                      default: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
                 network:
                     encryptionKey: {{ index .Values.org.onap.so.adapters.sdnc.network.encryptionKey }}
 spring:
diff --git a/kubernetes/vfc/charts/vfc-catalog/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-catalog/templates/deployment.yaml
index 8e5d097..b5246d1 100644
--- a/kubernetes/vfc/charts/vfc-catalog/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-catalog/templates/deployment.yaml
@@ -37,7 +37,7 @@
         - /root/ready.py
         args:
         - --container-name
-        - vfc-mariadb
+        - {{ .Values.config.mariadbService }}
         env:
         - name: NAMESPACE
           valueFrom:
@@ -49,6 +49,11 @@
         name: {{ include "common.name" . }}-readiness
       containers:
         - name: {{ include "common.name" . }}
+          command:
+            - sh
+          args:
+            - -c
+            - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
@@ -75,9 +80,11 @@
             - name: MSB_ADDR
               value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
             - name: MYSQL_ADDR
-              value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}"
-            - name: MYSQL_AUTH
-              value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}"
+              value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
+            - name: MYSQL_ROOT_USER
+              value: "{{ .Values.global.config.mariadb_admin }}"
+            - name: MYSQL_ROOT_PASSWORD
+              {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
             - name: REDIS_ADDR
               value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
           volumeMounts:
diff --git a/kubernetes/vfc/charts/vfc-catalog/templates/secrets.yaml b/kubernetes/vfc/charts/vfc-catalog/templates/secrets.yaml
new file mode 100644
index 0000000..d053c48
--- /dev/null
+++ b/kubernetes/vfc/charts/vfc-catalog/templates/secrets.yaml
@@ -0,0 +1,15 @@
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
diff --git a/kubernetes/vfc/charts/vfc-catalog/values.yaml b/kubernetes/vfc/charts/vfc-catalog/values.yaml
index 1a8808b..8914d66 100644
--- a/kubernetes/vfc/charts/vfc-catalog/values.yaml
+++ b/kubernetes/vfc/charts/vfc-catalog/values.yaml
@@ -23,6 +23,16 @@
   loggingImage: beats/filebeat:5.5.0
 
 #################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: "db-root-pass"
+    externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+    type: password
+    password: '{{ .Values.config.mariadbRootPassword }}'
+    policy: required
+
+#################################################################
 # Application configuration defaults.
 #################################################################
 # application image
@@ -39,7 +49,11 @@
 debugEnabled: false
 
 # application configuration
-config: {}
+config:
+  mariadbService: vfc-mariadb
+  mariadbPort: 3306
+  # mariadbRootPassword: secretpassword
+  # mariadbRootPasswordExternalSecret: some secret
 
 # default number of instances
 replicaCount: 1
@@ -108,4 +122,4 @@
     requests:
       cpu: 200m
       memory: 500Mi
-  unlimited: {}
\ No newline at end of file
+  unlimited: {}
diff --git a/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml
index fc6c736..395eedc 100644
--- a/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml
@@ -37,7 +37,7 @@
         - /root/ready.py
         args:
         - --container-name
-        - vfc-mariadb
+        - {{ .Values.config.mariadbService }}
         env:
         - name: NAMESPACE
           valueFrom:
@@ -49,6 +49,11 @@
         name: {{ include "common.name" . }}-readiness
       containers:
         - name: {{ include "common.name" . }}
+          command:
+            - sh
+          args:
+            - -c
+            - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
@@ -75,9 +80,11 @@
             - name: MSB_ADDR
               value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
             - name: MYSQL_ADDR
-              value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}"
-            - name: MYSQL_AUTH
-              value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}"
+              value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
+            - name: MYSQL_ROOT_USER
+              value: "{{ .Values.global.config.mariadb_admin }}"
+            - name: MYSQL_ROOT_PASSWORD
+              {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
             - name: REDIS_ADDR
               value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
             - name: REG_TO_MSB_WHEN_START
diff --git a/kubernetes/vfc/charts/vfc-nslcm/templates/secrets.yaml b/kubernetes/vfc/charts/vfc-nslcm/templates/secrets.yaml
new file mode 100644
index 0000000..d053c48
--- /dev/null
+++ b/kubernetes/vfc/charts/vfc-nslcm/templates/secrets.yaml
@@ -0,0 +1,15 @@
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
diff --git a/kubernetes/vfc/charts/vfc-nslcm/values.yaml b/kubernetes/vfc/charts/vfc-nslcm/values.yaml
index a3d0303..35637f3 100644
--- a/kubernetes/vfc/charts/vfc-nslcm/values.yaml
+++ b/kubernetes/vfc/charts/vfc-nslcm/values.yaml
@@ -23,6 +23,16 @@
   loggingImage: beats/filebeat:5.5.0
 
 #################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: "db-root-pass"
+    externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+    type: password
+    password: '{{ .Values.config.mariadbRootPassword }}'
+    policy: required
+
+#################################################################
 # Application configuration defaults.
 #################################################################
 # application image
@@ -39,7 +49,12 @@
 debugEnabled: false
 
 # application configuration
-config: {}
+config:
+  mariadbService: vfc-mariadb
+  mariadbPort: 3306
+  # mariadbRootPassword: secretpassword
+  # mariadbRootPasswordExternalSecret: some secret
+
 
 # default number of instances
 replicaCount: 1
@@ -88,4 +103,4 @@
     requests:
       cpu: 200m
       memory: 500Mi
-  unlimited: {}
\ No newline at end of file
+  unlimited: {}
diff --git a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml
index e99f4d1..465f4cf 100644
--- a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml
@@ -37,7 +37,7 @@
         - /root/ready.py
         args:
         - --container-name
-        - vfc-mariadb
+        - {{ .Values.config.mariadbService }}
         env:
         - name: NAMESPACE
           valueFrom:
@@ -49,6 +49,11 @@
         name: {{ include "common.name" . }}-readiness
       containers:
         - name: {{ include "common.name" . }}
+          command:
+            - sh
+          args:
+            - -c
+            - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
@@ -75,9 +80,11 @@
             - name: MSB_ADDR
               value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
             - name: MYSQL_ADDR
-              value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}"
-            - name: MYSQL_AUTH
-              value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}"
+              value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
+            - name: MYSQL_ROOT_USER
+              value: "{{ .Values.global.config.mariadb_admin }}"
+            - name: MYSQL_ROOT_PASSWORD
+              {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
             - name: REDIS_ADDR
               value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
           volumeMounts:
diff --git a/kubernetes/vfc/charts/vfc-vnflcm/templates/secrets.yaml b/kubernetes/vfc/charts/vfc-vnflcm/templates/secrets.yaml
new file mode 100644
index 0000000..d053c48
--- /dev/null
+++ b/kubernetes/vfc/charts/vfc-vnflcm/templates/secrets.yaml
@@ -0,0 +1,15 @@
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
diff --git a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml b/kubernetes/vfc/charts/vfc-vnflcm/values.yaml
index 4883833..b58f30b 100644
--- a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml
+++ b/kubernetes/vfc/charts/vfc-vnflcm/values.yaml
@@ -23,6 +23,16 @@
   loggingImage: beats/filebeat:5.5.0
 
 #################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: "db-root-pass"
+    externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+    type: password
+    password: '{{ .Values.config.mariadbRootPassword }}'
+    policy: required
+
+#################################################################
 # Application configuration defaults.
 #################################################################
 # application image
@@ -39,7 +49,12 @@
 debugEnabled: false
 
 # application configuration
-config: {}
+config:
+  mariadbService: vfc-mariadb
+  mariadbPort: 3306
+  # mariadbRootPassword: secretpassword
+  # mariadbRootPasswordExternalSecret: some secret
+
 
 # default number of instances
 replicaCount: 1
@@ -88,4 +103,4 @@
     requests:
       cpu: 200m
       memory: 500Mi
-  unlimited: {}
\ No newline at end of file
+  unlimited: {}
diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml
index 66db39e..c4c070d 100644
--- a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml
@@ -37,7 +37,7 @@
         - /root/ready.py
         args:
         - --container-name
-        - vfc-mariadb
+        - {{ .Values.config.mariadbService }}
         env:
         - name: NAMESPACE
           valueFrom:
@@ -49,6 +49,11 @@
         name: {{ include "common.name" . }}-readiness
       containers:
         - name: {{ include "common.name" . }}
+          command:
+            - sh
+          args:
+            - -c
+            - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
@@ -75,11 +80,13 @@
             - name: MSB_ADDR
               value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
             - name: MYSQL_ADDR
-              value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}"
+              value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
             - name: REDIS_ADDR
               value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
-            - name: MYSQL_AUTH
-              value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}"
+            - name: MYSQL_ROOT_USER
+              value: "{{ .Values.global.config.mariadb_admin }}"
+            - name: MYSQL_ROOT_PASSWORD
+              {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
 
           volumeMounts:
           - name: {{ include "common.fullname" . }}-localtime
diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/templates/secrets.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/templates/secrets.yaml
new file mode 100644
index 0000000..d053c48
--- /dev/null
+++ b/kubernetes/vfc/charts/vfc-vnfmgr/templates/secrets.yaml
@@ -0,0 +1,15 @@
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml
index fdd38e6..9cceb9f 100644
--- a/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml
+++ b/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml
@@ -23,6 +23,16 @@
   loggingImage: beats/filebeat:5.5.0
 
 #################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: "db-root-pass"
+    externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+    type: password
+    password: '{{ .Values.config.mariadbRootPassword }}'
+    policy: required
+
+#################################################################
 # Application configuration defaults.
 #################################################################
 # application image
@@ -39,7 +49,11 @@
 debugEnabled: false
 
 # application configuration
-config: {}
+config:
+  mariadbService: vfc-mariadb
+  mariadbPort: 3306
+  # mariadbRootPassword: secretpassword
+  # mariadbRootPasswordExternalSecret: some secret
 
 # default number of instances
 replicaCount: 1
@@ -87,4 +101,4 @@
     requests:
       cpu: 200m
       memory: 500Mi
-  unlimited: {}
\ No newline at end of file
+  unlimited: {}
diff --git a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml
index f5fc284..e70bf0e 100644
--- a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml
@@ -37,7 +37,7 @@
         - /root/ready.py
         args:
         - --container-name
-        - vfc-mariadb
+        - {{ .Values.config.mariadbService }}
         env:
         - name: NAMESPACE
           valueFrom:
@@ -49,6 +49,11 @@
         name: {{ include "common.name" . }}-readiness
       containers:
         - name: {{ include "common.name" . }}
+          command:
+            - sh
+          args:
+            - -c
+            - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
@@ -75,11 +80,14 @@
             - name: MSB_ADDR
               value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
             - name: MYSQL_ADDR
-              value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}"
+              value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
             - name: REDIS_ADDR
               value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
-            - name: MYSQL_AUTH
-              value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}"
+            - name: MYSQL_ROOT_USER
+              value: "{{ .Values.global.config.mariadb_admin }}"
+            - name: MYSQL_ROOT_PASSWORD
+              {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
+
           volumeMounts:
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
diff --git a/kubernetes/vfc/charts/vfc-vnfres/templates/secrets.yaml b/kubernetes/vfc/charts/vfc-vnfres/templates/secrets.yaml
new file mode 100644
index 0000000..d053c48
--- /dev/null
+++ b/kubernetes/vfc/charts/vfc-vnfres/templates/secrets.yaml
@@ -0,0 +1,15 @@
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
diff --git a/kubernetes/vfc/charts/vfc-vnfres/values.yaml b/kubernetes/vfc/charts/vfc-vnfres/values.yaml
index 9c51d66..1a64402 100644
--- a/kubernetes/vfc/charts/vfc-vnfres/values.yaml
+++ b/kubernetes/vfc/charts/vfc-vnfres/values.yaml
@@ -23,6 +23,16 @@
   loggingImage: beats/filebeat:5.5.0
 
 #################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: "db-root-pass"
+    externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+    type: password
+    password: '{{ .Values.config.mariadbRootPassword }}'
+    policy: required
+
+#################################################################
 # Application configuration defaults.
 #################################################################
 # application image
@@ -39,7 +49,12 @@
 debugEnabled: false
 
 # application configuration
-config: {}
+config:
+  mariadbService: vfc-mariadb
+  mariadbPort: 3306
+  # mariadbRootPassword: secretpassword
+  # mariadbRootPasswordExternalSecret: some secret
+
 
 # default number of instances
 replicaCount: 1
@@ -88,4 +103,4 @@
     requests:
       cpu: 200m
       memory: 500Mi
-  unlimited: {}
\ No newline at end of file
+  unlimited: {}
diff --git a/kubernetes/vfc/templates/secrets.yaml b/kubernetes/vfc/templates/secrets.yaml
new file mode 100644
index 0000000..d053c48
--- /dev/null
+++ b/kubernetes/vfc/templates/secrets.yaml
@@ -0,0 +1,15 @@
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
diff --git a/kubernetes/vfc/values.yaml b/kubernetes/vfc/values.yaml
index eb6638b..88275ae 100644
--- a/kubernetes/vfc/values.yaml
+++ b/kubernetes/vfc/values.yaml
@@ -18,40 +18,65 @@
     msbprotocol: https
     msbServiceName: msb-iag
     msbPort: 443
-    dbServiceName: vfc-db
-    dbPort: 3306
-    dbUser: root
-    mariadbRootPassword: secretpassword
     redisServiceName: vfc-redis
     redisPort: 6379
     reg_to_msb_when_start: False
+    mariadb_admin: root
   persistence:
     mountPath: /dockerdata-nfs
 
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: "db-root-pass"
+    name: &dbRootPassSecret '{{ include "common.release" . }}-vfc-db-root-pass'
+    type: password
+    password: '{{ .Values.config.mariadbRootPassword }}'
+
 # application configuration
 config:
   logstashServiceName: log-ls
   logstashPort: 5044
 
 mariadb-galera:
+  config:
+    mariadbRootPasswordExternalSecret: *dbRootPassSecret
   nameOverride: vfc-mariadb
   service:
-    name: vfc-db
-    portName: vfc-db
+    name: vfc-mariadb
+    portName: vfc-mariadb
   nfsprovisionerPrefix: vfc
   persistence:
     mountSubPath: vfc/data
     enabled: true
   disableNfsProvisioner: true
 
-catalog:
+db: &dbConfig
+  mariadbService: vfc-mariadb
+  mariadbPort: 3306
+  mariadbRootPasswordExternalSecret: *dbRootPassSecret
+
+vfc-catalog:
   config:
-    dbPodName: vfc-db
-    dbServiceName: vfc-db
-nslcm:
+    << : *dbConfig
+
+vfc-nslcm:
   config:
-    dbPodName: vfc-db
-    dbServiceName: vfc-db
+    << : *dbConfig
+
+vfc-vnflcm:
+  config:
+    << : *dbConfig
+
+vfc-vnfmgr:
+  config:
+    << : *dbConfig
+
+vfc-vnfres:
+  config:
+    << : *dbConfig
+
 # sub-chart configuration
 vfc-workflow:
   service: