Merge "[SDC] Update SDC images to 1.12.2"
diff --git a/kubernetes/cds/components/cds-blueprints-processor/Chart.yaml b/kubernetes/cds/components/cds-blueprints-processor/Chart.yaml
index 3ef9519..f5f53f9 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/Chart.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/Chart.yaml
@@ -1,6 +1,6 @@
 # Copyright (c) 2019 IBM, Bell Canada
 # Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021-2023 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -29,6 +29,6 @@
   - name: serviceAccount
     version: ~12.x-0
     repository: '@local'
-  - name: certInitializer
+  - name: readinessCheck
     version: ~12.x-0
     repository: '@local'
diff --git a/kubernetes/cds/components/cds-blueprints-processor/resources/config/ONAP_RootCA.cer b/kubernetes/cds/components/cds-blueprints-processor/resources/config/ONAP_RootCA.cer
deleted file mode 100755
index e9a50d7..0000000
--- a/kubernetes/cds/components/cds-blueprints-processor/resources/config/ONAP_RootCA.cer
+++ /dev/null
@@ -1,31 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
diff --git a/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties
index 2818fd9..7351b1f 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties
+++ b/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties
@@ -1,6 +1,6 @@
 {{/*
 #
-#  Copyright (c) 2017-2022 AT&T, IBM, Bell Canada, Nordix Foundation.
+#  Copyright (c) 2017-2023 AT&T, IBM, Bell Canada, Nordix Foundation.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -101,11 +101,7 @@
 
 # AAI Data REST Client settings
 blueprintsprocessor.restclient.aai-data.type=basic-auth
-{{ if ( include "common.needTLS" .) }}
-blueprintsprocessor.restclient.aai-data.url=https://{{ .Values.global.aaiData.ServiceName }}:8443
-{{- else -}}
 blueprintsprocessor.restclient.aai-data.url=http://{{ .Values.global.aaiData.ServiceName }}:{{ .Values.global.aaiData.ExternalPlainPort }}
-{{- end }}
 blueprintsprocessor.restclient.aai-data.username=aai@aai.onap.org
 blueprintsprocessor.restclient.aai-data.password=demo123456!
 blueprintsprocessor.restclient.aai-data.additionalHeaders.X-TransactionId=cds-transaction-id
@@ -121,70 +117,44 @@
 blueprintsprocessor.restclient.cps-data.additionalHeaders.Content-Type=application/json
 
 # Self Service Request Kafka Message Consumer
-blueprintsprocessor.messageconsumer.self-service-api.kafkaEnable={{ .Values.kafkaRequestConsumer.enabled  }}
-blueprintsprocessor.messageconsumer.self-service-api.type={{ .Values.kafkaRequestConsumer.type  }}
-{{ if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageconsumer.self-service-api.kafkaEnable=true
+blueprintsprocessor.messageconsumer.self-service-api.type=kafka-scram-plain-text-auth
 blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
-{{- else -}}
-blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers={{ .Values.kafkaRequestConsumer.bootstrapServers  }}
+{{- with (first .Values.kafkaUser.acls) }}
+blueprintsprocessor.messageconsumer.self-service-api.groupId={{ .name }}
 {{- end }}
-blueprintsprocessor.messageconsumer.self-service-api.groupId={{ .Values.kafkaRequestConsumer.groupId  }}
-blueprintsprocessor.messageconsumer.self-service-api.topic={{ .Values.kafkaRequestConsumer.topic  }}
-blueprintsprocessor.messageconsumer.self-service-api.clientId={{ .Values.kafkaRequestConsumer.clientId  }}
-blueprintsprocessor.messageconsumer.self-service-api.pollMillSec={{ .Values.kafkaRequestConsumer.pollMillSec  }}
-{{ if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
-# SCRAM
-blueprintsprocessor.messageconsumer.self-service-api.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
-blueprintsprocessor.messageconsumer.self-service-api.scramPassword=${JAAS_PASS}
-{{ end }}
+blueprintsprocessor.messageconsumer.self-service-api.topic=cds.blueprint-processor.self-service-api.request
+blueprintsprocessor.messageconsumer.self-service-api.clientId=request-receiver-client-id
+blueprintsprocessor.messageconsumer.self-service-api.pollMillSec=1000
+blueprintsprocessor.messageconsumer.self-service-api.scramUsername={{ include "common.name" . }}-ku
+blueprintsprocessor.messageconsumer.self-service-api.scramPassword=${SASL_JAAS_PASS}
 
 # Self Service Response Kafka Message Producer
-blueprintsprocessor.messageproducer.self-service-api.type={{ .Values.kafkaRequestProducer.type  }}
-{{ if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageproducer.self-service-api.type=kafka-scram-plain-text-auth
 blueprintsprocessor.messageproducer.self-service-api.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
-{{- else -}}
-blueprintsprocessor.messageproducer.self-service-api.bootstrapServers={{ .Values.kafkaRequestProducer.bootstrapServers  }}
-{{- end }}
-blueprintsprocessor.messageproducer.self-service-api.clientId={{ .Values.kafkaRequestProducer.clientId }}
-blueprintsprocessor.messageproducer.self-service-api.topic={{ .Values.kafkaRequestProducer.topic }}
-{{ if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
-# SCRAM
-blueprintsprocessor.messageproducer.self-service-api.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
-blueprintsprocessor.messageproducer.self-service-api.scramPassword=${JAAS_PASS}
-{{ end }}
+blueprintsprocessor.messageproducer.self-service-api.clientId=request-producer-client-id
+blueprintsprocessor.messageproducer.self-service-api.topic=cds.blueprint-processor.self-service-api.response
+blueprintsprocessor.messageproducer.self-service-api.scramUsername={{ include "common.name" . }}-ku
+blueprintsprocessor.messageproducer.self-service-api.scramPassword=${SASL_JAAS_PASS}
 
 # AUDIT KAFKA FEATURE CONFIGURATION
 # Audit feature dumps CDS request to a topic as well as a truncated response message to another topic.
 ## Audit request
-blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable={{ .Values.kafkaAuditRequest.enabled }}
-blueprintsprocessor.messageproducer.self-service-api.audit.request.type={{ .Values.kafkaAuditRequest.type }}
-{{ if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable=true
+blueprintsprocessor.messageproducer.self-service-api.audit.request.type=kafka-scram-plain-text-auth
 blueprintsprocessor.messageproducer.self-service-api.audit.request.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
-{{- else -}}
-blueprintsprocessor.messageproducer.self-service-api.audit.request.bootstrapServers={{ .Values.kafkaAuditRequest.bootstrapServers  }}
-{{- end }}
-blueprintsprocessor.messageproducer.self-service-api.audit.request.clientId={{ .Values.kafkaAuditRequest.clientId }}
-blueprintsprocessor.messageproducer.self-service-api.audit.request.topic={{ .Values.kafkaAuditRequest.topic }}
-{{ if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
-# SCRAM
-blueprintsprocessor.messageproducer.self-service-api.audit.request.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
-blueprintsprocessor.messageproducer.self-service-api.audit.request.scramPassword=${JAAS_PASS}
-{{ end }}
+blueprintsprocessor.messageproducer.self-service-api.audit.request.clientId=audit-request-producer-client-id
+blueprintsprocessor.messageproducer.self-service-api.audit.request.topic=cds.blueprint-processor.self-service-api.audit.request
+blueprintsprocessor.messageproducer.self-service-api.audit.request.scramUsername={{ include "common.name" . }}-ku
+blueprintsprocessor.messageproducer.self-service-api.audit.request.scramPassword=${SASL_JAAS_PASS}
 
 ## Audit response
-blueprintsprocessor.messageproducer.self-service-api.audit.response.type={{ .Values.kafkaAuditResponse.type }}
-{{ if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageproducer.self-service-api.audit.response.type=kafka-scram-plain-text-auth
 blueprintsprocessor.messageproducer.self-service-api.audit.response.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
-{{- else -}}
-blueprintsprocessor.messageproducer.self-service-api.audit.response.bootstrapServers={{ .Values.kafkaAuditRequest.bootstrapServers  }}
-{{- end }}
-blueprintsprocessor.messageproducer.self-service-api.audit.response.clientId={{ .Values.kafkaAuditResponse.clientId }}
-blueprintsprocessor.messageproducer.self-service-api.audit.response.topic={{ .Values.kafkaAuditResponse.topic }}
-{{ if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
-# SCRAM
-blueprintsprocessor.messageproducer.self-service-api.audit.response.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
-blueprintsprocessor.messageproducer.self-service-api.audit.response.scramPassword=${JAAS_PASS}
-{{ end }}
+blueprintsprocessor.messageproducer.self-service-api.audit.response.clientId=audit-response-producer-client-id
+blueprintsprocessor.messageproducer.self-service-api.audit.response.topic=cds.blueprint-processor.self-service-api.audit.response
+blueprintsprocessor.messageproducer.self-service-api.audit.response.scramUsername={{ include "common.name" . }}-ku
+blueprintsprocessor.messageproducer.self-service-api.audit.response.scramPassword=${SASL_JAAS_PASS}
 
 # Executor Options
 blueprintsprocessor.resourceResolution.enabled=true
diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-topics.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-topics.yaml
deleted file mode 100644
index 555f4d4..0000000
--- a/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-topics.yaml
+++ /dev/null
@@ -1,68 +0,0 @@
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{ if eq .Values.useStrimziKafka true }}
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
-  name: {{ .Values.kafkaRequestConsumer.topic  }}
-  labels:
-    strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
-  partitions: 10
-  replicas: 2
-  config:
-    retention.ms: 7200000
-    segment.bytes: 1073741824
----
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
-  name: {{ .Values.kafkaRequestProducer.topic }}
-  labels:
-    strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
-  partitions: 10
-  replicas: 2
-  config:
-    retention.ms: 7200000
-    segment.bytes: 1073741824
----
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
-  name: {{ .Values.kafkaAuditRequest.topic }}
-  labels:
-    strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
-  partitions: 10
-  replicas: 2
-  config:
-    retention.ms: 7200000
-    segment.bytes: 1073741824
----
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
-  name: {{ .Values.kafkaAuditResponse.topic }}
-  labels:
-    strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
-  partitions: 10
-  replicas: 2
-  config:
-    retention.ms: 7200000
-    segment.bytes: 1073741824
-{{ end }}
\ No newline at end of file
diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-user.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-user.yaml
deleted file mode 100644
index 65ee1d2..0000000
--- a/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-user.yaml
+++ /dev/null
@@ -1,49 +0,0 @@
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{ if eq .Values.useStrimziKafka true }}
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaUser
-metadata:
-  name: {{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
-  labels:
-    strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
-  authentication:
-    type: scram-sha-512
-  authorization:
-    type: simple
-    acls:
-    - resource:
-        type: group
-        name: {{ .Values.kafkaRequestConsumer.groupId  }}
-      operation: All
-    - resource:
-        type: topic
-        name: {{ .Values.kafkaRequestConsumer.topic  }}
-      operation: All
-    - resource:
-        type: topic
-        name: {{ .Values.kafkaRequestProducer.topic }}
-      operation: All
-    - resource:
-        type: topic
-        name: {{ .Values.kafkaAuditRequest.topic }}
-      operation: All
-    - resource:
-        type: topic
-        name: {{ .Values.kafkaAuditResponse.topic }}
-      operation: All
-{{ end }}
\ No newline at end of file
diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
index 520516d..a6e3a52 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
@@ -1,7 +1,7 @@
 {{/*
 # Copyright (c) 2019 IBM, Bell Canada
 # Copyright (c) 2020 Samsung Electronics
-# Modification Copyright © 2022 Nordix Foundation
+# Modification Copyright © 2022-2023 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -18,38 +18,26 @@
 
 apiVersion: apps/v1
 kind: Deployment
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
 spec:
-  selector:
-    matchLabels:
-      app: {{ include "common.name" . }}
+  selector: {{- include "common.selectors" . | nindent 4 }}
   replicas: {{ .Values.replicaCount }}
   strategy:
     type: RollingUpdate
     rollingUpdate:
-      # This allow a new pod to be ready before terminating the old one
+      # This allows a new pod to be ready before terminating the old one
       # causing no downtime when replicas is set to 1
       maxUnavailable: 0
-
       # maxSurge to 1 is very important for the hazelcast integration
       # we only want one pod at a time to restart not multiple
       # and break the hazelcast cluster. We should not use % maxSurge value
       # ref : https://hazelcast.com/blog/rolling-upgrade-hazelcast-imdg-on-kubernetes/
       maxSurge: 1
   template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
+    metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
-      initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+      initContainers:
+      {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
       - command:
         - sh
         args:
@@ -75,21 +63,6 @@
         name: {{ include "common.name" . }}-update-config
 
       - command:
-        - /app/ready.py
-        args:
-        - --container-name
-        - cds-db
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: {{ include "repositoryGenerator.image.readiness" . }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-readiness
-      - name: fix-permission
-        command:
         - chown
         - -R
         - 1000:1000
@@ -99,6 +72,8 @@
         volumeMounts:
         - mountPath: {{ .Values.persistence.deployedBlueprint }}
           name: {{ include "common.fullname" . }}-blueprints
+        name: fix-permission
+
       containers:
         - name: {{ include "common.name" . }}
           image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -110,8 +85,6 @@
             value: {{ if (gt (int (.Values.replicaCount)) 2) }} {{ .Values.cluster.enabled | quote }} {{ else }} "false" {{ end }}
           - name: CLUSTER_ID
             value: {{ .Values.cluster.clusterName }}
-          - name: AAF_CREDSPATH
-            value: {{ .Values.certInitializer.credsPath }}
           - name: CLUSTER_NODE_ID
             valueFrom:
               fieldRef:
@@ -122,10 +95,11 @@
             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-creds" "key" "login") | indent 12 }}
           - name: CPS_PASS_PLAIN
             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-creds" "key" "password") | indent 12 }}
-          {{ if .Values.useStrimziKafka }}
-          - name: JAAS_PASS
-            value: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-kafka-secret" "key" "password") | indent 12 }}
-          {{ end }}
+          - name: SASL_JAAS_PASS
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "common.name" . }}-ku
+                key: password
           ports:
           - containerPort: {{ .Values.service.http.internalPort }}
           - containerPort: {{ .Values.service.grpc.internalPort }}
@@ -133,7 +107,7 @@
           startupProbe:
             httpGet:
               path: /api/v1/execution-service/health-check
-              port: {{ .Values.service.http.internalPort }}
+              port: {{ .Values.startup.port }}
               httpHeaders:
                 - name: Authorization
                   value: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
@@ -146,7 +120,7 @@
           livenessProbe:
             httpGet:
               path: /api/v1/execution-service/health-check
-              port: {{ .Values.service.http.internalPort }}
+              port: {{ .Values.liveness.port }}
               httpHeaders:
               - name: Authorization
                 value: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
@@ -157,14 +131,14 @@
           readinessProbe:
             httpGet:
               path: /api/v1/execution-service/health-check
-              port: {{ .Values.service.http.internalPort }}
+              port: {{ .Values.readiness.port }}
               httpHeaders:
               - name: Authorization
                 value: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
             timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
-          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+          volumeMounts:
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
@@ -180,11 +154,6 @@
           - mountPath: {{ .Values.config.appConfigDir }}/hazelcast.yaml
             name: {{ include "common.fullname" . }}-config
             subPath: hazelcast.yaml
-
-          - mountPath: {{ .Values.config.appConfigDir }}/ONAP_RootCA.cer
-            name: {{ include "common.fullname" . }}-config
-            subPath: ONAP_RootCA.cer
-
           - mountPath: {{ .Values.persistence.deployedBlueprint }}
             name: {{ include "common.fullname" . }}-blueprints
           resources: {{ include "common.resources" . | nindent 12 }}
@@ -197,7 +166,7 @@
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
-      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+      volumes:
         - name: localtime
           hostPath:
             path: /etc/localtime
@@ -213,8 +182,6 @@
               path: logback.xml
             - key: hazelcast.yaml
               path: hazelcast.yaml
-            - key: ONAP_RootCA.cer
-              path: ONAP_RootCA.cer
         - name: {{ include "common.fullname" . }}-blueprints
           persistentVolumeClaim:
             claimName: {{ include "common.release" . }}-cds-blueprints
diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/kafkatopic.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/kafkatopic.yaml
new file mode 100644
index 0000000..d1d21a6
--- /dev/null
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/kafkatopic.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkatopic" . }}
diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/kafkauser.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/kafkauser.yaml
new file mode 100644
index 0000000..6fc37c3
--- /dev/null
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/kafkauser.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/service.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/service.yaml
index 153740c..84ccfc5 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/templates/service.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/service.yaml
@@ -1,5 +1,6 @@
 {{/*
 # Copyright (c) 2019 IBM, Bell Canada
+# Modification Copyright © 2023 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -30,13 +31,10 @@
   ports:
     - port: {{ .Values.service.http.externalPort }}
       targetPort: {{ .Values.service.http.internalPort }}
-      {{- if eq .Values.service.http.type "NodePort"}}
-      nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.http.nodePort }}
-      {{- end}}
-      name: {{ .Values.service.http.portName | default "http" }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
+      name: {{ .Values.service.http.portName | default "http" }}
   selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
+    app.kubernetes.io/instance: {{ include "common.release" . }}
+    app.kubernetes.io/name: {{ include "common.name" . }}
 ---
 apiVersion: v1
 kind: Service
@@ -56,8 +54,8 @@
       targetPort: {{ .Values.service.grpc.internalPort }}
       name: {{ .Values.service.grpc.portName | default "grpc" }}
   selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
+    app.kubernetes.io/instance: {{ include "common.release" . }}
+    app.kubernetes.io/name: {{ include "common.name" . }}
 ---
 apiVersion: v1
 kind: Service
@@ -75,10 +73,7 @@
   ports:
     - port: {{ .Values.service.cluster.externalPort }}
       targetPort: {{ .Values.service.cluster.internalPort }}
-      {{- if eq .Values.service.cluster.type "NodePort"}}
-      nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.cluster.nodePort }}
-      {{- end}}
       name: {{ .Values.service.cluster.portName | default "cluster" }}
   selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
+    app.kubernetes.io/instance: {{ include "common.release" . }}
+    app.kubernetes.io/name: {{ include "common.name" . }}
diff --git a/kubernetes/cds/components/cds-blueprints-processor/values.yaml b/kubernetes/cds/components/cds-blueprints-processor/values.yaml
index cd12c5c..d713d10 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/values.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/values.yaml
@@ -1,6 +1,6 @@
 # Copyright (c) 2019 IBM, Bell Canada
 # Copyright (c) 2020 Samsung Electronics
-# Modification Copyright © 2022 Nordix Foundation
+# Modification Copyright © 2022-2023 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -18,20 +18,13 @@
 # Global configuration defaults.
 #################################################################
 global:
-  # Change to an unused port prefix range to prevent port conflicts
-  # with other instances running within the same k8s cluster
-  nodePortPrefixExt: 304
-
   # image pull policy
   pullPolicy: Always
-
   persistence:
     mountPath: /dockerdata-nfs
-
   # This configuration specifies Service and port for SDNC OAM interface
   sdncOamService: sdnc-oam
   sdncOamPort: 8282
-
   # This concerns CDS/AAI communication through HTTP when TLS is not being needed
   # Port value should match the one in aai/values.yml : service.externalPlainPort
   aaiData:
@@ -39,9 +32,6 @@
     ServiceName: aai  # domain
     # http://aai:80 or https://aai:443
 
-  #AAF is enabled by default
-  #aafEnabled: true
-
   #enable importCustomCerts to add custom CA to blueprint processor pod
   #importCustomCertsEnabled: true
 
@@ -65,13 +55,6 @@
     externalSecret: '{{ tpl (default "" .Values.config.sdncDB.dbRootPassExternalSecret) . }}'
     password: '{{ .Values.config.sdncDB.dbRootPass }}'
     passwordPolicy: required
-  - uid: cds-kafka-secret
-    externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
-    type: genericKV
-    envs:
-      - name: password
-        value: '{{ .Values.config.someConfig }}'
-        policy: generate
   - uid: cps-creds
     type: basicAuth
     externalSecret: '{{ tpl (default "" .Values.config.cps.cpsUserExternalSecret) . }}'
@@ -80,31 +63,6 @@
     passwordPolicy: required
 
 #################################################################
-# AAF part
-#################################################################
-certInitializer:
-  nameOverride: cds-blueprints-processor-cert-initializer
-  aafDeployFqi: deployer@people.osaaf.org
-  aafDeployPass: demo123456!
-  # aafDeployCredsExternalSecret: some secret
-  fqdn: sdnc-cds
-  fqi: sdnc-cds@sdnc-cds.onap.org
-  public_fqdn: sdnc-cds.onap.org
-  cadi_longitude: "0.0"
-  cadi_latitude: "0.0"
-  app_ns: org.osaaf.aaf
-  credsPath: /opt/app/osaaf/local
-  fqi_namespace: org.onap.sdnc-cds
-  #enable below if we need custom CA to be added to blueprint processor pod
-  #importCustomCertsEnabled: true
-  #truststoreMountpath: /opt/onap/cds
-  #truststoreOutputFileName: truststoreONAPall.jks
-  aaf_add_config: >
-    /opt/app/aaf_config/bin/agent.sh;
-    /opt/app/aaf_config/bin/agent.sh local showpass
-    {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
-
-#################################################################
 # Application configuration defaults.
 #################################################################
 # application image
@@ -132,7 +90,6 @@
     # dbCredsExternalSecret: <some secret name>
     # dbRootPassword: password
     # dbRootPassExternalSecret
-  someConfig: blah
   cps:
     cpsUsername: ''
     cpsPassword: ''
@@ -145,46 +102,52 @@
 
 affinity: {}
 
-# If useStrimziKafka is true, the following also applies:
-# strimzi will create an associated kafka user and the topics defined for Request and Audit elements below.
-# The connection type must be kafka-scram-plain-text-auth
-# The bootstrapServers will target the strimzi kafka cluster by default
-useStrimziKafka: false
-cdsKafkaUser: cds-kafka-user
+# Strimzi KafkaUser config
+kafkaUser:
+  acls:
+    - name: cds-bp-processor
+      type: group
+      operations: [Read]
+    - name: cds.blueprint-processor
+      type: topic
+      patternType: prefix
+      operations: [Read, Write]
+# Strimzi KafkaTopic config
+kafkaTopic:
+  - name: cds.blueprint-processor.self-service-api.request
+  - name: cds.blueprint-processor.self-service-api.response
+  - name: cds.blueprint-processor.self-service-api.audit.request
+  - name: cds.blueprint-processor.self-service-api.audit.response
 
-kafkaRequestConsumer:
-  enabled: false
-  type: kafka-scram-plain-text-auth
-  bootstrapServers: host:port
-  groupId: cds-consumer
-  topic: cds.blueprint-processor.self-service-api.request
-  clientId: request-receiver-client-id
-  pollMillSec: 1000
-kafkaRequestProducer:
-  type: kafka-scram-plain-text-auth
-  bootstrapServers: host:port
-  clientId: request-producer-client-id
-  topic: cds.blueprint-processor.self-service-api.response
-  enableIdempotence: false
-kafkaAuditRequest:
-  enabled: false
-  type: kafka-scram-plain-text-auth
-  bootstrapServers: host:port
-  clientId: audit-request-producer-client-id
-  topic: cds.blueprint-processor.self-service-api.audit.request
-  enableIdempotence: false
-kafkaAuditResponse:
-  type: kafka-scram-plain-text-auth
-  bootstrapServers: host:port
-  clientId: audit-response-producer-client-id
-  topic: cds.blueprint-processor.self-service-api.audit.response
-  enableIdempotence: false
+
+containerHttpPort: &svc_http_port 8080
+containerGrpcPort: &svc_grpc_port 9111
+containerTcpPort: &svc_tcp_port 5701
+
+service:
+  http:
+    type: ClusterIP
+    portName: http
+    internalPort: *svc_http_port
+    externalPort: *svc_http_port
+  grpc:
+    type: ClusterIP
+    portName: grpc
+    internalPort: *svc_grpc_port
+    externalPort: *svc_grpc_port
+  cluster:
+    type: ClusterIP
+    portName: tcp-cluster
+    internalPort: *svc_tcp_port
+    externalPort: *svc_tcp_port
+  port: *svc_http_port
 
 # probe configuration parameters
 startup:
   initialDelaySeconds: 10
   failureThreshold: 30
   periodSeconds: 10
+  port: *svc_http_port
 
 liveness:
   initialDelaySeconds: 1
@@ -193,28 +156,13 @@
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
   enabled: false
+  port: *svc_http_port
 
 readiness:
   initialDelaySeconds: 120
   periodSeconds: 10
   timeoutSeconds: 20
-
-service:
-  http:
-    type: ClusterIP
-    portName: http
-    internalPort: 8080
-    externalPort: 8080
-  grpc:
-    type: ClusterIP
-    portName: grpc
-    internalPort: 9111
-    externalPort: 9111
-  cluster:
-    type: ClusterIP
-    portName: tcp-cluster
-    internalPort: 5701
-    externalPort: 5701
+  port: *svc_http_port
 
 persistence:
   volumeReclaimPolicy: Retain
@@ -227,9 +175,7 @@
 cluster:
   # Cannot have cluster enabled if the replicaCount is not at least 3
   enabled: false
-
   clusterName: cds-cluster
-
   # Defines the number of node to be part of the CP subsystem/raft algorithm. This value should be
   # between 3 and 7 only.
   groupSize: 3
@@ -271,6 +217,10 @@
       memory: 4Gi
   unlimited: {}
 
+readinessCheck:
+  wait_for:
+    - cds-db
+
 #Pods Service Account
 serviceAccount:
   nameOverride: cds-blueprints-processor
diff --git a/kubernetes/cds/values.yaml b/kubernetes/cds/values.yaml
index 58e6b65..27d5e84 100644
--- a/kubernetes/cds/values.yaml
+++ b/kubernetes/cds/values.yaml
@@ -1,7 +1,7 @@
 # Copyright © 2020 Samsung Electronics
 # Copyright © 2019 Orange, Bell Canada
 # Copyright © 2017 Amdocs, Bell Canada
-# Modification Copyright © 2022 Nordix Foundation
+# Modification Copyright © 2022-2023 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -23,7 +23,6 @@
   nodePortPrefixExt: 304
   persistence:
     mountPath: /dockerdata-nfs
-  cdsKafkaUser: cds-kafka-user
 
 #################################################################
 # Secrets metaconfig
@@ -42,7 +41,6 @@
 # application images
 pullPolicy: Always
 
-
 subChartsOnly:
   enabled: true
 
@@ -214,7 +212,6 @@
       dbPort: 3306
       dbName: *mysqlDbName
       dbCredsExternalSecret: *dbUserSecretName
-    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.kafkaUser }}'
 
 cds-command-executor:
   enabled: true
@@ -228,11 +225,9 @@
 cds-ui:
   enabled: true
 
-
 #Resource Limit flavor -By Default using small
 flavor: small
-#segregation for different envionment (Small and Large)
-
+#segregation for different environment (Small and Large)
 resources:
   small:
     limits:
diff --git a/kubernetes/common/mariadb-galera/templates/pdb.yaml b/kubernetes/common/mariadb-galera/templates/pdb.yaml
index 4697934..1d9d414 100644
--- a/kubernetes/common/mariadb-galera/templates/pdb.yaml
+++ b/kubernetes/common/mariadb-galera/templates/pdb.yaml
@@ -15,7 +15,7 @@
 */}}
 
 {{- if .Values.podDisruptionBudget.create }}
-apiVersion: policy/v1beta1
+apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
 spec:
diff --git a/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json b/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json
index 4a08322..54b2b0e 100644
--- a/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json
+++ b/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json
@@ -44,8 +44,10 @@
                     "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACT",
                     "HELM"
                 ],
-                "consumerGroup": "{{ .Values.config.kafka.sdcTopic.consumerGroup }}",
-                "consumerId": "{{ .Values.config.kafka.sdcTopic.clientId }}",
+                {{- with (first .Values.kafkaUser.acls) }}
+                "consumerGroup": "{{ .name }}",
+                "consumerId": "{{ .name }}-k8s",
+                {{- end }}
                 "environmentName": "AUTO",
                 "keystorePath": "null",
                 "keystorePassword": "null",
diff --git a/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml
index 571360d..ed6b64c 100644
--- a/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml
+++ b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml
@@ -86,12 +86,11 @@
         - mountPath: /data
           name: artifact-data
         env:
-        - name: SECURITY_PROTOCOL
-          value: {{ .Values.config.kafka.securityProtocol }}
-        - name: SASL_MECHANISM
-          value: {{ .Values.config.kafka.saslMechanism }}
         - name: SASL_JAAS_CONFIG
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "multicloud-k8s-sdc-kafka-secret" "key" "sasl.jaas.config") | indent 10 }}
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "common.name" . }}-ku
+              key: sasl.jaas.config
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
       - name: localtime
diff --git a/kubernetes/multicloud/components/multicloud-k8s/templates/kafkauser.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/kafkauser.yaml
new file mode 100644
index 0000000..324a068
--- /dev/null
+++ b/kubernetes/multicloud/components/multicloud-k8s/templates/kafkauser.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright © 2022-23 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
diff --git a/kubernetes/multicloud/components/multicloud-k8s/templates/multicloud-k8s-sdc-list-kafka-user.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/multicloud-k8s-sdc-list-kafka-user.yaml
deleted file mode 100644
index 7600fac..0000000
--- a/kubernetes/multicloud/components/multicloud-k8s/templates/multicloud-k8s-sdc-list-kafka-user.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaUser
-metadata:
-  name: {{ include "common.release" . }}-{{ .Values.global.multicloudK8sKafkaUser }}
-  labels:
-    strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
-  authentication:
-    type: {{ .Values.config.kafka.saslMechanism | lower }}
-  authorization:
-    type: {{ .Values.config.kafka.authType }}
-    acls:
-    - resource:
-        type: group
-        name: {{ .Values.config.kafka.sdcTopic.consumerGroup }}
-      operation: All
-    - resource:
-        type: topic
-        patternType: prefix
-        name: {{ .Values.config.kafka.sdcTopic.pattern }}
-      operation: All
diff --git a/kubernetes/multicloud/components/multicloud-k8s/values.yaml b/kubernetes/multicloud/components/multicloud-k8s/values.yaml
index cae151a..aea6915 100644
--- a/kubernetes/multicloud/components/multicloud-k8s/values.yaml
+++ b/kubernetes/multicloud/components/multicloud-k8s/values.yaml
@@ -19,19 +19,6 @@
   nodePortPrefixExt: 304
   persistence: {}
   artifactImage: onap/multicloud/framework-artifactbroker:1.9.0
-  multicloudK8sKafkaUser: mc-k8s-sdc-list-kafka-user
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
-  - uid: multicloud-k8s-sdc-kafka-secret
-    externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
-    type: genericKV
-    envs:
-      - name: sasl.jaas.config
-        value: '{{ .Values.config.someConfig }}'
-        policy: generate
 
 #################################################################
 # Application configuration defaults.
@@ -40,16 +27,16 @@
 image: onap/multicloud/k8s:0.10.1
 pullPolicy: Always
 
-config:
-  someConfig: blah
-  kafka:
-    securityProtocol: SASL_PLAINTEXT
-    saslMechanism: SCRAM-SHA-512
-    authType: simple
-    sdcTopic:
-      pattern: SDC-DIST
-      consumerGroup: multicloud
-      clientId: multicloud-k8s
+# Strimzi KafkaUser config
+kafkaUser:
+  acls:
+    - name: multicloud
+      type: group
+      operations: [Read]
+    - name: SDC-DISTR
+      type: topic
+      patternType: prefix
+      operations: [Read, Write]
 
 # flag to enable debugging - application support required
 debugEnabled: false
diff --git a/kubernetes/multicloud/values.yaml b/kubernetes/multicloud/values.yaml
index 21e6a61..ee9efc9 100644
--- a/kubernetes/multicloud/values.yaml
+++ b/kubernetes/multicloud/values.yaml
@@ -23,7 +23,6 @@
     enabled: false
   persistence: {}
   centralizedLoggingEnabled: true
-  multicloudK8sKafkaUser: mc-k8s-sdc-list-kafka-user
 
 #################################################################
 # Application configuration defaults.
@@ -40,8 +39,6 @@
   logConfigMapNamePrefix: '{{ include "common.release" . }}-multicloud'
 multicloud-k8s:
   enabled: true
-  config:
-    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.multicloudK8sKafkaUser }}'
 multicloud-pike:
   enabled: true
   logConfigMapNamePrefix: '{{ include "common.release" . }}-multicloud'
diff --git a/kubernetes/so/Chart.yaml b/kubernetes/so/Chart.yaml
index 3d5c0c4..3f1f871 100755
--- a/kubernetes/so/Chart.yaml
+++ b/kubernetes/so/Chart.yaml
@@ -1,6 +1,6 @@
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2023 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -53,6 +53,10 @@
     version: ~12.x-0
     repository: "file://components/so-cnf-adapter"
     condition: so-cnf-adapter.enabled
+  - name: so-cnfm-lcm
+    version: ~12.x-0
+    repository: 'file://components/so-cnfm-lcm'
+    condition: so-cnfm-lcm.enabled
   - name: so-etsi-nfvo-ns-lcm
     version: ~12.x-0
     repository: 'file://components/so-etsi-nfvo-ns-lcm'
diff --git a/kubernetes/so/components/so-cnfm-lcm/Chart.yaml b/kubernetes/so/components/so-cnfm-lcm/Chart.yaml
new file mode 100644
index 0000000..ad0a799
--- /dev/null
+++ b/kubernetes/so/components/so-cnfm-lcm/Chart.yaml
@@ -0,0 +1,35 @@
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+name: so-cnfm-lcm
+description: ONAP SO CNFM LCM
+version: 12.0.0
+
+dependencies:
+  - name: common
+    version: ~12.x-0
+    # local reference to common chart, as it is
+    # a part of this chart's package and will not
+    # be published independently to a repo (at this point)
+    repository: '@local'
+  - name: repositoryGenerator
+    version: ~12.x-0
+    repository: '@local'
+  - name: soHelpers
+    version: ~12.x-0
+    repository: 'file://../soHelpers'
+  - name: serviceAccount
+    version: ~12.x-0
+    repository: '@local'
diff --git a/kubernetes/so/components/so-cnfm-lcm/resources/config/overrides/override.yaml b/kubernetes/so/components/so-cnfm-lcm/resources/config/overrides/override.yaml
new file mode 100644
index 0000000..411b75f
--- /dev/null
+++ b/kubernetes/so/components/so-cnfm-lcm/resources/config/overrides/override.yaml
@@ -0,0 +1,53 @@
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+aai:
+  auth: {{ .Values.aai.auth }}
+  version: v24
+  endpoint: http://aai.{{ include "common.namespace" . }}:80
+spring:
+  datasource:
+    hikari:
+      camunda:
+        jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/camundabpmn
+        username: ${DB_USERNAME}
+        password: ${DB_PASSWORD}
+        driver-class-name: org.mariadb.jdbc.Driver
+        pool-name: bpmn-pool
+        registerMbeans: true
+      cnfm:
+        jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/cnfm
+        username: ${DB_ADMIN_USERNAME}
+        password: ${DB_ADMIN_PASSWORD}
+        driver-class-name: org.mariadb.jdbc.Driver
+        pool-name: cnfm-pool
+        registerMbeans: true
+server:
+  port: {{ .Values.containerPort }}
+  tomcat:
+    max-threads: 50
+mso:
+  key: {{ .Values.mso.key }}
+sdc:
+  username: {{ .Values.sdc.username }}
+  password: {{ .Values.sdc.password }}
+  key: {{ .Values.sdc.key }}
+  endpoint: http://sdc-be.{{ include "common.namespace" . }}:8080
+camunda:
+  bpm:
+    history-level: full
+    job-execution:
+      max-pool-size: 30
+      core-pool-size: 3
+      deployment-aware: true
diff --git a/kubernetes/so/components/so-cnfm-lcm/templates/configmap.yaml b/kubernetes/so/components/so-cnfm-lcm/templates/configmap.yaml
new file mode 100644
index 0000000..2d8cb1e
--- /dev/null
+++ b/kubernetes/so/components/so-cnfm-lcm/templates/configmap.yaml
@@ -0,0 +1,43 @@
+{{/*
+  # Copyright © 2023 Nordix Foundation
+  #
+  # Licensed under the Apache License, Version 2.0 (the "License");
+  # you may not use this file except in compliance with the License.
+  # You may obtain a copy of the License at
+  #
+  #       http://www.apache.org/licenses/LICENSE-2.0
+  #
+  # Unless required by applicable law or agreed to in writing, software
+  # distributed under the License is distributed on an "AS IS" BASIS,
+  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  # See the License for the specific language governing permissions and
+  # limitations under the License.
+  */}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+  LOG_PATH: {{ index .Values.logPath }}
+  APP: {{ index .Values.app }}
+  ACTIVE_PROFILE: "basic"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-app-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/so/components/so-cnfm-lcm/templates/deployment.yaml b/kubernetes/so/components/so-cnfm-lcm/templates/deployment.yaml
new file mode 100644
index 0000000..42d5fcf
--- /dev/null
+++ b/kubernetes/so/components/so-cnfm-lcm/templates/deployment.yaml
@@ -0,0 +1,74 @@
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+  selector: {{- include "common.selectors" . | nindent 4 }}
+  replicas: {{ index .Values.replicaCount }}
+  minReadySeconds: {{ index .Values.minReadySeconds }}
+  strategy:
+    type: {{ index .Values.updateStrategy.type }}
+    rollingUpdate:
+      maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+      maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+  template:
+    metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+    spec:
+      containers:
+        - name: {{ include "common.name" . }}
+          command: [ "./start-app.sh" ]
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+          resources: {{ include "common.resources" . | nindent 12 }}
+          env:
+            - name: DB_HOST
+              value: {{ include "common.mariadbService" . }}
+            - name: DB_PORT
+              value: {{ include "common.mariadbPort" . | quote }}
+            - name: DB_USERNAME
+                {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }}
+            - name: DB_PASSWORD
+                {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 14 }}
+            - name: DB_ADMIN_USERNAME
+                {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }}
+            - name: DB_ADMIN_PASSWORD
+                {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }}
+          envFrom:
+            - configMapRef:
+                name: {{ include "common.fullname" . }}-configmap
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          volumeMounts:
+            - name: logs
+              mountPath: /app/logs
+            - name: config
+              mountPath: /app/config
+              readOnly: true
+          livenessProbe:
+            tcpSocket:
+              port: {{ index .Values.livenessProbe.port }}
+            initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
+            periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
+            successThreshold: {{ index .Values.livenessProbe.successThreshold}}
+            failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+          ports: {{ include "common.containerPorts" . | nindent 12  }}
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+      volumes:
+        - name: logs
+          emptyDir: {}
+        - name: config
+          configMap:
+            name: {{ include "common.fullname" . }}-app-configmap
+      imagePullSecrets:
+          - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/so/components/so-cnfm-lcm/templates/ingress.yaml b/kubernetes/so/components/so-cnfm-lcm/templates/ingress.yaml
new file mode 100644
index 0000000..30c7b6e
--- /dev/null
+++ b/kubernetes/so/components/so-cnfm-lcm/templates/ingress.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.ingress" . }}
diff --git a/kubernetes/so/components/so-cnfm-lcm/templates/secret.yaml b/kubernetes/so/components/so-cnfm-lcm/templates/secret.yaml
new file mode 100644
index 0000000..e361015
--- /dev/null
+++ b/kubernetes/so/components/so-cnfm-lcm/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/components/so-cnfm-lcm/templates/service.yaml b/kubernetes/so/components/so-cnfm-lcm/templates/service.yaml
new file mode 100644
index 0000000..72b8e4b
--- /dev/null
+++ b/kubernetes/so/components/so-cnfm-lcm/templates/service.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.service" . }}
diff --git a/kubernetes/so/components/so-cnfm-lcm/values.yaml b/kubernetes/so/components/so-cnfm-lcm/values.yaml
new file mode 100644
index 0000000..9cb7483
--- /dev/null
+++ b/kubernetes/so/components/so-cnfm-lcm/values.yaml
@@ -0,0 +1,133 @@
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+  persistence:
+    mountPath: /dockerdata-nfs
+  mariadbGalera:
+    serviceName: mariadb-galera
+    servicePort: '3306'
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: db-user-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+    login: '{{ .Values.db.userName }}'
+    password: '{{ .Values.db.userPassword }}'
+    passwordPolicy: required
+  - uid: db-admin-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+    login: '{{ .Values.db.adminName }}'
+    password: '{{ .Values.db.adminPassword }}'
+    passwordPolicy: required
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+image: onap/so/so-cnfm-as-lcm:1.12.0
+pullPolicy: Always
+
+aai:
+  auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+db:
+  userName: so_user
+  userPassword: so_User123
+  # userCredsExternalSecret: some secret
+  adminName: so_admin
+  adminPassword: so_Admin123
+  # adminCredsExternalSecret: some secret
+mso:
+  key: 07a7159d3bf51a0e53be7a8f89699be7
+sdc:
+  username: mso
+  password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+  key: 566B754875657232314F5548556D3665
+
+replicaCount: 1
+minReadySeconds: 10
+containerPort: &containerPort 9888
+logPath: ./logs/so-cnfm-lcm/
+app: so-cnfm-lcm
+service:
+  type: ClusterIP
+  ports:
+    - name: http
+      port: *containerPort
+updateStrategy:
+  type: RollingUpdate
+  maxUnavailable: 1
+  maxSurge: 1
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+  containerPort: *containerPort
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+  small:
+    limits:
+      memory: 4Gi
+      cpu: 2000m
+    requests:
+      memory: 1Gi
+      cpu: 500m
+  large:
+    limits:
+      memory: 8Gi
+      cpu: 4000m
+    requests:
+      memory: 2Gi
+      cpu: 1000m
+  unlimited: {}
+
+livenessProbe:
+  port: *containerPort
+  initialDelaySeconds: 600
+  periodSeconds: 60
+  timeoutSeconds: 10
+  successThreshold: 1
+  failureThreshold: 3
+
+ingress:
+  enabled: false
+  service:
+    - baseaddr: 'so-cnfm-lcm-api'
+      name: 'so-cnfms-lcm'
+      port: *containerPort
+  config:
+    ssl: 'redirect'
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: so-cnfm-lcm
+  roles:
+    - read
+
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index ce7ee71..014cbad 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -1,6 +1,7 @@
 # Copyright © 2018 AT&T USA
 # Copyright © 2020 Huawei
 # Copyright © 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -639,6 +640,11 @@
   mso:
     msoKeySecret: *mso-key
 
+so-cnfm-lcm:
+  enabled: true
+  db:
+    <<: *dbSecrets
+
 so-etsi-nfvo-ns-lcm:
   enabled: true
   db: